HIPAA Privacy Rule Quiz

Questions and Answers

Which of the following statements best describes the HIPAA Privacy Rule?

• The HIPAA Privacy Rule is a federal statute governing health information confidentiality. (correct)
• The HIPAA Privacy Rule is a federal regulation governing health information confidentiality. (correct)
• The HIPAA Privacy Rule is a state regulation governing health information confidentiality.
• The HIPAA Privacy Rule is a state statute governing health information confidentiality.

Is HIPAA a federal statute?

True (A)

The HIPAA Privacy Rule does not regulate which of the following?

• Health plans
• Health care clearinghouses
• Health care providers that transmit health information in electronic form.
• None of the above. (correct)

Which of the following is not a 'health care provider' under the HIPAA Privacy Rule?

An attorney (e.g., Stacey Tovino) (C)

Which of the following falls within the definition of a 'covered entity' under the HIPAA Privacy Rule?

A self-insured group health plan that is self-administered and has 50 participants. (A)

Which of the following is not a 'provider of medical or health services' for the purposes of the HIPAA Privacy Rule's definition of 'health care provider'?

A home health agency (B)

Which of the following statements was true about a business associate (BA) before the enactment of the American Recovery and Reinvestment Act (ARRA)?

None of the above. (D)

Which of the following statements is true about a business associate (BA) after the enactment of the American Recovery and Reinvestment Act (ARRA)?

Both of the above. (C)

Which of the following individuals or institutions does not fall within the definition of a 'business associate' under the HIPAA Privacy Rule?

A reference laboratory that provides clinical diagnostic services. (C)

Which of the following organizational options allows a covered entity that is a single legal entity to apply the HIPAA Privacy Rule to only one part or some parts of its legal entity?

A hybrid entity that has both health care and non-health care components. (C)

The University of Oklahoma (OU) is a 'hybrid entity' under the HIPAA Privacy Rule.

False (B)

Flashcards are hidden until you start studying

Study Notes

HIPAA Privacy Rule Overview

• The HIPAA Privacy Rule is a federal regulation focusing on the confidentiality of health information.
• It is enacted by Congress and enforced by the Department of Health and Human Services (HHS).

Regulation Scope

• The rule regulates health plans, healthcare clearinghouses, and healthcare providers that transmit health information electronically.
• It does not oversee all state regulations regarding health information.

Definitions of Providers

• Health care providers under HIPAA include physicians, hospitals, and pharmacies.
• Attorneys are excluded from the definition of "health care providers."

Covered Entities

• A "covered entity" includes self-insured group health plans with 50 or more participants.
• Employers without health care components are not considered covered entities.

Business Associates Pre-ARRA

• Before 2009, business associates were regulated but not subjected to penalties under the HIPAA Privacy Rule.
• They were not directly regulated in the same way covered entities were.

Business Associates Post-ARRA

• After enactment of the American Recovery and Reinvestment Act (ARRA), business associates became directly regulated and could face both civil and criminal penalties for violations.

Definition of Business Associates

• A reference laboratory serving a covered physician does not qualify as a business associate.
• Lawyers providing malpractice defense and accountants handling billing for covered entities are examples of business associates.

Organizational Structures

• A hybrid entity can apply HIPAA Privacy Rule selectively to specific parts of its operations depending on its legal entity structure.
• An organized health care arrangement (OHCA) and a single affiliated covered entity (SACE) are alternative structures but do not provide the same selective application under HIPAA.