Download HCCA - CHPC Exam Study Questions with 100% Correct Answers | Verified | Latest Update and more Exams Advanced Education in PDF only on Docsity! HCCA - CHPC Exam Study Questions with 100% Correct Answers | Verified | Latest Update WhatiisitheipurposeiofiHIPAA?i-iCorrectiAnswer- •iProtectiPHIifromiunauthorizedidisclosure/use; •iPreventifraud,iwasteiandiabusei(viaiAdministrativeiSimplification); •iMakeihealthiinsuranceiportableiunderiERISA; •iMoveihealthicareiontoiainationallyistandardizedielectronicibillingiplatf orm Ref.ihttps://quizlet.com/6202453/hcca-chpc-overview-flash-cards/ MoreioniHIPAA:ihttps://www.hhs.gov/hipaa/index.html HIPAAiresidesiiniwhichiCFRisection?i-iCorrectiAnswer- 45iCFRisectionsi164.102ithroughi164.534 https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 164 WhatiareitheisubpartsiofiHIPAAiparti164?i-iCorrectiAnswer-HIPAAi- i45iCFRi164,isubparts: SubpartiAi-iGeneralirules SubpartiCi-iSecurity SubpartiDi-iBreachinotification SubpartiEi-iPrivacy https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 164 Howidoiyouidetermineiifianiorganizationiisiai"CoverediEntity"?i- iCorrectiAnswer- 1.icompareiifitheiorganizationimeetsioneiofithei3itypesiofiCEi(provider,ih ealthiplan,iclearinghouse) and 2.idetermineiifitheiorganizationielectronicallyitransmitsioneiofithei9idefi neditransactions: •iHealthiclaimsioriequivalentiencounteriinformation •iHealthiclaimsiattachments •iEnrollmentiandidisenrollmentiiniaihealthiplan •iEligibilityiforiaihealthiplan •iHealthicareipaymentiandiremittanceiadvice •iHealthiplanipremiumipayments •iFirstireportiofiinjury •iHealthiclaimistatus •iReferralicertificationiandiauthorization ACEiexample:iaihealthisystemicomposedioniseveraliaffiliatedihospitals. BothitheiOHCAianditheiACEiwouldiallowisharingiofiPHIiacrossiparticipati ngientityilinesiforitreatment,ipayment,ioperationsipurposesi(TPO). What'siaiHybridiEntity?i-iCorrectiAnswer- Entityithaticonductsibothicoveredifunctionsi(orihealthcare- functions)iandinon-coveredifunctionsi(otheribiz/non- healthcareifunctions)itoielectitoibeiai"hybridientity." Foriinstance,iaiUniversityiSystemithatihasiairesearchilaboratoryioriacade micimedicalicenter. Theipost-secondaryifunctionsi(non- healthcareicomponents)idoiNOTineeditoicomplyiwithiHIPAA. Theiresearchilab/medicenterifunctionsi(healthcareicomponent)ineedsit oicomplyiwithiHIPAAiprovisionsitoiprotectitheiuse/disclosureiofiPHIiinvo lved. https://www.hhs.gov/hipaa/for-professionals/faq/315/when-does-a- covered-entity-have-discretion-to-determine-covered- functions/index.html#:~:text=For%20example%2C%20a%20hybrid%2 0entity,hybrid%20entity's%20health%20care%20component. https://privacyruleandresearch.nih.gov/pr_06.asp Theitransmissioniofiinformationibetweenitwoipartiesitoicarryioutifinanc ialioriadministrativeiactivitiesirelateditoihealthicareiisicalled:i- iCorrectiAnswer-Transactioni(healthcareitransaction). Fewiexamplesiofihealthcareitransactions: healthcareiclaims; coordinationiofibenefits; healthiplanipremiumipayments; remittanceiadvicei(oriETF,ielectronicifunditransfer); referralicertificationiandiauthorization WhatiareiexamplesiofiaiBA?i-iCorrectiAnswer-BAi(BusinessiAssociate)i- iperformsifunctionsioriactivitiesionibehalfiofiaicoveredientityithatiinvolv eiaccessibyitheibusinessiassociateitoiprotectedihealthiinformation. Examples: claimsiprocessing dataianalysis billing benefitimanagement qualityiassurance qualityiimprovement practiceimanagement legal actuarial accounting accreditation otheriadministrativeiservices https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/business-associates/index.html TrueioriFalse: Aihospitaliisinotirequireditoihaveiaibusinessiassociateicontractiwithitheis pecialistitoiwhomiitirefersiaipatientianditransmitsitheipatient'simedicalic hartiforitreatmentipurposes.i-iCorrectiAnswer-TRUE Remember,iuseiandidisclosureiofiPHIiforipurposesiofiTPOirequiresinoisp ecificiauthorization TrueioriFalse: BusinessiAssociatesiAfteriHITECH: HITECHimadeibusinessiassociatesidirectlyiresponsibleiforiHIPAAicomplia nceiwithinitheiriindividualibusinessesithatiwouldinotiotherwiseibeisubje ctitoiHIPAAiregulationsiandipenaltiesi-iCorrectiAnswer-TRUE Eveniifinoiwrittenicontractiexistsibetweenitheicoveredientityiandiaicontr actedicompanyiperformingiservicesirelateditoihandlingiPHIiinisomeifor m,itheicompanyiisideemediaibusinessiassociateibyilaw.iThisideemedistat usiessentiallyiclassifiesicontractedivendorsioriindividualsiasibusinessiass c.iHIPAAipreemption d.iHIPAAistateilawi-iCorrectiAnswer-c.iHIPAAipreemption WhatiisitheiintentiofiHIPAA? a.istandardizeihealthcareibillingiandicodingitoicomplyiwithinationaliacco untingiprinciples b.iincreaseipaymentifromiprovidersigivenitheirisingicostiofihealthcareian difraudiviolations c.iallowigroupihealthiplansicollectipremiumsiafteriindividualihasileftiaijo b/employer d.iimproveihealthcareiprogramsiandidataiflowibetweeniprovidersitoidat aimineiforifraudulentibehaviori-iCorrectiAnswer- d.iimproveihealthcareiprogramsiandidataiflowibetweeniprovidersitoidat aimineiforifraudulentibehavior TheiintentiofiHIPAAiisitoiimproveihealthcareiprogramsianditheideliveryio fiservicesithroughitheitwoilargestihealthiplansiinitheiU.S.,iThisiisiaccompl ishedibyiimprovedidataiflowsithatileadsitoibetterioutcomesiusingination alistandardsiformatsiandispecificitransactionsitoiincreaseiaccuracyiandir apidiwayitoidataimineiadidetectifraudulentibehavior. TheispecificidataiflowsiareioutlinediinitheiTransactioni&iCodeiSetiRulesi4 5iCFRi162.100i-i162.1902 https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 162 TrueioriFalse: Aiphysicianiisirequireditoihaveiaibusinessiassociateicontractiwithiailabor atoryiasiaiconditioniofidisclosingiprotectedihealthiinformationiforitheitr eatmentiofianiindividual.i-iCorrectiAnswer-FALSE Remember,iuseiandidisclosureiofiPHIiforipurposesiofiTPOirequiresinoisp ecificiauthorization TrueioriFalse: Aihospitalilaboratoryiisinotirequireditoihaveiaibusinessiassociateicontrac titoidiscloseiprotectedihealthiinformationitoiaireferenceilaboratoryiforitr eatmentiofitheiindividual.i-iCorrectiAnswer-TRUE Remember,iuseiandidisclosureiofiPHIiforipurposesiofiTPOirequiresinoisp ecificiauthorization TrueioriFalse: Researchiuse/disclosureiwithiindividualiauthorizationidoesinotiexpireio ricontinueiuntilitheiendiofitheiresearchistudyi-iCorrectiAnswer-TRUE https://www.hhs.gov/hipaa/for-professionals/special- topics/research/index.html TrueioriFalse: Researchiuse/disclosureiwithiindividualiauthorizationimayibeicombined iwithianiauthorizationiforiaidifferentiresearchiactivityiifiresearchirelatedi treatmentiisiconditionedionitheiprovisioniofioneiofitheiauthorizationsi- iCorrectiAnswer-TRUE https://www.hhs.gov/hipaa/for-professionals/special- topics/research/index.html TrueioriFalse: Researchiuse/disclosureiwithiindividualiauthorizationimayibeicombined iwithiotherilegalipermissionioriconsentitoiparticipateiinitheiresearchi- iCorrectiAnswer-TRUE https://www.hhs.gov/hipaa/for-professionals/special- topics/research/index.html TrueiofiFalse: Isiitipossibleiforiaifacilityiwithimultipleiproviderifunctionsitoihaveicertain iisolatediprovidersiorigroupsiwhoiareisubjectitoiParti2,iwhileitheifacilityia siaiwholeiisinotisubjectitoiParti2.iForiexample,iailargeifacilityimayihaveipr imaryicareiprovidersiandiaiseparateiunitithatiprovidesiSUDiservices.i- iCorrectiAnswer-TRUE Explanation: TheiSUDiunitiisisubjectitoiParti2,ibutitheirestiofitheifacilityiisinot. ref.iHCCAiprivacyihandbooki3rdied.i"PrivacyiActi1974"isection WhatiisiairesearchiIRB? 