HIPAA Regulations and Risk Analysis Quiz

Questions and Answers

A risk analysis under the Security Rule is completed by?

The health care organization

If more than _____ records are compromised as a result of a hacker, the incident must be reported to the media.

500

When a _____ of patients' records is discovered, the health care organization must notify affected individuals and the Health and Human Services (HHS) agency and possibly the media.

Breach

What is a Covered Entity?

All of the above

Which of the following organizations has the authority to administer the Security Rule of HIPAA?

Health and Human Services Office of Civil Rights

While privacy is not directly expressed in the amendments to the Constitution, which of the following is one of the amendments that the U.S. Supreme Court has used to cover privacy issues?

3rd

A patient believes her privacy rights have been violated by a local hospital. Under HIPAA, the patient must?

file a written complaint with the Secretary of Health and Human Services through the Office of Civil Rights

A permission is defined as?

a reason under HIPAA for disclosing patient information

A provider may release information about a victim of abuse, neglect, or domestic violence under which permission of HIPAA?

public interest and benefit activities

An orthopedic surgeon refers his patients to a radiology facility owned by his brother. What law is potentially being violated?

Stark Law

In a physician's office, a sign-in sheet is permissible to use as long as?

you do not ask for the reason for the visit

The Health Information Technology for Economic and Clinical Health Act (HITECH) was part of what other law?

American Recovery and Reinvestment Act

The difference between an electronic medical record (EMR) and an electronic health record (EHR) is?

the EMR is a record from a single provider, an EHR is a more comprehensive record from all providers of care

The first federal law to specifically deal with the privacy of health care records was?

Health Insurance Portability and Accountability Act

Under the Federal False Claims Act, a citizen may?

file a claim on behalf of the federal government for false claims made for payment of health services

Under the Patient Protection and Affordable Care Act of 2010, insurance companies must do all of the following except?

cover children up to age 30 on their parents' health insurance policy

Which HIPAA standard requires providers and their business associates to put in place policies and procedures that ensure privacy of the health record?

Standard 2

Which HIPAA standard requires that all providers secure a national provider number?

Standard 4

Which law made significant changes to provisions in the Health Insurance Portability and Accountability Act?

American Recovery and Reinvestment Act

Which of the following is not a reason that Medicare fraud is difficult to estimate?

Health care claims are destroyed after two years

Which of the following statements is true about HIPAA Standard 2?

Protected Health Information (PHI) is any written, spoken, or electronic form.

Which of the following statements is true about the Patients' Bill of Rights?

no one universal government statute exists.

A breach under HIPAA is?

an unauthorized acquisition, access, use, or disclosure of personal health information

The federal agency charged with fighting waste, fraud, and abuse in Medicare, Medicaid, and 300 other Health and Human Services programs is the?

office of the inspector general

The use of the EHR to improve quality, engage patients, improve care coordination and maintain privacy and security is known as?

meaningful use

What is the reason for most breaches of confidentiality?

lost or stolen computer device

Which HIPAA standard requires providers to protect electronically transmitted and otherwise stored personal health information?

standard 3

Which HIPAA standard requires providers to use specific code sets?

standard 1

Which of the following is the term used to describe the protection that should be in place to protect the electronic health or medical record from outside intrusion?

firewall

How many HIPAA defined permissions exist?

six

Study Notes

Risk Analysis and Breaches

• Risk analysis under the Security Rule is conducted by the health care organization.
• If more than 500 records are compromised due to a hacker, the incident requires media reporting.
• A breach must be reported to affected individuals and the Health and Human Services (HHS) agency.

Covered Entities and Regulations

• Covered Entities include insurance companies, rehabilitation facilities, and hospitals.
• The Health and Human Services Office of Civil Rights oversees the Security Rule of HIPAA.

Privacy Rights and Complaints

• The U.S. Supreme Court has utilized the 3rd Amendment related to privacy issues.
• Patients can file a complaint with HHS if they believe their privacy rights are violated under HIPAA.

Permissions and Disclosure

• Permission under HIPAA allows the disclosure of patient information for specific reasons.
• Providers may disclose information about victims of abuse under public interest and benefit activities.

Legal Considerations

• The Stark Law may be violated if a physician refers patients to a relative’s facility.
• The first federal law regarding the privacy of health care records is the Health Insurance Portability and Accountability Act (HIPAA).

Health Information Technology

• HITECH, part of the American Recovery and Reinvestment Act, enhances health information technology.
• The difference between EMR and EHR: EMR is from a single provider, whereas EHR is comprehensive from all providers.

Fraud and Claims

• Citizens can file claims for false Medicare claims under the Federal False Claims Act.
• Medicare fraud estimation is challenging because health care claims are destroyed after two years.

HIPAA Standards

• HIPAA Standard 2 mandates policies for protecting health records’ privacy.
• Standard 4 requires providers to secure a national provider number.
• Standard 3 obliges providers to protect electronically transmitted health information.
• Standard 1 necessitates the use of specific code sets for billing and records.

Data Security

• A firewall is critical for protecting electronic health records from outside intrusions.
• Most confidentiality breaches result from lost or stolen computer devices.

Miscellaneous

• Six permissions defined by HIPAA outline conditions for the disclosure of health information.
• The concept of "meaningful use" refers to using EHR to improve patient care quality and security.

Description

Test your knowledge on HIPAA regulations, including risk analysis, breaches, and patient privacy rights. This quiz also covers the role of covered entities and the obligations under the Security Rule. Evaluate your understanding of legal permissions related to patient information disclosure.