Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

HCCA - CHPC Exam Study Questions with 100% Correct Answers | Verified | Latest Update, Exams of Advanced Education

HCCA - CHPC Exam Study Questions with 100% Correct Answers | Verified | Latest Update

Typology: Exams

2024/2025

Available from 10/11/2024

professoraxel
professoraxel 🇺🇸

3.7

(26)

9.1K documents

1 / 114

Toggle sidebar

Related documents


Partial preview of the text

Download HCCA - CHPC Exam Study Questions with 100% Correct Answers | Verified | Latest Update and more Exams Advanced Education in PDF only on Docsity! HCCA - CHPC Exam Study Questions with 100% Correct Answers | Verified | Latest Update WhatiisitheipurposeiofiHIPAA?i-iCorrectiAnswer- •iProtectiPHIifromiunauthorizedidisclosure/use; •iPreventifraud,iwasteiandiabusei(viaiAdministrativeiSimplification); •iMakeihealthiinsuranceiportableiunderiERISA; •iMoveihealthicareiontoiainationallyistandardizedielectronicibillingiplatf orm Ref.ihttps://quizlet.com/6202453/hcca-chpc-overview-flash-cards/ MoreioniHIPAA:ihttps://www.hhs.gov/hipaa/index.html HIPAAiresidesiiniwhichiCFRisection?i-iCorrectiAnswer- 45iCFRisectionsi164.102ithroughi164.534 https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 164 WhatiareitheisubpartsiofiHIPAAiparti164?i-iCorrectiAnswer-HIPAAi- i45iCFRi164,isubparts: SubpartiAi-iGeneralirules SubpartiCi-iSecurity SubpartiDi-iBreachinotification SubpartiEi-iPrivacy https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 164 Howidoiyouidetermineiifianiorganizationiisiai"CoverediEntity"?i- iCorrectiAnswer- 1.icompareiifitheiorganizationimeetsioneiofithei3itypesiofiCEi(provider,ih ealthiplan,iclearinghouse) and 2.idetermineiifitheiorganizationielectronicallyitransmitsioneiofithei9idefi neditransactions: •iHealthiclaimsioriequivalentiencounteriinformation •iHealthiclaimsiattachments •iEnrollmentiandidisenrollmentiiniaihealthiplan •iEligibilityiforiaihealthiplan •iHealthicareipaymentiandiremittanceiadvice •iHealthiplanipremiumipayments •iFirstireportiofiinjury •iHealthiclaimistatus •iReferralicertificationiandiauthorization ACEiexample:iaihealthisystemicomposedioniseveraliaffiliatedihospitals. BothitheiOHCAianditheiACEiwouldiallowisharingiofiPHIiacrossiparticipati ngientityilinesiforitreatment,ipayment,ioperationsipurposesi(TPO). What'siaiHybridiEntity?i-iCorrectiAnswer- Entityithaticonductsibothicoveredifunctionsi(orihealthcare- functions)iandinon-coveredifunctionsi(otheribiz/non- healthcareifunctions)itoielectitoibeiai"hybridientity." Foriinstance,iaiUniversityiSystemithatihasiairesearchilaboratoryioriacade micimedicalicenter. Theipost-secondaryifunctionsi(non- healthcareicomponents)idoiNOTineeditoicomplyiwithiHIPAA. Theiresearchilab/medicenterifunctionsi(healthcareicomponent)ineedsit oicomplyiwithiHIPAAiprovisionsitoiprotectitheiuse/disclosureiofiPHIiinvo lved. https://www.hhs.gov/hipaa/for-professionals/faq/315/when-does-a- covered-entity-have-discretion-to-determine-covered- functions/index.html#:~:text=For%20example%2C%20a%20hybrid%2 0entity,hybrid%20entity's%20health%20care%20component. https://privacyruleandresearch.nih.gov/pr_06.asp Theitransmissioniofiinformationibetweenitwoipartiesitoicarryioutifinanc ialioriadministrativeiactivitiesirelateditoihealthicareiisicalled:i- iCorrectiAnswer-Transactioni(healthcareitransaction). Fewiexamplesiofihealthcareitransactions: healthcareiclaims; coordinationiofibenefits; healthiplanipremiumipayments; remittanceiadvicei(oriETF,ielectronicifunditransfer); referralicertificationiandiauthorization WhatiareiexamplesiofiaiBA?i-iCorrectiAnswer-BAi(BusinessiAssociate)i- iperformsifunctionsioriactivitiesionibehalfiofiaicoveredientityithatiinvolv eiaccessibyitheibusinessiassociateitoiprotectedihealthiinformation. Examples: claimsiprocessing dataianalysis billing benefitimanagement qualityiassurance qualityiimprovement practiceimanagement legal actuarial accounting accreditation otheriadministrativeiservices https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/business-associates/index.html TrueioriFalse: Aihospitaliisinotirequireditoihaveiaibusinessiassociateicontractiwithitheis pecialistitoiwhomiitirefersiaipatientianditransmitsitheipatient'simedicalic hartiforitreatmentipurposes.i-iCorrectiAnswer-TRUE Remember,iuseiandidisclosureiofiPHIiforipurposesiofiTPOirequiresinoisp ecificiauthorization TrueioriFalse: BusinessiAssociatesiAfteriHITECH: HITECHimadeibusinessiassociatesidirectlyiresponsibleiforiHIPAAicomplia nceiwithinitheiriindividualibusinessesithatiwouldinotiotherwiseibeisubje ctitoiHIPAAiregulationsiandipenaltiesi-iCorrectiAnswer-TRUE Eveniifinoiwrittenicontractiexistsibetweenitheicoveredientityiandiaicontr actedicompanyiperformingiservicesirelateditoihandlingiPHIiinisomeifor m,itheicompanyiisideemediaibusinessiassociateibyilaw.iThisideemedistat usiessentiallyiclassifiesicontractedivendorsioriindividualsiasibusinessiass c.iHIPAAipreemption d.iHIPAAistateilawi-iCorrectiAnswer-c.iHIPAAipreemption WhatiisitheiintentiofiHIPAA? a.istandardizeihealthcareibillingiandicodingitoicomplyiwithinationaliacco untingiprinciples b.iincreaseipaymentifromiprovidersigivenitheirisingicostiofihealthcareian difraudiviolations