1.iInstitutionaliResearchiBoard 2.iAigroupiofiexecutivesithatireviewialliresearchiactivitiesiconductedibyit heiBoardiofiDirectors 3.iAigroupiofiindividualsithatireviewiproposediresearchitoiprotectitheipri vacyiofisubjects 4.iCanimakeichangesitoitheiresearchiorialteriitsicontentiasitheyiseemedia ppropriatei-iCorrectiAnswer- 3.iAigroupiofiindividualsithatireviewiproposediresearchitoiprotectitheipri vacyiofisubjects Aniindividualimustiauthorizeitheseimarketingicommunicationsibeforeit heyicanioccur,iexcept: a.iwhenitheicommunicationiisinotiforitheipurposeiofiprovidingitreatmen tiadvice b.icommunicationifromiaihealthiinsureritoipromoteitheiriproducts/servi ces c.icommunicationiinitrainingimaterialiusingitheiriphoto d.ihospitaliusesiitsipatientilistitoiannounceitheiarrivaliofiainewispecialtyig roupiinigeneralimailingi-iCorrectiAnswer-Except: d.ihospitaliusesiitsipatientilistitoiannounceitheiarrivaliofiainewispecialtyig roupi Thisiactivityidoesinotimeetithei"marketing"idefinition,iforiinstance,ithei disclosureiofiPHIiinithisiexampleiisinotiforiexchangeiofiremuneration,iorit oiencourageiuseiofiproduct,ipromoteiservices. https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/marketing/index.html TrueioriFalse: Itiisiimportantithatiwhenicontractingiwithipayersiorihealthiplansitheyifol lowinotionlyitheiHIPAAisecurityibutialsoitheiprivacyiruleitoiprotectibenef iciariesiPHIiincludingiuse/disclosureiduringipayer'simarketingiactivitiesi- iCorrectiAnswer-TRUE WhichiofitheifollowingirequiresiaiBusinessiAssociateicontract/agreeme nt: a.iindependentimedicalitranscriptionist b.ientitiesithatiparticipateiinianiOHCAi(organizedihealthcareiarrangeme nt) c.iwheniaiproviderisimplyiacceptsiaidiscountedirateitoiparticipateiinithei healthiplan'sinetwork d.iUSiPostaliServicesioriprivateicarriersi-iCorrectiAnswer- a.iindependentimedicalitranscriptionist explanation:ithisiisianioutsourcediserviceithatihandlesiPHIionibehalfiofit heiCE.iTheitranscriptionistiisiperformingianiactivityiforitheiCEithaticontai nsiPHIiandiaiBAAiisirequireditoiensureiproperiuseiandidisclosure. https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/business-associates/index.html Isiaicoveredientityirequireditoiprovideinoticeitoiindividualsiaboutiitsidisc losuresiofiPHIitoiaiPHAiforipublicihealthipurposes?i-iCorrectiAnswer-Yes. Thisiisiinitheicoveredientity'siNoticeiofiPrivacyiPracticesi(NPP). TheiPrivacyiRuleirequiresiaicoveredientityitoiincludeiiniitsiNPPiaidescripti oniofitheipurposes,iwhichiwouldiincludeipublicihealthipurposes,iforiwhic hitheicoveredientityimayiuseioridiscloseiPHIiwithoutianiindividual'siauth orization. However,itheiPrivacyiRuleidoesinotirequireiaibusinessiassociatei(suchiasi aniHIEithatiisiaibusinessiassociate)itoiprovideiindividualsiwithiaiNPP. TrueiofiFalse: OHCAsiandiACEsiareiableitoiproduceiaijointiNoticeiofiPrivacyiPracticei(N PP)i-iCorrectiAnswer-FALSE Explanation: OHCAsiareijointiarrangements,ihaveianiIntegratediDeliveryiSystem,iandi thereforeiagreeitoiabideibyitheitermsiofitheinoticeiwithirespectitoiPHIicr eatediorireceivedibyitheicoveredientityiasipartiofiitsiparticipationiinithei OHCA.i AiCoverediEntityimayideniedianiindividualiaccessitoitheiriPHIiunderispeci ficicircumstancesisetiforthiini45iCFRi164.524i(a)(2),iwhichiofitheifollowin gidoesn'tifalliunderithoseicircumstances: a.iRequestiforipsychotherapyinotes b.iifiitijeopardizesitheihealth,isafety,isecurity,irehabiofiindividuali(e.g.iin mate's'irequest,isuicidalipatient) c.iduringitheicourseiofiresearch/clinicalitrial d.itoirequestirestrictionsiofitheiriPHIi-iCorrectiAnswer- a.iRequestiforipsychotherapyinotes UnderitheiHIPAAiPrivacyiRule,iindividualihasitheirightitoirequestiaicopy,i aniamendmentiandirestrictionsitoitheiriPHI,irequesticonfidentialicomm unicationsiinvolvingiyouriPHI,iandilistiofidisclosures.iSeei45iCFRi§i164.52 4i(a)(2) https://www.hhs.gov/hipaa/for-professionals/faq/2046/under-what- circumstances-may-a-covered-entity/index.html https://www.hhs.gov/hipaa/for-professionals/privacy/laws- regulations/index.html 38iU.S.C.i7332idealsiwithiconfidentiallyiofipatientimedicalirecordiinform ationirelatedito: a.idrugiabuse,isexuallyitransmittedidiseases,iandituberculosis b.iHIV/AIDSistatus c.idrugiabuse,ialcoholism,iinfectioniwithitheiHIVivirus,iandisickleicelliane mia d.imentaliillness,iHIVistatus,idrugiandialcoholiabusei-iCorrectiAnswer- c.idrugiabuse,ialcoholism,iinfectioniwithitheiHIVivirus,iandisickleicelliane mia TrueioriFalse: TheiMinimumiNecessaryiisiaikeyiconceptiunderitheiHIPAAisecurityirulei- iCorrectiAnswer-FALSE ItiisiaikeyiconceptiunderitheiPRIVACYiRule. Re:iHIPAAiAuthorization Isithereianyiinformationiweicanireleaseitoiaipersoniwhoiisicallingionibeh alfiofiaipatientiwhoiisinotiauthorizediiniaireleaseiform?i-iCorrectiAnswer- Patientimustibeigiveniani"opportunityitoiagreeioriobject"ikeepingiinimin d: 1.iyouicaniobtainipatient'siagreementiverbally,ioveritheiphone,iBUTimak esinotesiinifile 2.ionlyidiscloseitheiMinimumiNecessary https://thehipaaetool.com/hipaa-authorization-required/ Re:iHIPAAiAuthorization Whenimyipatientsiareibeingitreatediforicariaccidentiinjuries,iweioftenire ceiveirequestsiforiPHIifromilawyers.iIiaminotisureiifiweishouldiprovideith eiinformationiandidon'tiknowihowitoidecideiwhetheritheirequestiisilegiti mate. Howidoiweivalidateitheirequestiisilegitimate?i-iCorrectiAnswer- EnsureiisiaivalidiHIPAAiauthorization: MUSTihaveitheiauthorizationi6icoreielementsiandi3ikeyistatementsiasip eri45iCFRi§i164.508i(c)(1)iandi(2) https://www.law.cornell.edu/cfr/text/45/164.508 Re:iHIPAAiAuthorization Oneiofimyilongitermi(dental)ipatientsiwasirecentlyidiagnosediwithicance r.iHisinewioncologist'siassistanticalleditoirequestihisiPHIifromiourifiles.iIi don'tiknowiifitheipatientiknowsiorihasiauthorizedithis. Canitheirequestibeifulfilled?i-iCorrectiAnswer- YES,inoiauthorizationiisirequirediforipurposesiofiTPO.i But,iensureitheirequestiisiiniwritingiincluding: CoverediEntity'siname; Patient'siname;i Dateiofitheievent/timeiofitreatment;iandi Reasoniforitheirequest. https://thehipaaetool.com/hipaa-authorization-required/ https://www.hhs.gov/hipaa/for-professionals/privacy/special- topics/de-identification/index.html What'sitheiMinimumiNecessary?i-iCorrectiAnswer- Use/discloseilimitediPHIitoiaccomplishitheiintendedipurposeiofitheiuse,i disclosure,iorirequest. https://www.hhs.gov/hipaa/for-professionals/privacy/laws- regulations/index.html TheiMinimumiNecessaryiDOESiNOTiapplyito?i-iCorrectiAnswer- doesinotiapplyito: TPO Toitheiindividualidirectly ToitheiHHSiSecretaryiorirequiredibyilaw Wheniauthorizationiisigranted WhereidoesiMinimumiNecessaryilinkitoiinitheiSecurityirule?i- iCorrectiAnswer-RoleiBasediAccessi- icanicontentifiltersibeiuseditoisupportitheiprivacyiconcept WhoicaniDeceasediIndividualsiinformationibeireleaseditoiatianytime?i- iCorrectiAnswer- coronersiorimedicaliexaminersi(andiFuneraliDirectorsiasinecessaryitoica rryioutitheiridutiesiwithirespectitoitheidecedent) https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 164/subpart-E/section-164.512 PreemptioniunderiHIPAAimeansi-iCorrectiAnswer- Federalilawistatesithatiitipreemptsiorioverridesi(supersedes)istateilawio niaiparticulariissue,ithenifederalilawiisitheilawithatimustibeifollowed.i Inigeneral,iHIPAAipreemptsistateilawithatiisi"contrary"itoitheifederalirul