HIPAA Breaches And Penalties

Question 0

HITECH Act of 2009 was enacted as part of the American Recovery and ___ reinvestment Act (ARRA), the stimulus package.

Answer 0

Reinvestment

Question 1

What does HITECH stand for?

Answer 1

Health Information Technology of Economic and Clinical Health

Question 2

What is Obamacare also to referred to as?

Answer 2

Patient Protection and Affordable Care Act (PPACA

Question 3

Data is considered breached if…

Answer 3

• it is sold to a personal injury attorney
• it is hacked and published on a website
• it is stored on an unencrypted hard drive that is lost or stolen

Question 4

HITECH exempts a breach from being reported if the lost data was ___

Answer 4

Encrypted

Question 5

The HITECH Act requires breaches to be reported within ___ days

Answer 5

60

Question 6

You must notify the Office of Civil Rights within 60 days of a breach of more than ___ patient records

Answer 6

500

Question 7

True or False: State laws may require stricter reporting and privacy standards than federal law. Business associates must comply with both state and federal laws, meeting the ____ standard.

Answer 7

True, stricter

Question 8

The OCR investigates approximately ___ potential HIPAA violations a year.

Answer 8

9,000

Question 9

Reports of HIPAA violations typically come from breach reports, patient complaints, and ___ complaints.

Answer 9

Whistleblower

Question 10

Civil penalties for data breaches may not exceed

Answer 10

$1,500,000

Question 11

The HIPAA Omnibus Final Rule of 2013 somewhat relaxed the data breach reporting requirements of HIPAA.

Answer 11

False

Question 12

A business associate that becomes aware of the breach must report it to who?

Answer 12

The covered entity with which they are contracted

Question 13

The HITECH Act was part of the ___

Answer 13

American Recovery and Reinvestment Act of 2009

Question 14

Actions for civil violations of HIPAA may be brought by___

Answer 14

The DHHS Office of Civil Rights