c.iallowigroupihealthiplansicollectipremiumsiafteriindividualihasileftiaijo b/employer d.iimproveihealthcareiprogramsiandidataiflowibetweeniprovidersitoidat aimineiforifraudulentibehaviori-iCorrectiAnswer- d.iimproveihealthcareiprogramsiandidataiflowibetweeniprovidersitoidat aimineiforifraudulentibehavior TheiintentiofiHIPAAiisitoiimproveihealthcareiprogramsianditheideliveryio fiservicesithroughitheitwoilargestihealthiplansiinitheiU.S.,iThisiisiaccompl ishedibyiimprovedidataiflowsithatileadsitoibetterioutcomesiusingination alistandardsiformatsiandispecificitransactionsitoiincreaseiaccuracyiandir apidiwayitoidataimineiadidetectifraudulentibehavior. TheispecificidataiflowsiareioutlinediinitheiTransactioni&iCodeiSetiRulesi4 5iCFRi162.100i-i162.1902 https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 162 TrueioriFalse: Aiphysicianiisirequireditoihaveiaibusinessiassociateicontractiwithiailabor atoryiasiaiconditioniofidisclosingiprotectedihealthiinformationiforitheitr eatmentiofianiindividual.i-iCorrectiAnswer-FALSE Remember,iuseiandidisclosureiofiPHIiforipurposesiofiTPOirequiresinoisp ecificiauthorization TrueioriFalse: Aihospitalilaboratoryiisinotirequireditoihaveiaibusinessiassociateicontrac titoidiscloseiprotectedihealthiinformationitoiaireferenceilaboratoryiforitr eatmentiofitheiindividual.i-iCorrectiAnswer-TRUE Remember,iuseiandidisclosureiofiPHIiforipurposesiofiTPOirequiresinoisp ecificiauthorization TrueioriFalse: Researchiuse/disclosureiwithiindividualiauthorizationidoesinotiexpireio ricontinueiuntilitheiendiofitheiresearchistudyi-iCorrectiAnswer-TRUE https://www.hhs.gov/hipaa/for-professionals/special- topics/research/index.html TrueioriFalse: Researchiuse/disclosureiwithiindividualiauthorizationimayibeicombined iwithianiauthorizationiforiaidifferentiresearchiactivityiifiresearchirelatedi treatmentiisiconditionedionitheiprovisioniofioneiofitheiauthorizationsi- iCorrectiAnswer-TRUE https://www.hhs.gov/hipaa/for-professionals/special- topics/research/index.html TrueioriFalse: Researchiuse/disclosureiwithiindividualiauthorizationimayibeicombined iwithiotherilegalipermissionioriconsentitoiparticipateiinitheiresearchi- iCorrectiAnswer-TRUE https://www.hhs.gov/hipaa/for-professionals/special- topics/research/index.html TrueiofiFalse: Isiitipossibleiforiaifacilityiwithimultipleiproviderifunctionsitoihaveicertain iisolatediprovidersiorigroupsiwhoiareisubjectitoiParti2,iwhileitheifacilityia siaiwholeiisinotisubjectitoiParti2.iForiexample,iailargeifacilityimayihaveipr imaryicareiprovidersiandiaiseparateiunitithatiprovidesiSUDiservices.i- iCorrectiAnswer-TRUE Explanation: TheiSUDiunitiisisubjectitoiParti2,ibutitheirestiofitheifacilityiisinot. ref.iHCCAiprivacyihandbooki3rdied.i"PrivacyiActi1974"isection WhatiisiairesearchiIRB? 1.iInstitutionaliResearchiBoard 2.iAigroupiofiexecutivesithatireviewialliresearchiactivitiesiconductedibyit heiBoardiofiDirectors 3.iAigroupiofiindividualsithatireviewiproposediresearchitoiprotectitheipri vacyiofisubjects 4.iCanimakeichangesitoitheiresearchiorialteriitsicontentiasitheyiseemedia ppropriatei-iCorrectiAnswer- 3.iAigroupiofiindividualsithatireviewiproposediresearchitoiprotectitheipri vacyiofisubjects Aniindividualimustiauthorizeitheseimarketingicommunicationsibeforeit heyicanioccur,iexcept: a.iwhenitheicommunicationiisinotiforitheipurposeiofiprovidingitreatmen tiadvice b.icommunicationifromiaihealthiinsureritoipromoteitheiriproducts/servi ces c.icommunicationiinitrainingimaterialiusingitheiriphoto d.ihospitaliusesiitsipatientilistitoiannounceitheiarrivaliofiainewispecialtyig roupiinigeneralimailingi-iCorrectiAnswer-Except: d.ihospitaliusesiitsipatientilistitoiannounceitheiarrivaliofiainewispecialtyig roupi Thisiactivityidoesinotimeetithei"marketing"idefinition,iforiinstance,ithei disclosureiofiPHIiinithisiexampleiisinotiforiexchangeiofiremuneration,iorit oiencourageiuseiofiproduct,ipromoteiservices. https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/marketing/index.html TrueioriFalse: Itiisiimportantithatiwhenicontractingiwithipayersiorihealthiplansitheyifol lowinotionlyitheiHIPAAisecurityibutialsoitheiprivacyiruleitoiprotectibenef iciariesiPHIiincludingiuse/disclosureiduringipayer'simarketingiactivitiesi- iCorrectiAnswer-TRUE WhichiofitheifollowingirequiresiaiBusinessiAssociateicontract/agreeme nt: a.iindependentimedicalitranscriptionist b.ientitiesithatiparticipateiinianiOHCAi(organizedihealthcareiarrangeme nt) c.iwheniaiproviderisimplyiacceptsiaidiscountedirateitoiparticipateiinithei healthiplan'sinetwork d.iUSiPostaliServicesioriprivateicarriersi-iCorrectiAnswer- a.iindependentimedicalitranscriptionist explanation:ithisiisianioutsourcediserviceithatihandlesiPHIionibehalfiofit heiCE.iTheitranscriptionistiisiperformingianiactivityiforitheiCEithaticontai nsiPHIiandiaiBAAiisirequireditoiensureiproperiuseiandidisclosure. https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/business-associates/index.html Isiaicoveredientityirequireditoiprovideinoticeitoiindividualsiaboutiitsidisc losuresiofiPHIitoiaiPHAiforipublicihealthipurposes?i-iCorrectiAnswer-Yes. Thisiisiinitheicoveredientity'siNoticeiofiPrivacyiPracticesi(NPP). TheiPrivacyiRuleirequiresiaicoveredientityitoiincludeiiniitsiNPPiaidescripti