Ch. 8 Medical Privacy Quiz

Question 1

The HIPAA (Health Insurance Portability and Accountability Act) directly covers all of the following entities EXCEPT:

A. health plans
B. users of personal health information
C. health care providers
D. health care clearinghouses

Answer 1

B. users of personal health information

Question 2

Which of the following is a required use/disclosure under the HIPAA (Health Insurance Portability and Accountability Act)?

A. Disclosure with informal consent
B. Disclosure for public health purposes, such as research
C. Disclosure to Health and Human Services
D. Disclosure when it is in the best interests of the individual

Answer 2

C. Disclosure to Health and Human Services

Question 3

All of the following are HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule fundamentals, EXCEPT:

A. Appropriate security must be ensured.
B. An individual must be appointed as a privacy official.
C. Records of disclosures must be maintained.
D. An individual must be appointed for handling complaints.

Answer 3

D. An individual must be appointed for handling complaints.

Question 4

The HIPAA (Health Insurance Portability and Accountability Act), Security Rule applies to:

A. protected health information (PHI)
B. any health information
C. PHI that has been encrypted
D. PHI in electronic format

Answer 4

D. PHI in electronic format

Question 5

There are two rules under the HIPAA (Health Insurance Portability and Accountability Act), the:

A. Privacy Rule and Safeguards Rule
B. Security Rule and Privacy Rule
C. Security Rule and Safeguards Rule
D. Breach Rule and Safeguards Rule

Answer 5

B. Security Rule and Privacy Rule

Question 6

All of the following entities enforce the HIPAA (Health Insurance Portability and Accountability Act), EXCEPT:

A. US Department of Health and Human Services
B. State governors
C. Office of Civil Rights
D. Centers for Medicare and Medicaid Services

Answer 6

B. State governors

Question 7

If an entity does not comply with the HIPAA (Health Insurance Portability and Accountability Act) it could face fines of up to:

A. $1,000
B. $20,000
C. $250,000
D. $1 million

Answer 7

C. $250,000

Question 8

The HIPAA (Health Insurance Portability and Accountability Act) Security Rule is enforced by:

A. state attorneys general
B. Office of Civil Rights
C. US Department of Health and Human Services
D. Centers for Medicare and Medicaid Services

Answer 8

D. Centers for Medicare and Medicaid Services

Question 9

The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule is enforced by:

A. state attorneys general
B. Office of Civil Rights
C. US Department of Health and Human Services
D. Centers for Medicare and Medicaid Services

Answer 9

B. Office of Civil Rights

Question 10

The HIPAA (Health Insurance Portability and Accountability Act) exists for all of the following reasons EXCEPT:

A. to move towards electronic health care transactions
B. to preempt state laws
C. to improve efficiency of the health care system
D. to establish electronic data standards

Answer 10

B. to preempt state laws

Question 11

Which part of the Health Insurance Portability and Accountability Act set requirements for the use of protected health information (PHI)?

A. the Security Rule
B. the Accountability Rule
C. the Privacy Rule
D. the Portability Rule

Answer 11

C. The Privacy Rule

Question 12

Which of the following is considered a covered entity?

A. any individual who’s health information is protected by HIPAA
B. Any entity that handles PHI must comply.
C. individuals with health insurance
D. any entity in compliance with HIPAA

Answer 12

B. Any entity that handles PHI must comply.

Question 13

Individuals that wish to receive a copy of their medical files and protected health information must:

A. Make the request within five years of service
B. Submit their request in writing
C. Make sure all related medical bills are paid
D. Pay related copying and postage expenses

Answer 13

B. Submit the request in writing

D. Pay related copy and postage expenses

Question 14

—- is the term for an agreement covered entities enter into with third parties before disclosing PHI to ensure the information will be adequately protected once released.

A. Fair Practice Contract
B. HIPPA Compliance Agreement
C. Safe Harbor Agreement
D. Business Associate Contract

Answer 14

D. Business Associate Contract

Question 15

Which of the following are part of the Security Rule of HIPAA?

A. providing individuals with access to their PHI
B. conducting periodic risk assessments to examine the security of PHI
C. education and training programs for employees handling PHI
D. creation of an entity to enforce the Security Rule with the organization

Answer 15

B. conducting periodic risk assessments to examine the security of PHI

C. education and training programs for employees handling PHI

D. creation of an entity to enforce the Security Rule with the organization

Question 16

The exceptions outlined in the Privacy Rule of HIPAA refer to:

A. cases in which disclosure of PHI is allowed without the prior approval the individual
B. cases in which an access to PHI may be denied
C. cases in which a covered entity is not held responsible for a privacy violation
D. cases in which an individual need not receive notice of a covered entity’s privacy practices

Answer 16

A. cases in which disclosure of PHI is allowed without the prior approval the individual

Question 17

Which of the following is NOT a right guaranteed to individuals under the Privacy Rule of HIPAA?

A. access to their records
B. notice of an entity’s privacy practices and possible third party disclosures
C. limited disclosure of PHI
D. authorization over the destruction/disposal of their PHI

Answer 17

A. access to their records

Question 18

Which is true of the government’s enforcement practices related to HIPAA?

