a. Health Information Portability and Accountability Act
b. Health Insurance Portability and Accountability Act
c. Health Insurance Protection and Activity Act
d. Home Information Protection and Accountability Act. - Answer-b. Health Insurance Portability and
Accountability Act
One primary change included in the HIPAA Omnibus Final Rule of 2013 requires a business associate of
the covered entity (physician practice) to sign a Business Associate Agreement with:
a. Subcontractors of professional associations
b. Subcontractors of business associates
c. Subcontractors of optometrists
d. Subcontractors of affiliated hospitals - Answer-b. Subcontractors of business associates
T/F. According to the regulations contained in the Omnibus Final Rule of 2013, a patient has the right to
receive a copy of his or her medical record in an electronic format if the associated provider utilizes
electronic health records. - Answer-True
Covered entities under HIPAA include:
,a. Lawyers
b. Health care providers
c. Health care facilities
d. Librarians
e. a and d.
f. b and c. - Answer-b and c.
Health care providers and Health care facilities
Protected Health Information (PHI) includes:
a. Demographic information on individuals
b. Insurance eligibility and coverage information
c. Billing records, claims data, referral authorizations
d. Medical records, diagnosis, genetic information, and testing
e. c and d
f. All of the above. - Answer-f. All of the above.
T/F. Entities covered under HIPAA are required to develop a Notice of Privacy Practices (NPP) and must
make these available to individuals accessing services through the entity. - Answer-True
Which of the following disclosures require signed permission from the individual whose PHI is being
requested?
a. Referrals to physicians
b. Consultations between physicians treating individuals
c. Information requested by an attorney without a subpoena
d. Information requested by insurance companies for payment purposes. - Answer-c. Information
requested by an attorney without a subpoena
,T/F. Patient names on a sign-in form are considered an intentional breach of PHI. - Answer-False;
incidental breach
T/F. Under the HITECH Act, the Breach Notification Act does NOT require notification to HHS of the
intentional or unintentional disclosure of PHI to unapproved entities on an annual basis unless the
breach has affected more than 500 individuals. - Answer-False
Notice of Privacy Practices (NPP) must be updated in 2013 to include which of the following?
a. Names of the owners of the covered entity
b. Names of companies that have access to PHI
c. Patient's right to restrict disclosures of PHI to a health plan when the patient pays out of pocket and in
full for the health care item or service.
d. Profitability of the covered entity. - Answer-c. Patient's right to restrict disclosures of PHI to a health
plan when the patient pays out of pocket and in full for the health care item or service.
If an individual or staff member has a complaint regarding the use of PHI, the individual must speak with
the facility's:
a. Manager
b. Owner
c. Maintenance coordinator
d. Privacy Officer
e. Chief Physician - Answer-d. Privacy officer.
Which of the following is NOT an administrative safeguard requirement?
a. Designating a privacy officer
b. Developing a cost analysis of HIPAA requirements.
c. Obtaining HIPAA-compliant business associate agreements for subcontractors
, d. Establishing procedures to prevent terminated employees from obtaining access to confidential
information after termination - Answer-b. Developing a cost analysis of HIPAA requirements.
Physical safeguards do NOT include which of the following?
a. Posting PHI on a white board in the facility
b. Storage of PHI in a secure place
c. Shredding of PHI
d. Use of surge-protectors - Answer-a. Posting PHI on a white board in the facility
Technical safeguards include which of the following?
a. Encryption of data
b. Computer system log-ins and passwords
c. Anti-virus software and firewalls
d. Information technology (IT) certification review
e. All of the above - Answer-e. All of the above
"Safe" computing includes which of the following?
a. Sharing passwords with other staff members
b. Remaining "logged on" always, to save time
c. Using email and the internet ONLY as allowed by practice protocols
d. Installing personal software on the computer - Answer-c. Using email and the internet ONLY as
allowed by practice protocols
T/F. Most elective care focused practices answer the telephone within one or two rings. - Answer-True
T/F. It is not necessary to give your name if you have already said the practice name in the greeting. -
Answer-False
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Zanaya. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $16.99. You're not tied to anything after your purchase.