e.i Inimanyicases,icomplyingiwithitheistrongeristandardi(moreistringent)iwi lliallowiyouitoicomplyiwithibothistateilawiandiHIPAA.i Examplei1:iifistateilawigivesiaiprovideri10idaysitoiresponditoiaipatient'sir equestiforiaicopyiofihisimedicalirecords,iandiHIPAAiallowsi30idays,iyouic anicomplyiwithibothistateiandifederalilawibyirespondingiwithini10idays. Examplei2:iifistateilawirequiresilongeriperiodiforirecordikeepingithanithe ifederalilaw,ithenigoiwithitheilongeriperiod. https://library.ahima.org/doc?oid=59816#.YlTLkOjMI2w ValidiAuthorizationicoreielementsi(seei45iCFRi§i164.508(c)(1)):i- iCorrectiAnswer- 1.imeaningfulidescriptioniofitheiinformationitoibeidisclosed 2.inameiofitheiindividual/personiauthorizeditoimakeitheirequestedidiscl osure 3.inameioriotheriidentificationiofitheirecipientiofitheiinformation 4.idescriptioniofieachipurposeiofitheidisclosure 5.iexpirationidateiforitheiauthorization 6.isignatureiandidateiofitheiindividualioritheiripersonalirepresentativei(s omeoneiauthorizeditoimakeihealthicareidecisionsionibehalfiofitheiindivi dual) https://www.law.cornell.edu/cfr/text/45/164.508 and https://www.hhs.gov/hipaa/for-professionals/special- topics/emergency-preparedness/authorization/index.html ValidiAuthorizationi3ikeyistatementsi(seei45iCFRi§i164.508(c)(2)):i- iCorrectiAnswer- TheistatementsiareitoibeiincludediiniaivalidiAuthorization: •iAistatementiofitheiperson'sirightitoirevokeitheiauthorization,iexceptio nsitoithisiright,iandiaidescriptioniofihowitoirevoke: •iAistatementithatitreatment,ipayment,ienrollmentiorieligibilityiforiben efitsimayiNOTibeiconditionediuponisigningitheiauthorization; •iAistatementiregardingitheipotentialithatitheiinformationidisclosedipur suantitoitheiauthorizationimayibeire- disclosedibyitheirecipientiand,iifiso,iitimayinoilongeribeiprotectedibyiaife deraliconfidentialityilaw; /disclosuresi(incidental/inadvertent/unintentional)i-iCorrectiAnswer- Confidentiality,iintegrity,iavailabilityi Note:iAccidentali- imustibeireported.iAniaccidentaliHIPAAiviolationirefersitoitheiunauthori zedidisclosureiofiPHIi(protectedihealthiinformation)iwithoutiintent.iDes piteihavingisafeguardsiandiprotectiveimeasuresiiniplace,ithereiisistilliaip ossibilityiofibreachingiHIPAAiregulations.iTheseitypesiofiviolationsicould iincludeianiemployeeiaccidentallyiseeingiaidifferentipatient'simedicalire cords,ianiemailibeingisentitoitheiwrongipersonioritheilossioritheftiofiaiper sonalideviceithaticontainsiPHI.ihttps://www.hipaajournal.com/acciden tal-hipaa-violation/ ResearchiHIPAAiWaivericriteria:i-iCorrectiAnswer-ResearchiWaiver Iniorderiforiresearchitoibeiconducted,iitimustimeetiaiminimumisetiofiwai vericriteriaielements.iElementsithatimustibeimetitoimeetiwaviericriteriai are:i 1)itheiuseioridisclosureiforitheiresearchiinvolvediminimumiriskitoitheipat ient;i 2)itheiresearchicouldinotibeiconductediwithoutiproperiaccessitoitheiwai veribeingiapproved;iandi 3)itheiresearchicouldinotibeiconductediwithoutiproperiaccessitoitheiusei ofitheiPHI.i45iCFRi164.512i(i)(2) What'simaliciousisoftware?i-iCorrectiAnswer- malware,iisisoftwareithatiisiuseditoicontrolioritakeioveriapplications,iwo rkstations,ioriservers,idamage/disruptiaisystem. SeeiSecurityiRule,idefinitionsi-i45iCFRi164.304 https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 164/subpart-C/section-164.304 AicoveredientityimayiuseioridiscloseiPHIiforiTPO...whatidoesiTPOistandif ori-iCorrectiAnswer-Treatment Payment HealthiCareiOperations TrueioriFalse: Payer/healthiplansiareialloweditoiuse/discloseibeneficiary'siPHIiiniactivi tiesisuchiasilegaliservices,imedicalireview,iandifraudiandiabuseidetectio ni-iCorrectiAnswer-TRUE AiproviderireceivesiairequestifromitheiSocialiSecurityiAdministrationifori PHIirelatingitoiaiperson'siapplicationiforibenefits.iWhichiofitheifollowing iisitheicorrectimethodiofirelease? A.iSinceiitiisitoiaifederaliagency,ianiauthorizationifromitheipatientiisinoti needed,isoiPHIicanibeireleased. B.iTheiproviderishouldireviewitheiPHIiandimakeiaidecisionionitheiminim uminecessaryiandirelease. C.iTheiproviderishouldinotifyitheipatientiandiobtainiaisignediauthorizati oniprioritoirelease. D.iReleaseitheiinformationibecauseitheipatientisignediaiconsentiforitrea tment.i-iCorrectiAnswer- C.iTheiproviderishouldinotifyitheipatientiandiobtainiaisignediauthorizati oniprioritoirelease Alsoiknowniasithei"StimulusiAct"iorithei"RecoveryiAct",ienactediini2009 ;iitsimainipurposeiwasitoicreateijobsiandistimulateieconomicigrowth;iitia lsoiincludediprovisionsitoipromoteihealthiinformationitechnologyi- iCorrectiAnswer-AmericaniRecoveryiandiReinvestmentiActi(ARRA) C.I.A.i(HIPAA)istandsifor?i-iCorrectiAnswer- Confidentialityi(notiavailableioridiscloseditoiunauthorizediperson) Integrityi(unalteredioridestroysiiniunauthorizedimanner)) Availabilityi(accessibleiandiusableibyiauthorizediperson) https://www.hhs.gov/hipaa/for-professionals/security/laws- regulations/index.html Comprehensiveilegislationithatiensuresiaccessitoihealthicoverageiforith oseiwhoichangeijobsioriareitemporarilyioutiofiwork.iItialsoiprovidesithei mechanismiforifundingitheiDepartmentiofiJusticeianditheiFBIiforihealthic areifraudiinvestigationsi-iCorrectiAnswer- HealthiInsuranceiPortabilityiandiAccountabilityi(HIPAA) Ref.ihttps://oig.hhs.gov/reports-and-publications/hcfac/index.asp InicasesiwhereiCEiisimakingiFundraisingicommunicationsitoiindividuals,i theiindividualimustibeiprovidediwithianiOpportunityitoiObject/Electitoir eceiveisuchicommunicationsi(anditoioptibackiifiindividualichangesiher/h isiopinion)i-iCorrectiAnswer-TRUE CoverediEntityicaniuseioridiscloseiPHIibyithesei4iareas:i-iCorrectiAnswer- 1.iforitreatment,ipayment,ihealthcareioperationsi(TPO) 2.iforipubliciinterestiinidisasterireliefioripubliciemergency 3.iwithianiopportunityitoiobjecti(i.e.ispouseipickingiupiRx) 4.iwithiauthorizationigranted Coveredientityiincludes:i-iCorrectiAnswer-•iHealthiplani(payers) •iHealthicareiclearinghousei(processihealthiinformationiintoistandardid ataielementsionibehalfiofitheiCE) •iHealthicareiprovideriwhoitransmitsianyihealthiinfoiinielectroniciform AND •iCE'sibusinessiassociatei(wheniapplicable) WhatiisiaiControllingiHealthiPlani(CHP)?i-iCorrectiAnswer- Healthiplanithaticontrolsiitsiownibusiness,iactions,iactivities,iandipolicie s; Controlsitheisubhealthiplani(SHP). ThisiappliesitoistateiMedicaidiplans.iForiinstance,itheiCHCiisitheistateiMe dicaid,ianditheiSHPiwouldibeitheilocaliadministrator. Re:iHCCAiPrivacyiComplianceiHandbook Describeiwhatitoidoiwithiai"required"iimplementationispecificationi- iCorrectiAnswer-Implementitheispecificationiasipresented Describeiwhatitoidoiwithiani"addressable"iimplementationispecificatio ni-iCorrectiAnswer- Implementiasipresented,ioriifinotireasonableiandiappropriateiimplemen tianiequivalentialternativeimeasure. DesignatediRecordiSeti(DRS)i-iincludes:i-iCorrectiAnswer- GroupiofirecordsimaintainedibyioriforiaiCoverediEntityithaticomprisesith eifollowing: 1.imedical/billingsirecords 2.ienrollment/payment/claimsiadjudication/caseimanagementibyiheal thiplan 3.iotherirecordsiusedibyioriforicoveredientityitoimakeidecisionsiaboutiin dividuals DesignatediRecordiSeti(DRS)i-irecordsiexcludedifromiDRS:i- iCorrectiAnswer- Administrativeidatai(audititrails,iappointmentischedules,ithatidon'tiimb ediPHI). Incidentireports. QualityiAssuranceiData. Statisticalireports. DVDimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Shreddingiandicutting