A. HIPAA is lightly enforced by the U.S. Government.
B. HIPAA is highly enforced by the US Government
C. The Department of Health And Human Services, Office of Civil Rights is in charge of enforcement.
D. The Federal Trade Commission is in charge of enforcement

Answer 18

B. HIPAA is highly enforced by the US Government

C. The Departmenr of Health Services, Office of Civil Rights is in charge of enforcement.

Question 19

Types of genetic testing include:

A. screening and monitoring
B. screening, monitoring and marking
C. monitoring and marking
D. screening only

Answer 19

A. screening and monitoring

Question 20

Periodic testing of genetic material to identify modifications due to workplace conditions is referred to as:

A. examining
B. screening
C. monitoring
D. regulating

Answer 20

C. monitoring

Question 21

The Department of Health and Human Services is part of which branch of the United States government?

A. Legislative
B. Executive
C. Judicial
D. Congress

Answer 21

B. Executive

Question 22

The Centers for Disease Control and Prevention is part of which Cabinet department?

A. Department of Commerce
B. Department of Health and Human Services
C. Federal Trade Commission
D. Federal Communications Commission

Answer 22

B. Department of Health and Human Services

Question 23

What information is covered by the privacy rules set forth in HIPAA?

A. medical record information inputted by doctors and support staff
B. medical billing information
C. credit report requests
D. credit score

Answer 23

A. medical record information inputted by doctors and support staff
B. medical billing information

The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”

Question 24

What rights do consumers have to their own records, according to the privacy rule of HIPAA?

A. free credit report yearly
B. access to copies of medical records
C. receive notice if private information is to be shared
D. request addition of corrections to records

Answer 24

B. access to copies of medical records
C. receive notice if private information is to be shared
D. request addition of corrections to records

With limited exceptions, the HIPAA Privacy Rule (the Privacy Rule) provides individuals with a legal, enforceable right to see and receive copies upon request of the information in their medical and other health records maintained by their health care providers and health plans.

HIPAA gives patients the right to get copies of all of their medical records. Patients also have the right to view—usually at the medical provider’s offices—their original medical records. HIPAA does allow health care providers to withhold certain types of medical records, including: psychotherapy notes.

A patient has the right to request an amendment to his or her health record per 45 CFR §164.526 of the HIPAA Privacy Rule, and it is the policy of this organization to respond to any amendment requests in accordance with this rule.

Exceptions Under the HIPAA Privacy Rule for Disclosure of PHI Without Patient Authorization
Preventing a Serious and Imminent Threat. …
Treating the Patient. …
Ensuring Public Health and Safety. …
Notifying Family, Friends, and Others Involved in Care. …
Notifying Media and the Public.

Question 25

What is the more common name for the American Recovery and Reinvestment Act of 2009?

A. HIPAA
B. stimulus bill
C. FACT
D. Constitution

Answer 25

B. stimulus bill

The American Recovery and Reinvestment Act of 2009, nicknamed the Recovery Act, was a stimulus package enacted by the 111th U.S. Congress and signed into law by President Barack Obama in February 2009.

Question 26

Which are requirements under HIPAA’s Privacy Rule? Select all that apply.

A. A detailed privacy notice provided at the date of first service delivered
B. Opt-out authorization for use or disclosure of personal health information outside of HIPAA guidelines
C. Limited use and disclosure of personal health information for business associates, such as billing companies
D. Safeguards in place to protect the confidentiality and integrity of all personal health information<p></p>

Answer 26

A. A detailed privacy notice provided at the date of first service delivered
C. Limited use and disclosure of personal health information for business associates, such as billing companies
D. Safeguards in place to protect the confidentiality and integrity of all personal health information

Question 27

Who is responsible for enforcing HIPAA’s Privacy and Security Rules?

A. Office for Civil Rights (OCR)
B. Office of Compliance (OOC)
C. Agency for Healthcare Research and Quality (AHRQ)
D. Health Resources and Services Administration (HRSA)<p></p>

Answer 27

A. Office for Civil Rights (OCR)

Question 28

Which act is intended to expedite the research process for medical devices and prescription drugs?

A. Health Insurance Portability and Accountability Act (HIPAA)
B. Health Information Technology for Economic and Clinical Health Act (HITECH)
C. 21st Century Cures Act
D. Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act

Answer 28

C. 21st Century Cures Act

Question 29

HIPAA is quite strict. Which of the following statements is most accurate?

A. All medical data is covered by HIPAA
B. HIPAA is based on the 5th amend
C. Aspects of HIPAA can be disregarded when stricter state law is in place
D. All medical practitioners sign a HIPAA declaration before being authorized to practice medicine

Answer 29

C. Aspects of HIPAA can be disregarded when stricter law is in place. HIPAA does not preempt stricter law.

Question 30

Which of the following is not a key privacy protection under HIPAA?