oniofitheipurposes,iwhichiwouldiincludeipublicihealthipurposes,iforiwhic hitheicoveredientityimayiuseioridiscloseiPHIiwithoutianiindividual'siauth orization. However,itheiPrivacyiRuleidoesinotirequireiaibusinessiassociatei(suchiasi aniHIEithatiisiaibusinessiassociate)itoiprovideiindividualsiwithiaiNPP. TrueiofiFalse: OHCAsiandiACEsiareiableitoiproduceiaijointiNoticeiofiPrivacyiPracticei(N PP)i-iCorrectiAnswer-FALSE Explanation: OHCAsiareijointiarrangements,ihaveianiIntegratediDeliveryiSystem,iandi thereforeiagreeitoiabideibyitheitermsiofitheinoticeiwithirespectitoiPHIicr eatediorireceivedibyitheicoveredientityiasipartiofiitsiparticipationiinithei OHCA.i AiCoverediEntityimayideniedianiindividualiaccessitoitheiriPHIiunderispeci ficicircumstancesisetiforthiini45iCFRi164.524i(a)(2),iwhichiofitheifollowin gidoesn'tifalliunderithoseicircumstances: a.iRequestiforipsychotherapyinotes b.iifiitijeopardizesitheihealth,isafety,isecurity,irehabiofiindividuali(e.g.iin mate's'irequest,isuicidalipatient) c.iduringitheicourseiofiresearch/clinicalitrial d.itoirequestirestrictionsiofitheiriPHIi-iCorrectiAnswer- a.iRequestiforipsychotherapyinotes UnderitheiHIPAAiPrivacyiRule,iindividualihasitheirightitoirequestiaicopy,i aniamendmentiandirestrictionsitoitheiriPHI,irequesticonfidentialicomm unicationsiinvolvingiyouriPHI,iandilistiofidisclosures.iSeei45iCFRi§i164.52 4i(a)(2) https://www.hhs.gov/hipaa/for-professionals/faq/2046/under-what- circumstances-may-a-covered-entity/index.html https://www.hhs.gov/hipaa/for-professionals/privacy/laws- regulations/index.html 38iU.S.C.i7332idealsiwithiconfidentiallyiofipatientimedicalirecordiinform ationirelatedito: a.idrugiabuse,isexuallyitransmittedidiseases,iandituberculosis b.iHIV/AIDSistatus c.idrugiabuse,ialcoholism,iinfectioniwithitheiHIVivirus,iandisickleicelliane mia d.imentaliillness,iHIVistatus,idrugiandialcoholiabusei-iCorrectiAnswer- c.idrugiabuse,ialcoholism,iinfectioniwithitheiHIVivirus,iandisickleicelliane mia TrueioriFalse: TheiMinimumiNecessaryiisiaikeyiconceptiunderitheiHIPAAisecurityirulei- iCorrectiAnswer-FALSE ItiisiaikeyiconceptiunderitheiPRIVACYiRule. Re:iHIPAAiAuthorization Isithereianyiinformationiweicanireleaseitoiaipersoniwhoiisicallingionibeh alfiofiaipatientiwhoiisinotiauthorizediiniaireleaseiform?i-iCorrectiAnswer- Patientimustibeigiveniani"opportunityitoiagreeioriobject"ikeepingiinimin d: 1.iyouicaniobtainipatient'siagreementiverbally,ioveritheiphone,iBUTimak esinotesiinifile 2.ionlyidiscloseitheiMinimumiNecessary https://thehipaaetool.com/hipaa-authorization-required/ Re:iHIPAAiAuthorization Whenimyipatientsiareibeingitreatediforicariaccidentiinjuries,iweioftenire ceiveirequestsiforiPHIifromilawyers.iIiaminotisureiifiweishouldiprovideith eiinformationiandidon'tiknowihowitoidecideiwhetheritheirequestiisilegiti mate. Howidoiweivalidateitheirequestiisilegitimate?i-iCorrectiAnswer- EnsureiisiaivalidiHIPAAiauthorization: MUSTihaveitheiauthorizationi6icoreielementsiandi3ikeyistatementsiasip eri45iCFRi§i164.508i(c)(1)iandi(2) https://www.law.cornell.edu/cfr/text/45/164.508 Re:iHIPAAiAuthorization Oneiofimyilongitermi(dental)ipatientsiwasirecentlyidiagnosediwithicance r.iHisinewioncologist'siassistanticalleditoirequestihisiPHIifromiourifiles.iIi don'tiknowiifitheipatientiknowsiorihasiauthorizedithis. Canitheirequestibeifulfilled?i-iCorrectiAnswer- YES,inoiauthorizationiisirequirediforipurposesiofiTPO.i But,iensureitheirequestiisiiniwritingiincluding: CoverediEntity'siname; Patient'siname;i Dateiofitheievent/timeiofitreatment;iandi Reasoniforitheirequest. https://thehipaaetool.com/hipaa-authorization-required/ https://www.hhs.gov/hipaa/for-professionals/privacy/special- topics/de-identification/index.html What'sitheiMinimumiNecessary?i-iCorrectiAnswer- Use/discloseilimitediPHIitoiaccomplishitheiintendedipurposeiofitheiuse,i disclosure,iorirequest. https://www.hhs.gov/hipaa/for-professionals/privacy/laws- regulations/index.html TheiMinimumiNecessaryiDOESiNOTiapplyito?i-iCorrectiAnswer- doesinotiapplyito: TPO Toitheiindividualidirectly ToitheiHHSiSecretaryiorirequiredibyilaw Wheniauthorizationiisigranted WhereidoesiMinimumiNecessaryilinkitoiinitheiSecurityirule?i- iCorrectiAnswer-RoleiBasediAccessi- icanicontentifiltersibeiuseditoisupportitheiprivacyiconcept WhoicaniDeceasediIndividualsiinformationibeireleaseditoiatianytime?i- iCorrectiAnswer- coronersiorimedicaliexaminersi(andiFuneraliDirectorsiasinecessaryitoica rryioutitheiridutiesiwithirespectitoitheidecedent) https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 164/subpart-E/section-164.512 PreemptioniunderiHIPAAimeansi-iCorrectiAnswer- Federalilawistatesithatiitipreemptsiorioverridesi(supersedes)istateilawio niaiparticulariissue,ithenifederalilawiisitheilawithatimustibeifollowed.i Inigeneral,iHIPAAipreemptsistateilawithatiisi"contrary"itoitheifederalirul e.i Inimanyicases,icomplyingiwithitheistrongeristandardi(moreistringent)iwi lliallowiyouitoicomplyiwithibothistateilawiandiHIPAA.i Examplei1:iifistateilawigivesiaiprovideri10idaysitoiresponditoiaipatient'sir equestiforiaicopyiofihisimedicalirecords,iandiHIPAAiallowsi30idays,iyouic