Ch 7 - Medical Privacy Flashcards Preview

CIPP-US > Ch 7 - Medical Privacy > Flashcards

Flashcards in Ch 7 - Medical Privacy Deck (63)
Loading flashcards...
1

The Health Insurance Protection and Accountability Act (HIPAA):
a. Does not preempt stricter state privacy laws
b. Preempts state laws
c. Preempts all state and federal privacy laws
d. None of the above

a. Does not preempt stricter state privacy laws

2

HIPAA only applies to:
a. All entities who store any kind of personal health information
b. All entities who transmit any kind of personal health information
c. Covered entities such as healthcare providers, insurers, and business associates who receive data from covered entities
d. None of the above

c. Covered entities such as healthcare providers, insurers, and business associates who receive data from covered entities

3

The Confidentiality of Substance Use Disorder Patient Records Rule:
a. Covers disclosure and use of patient identifying information by alcohol and drug abuse treatment programs
b. Restricts use of personal information that could be used against a patient concerning their criminal use of alcohol or drugs
c. Applies to any program that receives federal funding
d. All of the above

d. All of the above

4

A condition under which entities other than those defined as a “program” under the Confidentiality of Substance Use Disorder Patient Records Rule that may be subject to the regulation include:
a. They are subject to the 1974 Privacy Act
b. A state licensing agency requires them to comply
c. The President has asked them to comply
d. None of the above

b. A state licensing agency requires them to comply

5

The Confidentiality of Substance Use Disorder Patient Records Rule defines “program” as:
a. An individual or entity who provides alcohol or substance abuse diagnosis, treatment, or referral for treatment
b. An identified unit within a general medical facility that provides alcohol or substance abuse diagnosis, treatment, or referral for treatment
c. Medical personnel or other staff in a general medical facility whose primary function is provision of alcohol or substance abuse diagnosis, treatment, or referral for treatment
d. All of the above

d. All of the above

6

A condition under which entities other than those defined as a “program” under the Confidentiality of Substance Use Disorder Patient Records Rule may be subject to the regulation include:
a. They are subject to the 1974 Privacy Act
b. They are asked to comply by the state attorney general
c. A clinician uses controlled substances for detoxification, requiring licensing through the U.S. Drug Enforcement Administration (DEA)
d. None of the above

c. A clinician uses controlled substances for detoxification, requiring licensing through the U.S. Drug Enforcement Administration (DEA)

7

When is redisclosure of information obtained from a program prohibited under the Confidentiality of Substance Use Disorder Patient Records Rule?
a. When it would identify, directly or indirectly, an individual as having been diagnosed, treated, or referred for treatment
b. Only when it would identify an individual whose drug abuse was related to criminal activity
c. Only when it would directly identify an individual who has been diagnosed, treated, or referred for treatment
d. None of the above

a. When it would identify, directly or indirectly, an individual as having been diagnosed, treated, or referred for treatment

8

Which of the following is an exception to consent requirements under the Confidentiality of Substance Use Disorder Patient Records Rule?
a. Routine doctor visits, dental exams, and school registrations
b. Scientific research, medical emergencies, and audits and evaluations
c. Service vendors that supply weekly linens, crimes that occurred prior to the patient entering the program
d. All of the above

b. Scientific research, medical emergencies, and audits and evaluations

9

A consent form to disclose a “general designation” for information subject to the Confidentiality of Substance Use Disorder Patient Records Rule:
a. May allow disclosure to either individuals or entities that have a treating provider relationship with the patient
b. Allow the consumer to receive a list of entities to whom their information has been disclosed
c. Must explicitly describe the type of information being disclosed
d. All of the above

d. All of the above

10

Which of the following is an exception to consent requirements under the Confidentiality of Substance Use Disorder Patient Records Rule?
a. Routine doctor visits, dental exams, and school registrations
b. Food service vendors, law enforcement requests for petty theft
c. Communications with qualified service organizations, crimes on program premises or against program personnel
d. All of the above

c. Communications with qualified service organizations, crimes on program premises or against program personnel

11

Which of the following includes exceptions to consent requirements under the Confidentiality of Substance Use Disorder Patient Records Rule?
a. Routine doctor visits, dental exams, and school registrations
b. Child abuse reporting, and court orders
c. Security guard service, law enforcement requests for petty theft
d. All of the above

b. Child abuse reporting, and court orders

12

Violations to the Confidentiality of Substance Use Disorder Patient Records Rule:
a. May result in fines from $500 to $5,000 per offense
b. Are considered criminal
c. Are reported to the U.S. Attorney’s Office
d. All of the above

d. All of the above

13

Under HIPAA, ePHI is any protected health information that is:
a. Only sent in an email
b. Only provided over a public network
c. Transmitted or maintained in electronic media
d. None of the above

c. Transmitted or maintained in electronic media

14

Which of the following is not considered ePHI under HIPAA?
a. PHI transmitted over fax communications
b. PHI stored on a computer hard drive
c. PHI stored on a digital memory card
d. PHI transmitted through an email

