HIPAA and HITECH Regulations

Questions and Answers

Which of the following best describes the impact of the Cryptolocker malware on the mental health clinic?

• It provided the clinic with more storage space
• It encrypted all the data housed on the clinic server (correct)
• It caused the clinic's email service to be suspended
• It flooded the employee's mailbox with emails

What was the clinic's response to the ransom demand?

• They attempted to decrypt the data themselves
• They contacted the authorities to report the extortion
• They paid the ransom to decrypt the data (correct)
• They ignored the ransom demand

What was one of the clinic's shortcomings in terms of data security?

• Lack of employee training
• Lack of backup files
• Lack of basic audit controls (correct)
• Lack of encryption software

Which type of safeguards are required by HIPAA security regulations to protect ePHI?

All of the above (D)

How many safeguards and implementation specifications are there for ePHI?

54 (B)

Who must designate a security official according to the security regulations?

Both CE and BA (B)

Which of the following is a potential danger of medical identity theft?

Clients may receive bills for someone else's treatment (B)

What is the approximate cost of a data breach per individual record?

$200 (D)

In which case was HIPAA successfully used as establishing the standard of care for handling client data?

Byrne v. Avery Center for Obstetrics and Gynecology (C)

Why is HIPAA compliance important for couple and family therapists (CFTs)?

To maintain client trust and the therapeutic relationship (A)

Under HIPAA, clients may have access to their own psychotherapy notes.

False (B)

State mental health laws are typically stricter than HIPAA.

True (A)

Ethical codes for mental health professionals often prioritize client confidentiality over legal requirements.

False (B)

Therapists should integrate state law into their Notice of Privacy Practices (NPP).

True (A)

According to HIPAA regulations, which of the following is considered protected health information (PHI)?

Any information related to physical or mental health (B)

Who is considered a covered entity (CE) under HIPAA regulations?

A health care provider (A)

What is the purpose of a business associate agreement (BAA) under HIPAA regulations?

To establish a working relationship between a CE and a BA (D)

What is the role of a privacy official under HIPAA regulations?

To oversee administration of and compliance with the privacy rules (B)

Which of the following is a required element in an authorization for the release of health information?

The patient's signature (A)

What is the purpose of an accounting of disclosures (AoD)?

To document unauthorized disclosures of PHI (B)

Which of the following is excluded from an accounting of disclosures (AoD)?

Disclosures made to the individual or their personal representative (B)

What was the largest breach of PHI at the time of this publication?

Anthem Blue Cross Blue Shield (B)

According to HIPAA regulations, psychotherapy notes are defined as notes recorded by a mental health professional during a private counseling session that are separated from the rest of the individual's medical record. What is NOT a characteristic of psychotherapy notes?

They can be used to substantiate billing (C)

Under HIPAA, what type of information is NOT considered psychotherapy notes and is not afforded special protection?

Summary information about the patient (D)

When can psychotherapy notes be disclosed without an authorization?

To avert a serious and imminent threat to public health or safety (C)

If a therapist is part of an integrated health care network and routinely shares psychotherapy notes with others, what happens to the heightened protection of those notes?

They lose their heightened protection (A)

Flashcards are hidden until you start studying