anicomplyiwithibothistateiandifederalilawibyirespondingiwithini10idays. Examplei2:iifistateilawirequiresilongeriperiodiforirecordikeepingithanithe ifederalilaw,ithenigoiwithitheilongeriperiod. https://library.ahima.org/doc?oid=59816#.YlTLkOjMI2w ValidiAuthorizationicoreielementsi(seei45iCFRi§i164.508(c)(1)):i- iCorrectiAnswer- 1.imeaningfulidescriptioniofitheiinformationitoibeidisclosed 2.inameiofitheiindividual/personiauthorizeditoimakeitheirequestedidiscl osure 3.inameioriotheriidentificationiofitheirecipientiofitheiinformation 4.idescriptioniofieachipurposeiofitheidisclosure 5.iexpirationidateiforitheiauthorization 6.isignatureiandidateiofitheiindividualioritheiripersonalirepresentativei(s omeoneiauthorizeditoimakeihealthicareidecisionsionibehalfiofitheiindivi dual) https://www.law.cornell.edu/cfr/text/45/164.508 and https://www.hhs.gov/hipaa/for-professionals/special- topics/emergency-preparedness/authorization/index.html ValidiAuthorizationi3ikeyistatementsi(seei45iCFRi§i164.508(c)(2)):i- iCorrectiAnswer- TheistatementsiareitoibeiincludediiniaivalidiAuthorization: •iAistatementiofitheiperson'sirightitoirevokeitheiauthorization,iexceptio nsitoithisiright,iandiaidescriptioniofihowitoirevoke: •iAistatementithatitreatment,ipayment,ienrollmentiorieligibilityiforiben efitsimayiNOTibeiconditionediuponisigningitheiauthorization; •iAistatementiregardingitheipotentialithatitheiinformationidisclosedipur suantitoitheiauthorizationimayibeire- disclosedibyitheirecipientiand,iifiso,iitimayinoilongeribeiprotectedibyiaife deraliconfidentialityilaw; /disclosuresi(incidental/inadvertent/unintentional)i-iCorrectiAnswer- Confidentiality,iintegrity,iavailabilityi Note:iAccidentali- imustibeireported.iAniaccidentaliHIPAAiviolationirefersitoitheiunauthori zedidisclosureiofiPHIi(protectedihealthiinformation)iwithoutiintent.iDes piteihavingisafeguardsiandiprotectiveimeasuresiiniplace,ithereiisistilliaip ossibilityiofibreachingiHIPAAiregulations.iTheseitypesiofiviolationsicould iincludeianiemployeeiaccidentallyiseeingiaidifferentipatient'simedicalire cords,ianiemailibeingisentitoitheiwrongipersonioritheilossioritheftiofiaiper sonalideviceithaticontainsiPHI.ihttps://www.hipaajournal.com/acciden tal-hipaa-violation/ ResearchiHIPAAiWaivericriteria:i-iCorrectiAnswer-ResearchiWaiver Iniorderiforiresearchitoibeiconducted,iitimustimeetiaiminimumisetiofiwai vericriteriaielements.iElementsithatimustibeimetitoimeetiwaviericriteriai are:i 1)itheiuseioridisclosureiforitheiresearchiinvolvediminimumiriskitoitheipat ient;i 2)itheiresearchicouldinotibeiconductediwithoutiproperiaccessitoitheiwai veribeingiapproved;iandi 3)itheiresearchicouldinotibeiconductediwithoutiproperiaccessitoitheiusei ofitheiPHI.i45iCFRi164.512i(i)(2) What'simaliciousisoftware?i-iCorrectiAnswer- malware,iisisoftwareithatiisiuseditoicontrolioritakeioveriapplications,iwo rkstations,ioriservers,idamage/disruptiaisystem. SeeiSecurityiRule,idefinitionsi-i45iCFRi164.304 https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part- 164/subpart-C/section-164.304 AicoveredientityimayiuseioridiscloseiPHIiforiTPO...whatidoesiTPOistandif ori-iCorrectiAnswer-Treatment Payment HealthiCareiOperations TrueioriFalse: Payer/healthiplansiareialloweditoiuse/discloseibeneficiary'siPHIiiniactivi tiesisuchiasilegaliservices,imedicalireview,iandifraudiandiabuseidetectio ni-iCorrectiAnswer-TRUE AiproviderireceivesiairequestifromitheiSocialiSecurityiAdministrationifori PHIirelatingitoiaiperson'siapplicationiforibenefits.iWhichiofitheifollowing iisitheicorrectimethodiofirelease? A.iSinceiitiisitoiaifederaliagency,ianiauthorizationifromitheipatientiisinoti needed,isoiPHIicanibeireleased. B.iTheiproviderishouldireviewitheiPHIiandimakeiaidecisionionitheiminim uminecessaryiandirelease. C.iTheiproviderishouldinotifyitheipatientiandiobtainiaisignediauthorizati oniprioritoirelease. D.iReleaseitheiinformationibecauseitheipatientisignediaiconsentiforitrea tment.i-iCorrectiAnswer- C.iTheiproviderishouldinotifyitheipatientiandiobtainiaisignediauthorizati oniprioritoirelease Alsoiknowniasithei"StimulusiAct"iorithei"RecoveryiAct",ienactediini2009 ;iitsimainipurposeiwasitoicreateijobsiandistimulateieconomicigrowth;iitia lsoiincludediprovisionsitoipromoteihealthiinformationitechnologyi- iCorrectiAnswer-AmericaniRecoveryiandiReinvestmentiActi(ARRA) C.I.A.i(HIPAA)istandsifor?i-iCorrectiAnswer- Confidentialityi(notiavailableioridiscloseditoiunauthorizediperson) Integrityi(unalteredioridestroysiiniunauthorizedimanner)) Availabilityi(accessibleiandiusableibyiauthorizediperson) https://www.hhs.gov/hipaa/for-professionals/security/laws- regulations/index.html Comprehensiveilegislationithatiensuresiaccessitoihealthicoverageiforith oseiwhoichangeijobsioriareitemporarilyioutiofiwork.iItialsoiprovidesithei mechanismiforifundingitheiDepartmentiofiJusticeianditheiFBIiforihealthic areifraudiinvestigationsi-iCorrectiAnswer- HealthiInsuranceiPortabilityiandiAccountabilityi(HIPAA) Ref.ihttps://oig.hhs.gov/reports-and-publications/hcfac/index.asp InicasesiwhereiCEiisimakingiFundraisingicommunicationsitoiindividuals,i theiindividualimustibeiprovidediwithianiOpportunityitoiObject/Electitoir eceiveisuchicommunicationsi(anditoioptibackiifiindividualichangesiher/h isiopinion)i-iCorrectiAnswer-TRUE