FewiotheriexamplesiforiuseioridisclosureiofiPHIiotherithatiTPO:i- iCorrectiAnswer- Publicihealthiinterest,iresearch,iseriousithreat,iorgan/tissueidonationid ecedentiinformation,iworker'sicompensationiinsurers. Giveiexamplesiofiadministrativeisafeguardsi-iCorrectiAnswer- •iPoliciesiandiprocedures •iTrainingiandieducation •iDesignationiofiindividualsi(Ex.iSecurityiOfficer) •iContingencyiPlanning Giveiexamplesiofiphysicalisafeguardsi-iCorrectiAnswer- •iFacilityisecurityioriaccessiplan •iDisposaliprocessesiandimediaireuse •iDataibackupiandistorage Giveiexamplesiofitechnicalisafeguardsi-iCorrectiAnswer-•iPasswords SecurityiRuleiDocumentationirequirements:ihowilongidoesitheiCEimusti maintainiwrittenirecordsifor?i-iCorrectiAnswer- atileasti6iyearsifromidateirecordsiwasicreatediorieffectiveidate RiskiAssessmentitoidetermineiLoProCo:i-iCorrectiAnswer- 1.iNatureiandiextentiofiPHIiinvolvediincludingitypeiofiidentifiersiandilike lihoodiofireidentification; 2.iTheiunauthorizedipersoniwhoiuseditheiPHIioritoiwhomitheidisclosurei wasimade; 3.iWhetheritheiPHIiwasiactuallyiacquiredioriviewed;iandi 4.iTheiextentitoiwhichitheiriskitoitheiPHIihasibeenimitigated. HITECHiisipartiofiwhat?i-iCorrectiAnswer- AmericaniRecoveryiandiReinvestmentiActi(ARRA) HowilongiisiPHIiprotectediafteritheiperson'sideath?i-iCorrectiAnswer- 50iyears HowimanyiidentifiersiareilistediinitheiHIPAAiPrivacyiRules?i- iCorrectiAnswer-18 LaseriDiscsimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Pulverizing LevelsiofiConfidentialityi-iCorrectiAnswer-Confidential Anonymous NeeditoiKnow MagneticiTapeimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Demagnetizing Methodsitoide-identifyiPHIi-iCorrectiAnswer- ExpertiDeterminationi(Statistical)ide-identification Safeiharborimethod Microfilmimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Recyclingiandipulverizing Nameitheiprocessiofiidentifyingipotentialisecurityirisksiandideterminingi theiprobabilityiofioccurrenceiandimagnitudeiofirisks.i-iCorrectiAnswer- RiskiAnalysis Pathiori7istepsitoiHIPAAiCompliance:i-iCorrectiAnswer- 1.iPerformicomprehensiveiriskiandisecurityianalysis 2.iIdentifyithreatsiandivulnerabilities 3.iSelectiandidevelopisafeguards 4.iCreateipolicies,iprocedures,iandipractices 5.iTrainitheistaff 6.iImplementiallisafeguards 7.iManage,imonitor,iandimodify Paperimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Burning,ishredding,ipulverizing,iandipulping PermissionsiandiRequirediunderitheiHIPAAiruleiareiNOTitheisameithing.i Explaini-iCorrectiAnswer- "Permissions"icanistillibeidenied,iandi"Required"iisimandatory PHIioriprotectedihealthiinformationithatiisicollectedibyianiindividualiorir eceivedibyiaicoveredientityicanibeiusedioridisclosedibyitheseifouriareas.i Nameithem.i-iCorrectiAnswer-1-iTPOi(Tx,iPymt,iHealthcareiOperations) 2-ipubliciinterest/publicicrisisioriemergency 3-withianiopportunityitoiobjecti 4-authorization,ipermissionigranted Privacyiincidenticategoriesi-iCorrectiAnswer- Unintentionalioriinadvertentiviolationi(accidental); Failureitoifollowiestablishedipoliciesiandiprocedures; Deliberateioripurposefuliviolationiwithoutiharmfuliintent; Willfuliandimaliciousiviolationiwithiharmfuliintent. TheiSocialiSecurityiActiSectioni1128C(a),iasiestablishedibyithei___i___i__ _iandi___iAct,icreateditheiHealthiCareiFraudiandiAbuseiControliProgram Aniindividualigoesitoiaihospitaliemergencyidepartmentiwhileiexperienci ngicomplicationsirelateditoiaimiscarriageiduringitheitenthiweekiofipregn ancy.iAihospitaliworkforceimemberisuspectsitheiindividualiofihavingitak enimedicationitoienditheiripregnancy.iStateioriotherilawiprohibitsiaborti oniafterisixiweeksiofipregnancy. Isitheihospitalirequireditoireportiindividualsitoilawienforcement? a.iyes,ihospitaliisirequireditoidoisoiIFistateilawiexpresslyirequiresisuchire porting b.ino,ithisiwouldibeiimpermissibleiandiconstituteiaibreachiregardlessiofi stateilawirequirementsi-iCorrectiAnswer- a.iyes,ihospitaliisirequireditoidoisoiIFistateilawiexpresslyirequiresisuchire porting. ForiinstanceiLouisianaiisioneiofi28istatesithatirequireitheireportingiofiab ortionicomplications,ieveniifitheiprocedureiwasidoneilegallyiforimedicali reasons. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi- reproductive-health/index.html#footnote10_jc1ucm2 Re:iPrivacyiandiReproductiveiHealthiCare Ailawienforcementiofficialigoesitoiaireproductiveihealthicareicliniciandir equestsirecordsiofiabortionsiperformediatitheiclinic. Woulditheiclinicibeirequireditoifulfillitheirequest? a.iyes,icliniciisirequireditoidiscloseiPHIiwithoutipatient'siauthorizationitoi anyilawienforcementiwithoutiquestion b.ino,iitiwouldibeiimpermissibleiandiconsiderediaibreach,iunlessitheireq uestiisiaicourtiorderioriotherimandateienforceableiiniaicourtiofilawi- iCorrectiAnswer- b.ino,iitiwouldibeiimpermissibleiandiconsiderediaibreach,iunlessitheireq uestiisiaicourtiorderioriotherimandateienforceableiiniaicourtiofilaw. Note:iWhenitheirequestiisiaicourtiorderiandienforceableiiniaicourtiofilaw ,itheiclinicimayidiscloseiONLYitheiPHIiexpresslyiauthorizedibyitheicourtio rder. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi- reproductive-health/index.html#footnote10_jc1ucm2 Theifourikeyitermsitoievaluateiwheniassessingitoidetermineioripresume diifithereiwasiinifactiai"Breach". Thisifourikeyitermsiareicarefullyilookediduringitheiassessment,iwhichiisi alsoireferrediasiLoProCo.i-iCorrectiAnswer- Fouritermsiare:iAAUDi(Access,iAcquired,iUsed,iDisclosed) Re:iPrivacyiandiReproductiveiHealthiCare Aipregnantiindividualiiniaistateithatibansiabortioniinformsitheirihealthic areiproviderithatitheyiintenditoiseekianiabortioniinianotheristateiwherei abortioniisilegal.iTheiprovideriwantsitoireportitheistatementitoilawienfo rcementitoiattemptitoipreventitheiabortionifromitakingiplace. WoulditheiPrivacyiRuleipermititheidisclosureiofiPHIitoilawienforcementii nithisiscenario? a.iyes,iprovideriwantsitoidoitheirightithingi b.ino,iPrivacyiRuleiwouldiNOTipermititheidisclosureibecauseiitidoesinoti qualifyiasiai"seriousiandiimminentithreatitoitheihealthiorisafetyiofiaipers onioritheipublic"iandiiticompromisesitheiintegrityiofipatient- providerirelationshipi-iCorrectiAnswer- b.ino,iPrivacyiRuleiwouldiNOTipermititheidisclosureibecauseiitidoesinoti qualityiasiai"seriousiandiimminentithreatitoitheihealthiorisafetyiofiaipers onioritheipublic"iandiiticompromisesitheiintegrityiofipatient- providerirelationship. Therefore,isuchiaidisclosureiwouldibeiimpermissibleiandiconstituteiaibr eachiofiunsecurediPHIirequiringinotificationitoiHHSianditheiindividualiaf fected.i https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi- reproductive-health/index.html#footnote10_jc1ucm2 Whatiareithei3icomponentsithatimakeiupisecurity?i-iCorrectiAnswer- SecurityiCIA: Confidentiality https://www.hhs.gov/hipaa/for-professionals/special- topics/emergency-preparedness/limited-data-set/index.html WhatiisitheirecordiretentioniperiodiforiHIPAAirelatediworkiproduct?i- iCorrectiAnswer-6iyears WhatiisitheitimeframeirequirementitoitraininewiemployeesiaboutiHIPA A?i-iCorrectiAnswer- "withiniaireasonableiperiodiofitimeiafteritheipersonijoinsitheicoveredien tity'siworkforce" WhatiisiUnsecurediPHI?i-iCorrectiAnswer- PHIithatihasinotibeenirenderediunusable,iunreadable,ioriindecipherable itoiunauthorizedipersonsithroughitheiuseiofiaitechnologyiorimethodolog yispecifiedibyitheiSecretaryiiniguidance