A. Layered privacy notices
B. Administrative, physical and technical safeguards
C. A privacy professional for covered entities
D. Individuals are allowed to access and copy a designated record set

Answer 30

A. layered privacy notices are not a part of HIPAA

Question 31

The privacy portion of the Health Insurance Portability and Accountability Act applies to what entity?

A. insurance companies
B. doctors
C. pharmacies
D. telecommunications companies

Answer 31

A. insurance companies
B. doctors
C. pharmacies

The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) held by “covered entities” (generally, health care clearinghouses, employer-sponsored health plans, health insurers, and medical service providers that engage in certain transactions).

Question 32

What entity does not have to adhere to the privacy rules set forth in the Health Insurance Portability and Accountability Act?

A. employers
B. schools
C. life Insurance Companies
D. doctors

Answer 32

A. employers
B. schools
C. life Insurance Companies

Examples of organizations that do not have to follow the Privacy and Security Rules include:

Life insurers.
Employers.
Workers compensation carriers.
Most schools and school districts.
Many state agencies like child protective service agencies.
Most law enforcement agencies.
Many municipal offices.

Question 33

Which are requirements under HIPAA’s Privacy Rule? Select all that apply.

A. A detailed privacy notice provided at the date of first service delivered
B. Opt-out authorization for use or disclosure of personal health information outside of HIPAA guidelines
C. Limited use and disclosure of personal health information for business associates, such as billing companies
D. Safeguards in place to protect the confidentiality and integrity of all personal health information

Answer 33

A. A detailed privacy notice provided at the date of first service delivered

C. Limited use and disclosure of personal health information for business associates, such as billing companies

D. Safeguards in place to protect the confidentiality and integrity of all personal health information

Question 34

Which act is intended to expedite the research process for medical devices and prescription drugs?

A. Health Insurance Portability and Accountability Act (HIPAA)
B. Health Information Technology for Economic and Clinical Health Act (HITECH)
C. 21st Century Cures Act
D. Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act

Answer 34

C. 21st Century Cures Act

Question 35

To what major US industry do the HIPAA laws primarily apply?

A. health care
B. financial
C. information technology
D. internet businesses

Answer 35

A. health care

Question 36

Which of the following were new regulations instituted under HIPAA?

A. disclosure of medical information to non-medical professionals only with a warrant
B. a new privacy rule to protect patient medical records
C. a new security rule which laid out physical, administrative, and technical rules for protecting data
D. new privacy rules for all employers offering group health care plans

Answer 36

B. a new privacy rule to protect patient medical records

C. a new security rule which laid out physical, administrative, and technical rules for protecting data

D. new privacy rules for all employers offering group health care plans

Question 37

Who is responsible for enforcing HIPAA’s Privacy and Security Rules?

A. Office for Civil Rights (OCR)
B. Office of Compliance (OOC)
C. Agency for Healthcare Research and Quality (AHRQ)
D. Health Resources and Services Administration (HRSA)

Answer 37

A. Office for Civil Rights (OCR)

Question 38

HIPAA is quite strict. Which of the following statements is most accurate?

A. All medical data is covered by HIPAA
B. HIPAA is based on the 5th amend
C. Aspects of HIPAA can be disregarded when stricter state law is in place
D. All medical practitioners sign a HIPAA declaration before being authorized to practice medicine

Answer 38

C. Aspects of HIPAA can be disregarded when stricter law is in place. HIPAA does not preempt stricter law.

Question 39

Which of the following is NOT a key privacy protection under HIPAA?

A. Layered privacy notices
B. Administrative, physical and technical safeguards
C. A privacy professional for covered entities
D. Individuals are allowed to access and copy a designated record set

Answer 39

A. layered privacy notices are not a part of HIPAA

Question 40

Which of the following is not a generally required action for a health care provider under the Health Insurance Portability and Accountability Act (HIPAA)?

A. Notify patients about their privacy rights and how their information can be used
B. Train employees so that they understand the privacy procedures
C. Designate an individual responsible for seeing that the privacy procedures are adopted and followed
D. Provide an opportunity to opt out of sharing protected health information with non-affiliated third parties for the third parties’ own marketing activities

Answer 40

D. Provide an opportunity to opt out of sharing protected health information with non-affiliated third parties for the third parties’ own marketing activities

Question 41

HIPAA covered entities must provide privacy and security training to:

A. All employees
B. Only employees that come into contact with PHI
C. Business associates that process PHI
D. HIPAA covered entities are not required to provide privacy and security training

Answer 41

A. All employees

Question 42

Soleil is a chain of exercise clubs and resorts. The company offers excellent health benefits to its employees. These include complete medical, dental, prescription and eye care benefits. Which single statement below is true regarding Soleil’s privacy obligations?

A. Soleil is obligated to protect employee benefit information in accordance with its privacy policy only
B. Soleil is obligated to protect employee benefit information in accordance with HIPAA requirements for covered entities
C. Soleil is obligated to protect employee benefit information in accordance with HIPAA requirements for business associates
D. Soleil is not obligated to protect employee benefit information under U.S. law but as a general rule it needs to keep all medical records as strictly confidential

Answer 42

A. Soleil is obligated to protect employee benefit information in accordance with its privacy policy only