CoverediEntityicaniuseioridiscloseiPHIibyithesei4iareas:i-iCorrectiAnswer- 1.iforitreatment,ipayment,ihealthcareioperationsi(TPO) 2.iforipubliciinterestiinidisasterireliefioripubliciemergency 3.iwithianiopportunityitoiobjecti(i.e.ispouseipickingiupiRx) 4.iwithiauthorizationigranted Coveredientityiincludes:i-iCorrectiAnswer-•iHealthiplani(payers) •iHealthicareiclearinghousei(processihealthiinformationiintoistandardid ataielementsionibehalfiofitheiCE) •iHealthicareiprovideriwhoitransmitsianyihealthiinfoiinielectroniciform AND •iCE'sibusinessiassociatei(wheniapplicable) WhatiisiaiControllingiHealthiPlani(CHP)?i-iCorrectiAnswer- Healthiplanithaticontrolsiitsiownibusiness,iactions,iactivities,iandipolicie s; Controlsitheisubhealthiplani(SHP). ThisiappliesitoistateiMedicaidiplans.iForiinstance,itheiCHCiisitheistateiMe dicaid,ianditheiSHPiwouldibeitheilocaliadministrator. Re:iHCCAiPrivacyiComplianceiHandbook Describeiwhatitoidoiwithiai"required"iimplementationispecificationi- iCorrectiAnswer-Implementitheispecificationiasipresented Describeiwhatitoidoiwithiani"addressable"iimplementationispecificatio ni-iCorrectiAnswer- Implementiasipresented,ioriifinotireasonableiandiappropriateiimplemen tianiequivalentialternativeimeasure. DesignatediRecordiSeti(DRS)i-iincludes:i-iCorrectiAnswer- GroupiofirecordsimaintainedibyioriforiaiCoverediEntityithaticomprisesith eifollowing: 1.imedical/billingsirecords 2.ienrollment/payment/claimsiadjudication/caseimanagementibyiheal thiplan 3.iotherirecordsiusedibyioriforicoveredientityitoimakeidecisionsiaboutiin dividuals DesignatediRecordiSeti(DRS)i-irecordsiexcludedifromiDRS:i- iCorrectiAnswer- Administrativeidatai(audititrails,iappointmentischedules,ithatidon'tiimb ediPHI). Incidentireports. QualityiAssuranceiData. Statisticalireports. DVDimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Shreddingiandicutting FewiotheriexamplesiforiuseioridisclosureiofiPHIiotherithatiTPO:i- iCorrectiAnswer- Publicihealthiinterest,iresearch,iseriousithreat,iorgan/tissueidonationid ecedentiinformation,iworker'sicompensationiinsurers. Giveiexamplesiofiadministrativeisafeguardsi-iCorrectiAnswer- •iPoliciesiandiprocedures •iTrainingiandieducation •iDesignationiofiindividualsi(Ex.iSecurityiOfficer) •iContingencyiPlanning Giveiexamplesiofiphysicalisafeguardsi-iCorrectiAnswer- •iFacilityisecurityioriaccessiplan •iDisposaliprocessesiandimediaireuse •iDataibackupiandistorage Giveiexamplesiofitechnicalisafeguardsi-iCorrectiAnswer-•iPasswords SecurityiRuleiDocumentationirequirements:ihowilongidoesitheiCEimusti maintainiwrittenirecordsifor?i-iCorrectiAnswer- atileasti6iyearsifromidateirecordsiwasicreatediorieffectiveidate RiskiAssessmentitoidetermineiLoProCo:i-iCorrectiAnswer- 1.iNatureiandiextentiofiPHIiinvolvediincludingitypeiofiidentifiersiandilike lihoodiofireidentification; 2.iTheiunauthorizedipersoniwhoiuseditheiPHIioritoiwhomitheidisclosurei wasimade; 3.iWhetheritheiPHIiwasiactuallyiacquiredioriviewed;iandi 4.iTheiextentitoiwhichitheiriskitoitheiPHIihasibeenimitigated. HITECHiisipartiofiwhat?i-iCorrectiAnswer- AmericaniRecoveryiandiReinvestmentiActi(ARRA) HowilongiisiPHIiprotectediafteritheiperson'sideath?i-iCorrectiAnswer- 50iyears HowimanyiidentifiersiareilistediinitheiHIPAAiPrivacyiRules?i- iCorrectiAnswer-18 LaseriDiscsimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Pulverizing LevelsiofiConfidentialityi-iCorrectiAnswer-Confidential Anonymous NeeditoiKnow MagneticiTapeimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Demagnetizing Methodsitoide-identifyiPHIi-iCorrectiAnswer- ExpertiDeterminationi(Statistical)ide-identification Safeiharborimethod Microfilmimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Recyclingiandipulverizing Nameitheiprocessiofiidentifyingipotentialisecurityirisksiandideterminingi theiprobabilityiofioccurrenceiandimagnitudeiofirisks.i-iCorrectiAnswer- RiskiAnalysis Pathiori7istepsitoiHIPAAiCompliance:i-iCorrectiAnswer- 1.iPerformicomprehensiveiriskiandisecurityianalysis 2.iIdentifyithreatsiandivulnerabilities 3.iSelectiandidevelopisafeguards 4.iCreateipolicies,iprocedures,iandipractices 5.iTrainitheistaff 6.iImplementiallisafeguards 7.iManage,imonitor,iandimodify Paperimedicalirecordsiareidestroyedibyi-iCorrectiAnswer- Burning,ishredding,ipulverizing,iandipulping PermissionsiandiRequirediunderitheiHIPAAiruleiareiNOTitheisameithing.i Explaini-iCorrectiAnswer- "Permissions"icanistillibeidenied,iandi"Required"iisimandatory PHIioriprotectedihealthiinformationithatiisicollectedibyianiindividualiorir eceivedibyiaicoveredientityicanibeiusedioridisclosedibyitheseifouriareas.i Nameithem.i-iCorrectiAnswer-1-iTPOi(Tx,iPymt,iHealthcareiOperations) 2-ipubliciinterest/publicicrisisioriemergency 3-withianiopportunityitoiobjecti 4-authorization,ipermissionigranted Privacyiincidenticategoriesi-iCorrectiAnswer- Unintentionalioriinadvertentiviolationi(accidental); Failureitoifollowiestablishedipoliciesiandiprocedures; Deliberateioripurposefuliviolationiwithoutiharmfuliintent; Willfuliandimaliciousiviolationiwithiharmfuliintent. TheiSocialiSecurityiActiSectioni1128C(a),iasiestablishedibyithei___i___i__ _iandi___iAct,icreateditheiHealthiCareiFraudiandiAbuseiControliProgram