Chapter 2 class exam exercise

Chapter 2: The HIPAA Privacy

Rule

1

True or False

2

1. Release of PHI for treatment, payment, or health care operations purposes is permitted under HIPAA law.

3

2. The basic HIPAA privacy standard states that covered entities must have the authorization of patients to release their PHI for other than treatment purposes.

4

3. Incidental use and disclosure of PHI is not prohibited under HIPAA.

5

4. Under the HIPAA privacy standards, covered entities must have privacy policies and procedures in place.

6

5. Protected health information includes any data that identify individuals.

7

6. Health care providers who have a physical

service site, like an office, must make their Notice of

Privacy Practices (NPP) available at that site.

8

7. If a patient does not sign an Acknowledgment of Receipt of NPP, the provider cannot treat the individual.

9

8. Minors are not allowed to sign Acknowledgments of Receipt of NPP’s.

10

9. With reasonable confidence that a patient has identified another person as being involved with his or her care, a covered entity can release the patient’s PHI to that person.

11

10. Providers cannot send patients’ protected health information to health plans without a signed authorization.

12

Multiple Guess

13

11. What is included in protected health information under HIPAA?

a. The patient’s addressb. The patient’s allergiesc. The patient’s medical record numberd. All of the above

14

12. What is protected under HIPAA privacy standards?

a. Patient data that are printed and mailedb. Patient information sent by e-mailc. Patient information communicated over

the phoned. All of the above

15

13. Patients always have the right to

a. Withdraw their authorization to release informationb. Alter the information of their medical recordsc. Block release of information about their communicable diseases to the state health departmentd. None of the above

16

14. The Notice of Privacy Practice (NPP) is given to

a. Patientsb. Business Associatesc. Other covered entitiesd. None of the above

17

MATCHING

18

15. Accounting of DisclosuresA. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically. 19

16. Authorization

A. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically.

20

17. De-Identified Health Information

A. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically.

21

18. Incidental use and disclosure

A. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically.

22

19. Minimum Necessary Standard

A. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically.

23

20. Protected Health Information (PHI)

A. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically.

24

21. Release of Information (ROI)

A. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically.

25

22. Treatment, Payment, and Healthcare Operations (TPO)

A. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically.

26

23. Amendment

A. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically.

27

24. Documentation

A. A patient’s written approval to release PHIB. Health information from which all identifying data have been removed.C. Accidental use or disclosure that occurs during a correct use or disclosure.D. Sharing a patient’s protected health information with another entity.E. Under HIPAA, the three purposes for which PHI may be released without authorization.F. A list of ROI of their PHI that patients can ask to review.G. A chronological record of a patient’s health care.H. A patient’s requested alteration of an item in the medical record.I. Under HIPAA, the principle of releasing only PHI that is pertinent for the purpose. J. Individually identifiable health information that is transmitted or maintained electronically.

28

HIPAA Compliant Act—Yes or NO?

29

25.

A laboratory communicates a patient’s medical test results to a physician by the phone. The physician is treating the patient whose results that are being reported.

30

26.

A physician mails a copy of a patient’s medical record to a specialist who intends to treat the patient.

31

27.

A hospital faxes a patient’s health care instructions to a nursing home to which the patient is to be transferred.

32

28.

A doctor discusses a patient’s condition over the phone with an emergency room physician who is providing the patient with emergency care.

33

29.

A doctor orally discusses a patient’s treatment regimen with a nurse who will be involved in the patient’s care.

34

30.

A physician consults with another physician about a patient’s care by e-mail.

35

31.

A hospital faxes an organ donor’s medical information to another hospital that is treating the organ recipient.

36

32.

A medical insurance specialist answers questions over the phone from a health plan about the dates of service on a submitted claim.

37

33.

A nineteen year-old has registered for a physician visit using an insurance card listing him as a qualified dependent on a parents’ health plan. Later, the parents call the practice to find out why their child saw the physician. The age of majority in the state is eighteen. Is releasing any information beyond verifying the patient’s visit a HIPAA-compliant action?

38

HURRAY!(The End.)

39