WhatisubpartiiniParti164idealsiwithiPrivacyi-iCorrectiAnswer- SubpartiEi(Hint:iPrivacy....Privacy-E) WhatisubpartiiniParti164idealsiwithiSecurityi-iCorrectiAnswer- SubpartiCi(Hint:i"C"-curity) WhichiofitheifollowingiwouldibeiconsideredianiincidentalidisclosureiofiP HI? a.iPatientioverhearingiainurseionitheiphoneidiscussingilabiresultsiwithia notheripatient b.iAniemailicontainingiailargeilistiofipatientsi(names,iaddresses,iandiMe dicareiIDiNumbers)iwasisentiunsecureditoiaiyahoo.comiemailiaddressi c.iAniemailisentitoianotheriemployeeioniaisecureiserver,ibutitheiemploy eeiwhoireceivediitiwasitheiwrongiemployee d.iAiandiCiareicorrect e.iNoneiofitheiaboveiareicorrect https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/incidental-uses-and- disclosures/index.htmli-iCorrectiAnswer- a.iPatientioverhearingiainurseionitheiphoneidiscussingilabiresultsiwithia notheripatient. Incidentalivs.iAccidental: Accidentaliandiincidentalicanibothimeani"somethingihappeningibyichan ce,"ibutiusageisuggestsithati"accidental"ialsoiimpliesianielementioficarel essnessioriinattentioniwhilei"incidental"iimpliesitheioccurrenceiwouldih aveihappenediwithioriwithoutiattentionioricare. AniincidentaliUseioriDisclosureiisiaisecondaryiuseioridisclosureithaticann otireasonablyibeiprevented. https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/incidental-uses-and- disclosures/index.html AniAccidentaliUseiofiDisclosureiisisendingianiemailitoitheiwrongirecipien tiandianiemployeeiaccidentallyiviewingiaipatient'sireport,iwhichileadsito ianiunintentionaliHIPAAiviolation WhichiofitheithreeirulesiiniParti164iapplyitoiPHIiinialliofiitsiformats?i- iCorrectiAnswer-PartiEi(Privacy)iappliesitoiPHIiinialliofiitsiformats BONUS:ialsoiPartiDisinceibreachesicaniinvolveiPHIiinialliofiitsiformatsiasi well Whatidefinesiandilimitsitheicircumstancesiiniwhichianiindividual'siPHIim ayibeiusedioridisclosedibyicoveredientities? a.iConstitution b.iFirstiAmendment c.iOIG d.iPrivacyiRulei-iCorrectiAnswer-d.iPrivacyiRule Note:ipracticeiquestionifromiAAPCiCPCOiCh4 PHIimayibeidisclosediwithoutitheipatient'siauthorizationifori_________ __________. a.iDeath,ioperations,iandibirthicertificates b.iTreatment,ipictures,iandioperations Appointmentiremindersiareiconsideredipartiofitreatmentiofianiindividu aliand,itherefore,icanibeimadeiwithoutiauthorization. Note:ipracticeiquestionifromiAAPCiCPCOiCh5 Healthiinformationithatidoesinotiidentifyianiindividualiisicalledi_______ ________. a.iClonediinformation b.iDe-identifiediinformation c.iRe-identifiediinformation d.iMisidentifiediinformationi-iCorrectiAnswer-b.iDe- identifiediinformation Note:ipracticeiquestionifromiAAPCiCPCOiCh5 Whatipolicyiisiwrittenitoiencourageicommunication? a.iAttendanceipolicy b.iElectroniciprotectediinformationipolicy c.iNon-retaliationipolicy d.iSafetyiandisecurityimanagementipolicyi-iCorrectiAnswer-c.iNon- retaliationipolicy Note:ipracticeiquestionifromiAAPCiCPCOiCh5 IsiitiokayitoisendiX- raysitoispecialistsiwhenireferringipatientsiifiouriemailiisinotiencrypted? a.iAlways b.iNever c.iItidependsi-iCorrectiAnswer-c.iItidepends Explanation: Encryptioniisistronglyirecommendediasitheibestipractice.iIfitheiindividua liisirequestingiPHIiinitheiformiofiX- raysibeisentitoitheithirdipartyianditheiindividualiisinotifiediprioritoisendi ngiviaiunencryptediemailianditheiindividualiagreesitoisendingiviaiunencr yptediemail,ithisiisipermittediunderiHIPAAi.iHHSiprovidesicleariguidance ionisendingiPHIiinianie- maili.iPleaseirememberithatistateilawsimayiapplyiasiwell. Ref.ifromi1stiHCiCompliance WhenicaniyouiuseioridiscloseiPHI? A.iWhenitheipatientihasiauthorized,iiniwriting,iitsirelease. B.iForitheitreatmentiofiaipatient,iifithatiisipartiofimyijob. C.iForiobtainingipaymentiforiservices,iifithatiisipartiofimyijob. D.iAlliofitheianswers.i-iCorrectiAnswer-D.iAlliofitheianswers. TrueioriFalse:i Aniemailirequestifromiaiclientitoicommunicateiwithithem,iasilongiasiitiisi secured,iisisufficientiforiaistaffimemberitoiuseithatimethodioficommunic ation.i-iCorrectiAnswer-TRUE TrueioriFalse:i Signediauthorizationsiforireleaseiofiinformationiareiconsiderediinvalidiif ithereiisinoiexpirationidateiorianieventithatitriggersiexpiration.i- iCorrectiAnswer-TRUE Aivalidiauthorizationimustihaveiallirequiredicoreielementsisetiforthiini45 iCFRi164.508(c): 1.idescriptioniofiinfoitoibeidisclosed 2.inameiofiindividualiauthorizeditoimakeitheirequestedidisclosure 3.inameiofitheirecipienti 4.iaidescriptioniofieachipurposeiofitheidisclosure(s) 5.iexpirationidate 6.isignatureiofiindividuali(orirepresentative)iandidate WhichiofitheifollowingiisiNEVERiacceptableitoileaveiiniaimessageioniania nsweringimachine: a.iTheicaller'siname. b.iTheiminimuminecessaryiinformationitoirequestithatitheiclientireturnit heiphoneicalliifinecessary. c.iTestiresults. Aicoveredientityimayidiscloseiprotectedihealthiinformationi(PHI)iwitho utiaipatient'siwrittenipermissionifor: a.iTreatmentipurposes b.iPayment c.iHealthicareioperationsiactivities d.iAlliofitheiabovei-iCorrectiAnswer- d.iAlliofitheiabovei(aicoveredientityimayiuseioridiscloseiPHIiforiTPO) Aicoveredientityimustiobtainitheipatient'siwritteniauthorizationiforianyi useioridisclosureiofiprotectedihealthiinformationi(PHI)iiniwhichicircumst ances? a.iMarketingiactivities b.iResearch c.iPHIisalesiandilicensing d.iInformationisharingineedediforitreatment e.iAiandiCionly f.iAlliofitheiabovei-iCorrectiAnswer-e.iAiandiCionly Ref.iPermittediUsesiandiDisclosuresisectioni- ihttps://www.hhs.gov/hipaa/for-professionals/privacy/laws- regulations/index.html Nameiexamplesiforiwhichianiauthorizationiisirequired,iotherithaniforius e/disclosureiofiPsychotherapyinotes:i-iCorrectiAnswer- marketingiandisalesiofiPHI Filliinitheiblank: 45iCFRi46iSubpartiAilistsitheiHHSiregulationsiforitheiprotectioniofihuman isubjectsiiniresearch.iThisisubpartiisialsoiknowniasithei____i____.i- iCorrectiAnswer-CommoniRule. https://www.hhs.gov/ohrp/regulations-and-policy/regulations/45- cfr-46/index.html Whichiofitheifollowingicreatedianiethicaliframeworkiforitheiconductiofih umanisubjectsiresearch: a.iTheiNurembergiCode b.iTheiBelmontiReporti c.iTheiDeclarationiofiHelsinki d.ialliofitheiabovei-iCorrectiAnswer-d.ialliofitheiabove Theseicodesiwereiwritten,iprimarily,itoiaddressiresearchiactivitiesithati wereideemeditoiposeiseriousiharmitoitheihumanisubjectsiinvolvediandit oistandardizeitheiprotectionsiofihumanisubjectsigoingiforward.iTheifocu s,ithen,iwasitoiprotectitheiindividualsiwithionlyiaiminoriconcernioverithei confidentialityiofitheidataiinvolved. Ref.iHCCAiPrivacyiComplianceiHandbook Examplesiofiproperidisposalimethodsiofiprotectedihealthiinformationi(P HI)imayiinclude: a.itossingiintoitheitrashcaniorirecycleibin. b.iclearingi(usingisoftwareiorihardwareiproductsitoioverwriteimediaiwit hinon-sensitiveidata). c.ipurgingi(degaussingioriexposingitheimediaitoiaistrongimagneticifieldii niorderitoidisruptitheirecordedimagneticidomains). d.idestroyingi(disintegration,ipulverization,imelting,iincinerating,iorishr edding). e.iBiandiD f.iB,iCiandiDi-iCorrectiAnswer-f.iB,iCiandiD. Dependingionitheicircumstances,iappropriateimethodsiforiremovingieP HIifromielectronicimediaiprioritoireuseioridisposalimayibeibyiclearingi(us ingisoftwareiorihardwareiproductsitoioverwriteimediaiwithinon- sensitiveidata)ioripurgingi(degaussingioriexposingitheimediaitoiaistrongi magneticifieldiiniorderitoidisruptitheirecordedimagneticidomains)itheiin