Aniindividualigoesitoiaihospitaliemergencyidepartmentiwhileiexperienci ngicomplicationsirelateditoiaimiscarriageiduringitheitenthiweekiofipregn ancy.iAihospitaliworkforceimemberisuspectsitheiindividualiofihavingitak enimedicationitoienditheiripregnancy.iStateioriotherilawiprohibitsiaborti oniafterisixiweeksiofipregnancy. Isitheihospitalirequireditoireportiindividualsitoilawienforcement? a.iyes,ihospitaliisirequireditoidoisoiIFistateilawiexpresslyirequiresisuchire porting b.ino,ithisiwouldibeiimpermissibleiandiconstituteiaibreachiregardlessiofi stateilawirequirementsi-iCorrectiAnswer- a.iyes,ihospitaliisirequireditoidoisoiIFistateilawiexpresslyirequiresisuchire porting. ForiinstanceiLouisianaiisioneiofi28istatesithatirequireitheireportingiofiab ortionicomplications,ieveniifitheiprocedureiwasidoneilegallyiforimedicali reasons. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi- reproductive-health/index.html#footnote10_jc1ucm2 Re:iPrivacyiandiReproductiveiHealthiCare Ailawienforcementiofficialigoesitoiaireproductiveihealthicareicliniciandir equestsirecordsiofiabortionsiperformediatitheiclinic. Woulditheiclinicibeirequireditoifulfillitheirequest? a.iyes,icliniciisirequireditoidiscloseiPHIiwithoutipatient'siauthorizationitoi anyilawienforcementiwithoutiquestion b.ino,iitiwouldibeiimpermissibleiandiconsiderediaibreach,iunlessitheireq uestiisiaicourtiorderioriotherimandateienforceableiiniaicourtiofilawi- iCorrectiAnswer- b.ino,iitiwouldibeiimpermissibleiandiconsiderediaibreach,iunlessitheireq uestiisiaicourtiorderioriotherimandateienforceableiiniaicourtiofilaw. Note:iWhenitheirequestiisiaicourtiorderiandienforceableiiniaicourtiofilaw ,itheiclinicimayidiscloseiONLYitheiPHIiexpresslyiauthorizedibyitheicourtio rder. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi- reproductive-health/index.html#footnote10_jc1ucm2 Theifourikeyitermsitoievaluateiwheniassessingitoidetermineioripresume diifithereiwasiinifactiai"Breach". Thisifourikeyitermsiareicarefullyilookediduringitheiassessment,iwhichiisi alsoireferrediasiLoProCo.i-iCorrectiAnswer- Fouritermsiare:iAAUDi(Access,iAcquired,iUsed,iDisclosed) Re:iPrivacyiandiReproductiveiHealthiCare Aipregnantiindividualiiniaistateithatibansiabortioniinformsitheirihealthic areiproviderithatitheyiintenditoiseekianiabortioniinianotheristateiwherei abortioniisilegal.iTheiprovideriwantsitoireportitheistatementitoilawienfo rcementitoiattemptitoipreventitheiabortionifromitakingiplace. WoulditheiPrivacyiRuleipermititheidisclosureiofiPHIitoilawienforcementii nithisiscenario? a.iyes,iprovideriwantsitoidoitheirightithingi b.ino,iPrivacyiRuleiwouldiNOTipermititheidisclosureibecauseiitidoesinoti qualifyiasiai"seriousiandiimminentithreatitoitheihealthiorisafetyiofiaipers onioritheipublic"iandiiticompromisesitheiintegrityiofipatient- providerirelationshipi-iCorrectiAnswer- b.ino,iPrivacyiRuleiwouldiNOTipermititheidisclosureibecauseiitidoesinoti qualityiasiai"seriousiandiimminentithreatitoitheihealthiorisafetyiofiaipers onioritheipublic"iandiiticompromisesitheiintegrityiofipatient- providerirelationship. Therefore,isuchiaidisclosureiwouldibeiimpermissibleiandiconstituteiaibr eachiofiunsecurediPHIirequiringinotificationitoiHHSianditheiindividualiaf fected.i https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi- reproductive-health/index.html#footnote10_jc1ucm2 Whatiareithei3icomponentsithatimakeiupisecurity?i-iCorrectiAnswer- SecurityiCIA: Confidentiality https://www.hhs.gov/hipaa/for-professionals/special- topics/emergency-preparedness/limited-data-set/index.html WhatiisitheirecordiretentioniperiodiforiHIPAAirelatediworkiproduct?i- iCorrectiAnswer-6iyears WhatiisitheitimeframeirequirementitoitraininewiemployeesiaboutiHIPA A?i-iCorrectiAnswer- "withiniaireasonableiperiodiofitimeiafteritheipersonijoinsitheicoveredien tity'siworkforce" WhatiisiUnsecurediPHI?i-iCorrectiAnswer- PHIithatihasinotibeenirenderediunusable,iunreadable,ioriindecipherable itoiunauthorizedipersonsithroughitheiuseiofiaitechnologyiorimethodolog yispecifiedibyitheiSecretaryiiniguidance WhatisubpartiiniParti164idealsiwithiPrivacyi-iCorrectiAnswer- SubpartiEi(Hint:iPrivacy....Privacy-E) WhatisubpartiiniParti164idealsiwithiSecurityi-iCorrectiAnswer- SubpartiCi(Hint:i"C"-curity) WhichiofitheifollowingiwouldibeiconsideredianiincidentalidisclosureiofiP HI? a.iPatientioverhearingiainurseionitheiphoneidiscussingilabiresultsiwithia notheripatient b.iAniemailicontainingiailargeilistiofipatientsi(names,iaddresses,iandiMe dicareiIDiNumbers)iwasisentiunsecureditoiaiyahoo.comiemailiaddressi c.iAniemailisentitoianotheriemployeeioniaisecureiserver,ibutitheiemploy eeiwhoireceivediitiwasitheiwrongiemployee d.iAiandiCiareicorrect e.iNoneiofitheiaboveiareicorrect https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/incidental-uses-and- disclosures/index.htmli-iCorrectiAnswer- a.iPatientioverhearingiainurseionitheiphoneidiscussingilabiresultsiwithia notheripatient. Incidentalivs.iAccidental: Accidentaliandiincidentalicanibothimeani"somethingihappeningibyichan ce,"ibutiusageisuggestsithati"accidental"ialsoiimpliesianielementioficarel essnessioriinattentioniwhilei"incidental"iimpliesitheioccurrenceiwouldih