a. PHI transmitted over fax communications

15

Which of the following is not considered an entity covered under HIPAA?
a. Healthcare providers that conduct certain transactions in electronic form
b. Healthcare providers who only accept cash or credit cards for full payment
c. Health insurers
d. Healthcare clearinghouses

b. Healthcare providers who only accept cash or credit cards for full payment

16

Which of the following is included in the HIPAA definition of protected health information (PHI) for individually identifiable health information?
a. Transmitted or maintained in any form or medium
b. Held by a covered entity or its business associate
c. Identifies the individual or offers a reasonable basis for identification
d. All of the above

d. All of the above

17

Under the HIPAA Privacy Rule, a Business Associate is:
a. Any person or organization that performs services or activities for, or on behalf of, a covered entity when the services involve the use or disclosure of PHI
b. Any organization, including its employees, that performs services or activities for, or on behalf of, a covered entity when the services involve the use of PHI
c. Any person or organization, or its employees, that performs services or activities on behalf of a covered entity when the services involve the disclosure of PHI
d. None of the above

a. Any person or organization that performs services or activities for, or on behalf of, a covered entity when the services involve the use or disclosure of PHI

18

Which of the following is included in the HIPAA definition of protected health information (PHI) for individually identifiable health information?
a. Created or received by a covered entity or an employer
b. Relates to a past, present or future physical or mental condition
c. Relates to provision of health care or payment for health care to that individual
d. All of the above

d. All of the above

19

Under which of the following circumstances are health service providers not required to provide a privacy notice under HIPAA?
a. The healthcare provider offers standard routine treatments
b. The treatment relates to a past mental condition
c. The healthcare provider has an indirect relationship with the patient
d. All of the above

c. The healthcare provider has an indirect relationship with the patient

20

Under which of the following circumstances are health service providers not required to provide a privacy notice under HIPAA?
a. Treatment for a physical to qualify for playing a sport
b. Treatment for a medical emergency
c. Treatment related to a chronic physical condition
d. All of the above

b. Treatment for a medical emergency

21

HIPAA authorizes the use and disclosure of PHI for essential healthcare purposes including:
a. Treatment
b. Payment
c. Operations
d. All of the above

d. All of the above

22

The HIPAA Security Rule applies to the protection of:
a. All PHI created, received, used, or maintained by covered entities
b. All PHI created, received, used, or maintained by both covered entities and individuals
c. All ePHI or electronic PHI that is created, received, used, or maintained by covered entities
d. None of the above

c. All ePHI or electronic PHI that is created, received, used, or maintained by covered entities

23

A focus of the HIPAA Security Rule is on:
a. Preventing the unauthorized use or disclosure of PHI
b. Preventing inefficient operations when disclosing PHI
c. Increasing public awareness of best practices for protecting their PHI
d. None of the above

a. Preventing the unauthorized use or disclosure of PHI

24

A focus of the HIPAA Security Rule is on:
a. Increasing public awareness about their rights under HIPAA
b. Preventing inefficient operations when disclosing ePHI
c. Maintaining the integrity and availability of ePHI
d. None of the above

c. Maintaining the integrity and availability of ePHI

25

Administrative requirements for compliance with HIPAA Privacy Rule include:
a. Designation of a privacy official
b. Development and implementation of privacy protections
c. Trained personnel and complaint procedures
d. All of the above

d. All of the above

26

The primary enforcer of the HIPAA Privacy Rule is:
a. Office of Civil Rights, in Health and Human Services
b. Privacy Unit, Federal Trade Commission
c. U. S. Medical Board
d. None of the above

a. Office of Civil Rights, in Health and Human Services

27

The primary enforcer of the HIPAA Privacy Rule with criminal enforcement authority is:
a. Office of Civil Rights, in Health and Human Services
b. Department of Justice
c. Privacy Unit, Federal Trade Commission
d. None of the above

b. Department of Justice

28

Limits on the scope of the HIPAA Privacy Rule that do not require consent for the organization to share include:
a. De-identified personal information
b. Research that is consistent with Privacy Rule requirements
c. Public health activities
d. All of the above

d. All of the above

29

For investigations of compliance with privacy rules, who is an organization required to release PHI to?
a. State Attorney General
b. U. S. Attorney General
c. Secretary of HHS
d. None of the above

c. Secretary of HHS

30

The HIPAA Security Rule allows organizations to forego compliance with addressable implementation specifications under which of the following circumstances?
a. The entity has assessed that it is not an appropriate safeguard to adopt, and has documented why it is not reasonable, and any alternative measures adopted
b. The entity has assessed that it is not an appropriate safeguard to adopt, and has sent a detailed letter explaining why to the Secretary of HHS
c. The entity does not believe it is profitable to adopt the measure
d. None of the above

a. The entity has assessed that it is not an appropriate safeguard to adopt, and has documented why it is not reasonable, and any alternative measures adopted