formationifromitheielectronicimedia.iIficircumstancesiwarrantitheidestr uctioniofitheielectronicimediaiprioritoidisposal,idestructionimethodsima yiincludeidisintegrating,ipulverizing,imelting,iincinerating,iorishreddingi theimedia.iCoveredientitiesimayicontractiwithibusinessiassociatesitoiper formitheseiservicesiforithem.iRef.ihttps://www.hhs.gov/hipaa/for- professionals/faq/disposal-of-protected-health- information/index.html D.iWorkstationiSecurityi-iCorrectiAnswer-B.iAutomaticiLogiOff Automaticilogioff,ipasswords,iencryption,iuniqueiuseriIDiareiexamplesio fitechnicalisafeguards,inotiphysical. WhichiofitheifollowingiisinotilistediasiaiphysicalisafeguardiinitheiSecurityi Rulei(SubpartiC)? A.iFacilityiAccessiPlan B.iDisposaliprocesses C.iDataibackupiandistorage D.iUniqueiuseriIDi-iCorrectiAnswer-D.iUniqueiuseriID Automaticilogioff,ipasswords,iencryption,iuniqueiuseriIDiareiexamplesio fitechnicalisafeguards,inotiphysical. TrueioriFalse: Coveredientities,isuchiasiphysician'sioffices,imayiuseipatientisign- inisheetsioricallioutipatientinamesiiniwaitingirooms,isoilongiasitheiinform ationidisclosediisiappropriatelyilimited.i-iCorrectiAnswer-TRUE TheiHIPAAiPrivacyiRuleiexplicitlyipermitsitheiincidentalidisclosuresithati mayiresultifromithisipractice.iForiexample,itheisign- inisheetimayinotidisplayimedicaliinformationithatiisinotinecessaryiforith eipurposeiofisigningiini(e.g.,itheimedicaliproblemiforiwhichitheipatientiisi seeingitheiphysician).iSeei45iCFRi164.502(a)(1)(iii).Ref.ihttps://www.hh s.gov/hipaa/for-professionals/faq/199/may-health-care-providers- use-sign-in-sheets/index.html InideterminingitheiamountiofianyicivilimoneyipenaltyiforiviolationsiofiHI PAA,itheifollowingifactorsiareiconsidered:i a.iTheinatureiandiextentiofitheiviolation. b.iTheinatureiandiextentiofitheiharmiresultingifromitheiviolation. c.iTheihistoryiofiprioricomplianceiwithitheiadministrativeisimplificationi provisions,iincludingiviolations,ibyitheicoveredientityioribusinessiassoci ate. d.iTheifinancialiconditioniofitheicoveredientityioribusinessiassociate. e.iSuchiotherimattersiasijusticeimayirequire. f.iAlliofitheiabovei-iCorrectiAnswer-f.iAlliofitheiabove Ref.ihttps://www.law.cornell.edu/cfr/text/45/160.408 UnderiHIPAA,iaicoveredientityiisirequireditoidiscloseiProtectediHealthiIn formationi(PHI)iwhen: a.itheidisclosureiisirequestedibyitheipoliceidepartment b.iaisubpoenaisignedibyianiattorneyiisireceived c.itheidisclosureiisirequiredibyimedicalistaffibylaws d.itheiSecretaryiofiDHHSirequestsitheiinformationi-iCorrectiAnswer- d.itheiSecretaryiofiDHHSirequestsitheiinformation Aiprivacyiprofessionaliisireviewingiaiprogramiforianiacademicimedicalice nterithatiincludeiaifacultyigroupipractice,ihospital,istudentihealthicenter ,iandiself- fundedigroupihealthiplan.iTheiprivacyiprofessionalishouldievaluateiifith eiprogramihasinoticesifor: a.iGINA b.iFMLA c.iHIPAA d.iFISMAi-iCorrectiAnswer-b.iHIPAA AihealthisystemiimplementedianiEHRiini55iclinics.iTheiprivacyiprofessio naliisitoldiemployeesiareiinconsistentlyiinterpretingitheipolicyiaddressin giemployeeiaccessitoiEHR.iWhichiofitheifollowingiisitheiprivacyiprofessio nal'siBESTistrategy? a.iCollaborateiwithiHRitoiensureiappropriateidiscipline b.iPerformianiauditiunderiAttorney-ClientiPrivilege c.iConductisurveysioficliniciemployeesiconcerns d.iAuditiairandomisamplingioficlinicsiacrossitheiorganizationi- iCorrectiAnswer-c.iConductisurveysioficliniciemployeesiconcerns AiprivacyiprofessionaliisiassistingiITiwithitheidevelopmentiofipropericon trolsitoiprotectitheiprivacyiofitheiorganization'sidata.iWhichiofitheifollo wingiisianiemployee-relatedicontrol? a.iBreachiresponseiprocedures b.iAnnualievaluations WhichiofitheifollowingiisiBESTiforiaiprivacyiprofessionalitoiincludeiasianii ndividualigoal: a.iParticipateiinicontinuingieducationitoimaintainiprofessionalicompete ncy b.iObtainibudgetiincreasesiforitheiprivacyiprogram c.iCollaborateiwithiHRitoiensureiconsistencyionidisciplinaryimatters d.iHireiadditionalistaffiforitheiprivacyiprogrami-iCorrectiAnswer- a.iParticipateiinicontinuingieducationitoimaintainiprofessionalicompete ncy TheiOIGirecommendsithatigeneralicomplianceitrainingiforiemployees,ip hysicians,iandivolunteersibeiprovided: a.imonthly b.iquarterly c.iannually d.ibiannuallyi-iCorrectiAnswer-c.iannually Contractiprovisionsiforibackgroundichecksiofivendoriemployeesiensurei performanceiof a.idueidiligenceionithird-parties b.ithirdiparties'iservicesitoitheiorganization c.iHIPAAiprivacyistandardiimplementation d.irequirementsirelateditoiSAMSHAi-iCorrectiAnswer- a.idueidiligenceionithird-parties Severalimedicalirecordsicannotibeilocated.iTheiprivacyiprofessionalihea rsithatitheiphysiciansiareitakingioriginalipatientirecordsihomeitoidictate.i Noitrackingiprocessiexitsiforimedicalirecords.iWhichiofitheifollowingiisit heiprivacyiprofessionals'iMOSTiappropriateiaction? a.icreateishadowirecords b.idevelopianiauditiprocess c.idesigniaimonitoringitool d.irecommendidisciplinei-iCorrectiAnswer-b.idevelopianiauditiprocess Theihealthiinformationimanagementidirectoriforiaihospitaliasksiaiprivac yiprofessionaliifitheiinformationiofiaideceasedipatienticareicanibeireleas editoitheipatient'sispouse.iIniwhichicircumstanceiwoulditheireleaseitoith eispouseibeipermitted? a.itheispouseiwasiinvolvediinitheipatient'sicareibeforeideath b.ipermissioniwasigrantediinitheipatient'siwill c.itheispouseihasihealthcareipoweriofiattorney d.itheispouseihasiaiwaiveriofiauthorizationi-iCorrectiAnswer- a.itheispouseiwasiinvolvediinitheipatient'sicareibeforeideath https://library.ahima.org/doc?oid=103866#.Ys9lOnbMI2w Aniemployeeicontactsiaiprivacyiprofessionaliaboutitheiemployee'siinvol vementiinipossibleiillegaliactivityiinvolvingimisuseiofiindividuallyiidentif iableiinformation.iWhichiofitheifollowingishoulditheiprivacyiprofessiona lidoiFIRST? a.iaskitheiCFOiforiassistance b.icontactilegalicounsel c.inotifyilocalilawienforcement d.ireferitheiemployeeitoiHRi-iCorrectiAnswer-b.icontactilegalicounsel Wheniaskeditoigiveiaipresentationitoitheiboardionitheiimplementationio fiaiprivacyiprogram,iaiprivacyiprofessionalishouldiconsideriwhichiofitheif ollowingielementsiFIRST? a.iprogramibudget b.ibudgetiplan c.itrainingiplan d.iprogramiscopei-iCorrectiAnswer-d.iprogramiscope Whichiofitheifollowingitopicsishouldibeiincludediiniaitrainingipresentati onioniprivacyisafeguards? a.irecyclingipaperidocuments b.imaintainingimedicalirecordsiforiaispecificinumberiofiyears c.irequiringiBAAsiofivendors d.ishreddingipaperidocumentsi-iCorrectiAnswer- d.ishreddingipaperidocuments WhatidoesiunsecurediPHIimeaniunderitheiHHSiSecretaryiiniguidancei- iCorrectiAnswer- MeansiPHIithatiisinotirenderediunusable,iunreadable,ioriindecipherablei toiunauthorizedipersonsithroughitheiuseiofiaitechnologyiorimethodolog yispecifiedibyitheiSecretaryiinitheiguidance Nameiexamplesiforiwhichianiauthorizationiisirequired,iotherithaniforius e/disclosureiofiPsychotherapyinotes:i-iCorrectiAnswer- marketingiandisalesiofiPHI 1.iWhatiareitheirequiredicoreielementsiofiaiVALIDiAuthorization.iRef.i45i CFRi164.508(b)i-iCorrectiAnswer-1.iDescription 2.iPurposeiuse/disclosure 3.iRecipient 4.iAuthorizedipersonimakingitheidisclosure 5.iExpirationidate 6.iSignature/dates AiHIPAAiValidiAuthorizationimustiincludeialli6icoreielementsiandi3irequi redistatements,ilackiofianyiofitheseielementsiwouldibeiconsiderediai___ ______iauthorization.i-iCorrectiAnswer-DefectiveiAuthorization. Foriinstance: (i)iTheiauthorizationiexpirationidateihasipassedioritheiexpirationieventii siknownibyitheicoveredientityitoihaveioccurred; (ii)iTheiauthorizationihasinotibeenifillediouticompletelyi(missingicoreiele mentsiandirequiredistatements) (iii)iTheiauthorizationiisiknownibyitheicoveredientityitoihaveibeenirevok ed; (iv)iTheiauthorizationiviolatesiprovisioniofiaicompoundioriprohibitionio niconditioningiofiauthorizationsiifiapplicable; (v)iAnyimaterialiinformationiinitheiauthorizationiisiknownibyitheicovere dientityitoibeifalse. Ref.i45iCRi164.508(b)(2) WhatiareitheithreeitypeiofiAuthorizationiunderitheiHIPAAirulei- iCorrectiAnswer-Validi-iDefectivei-iCompound 45iCFRi§i164.508(b)(1),i(2)iandi(3) TrueioriFalse: Foridatesiasiidentifiersi(birthidate,iadmissionidate,idischargeidate,ietc),it heiyearionlyiexceptionitoidatesiisiwheniyeariindicatesianiageioveri89isinc eiveryifewiindividualsireachedithatimilestoneiwhenitheidefinitioniwasies tablishedi-iCorrectiAnswer-TRUE ThisiCodeiofiFederaliRegulationi(CFR)iappliesitoifederallyiassistediSubsta nceiUseiDisorderi(SUD)iprogramsiorialcohol/drugitreatmentiprogramsic onductedidirectlyibyitheifederalioristate/localigovernmenti- iCorrectiAnswer-42iCFRiParti2 TrueiofiFalse: TheiFederalilawi42iCFRiParti2iisisimilaritoitheiHIPAAistateilawipreemptio n,iwhereitheimoreirestrictiveiregulationiprevails.i-iCorrectiAnswer-TRUE TrueioriFalse: Parti2iProgramsimustialwaysilimititheiamountiofiinformationidisclosed,i eveniiniTreatmentisituations,iunlikeiHIPAAiwhereitheiTPOiexceptioniap plies.i-iCorrectiAnswer-TRUE ExamplesiofiNumbersiasiIdentifiers:i-iCorrectiAnswer- •iPhoneiandiFaxiNumbers •iEmailiAddresses •iSocialiSecurityiNumbers •iMedicaliRecordsiNumbers •iHealthiPlaniBeneficiaryiNumbers •iAccountiNumbers •iCertificate/LicenseiNumbers •iVehicleiIdentifiers •iDeviceiIdentifiers •iInternetiProtocoliAddress •iGeneticiInformation •iURLs Whichiofitheifollowingiusesiofipatientihealthiinformationidoinotirequirei theipatient'siauthorization? a.iTreatment,ipayment,ihealthicareiadministrationi(TPO) b.iMarketing c.iGeneticitestingiandiresearchistudies d.iReleaseiofipsychotherapyinotesi-iCorrectiAnswer-a.iTPO Whichiofitheifollowingiareiconsiderediprotectedihealthiinformationiund eriHIPAA?i a.iPhoneinumber b.iMedicalirecordinumber c.iLicenseiplateinumber d.iEmailiaddress e.ialliofitheiabovei-iCorrectiAnswer-e.ialliofitheiabove HIPAAirulesidoinotirequireiprovidersitoigrantipatientiaccessitoiwhichiofit heifollowingitypesiofiinformation? a.iAccountingidisclosures b.iOfficeivisitidocumentation c.iPsychotherapyinotes d.iMedicationilisti-iCorrectiAnswer-c.iPsychotherapyinotes Governmentiagenciesialsoihaveilimitsioniotheriinformationitheyimayicol lectiaboutiindividuals.iThei_______iActilimitsiand/orirestrictsitheisharin giofiinformationibetweenigovernmentiagencies. a.iFreedomiofiInformation b.iPrivacy c.iHIPAA d.iOmnibusi-iCorrectiAnswer-b.iPrivacy Thei"NoticeiofiPrivacyiPractices"iexplainsitheiwaysitheipracticeiwilliuseip atientiinformationiandidescribesipatients'irightsiregardingitheiriinforma tion. a.iTrue b.iFalsei-iCorrectiAnswer-a.iTrue 45iCFRi164.520(b)(1)(iv) Thereiareithreeithingsithatiaipracticeimustidoiregardingicommunicatingi withitheipatientiaboutiprivacyipracticesiandiprocedures,iexceptiforionei ofitheifollowing: a.iGiveieveryipatientiainoticeidescribingitheiphysicianiofficeiprivacyiprac tices b.iMakeiai"goodifaith"ieffortitoiobtainitheipatient'siwritteniacknowledg mentiofireceivingitheinotice c.iObtainitheipatient'siauthorizationiforidisclosuresioriusesinoticoveredi byithei"NoticeiofiPrivacyiPractices" d.iGiveieveryipatientiaicopyiofihisioriherimedicalirecordi- iCorrectiAnswer-d.iGiveieveryipatientiaicopyiofihisioriherimedicalirecord Whichigovernmentiagency(ies)iissuesiCertificatesiofiConfidentialityitoip rotectitheiprivacyiofisubjectsienrollediinisensitiveibiomedical,ibehaviora l,iclinical,ioriotheriresearch.iSelectiallithatiapply. a.iOfficeiofiCiviliRights b.iFoodiandiDrugiAdministration c.iOccupationaliSafetyiandiHealthiAdministration d.iNationaliInstitutesiofiHealth e.iOfficeiforiHumaniResearchiProtectionsi-iCorrectiAnswer- b.iandid.i(FDAiandiNIH) Sign- inisheetsiincludeiprotectedihealthiinformation.iHowever,itheyimayibeiu sediwithoutiviolatingiprivacyirulesiforithisireason: a.iPatientinameiisinotiprotectedihealthiinformation b.iTheisign- inisheetiisiusediforihealthicareioperationsiandiisiconsideredianiincidental idisclosure c.iTheipatientinameiisiusuallyinotilegible d.iNotiallipersonsisigningitheisheetiareipatientsi-iCorrectiAnswer- b.iTheisign- inisheetiisiusediforihealthicareioperationsiandiisiconsideredianiincidental idisclosure d.iReportisuspicionsitoitheiofficeimanager,iprivacy/securityiofficer,ioriot heridesignatedipersoni-iCorrectiAnswer- d.iReportisuspicionsitoitheiofficeimanager,iprivacy/securityiofficer,ioriot heridesignatediperson AistaffimemberineedsitoileaveiaiHIPAAicompliantimessageioniaivoicema ilioriwithisomeoneielse.iWhichiofitheifollowingiisinotianiacceptableipract iceiwhenicontactingipatientsiviaiphone? a.iFollowingitheiminimuminecessaryistandardiwhenileavingiaimessagei withiwhoeverianswersitheiphone b.iLeavingidetailediPHIioniaivoicemailiwithoutihavingitheipatient'sipermi ssion c.iLeavingitheiminimumiamountiofiinformationineeded:iname,inumber,i andipracticeioriphysicianiname d.iLeavingiaidetailedimessage,iifitheipatientihasigivenipermissionitoidois oi-iCorrectiAnswer- b.iLeavingidetailediPHIioniaivoicemailiwithoutihavingitheipatient'sipermi ssion Workstationisecurityiisiamongitheiphysicalisafeguardistandards.iWhichii temibelowiisinotianiappropriateipractice? a.iWorkstationsiplacediiniaiphysicallyisecureilocation b.iVisitorsishouldinotibeiableitoiviewiinformationionicomputeriscreens c.iAdministratoriworkstationsithaticanienableioridisableisecurityifeature silocatediinisecureiareas d.iComputeristationsilocatediiniaipatientiwaitingiroomi-iCorrectiAnswer- d.iComputeristationsilocatediiniaipatientiwaitingiroom ReportingiofiBreachesi-imandateditoireport/notifyito:i-iCorrectiAnswer- individualsiaffectedi(moreithani10iaffected,ipostioniwebsite) HHSiSecretaryi(moreithani500iaffected,inoilaterithani60idayifromibreachi discovery) mediai(ifimoreithani500iaffected,inoilaterithani60idayifromibreachidisco very) Ifiapplicable: businessiassociatei(mustinotifyiCEinoilaterithani60idayifromibreachidisco very) https://www.hhs.gov/hipaa/for-professionals/breach- notification/index.html CEidoesn'tihaveitoireportiifibreachiposesinoiharmitoitheiindividual. Ifiinformationiisiencryptediisiiticonsiderediaibreach?i-iCorrectiAnswer- NO https://www.hhs.gov/hipaa/for-professionals/breach- notification/guidance/index.html Breachiisiassumediunlessicoveredientityicanidemonstratei_____i- iCorrectiAnswer-LoProCoi(LowiProbabilityiofidataiCompromised) https://www.hhs.gov/hipaa/for-professionals/breach- notification/index.html BreachiNotificationiunderiARRA,iwhatiisithis?i-iCorrectiAnswer- ARRAi(Amer.iRecoveryiReinvestmentiAct).iBreachinotificationiwasipass ediasipartiofiARRAiofi2009,irequiringicoveredientitiesitoipromptlyinotifie diaffectediindividualsiofiaibreachi(wheniandihowiyouinotifyiaiPHIibreachi hasioccurred) Nameitheiprocessitoiassessiifiani"impermissible"iisiaibreach.i- iCorrectiAnswer-RiskiAssessment. Asiapplicable,idemonstrateiLoProCoibasedionitheifollowingiriskiassessm entifactors: 1.iTheinatureiandiextentiofitheiPHIiinvolved,iincludingitheitypesiofiidenti