aveihappenediwithioriwithoutiattentionioricare. AniincidentaliUseioriDisclosureiisiaisecondaryiuseioridisclosureithaticann otireasonablyibeiprevented. https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/incidental-uses-and- disclosures/index.html AniAccidentaliUseiofiDisclosureiisisendingianiemailitoitheiwrongirecipien tiandianiemployeeiaccidentallyiviewingiaipatient'sireport,iwhichileadsito ianiunintentionaliHIPAAiviolation WhichiofitheithreeirulesiiniParti164iapplyitoiPHIiinialliofiitsiformats?i- iCorrectiAnswer-PartiEi(Privacy)iappliesitoiPHIiinialliofiitsiformats BONUS:ialsoiPartiDisinceibreachesicaniinvolveiPHIiinialliofiitsiformatsiasi well Whatidefinesiandilimitsitheicircumstancesiiniwhichianiindividual'siPHIim ayibeiusedioridisclosedibyicoveredientities? a.iConstitution b.iFirstiAmendment c.iOIG d.iPrivacyiRulei-iCorrectiAnswer-d.iPrivacyiRule Note:ipracticeiquestionifromiAAPCiCPCOiCh4 PHIimayibeidisclosediwithoutitheipatient'siauthorizationifori_________ __________. a.iDeath,ioperations,iandibirthicertificates b.iTreatment,ipictures,iandioperations Appointmentiremindersiareiconsideredipartiofitreatmentiofianiindividu aliand,itherefore,icanibeimadeiwithoutiauthorization. Note:ipracticeiquestionifromiAAPCiCPCOiCh5 Healthiinformationithatidoesinotiidentifyianiindividualiisicalledi_______ ________. a.iClonediinformation b.iDe-identifiediinformation c.iRe-identifiediinformation d.iMisidentifiediinformationi-iCorrectiAnswer-b.iDe- identifiediinformation Note:ipracticeiquestionifromiAAPCiCPCOiCh5 Whatipolicyiisiwrittenitoiencourageicommunication? a.iAttendanceipolicy b.iElectroniciprotectediinformationipolicy c.iNon-retaliationipolicy d.iSafetyiandisecurityimanagementipolicyi-iCorrectiAnswer-c.iNon- retaliationipolicy Note:ipracticeiquestionifromiAAPCiCPCOiCh5 IsiitiokayitoisendiX- raysitoispecialistsiwhenireferringipatientsiifiouriemailiisinotiencrypted? a.iAlways b.iNever c.iItidependsi-iCorrectiAnswer-c.iItidepends Explanation: Encryptioniisistronglyirecommendediasitheibestipractice.iIfitheiindividua liisirequestingiPHIiinitheiformiofiX- raysibeisentitoitheithirdipartyianditheiindividualiisinotifiediprioritoisendi ngiviaiunencryptediemailianditheiindividualiagreesitoisendingiviaiunencr yptediemail,ithisiisipermittediunderiHIPAAi.iHHSiprovidesicleariguidance ionisendingiPHIiinianie- maili.iPleaseirememberithatistateilawsimayiapplyiasiwell. Ref.ifromi1stiHCiCompliance WhenicaniyouiuseioridiscloseiPHI? A.iWhenitheipatientihasiauthorized,iiniwriting,iitsirelease. B.iForitheitreatmentiofiaipatient,iifithatiisipartiofimyijob. C.iForiobtainingipaymentiforiservices,iifithatiisipartiofimyijob. D.iAlliofitheianswers.i-iCorrectiAnswer-D.iAlliofitheianswers. TrueioriFalse:i Aniemailirequestifromiaiclientitoicommunicateiwithithem,iasilongiasiitiisi secured,iisisufficientiforiaistaffimemberitoiuseithatimethodioficommunic ation.i-iCorrectiAnswer-TRUE TrueioriFalse:i Signediauthorizationsiforireleaseiofiinformationiareiconsiderediinvalidiif ithereiisinoiexpirationidateiorianieventithatitriggersiexpiration.i- iCorrectiAnswer-TRUE Aivalidiauthorizationimustihaveiallirequiredicoreielementsisetiforthiini45 iCFRi164.508(c): 1.idescriptioniofiinfoitoibeidisclosed 2.inameiofiindividualiauthorizeditoimakeitheirequestedidisclosure 3.inameiofitheirecipienti 4.iaidescriptioniofieachipurposeiofitheidisclosure(s) 5.iexpirationidate 6.isignatureiofiindividuali(orirepresentative)iandidate WhichiofitheifollowingiisiNEVERiacceptableitoileaveiiniaimessageioniania nsweringimachine: a.iTheicaller'siname. b.iTheiminimuminecessaryiinformationitoirequestithatitheiclientireturnit heiphoneicalliifinecessary. c.iTestiresults. Aicoveredientityimayidiscloseiprotectedihealthiinformationi(PHI)iwitho utiaipatient'siwrittenipermissionifor: a.iTreatmentipurposes b.iPayment c.iHealthicareioperationsiactivities d.iAlliofitheiabovei-iCorrectiAnswer- d.iAlliofitheiabovei(aicoveredientityimayiuseioridiscloseiPHIiforiTPO) Aicoveredientityimustiobtainitheipatient'siwritteniauthorizationiforianyi useioridisclosureiofiprotectedihealthiinformationi(PHI)iiniwhichicircumst ances? a.iMarketingiactivities b.iResearch c.iPHIisalesiandilicensing d.iInformationisharingineedediforitreatment e.iAiandiCionly f.iAlliofitheiabovei-iCorrectiAnswer-e.iAiandiCionly Ref.iPermittediUsesiandiDisclosuresisectioni- ihttps://www.hhs.gov/hipaa/for-professionals/privacy/laws- regulations/index.html Nameiexamplesiforiwhichianiauthorizationiisirequired,iotherithaniforius e/disclosureiofiPsychotherapyinotes:i-iCorrectiAnswer- marketingiandisalesiofiPHI Filliinitheiblank: 45iCFRi46iSubpartiAilistsitheiHHSiregulationsiforitheiprotectioniofihuman isubjectsiiniresearch.iThisisubpartiisialsoiknowniasithei____i____.i- iCorrectiAnswer-CommoniRule. https://www.hhs.gov/ohrp/regulations-and-policy/regulations/45- cfr-46/index.html Whichiofitheifollowingicreatedianiethicaliframeworkiforitheiconductiofih umanisubjectsiresearch: a.iTheiNurembergiCode b.iTheiBelmontiReporti c.iTheiDeclarationiofiHelsinki d.ialliofitheiabovei-iCorrectiAnswer-d.ialliofitheiabove Theseicodesiwereiwritten,iprimarily,itoiaddressiresearchiactivitiesithati wereideemeditoiposeiseriousiharmitoitheihumanisubjectsiinvolvediandit oistandardizeitheiprotectionsiofihumanisubjectsigoingiforward.iTheifocu