Instructions: Print this exam worksheet. Return to the course page using the link below. Read the course material. Enter your answers on this worksheet. Return to the course page and click the link 'Take Test.' Transfer your answers.

https://www.quantumunitsed.com/go/82

Quantum Units Education®

HIPAA Privacy Rule

1. The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) was issued by The U.S. Department of Health and Human Services (HHS) to establish a set of national standards for the protection of certain health information. All of the following are accurate statements about the Privacy Rule EXCEPT:

A. The Privacy Rule standards address the use and disclosure of individuals’ health information by organizations subject to the Privacy Rule

B. The rule covers individuals’ privacy rights to understand and control how their health information is used

C. Within HHS, The Office for Communication and Outreach has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities

D. A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected, while allowing the flow of health information needed to provide and promote high quality health care and to protect the publics’ health and well being


2. Which of the following is NOT included in Privacy Rule coverage?

A. Community health centers and food stamp programs

B. Individual and group health plans that provide or pay the cost of medical care

C. Health care providers who electronically transmits health information in connection with certain transactions

D. Health care clearinghouses


3. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. “Individually identifiable health information” is information, including demographic data, that relates to all of the following EXCEPT:

A. The individual’s past, present or future physical or mental health or condition

B. The past, present, or future payment for the provision of health care to the individual

C. Employment records that a covered entity maintains in its capacity as an employer

D. The provision of health care to the individual


4. Obtaining consent (written permission from individuals to use and disclose their protected health information for treatment, payment, and health care operations) is optional under the Privacy Rule for all covered entities.

A. True

B. False


5. Covered entities may disclose protected health information in a judicial or administrative proceeding if the request for the information is through an order from a court or administrative tribunal, but such information may never be disclosed in response to a subpoena.

A. True

B. False


6. Which of the following is NOT one of the exceptions for a covered entity obtaining an individual’s authorization to use or disclose psychotherapy notes?

A. To defend itself in legal proceedings brought by the individual

B. For the legal activities of a law enforcement agency

C. To avert a serious and imminent threat to public health or safety

D. For HHS to investigate or determine the covered entity’s compliance with the Privacy Rules


7. A covered entity must make reasonable efforts to use, disclose, and request only the __________ amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.

A. Required

B. Necessary

C. Lowest

D. Minimum


8. Which of the following is an accurate statement about disclosures and requests for disclosures?

A. Covered entities must establish and implement policies and procedures for non-routine or non-recurring disclosures

B. For routine, recurring disclosures, or requests for disclosures that it makes, covered entities must develop criteria designed to limit disclosures to the information reasonably necessary to accomplish the purpose of the disclosure

C. Individual review of each disclosure is required

D. None of the above


9. Each covered entity, with certain exceptions, must provide a notice of its privacy practices. The notice must describe the ways in which the covered entity may use and disclose protected health information, must state the covered entity’s duties to protect privacy, provide a notice of privacy practices, and abide by the terms of the current notice.

A. True

B. False


10. A covered health care provider with a direct treatment relationship with individuals must deliver a privacy practices notice to patients:

A. Not later than the second service encounter by personal delivery

B. By posting the notice at each service delivery site in a clear and prominent place where people seeking service may reasonably be expected to be able to read the notice

C. In emergency treatment situations, the provider must furnish its notice as soon as the patient is admitted

D. All of the above


11. The covered entities in an organized health care arrangement must use individual privacy practices notice for each entity.

A. True

B. False


12. Individuals have a right to an accounting of the disclosures of their protected health information by a covered entity or the covered entity’s business associates, but the maximum disclosure accounting period is the five years immediately preceding the accounting request.

A. True

B. False


13. Covered entities need to analyze their own needs and implement solutions appropriate for their own environments, while adhering to all the following administrative requirements EXCEPT:

A. A covered entity must develop and implement written privacy policies and procedures that are consistent with the Privacy Rule

B. A covered entity must train all workforce members on its privacy policies and procedures, as necessary and appropriate for them to carry out their functions

C. A covered entity must designate a representative outside of the entity to be responsible for developing and implementing its privacy policies and procedures

D. A covered entity must mitigate, to the extent practicable, any harmful effect it learns was caused by use or disclosure of protected health information by its workforce


14. Legally separate covered entities that are affiliated by common ownership or control may designate themselves as a _______________ for Privacy Rule compliance.

A. Single covered entity

B. Affiliated entity

C. Hybrid entity

D. None of the above


15. In most cases, parents are the personal representatives for their minor children. All of the following are accurate statements about minors and the Privacy Rule EXCEPT:

A. As the minor’s representative, parents can exercise individual rights, such as access to the medical record, on behalf of their minor children

B. In certain exceptional cases, the parent is not considered the personal representative, and therefore is not legally authorized to make health care decisions on the minor’s behalf

C. When a parent is not considered the personal representative, the Privacy Rule defers to State and other law to determine the rights of parents to access and control the protected health information of their minor children

D. If State and other law is silent concerning parental access to the minor’s protected health information, a covered entity does not have discretion to provide or deny a parent access to the minor’s health information


Copyright © 2024 Quantum Units Education

Visit us at QuantumUnitsEd.com!