Step 2: HIPAA Compliance Certification Self-Test

---

Keep track of your answers on a separate sheet of paper.

1. Who is covered under HIPAA?

A. Clearinghouses

B. Healthcare Providers

C. Health Plans

D. All of the above

2. My friend and I go out to lunch every week, and she always  asks me “How’s work?” I tell her about the patients we have. I never  mention their names, so the patients are de-identified. That’s ok, right?

A. Yes

B. No

3. What can happen to a person who knowingly violates patient privacy for personal gain or malicious harm?

A. Disciplinary action

B. Loss of access privileges

C. Fines and penalties

D. Imprisonment

E. All of the above

4. Are members of the office who are not involved in a patient’s care allowed to review the patient’s chart out of curiosity?

A. Yes

B. No

5. What makes a good password?

A. Using a wide range of characters

B. Using mixed case in words

C. None of the above

D. All of the above

6. If someone forgets his log-in ID, can I let him use mine?

A. Yes, if he is an employee and you know him

B. Yes, if your supervisor says it is ok

C. No, sharing log-ins and passwords is a security violation

7. What are some things I can do to be more alert to Privacy and Security?

A. Keep patient information to myself

B. Report incidents

C. Activate a screen saver with a password

D. Improve your password strength and do not share it with anyone

E. Make sure your virus software is enabled

F. All of the above

8. What does “minimum necessary” mean?

A. I am only expected to complete the minimum requirements of my job

B. An employee’s access to PHI is limited to only what is needed to perform his/her responsibilities

C. Requests and disclosures of PHI are limited to what is needed to perform the task

D. A clinic is no longer allowed to provide information about patients to the media under any circumstances

E. Both B and C

9. Should I report a security or privacy violation?

A. No, that is a job for the police

B. Yes, but only the really serious ones

C. Yes, all employees have a responsibility to report suspected and  actual violations. Ask the supervisor about the proper reporting  procedures

10. How do you get rid of patient paperwork?

A. Use it as scratch paper

B. Throw it in the trash can

C. Have it shredded

11. Who is responsible for addressing patient complaints about privacy?

A. Privacy Officer

B. Safety Officer

C. Compliance Officer

12. True or False? Under HIPAA, a patient has the following rights:

- To receive a Notice of Privacy Practices?

- To see or receive a copy of his/her PHI?

- To ask for PHI to be sent to him/her in a different format?

- To receive a list of disclosures?

13. Are Consents and Authorizations the same?

A. Yes, they can be used interchangeably

B. No. Consents are used to get the patient’s permission to use or  disclose health information for treatment, payment or business  operations. Authorizations are used to obtain permission to disclose PHI for activities outside the realm of treatment, payment, or business  operations