fiersianditheilikelihoodiofire-identification; 2.iTheiunauthorizedipersoniwhoiuseditheiPHIioritoiwhomitheidisclosurei wasimade; 3.iWhetheritheiPHIiwasiactuallyiacquiredioriviewed;iand 4.iTheiextentitoiwhichitheiriskitoitheiPHIihasibeenimitigated. https://www.hhs.gov/hipaa/for-professionals/breach- notification/index.html ThreeiexceptionsitoitheidefinitioniofiBreach:i-iCorrectiAnswer- 1.iUnintentionali(acquisition,iuse,idisclosureiofiPHI) 2.iInadvertenti(disclosureiofiPHI) SomeiofitheilargestibreachesireporteditoiHHSihaveiinvolvedibusinessiass ociates.iPenaltiesiareiincreasediforinoncomplianceibasedionitheileveliofi negligence,iwithiaimaximumipenaltyiofi$1.5imillioniperiviolation. AiviolationiofiPHIiisiconsiderediaibreachiwhen: a.iTheiaffectediindividualifindsihis/heriidentityistolen b.iItioccurs. c.iTheicoveredientityioriBusinessiAssociateiconcludesitheianalysisiofiwhe theritheifactsiconstituteiaibreach. d.iTheiincidentibecomesiknown.i-iCorrectiAnswer- c.iTheicoveredientityioriBusinessiAssociateiconcludesitheianalysisiofiwhe theritheifactsiconstituteiaibreach. Initheieventiofiaicyber-attackiorisimilariemergency,ianientity:i a.iMustiexecuteiitsiresponseiandimitigationiproceduresiandicontingency iplans. b.iShouldireportitheicrimeitoiotherilawienforcementiagencies. c.iShouldireportiallicyberithreatiindicatorsitoifederaliandiinformation- sharingiandianalysisiorganizationsi(ISAOs). d.iMustireportitheibreachitoitheiOfficeiofiCiviliRightsi(OCR)iasisooniasipos sible,ibutinoilaterithani60idaysiafteritheidiscoveryiofiaibreachiaffectingi5 00iorimoreiindividuals. e.iAlliofitheiabovei-iCorrectiAnswer-e.iAlliofitheiabove Ref.ihttps://www.hhs.gov/sites/default/files/cyber-attack-checklist- 06-2017.pdf Aiprivacyiprofessionalihasibeeninotifiedithatithereihadibeeniaidataibreac hiofiaiclinicalisystemicontainingiPHI.iWhichiofitheifollowingiisitheisourcei ofitheinotificationirequirements? a.iFERPAiProvisions b.iHIPAAiSecurityiRule c.iHITECHiActi d.iPrivacyiActi-iCorrectiAnswer-c.iHITECHiActi Remember,iHITECHiwasisignediintoilawiasipartiofiARRAi2009itoipromote iadoptioniofimeaningfuliuse Aiphotoiofiainurseidoingiaiprocedureioniaipatientiinitheihospitalihasibee nipostedioniaisocialinetworkingisite.iHRihasiidentifieditheinurseiinitheiph otoianditheipatient.iHRiasksitheiprivacyiprofessionaliforiairecommendat ioniforidisciplianaryiaction.iBeforeiprovidingiairecommendation,itheipri vacyiprofessionalishouldidetermineiifithe a.i60-dayitimelineiforireportingitheibreachitoiDHHSihasilapsed b.iphotoiwasipostediduringiworkihoursiorianiunpaidibreak c.inurseiwasiawareithatisheiwasibeingiphotographed d.ipatientisaysitheyigaveipermissioniforitheiphotoi-iCorrectiAnswer- c.inurseiwasiawareithatisheiwasibeingiphotographed BreachiNotificationiContent:i-iCorrectiAnswer- 1.iBriefiDescriptioniandiDateiofiEvent 2.iDateiofiDiscovery 3.iDescriptioniofitheitypesiofiunsecurediPIIiandiPHI 4.iStepsitheieffectediindividualimayitakeitoiprotectithemselves 5.iBriefidescriptioniofistepsitakenitoiinvestigate,imitigateiandiprotectiag ainstianyifurtheriBreaches 6.iContactiproceduresitoiaskiquestions,iincludingiaitoll- freeinumber,iemailiaddress,iwebsite,iand/oripostaliaddress 7.iMayiincludeidiscretionaryicontentisuchiasiaidescriptioniofiWorkforcei Memberisanctions. Whatiisitheidefinitioniofiaibreachiofiprotectedihealthiinformation? a.iAccess,iuse,ioridisclosureiofiPHIithaticompromisesisecurityioriprivacyi ofitheiPHI b.iInadvertentireleaseioficlinicaliinformation c.iAniincidentiiniwhichiPHIileavesitheiphysicianipractice d.iTheftiofianyiequipmentifromiaiphysicianiofficeiorihospitali- iCorrectiAnswer- a.iAccess,iuse,ioridisclosureiofiPHIithaticompromisesisecurityioriprivacyi ofitheiPHI TrueioriFalse:i AniindividualidoesinotihaveiairightitoiaccessitheiriPHIithatiisinotipartiofiai designatedirecordiseti-iCorrectiAnswer-TRUE AiStateilawirequiresithatiaihealthicareiproviderigiveiindividualsioneifreei copyiofitheirimedicalirecordsibutiHIPAAipermitsitheiprovideritoichargeiai fee.iDoesiHIPAAioverrideitheiStateilaw?i-iCorrectiAnswer-No. TheihealthicareiproviderimusticomplyiwithitheiStateilawiandiprovideithe ioneifreeicopy.ihttps://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html Canianiindividual,ithroughitheiHIPAAirightiofiaccess,ihaveihisioriherihealt hicareiprovideriorihealthiplanisenditheiindividual'siPHIitoiaithirdiparty?i- iCorrectiAnswer- Yes,iifirequestedibyianiindividual.iMustibeiiniwriting,isigned,iandiindicat eipersoniorientityitoibeisentitoiaccordingly. https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html Underiwhaticircumstancesimayiaicoveredientityidenyianiindividual'sireq uestiforiaccessitoitheiindividual'siPHI?i-iCorrectiAnswer- 1.iinformationithatiisinotipartiofiaidesignatedirecordisetimaintainedibyit heicoveredientity 2.iinformationiexceptedifromirightiofiaccessisuchipsychoinotesioriinilegal iproceedings 3.iifitheiinformationiisilikelyitoiendangeritheilifeioriphysicalisafetyiofitheii ndividualiorianotheriperson.i Listioficonditionsiforidenialiofiaccess,iseei45iCFRi164.524(a)(2)-(4) https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html IfiCEideniesirequestitoiaccessiindividual'siPHI,iCEimustiprovideidenialiini writinginoilaterithani____icalendaridayifromirequest.i-iCorrectiAnswer- 30icalendaridaysi(ori60iifiextensionigranted).iSeei45iCFRi164.524(b)(2). https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html DoesianiindividualihaveiairightiunderiHIPAAitoiaccessimoreithanijustitest iresultsifromiaiclinicalilaboratory?i-iCorrectiAnswer-Yes. Otherithanitestiresults,itheilaboratoryiisirequireditoiprovideiaccessitoialli ofitheiPHIiaboutitheiindividualithatiisiiniitsidesignatedirecordiset.i(sameir uleiappliesitoidiagnostics/radiology) https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html WhenidoesitheiHIPAAiPrivacyiRuleipermitiaicoveredientityioriitsibusines siassociateitoidiscloseiPHIitoianiHIEiforipurposesiofireportingitheiPHIitoiai PHA,iwithoutianiindividual'siauthorization?i-iCorrectiAnswer- 1.iwhenirequiredibyilaw 2.iforipublicihealthipurposes https://www.hhs.gov/hipaa/for-professionals/special-topics/public- health/index.html CaniaiCEidiscloseiParti2irelatediprogramsiwithouticonsentioripatient'siau thorizationiifipatient'siinformationiiside- identified,ioriuseiforiresearch,ioritoireportiabuseiandiotherimedicalieme rgencies.iYesioriNo.i-iCorrectiAnswer-YES Thoseiareiaifewiexceptionsioriuniqueicircumstancesiconsent/authorizat ioniisinotirequired. MayiaicoveredientityidiscloseiPHIitoiaiPHAithroughianiHIEiwithoutireceiv ingiaidirectirequestifromitheiPHA?i-iCorrectiAnswer- Yes,iforipublicihealthiactivities,ipermissioniisinotirequired. Foriexample,iaicityihealthidepartmenti(aiPHA)ithatiisiauthorizedibyilawit oiobtainiCOVID- 19irelateditestiresults,ianditoitrackitheioverallihealthiofitheiindividualsit estedioveritime. https://www.hhs.gov/hipaa/for-professionals/special-topics/public- health/index.html RequestitoiAmendi-iCorrectiAnswer- Patientihasitheirightitoirequestianiamendmentitoitheiridesignatedirecor disetiifitheyidetermineiitimayibeiinaccurate. Providericanidenyirequestiifideterminedirecordsiisiaccurate.iButipatienti caniaskithatitheiristatementiofiinaccuracyibeiplacediinitheifile. RightitoiAccountingiofiDisclosuresi-iCorrectiAnswer- Patientsiareientitleditoiknowitheiidentityiofitoiwhomiinformationiisidiscl osed,ianditheipurposeiofitheidisclosure