|
HIPS
Series >
Federal
and State Privacy Requirements > Quiz
How to
take this quiz
 The
questions are below. If you need to review, the course content
is here.
The correct answers, and explanations for why we believe
them to be correct, are provided here.
Please note that
Better Samaritan Hospital (BSH) and Big State University (BSU)
are fictional organizations. Any resemblance to existing institutions
or persons is purely coincidental.
• • • •
•
You
have been appointed the new Chief Privacy Officer for the
Big State University - Better Samaritan Hospital (BSU-BSH)
medical campus. Congratulations! The campus CEO calls you
in on your first day and starts asking you about privacy laws.
1.
The CEO's first question is : "Why do we need this federal
HIPAA law anyway?" What can you say?
A.
"Increasing use of electronic
records has raised privacy concerns, and the federal law is
designed to help."
B. "The
state health privacy laws that exist are not always good,
and the good ones are not always enforced."
C.
"Respecting privacy is just good business. It makes customers
(patients) more confident about getting care from BSU-BSH."
D. All of these.
•
• • • •
2. The
CEO wants to know who is covered by HIPAA.
You reply that it includes:
A. Health
care providers, health plans, and health information clearinghouses.
B. Health
care providers, health plans, and health information clearinghouses,
and any business associates of them that handle information.
C. Health
care providers, health plans, and health information clearinghouses,
their business associates,
and the workers for those organizations.
D. Pretty
much anything or anybody that handles health information of
any kind.
•
• • • •
3. The
CEO has heard that the definition of "protected"
health information under the HIPAA law is "anything related
to the past, present or future physical or mental health condition
of a person." But what does "anything" include?
A.
Health information in electronic information systems.
B. Health
information in electronic systems and in paper medical records
systems.
C.
Health information in electronic systems, paper medical records
systems, and in electronic mail or faxes associated with those
systems.
D. Health
information in any form or medium, as long as it is identified
(or identifiable) as a a particular person's information.
•
• • • •
4.
The
CEO wants to know about the "Notice of Privacy Practices"
that he sees all the patients carrying around. Which of the
following things that the CEO tells you about the Notice is
wrong?
A.
It's
designed to inform patients about their federal and state
privacy rights.
B.
Patients are supposed to have an opportunity to discuss any
privacy issues, particularly right after they receive their
Notice.
C.
Patients
are asked to sign an acknowledgement that they received the
Notice.
D.
Giving
the Notice to patients is optional.
•
• • • •
5.
What
are organizations covered by the federal HIPAA privacy law
expected to do?
A.
Protect the health information under their control.
B.
Train their workers in how to protect information.
C.
Help patients exercise their rights under the law -- such
as getting a copy of their records, correcting errors, and
learning who has seen their records.
D.
All of these.
•
• • • •
6.
The
CEO has heard that the HIPAA protections include something
called the "minimum necessary" standard. He wants
to know what that requires.
A.
Workers have to use reasonable caution every time they use
or disclose health information.
B. Workers
can only use or disclose the minimum necessary amount of health
information to accomplish a task.
C. Health
information can only be used or disclosed by workers for legitimate
work-related purposes.
D.
All of the above.
•
• • • •
7.BSU-BSH
has a top-ranked cosmetic surgery program, which attracts
patients from around the world. Some of the staff use the
online medical records system to check up on the big names
who've checked in -- to see what parts of the rich and famous
are getting improved. This is:
A.
Not illegal, as long as no
one tries to sell the information to the media, or tells someone
outside BSU-BSH.
B.
Not illegal, because famous people do not have the same health
privacy rights under federal and state laws.
C.
Not illegal, because this can be considered
an "incidental use or disclosure."
D.
Illegal, because there is no legitimate work-related purpose
for such access.
•
• • • •
8.
The
CEO likes that "incidental uses and disclosures"
exception, though he is disappointed to hear that it won't
cover the information leaks from the cosmetic surgery program.
He wonders what it will cover?
A.
It will cover true accidents, where
reasonable caution was otherwise used and there was no negligence.
B.
It will cover negligence, as long as it wasn't gross negligence.
C.
It will cover negligence, but only by physicians.
D.
It will cover anything that can be
labelled as an "accident."
•
• • • •
9. The
CEO doesn't like trouble-makers, and wants to know if persons
can be, um, er, "disciplined" for reporting a priivacy
problem or filing a complaint. You reply:
A.
"Sure, why not?"
B. "Federal
law prohibits intimidation or retaliation against patients
who report problems or file complaints, but workers can still
be disciplined."
C. "Federal
law prohibits intimidation or retaliation for reporting a
problem or filing a complaint -- and that applies to our workers
as well as our patients."
D. "Are
you nuts?"
•
• • • •
10. Speaking
of trouble, which of these provide severe penalties for deliberate
misuse of health information, particularly where there is
an intent to harm others or achieve personal financial gain?
A. Federal
law (notably, HIPAA).
B. State
laws.
C. Your
organization's institutional policies.
D. All
of these.
•
• • • •
The
correct answers, and explanations for why we believe them
to be correct, are provided here.
•
• • • •
More
information
|