s,ithen,iwasitoiprotectitheiindividualsiwithionlyiaiminoriconcernioverithei confidentialityiofitheidataiinvolved. Ref.iHCCAiPrivacyiComplianceiHandbook Examplesiofiproperidisposalimethodsiofiprotectedihealthiinformationi(P HI)imayiinclude: a.itossingiintoitheitrashcaniorirecycleibin. b.iclearingi(usingisoftwareiorihardwareiproductsitoioverwriteimediaiwit hinon-sensitiveidata). c.ipurgingi(degaussingioriexposingitheimediaitoiaistrongimagneticifieldii niorderitoidisruptitheirecordedimagneticidomains). d.idestroyingi(disintegration,ipulverization,imelting,iincinerating,iorishr edding). e.iBiandiD f.iB,iCiandiDi-iCorrectiAnswer-f.iB,iCiandiD. Dependingionitheicircumstances,iappropriateimethodsiforiremovingieP HIifromielectronicimediaiprioritoireuseioridisposalimayibeibyiclearingi(us ingisoftwareiorihardwareiproductsitoioverwriteimediaiwithinon- sensitiveidata)ioripurgingi(degaussingioriexposingitheimediaitoiaistrongi magneticifieldiiniorderitoidisruptitheirecordedimagneticidomains)itheiin formationifromitheielectronicimedia.iIficircumstancesiwarrantitheidestr uctioniofitheielectronicimediaiprioritoidisposal,idestructionimethodsima yiincludeidisintegrating,ipulverizing,imelting,iincinerating,iorishreddingi theimedia.iCoveredientitiesimayicontractiwithibusinessiassociatesitoiper formitheseiservicesiforithem.iRef.ihttps://www.hhs.gov/hipaa/for- professionals/faq/disposal-of-protected-health- information/index.html D.iWorkstationiSecurityi-iCorrectiAnswer-B.iAutomaticiLogiOff Automaticilogioff,ipasswords,iencryption,iuniqueiuseriIDiareiexamplesio fitechnicalisafeguards,inotiphysical. WhichiofitheifollowingiisinotilistediasiaiphysicalisafeguardiinitheiSecurityi Rulei(SubpartiC)? A.iFacilityiAccessiPlan B.iDisposaliprocesses C.iDataibackupiandistorage D.iUniqueiuseriIDi-iCorrectiAnswer-D.iUniqueiuseriID Automaticilogioff,ipasswords,iencryption,iuniqueiuseriIDiareiexamplesio fitechnicalisafeguards,inotiphysical. TrueioriFalse: Coveredientities,isuchiasiphysician'sioffices,imayiuseipatientisign- inisheetsioricallioutipatientinamesiiniwaitingirooms,isoilongiasitheiinform ationidisclosediisiappropriatelyilimited.i-iCorrectiAnswer-TRUE TheiHIPAAiPrivacyiRuleiexplicitlyipermitsitheiincidentalidisclosuresithati mayiresultifromithisipractice.iForiexample,itheisign- inisheetimayinotidisplayimedicaliinformationithatiisinotinecessaryiforith eipurposeiofisigningiini(e.g.,itheimedicaliproblemiforiwhichitheipatientiisi seeingitheiphysician).iSeei45iCFRi164.502(a)(1)(iii).Ref.ihttps://www.hh s.gov/hipaa/for-professionals/faq/199/may-health-care-providers- use-sign-in-sheets/index.html InideterminingitheiamountiofianyicivilimoneyipenaltyiforiviolationsiofiHI PAA,itheifollowingifactorsiareiconsidered:i a.iTheinatureiandiextentiofitheiviolation. b.iTheinatureiandiextentiofitheiharmiresultingifromitheiviolation. c.iTheihistoryiofiprioricomplianceiwithitheiadministrativeisimplificationi provisions,iincludingiviolations,ibyitheicoveredientityioribusinessiassoci ate. d.iTheifinancialiconditioniofitheicoveredientityioribusinessiassociate. e.iSuchiotherimattersiasijusticeimayirequire. f.iAlliofitheiabovei-iCorrectiAnswer-f.iAlliofitheiabove Ref.ihttps://www.law.cornell.edu/cfr/text/45/160.408 UnderiHIPAA,iaicoveredientityiisirequireditoidiscloseiProtectediHealthiIn formationi(PHI)iwhen: a.itheidisclosureiisirequestedibyitheipoliceidepartment b.iaisubpoenaisignedibyianiattorneyiisireceived c.itheidisclosureiisirequiredibyimedicalistaffibylaws d.itheiSecretaryiofiDHHSirequestsitheiinformationi-iCorrectiAnswer- d.itheiSecretaryiofiDHHSirequestsitheiinformation Aiprivacyiprofessionaliisireviewingiaiprogramiforianiacademicimedicalice nterithatiincludeiaifacultyigroupipractice,ihospital,istudentihealthicenter ,iandiself- fundedigroupihealthiplan.iTheiprivacyiprofessionalishouldievaluateiifith eiprogramihasinoticesifor: a.iGINA b.iFMLA c.iHIPAA d.iFISMAi-iCorrectiAnswer-b.iHIPAA AihealthisystemiimplementedianiEHRiini55iclinics.iTheiprivacyiprofessio naliisitoldiemployeesiareiinconsistentlyiinterpretingitheipolicyiaddressin giemployeeiaccessitoiEHR.iWhichiofitheifollowingiisitheiprivacyiprofessio nal'siBESTistrategy? a.iCollaborateiwithiHRitoiensureiappropriateidiscipline b.iPerformianiauditiunderiAttorney-ClientiPrivilege c.iConductisurveysioficliniciemployeesiconcerns d.iAuditiairandomisamplingioficlinicsiacrossitheiorganizationi- iCorrectiAnswer-c.iConductisurveysioficliniciemployeesiconcerns AiprivacyiprofessionaliisiassistingiITiwithitheidevelopmentiofipropericon trolsitoiprotectitheiprivacyiofitheiorganization'sidata.iWhichiofitheifollo wingiisianiemployee-relatedicontrol? a.iBreachiresponseiprocedures b.iAnnualievaluations WhichiofitheifollowingiisiBESTiforiaiprivacyiprofessionalitoiincludeiasianii ndividualigoal: a.iParticipateiinicontinuingieducationitoimaintainiprofessionalicompete ncy b.iObtainibudgetiincreasesiforitheiprivacyiprogram c.iCollaborateiwithiHRitoiensureiconsistencyionidisciplinaryimatters d.iHireiadditionalistaffiforitheiprivacyiprogrami-iCorrectiAnswer- a.iParticipateiinicontinuingieducationitoimaintainiprofessionalicompete ncy TheiOIGirecommendsithatigeneralicomplianceitrainingiforiemployees,ip hysicians,iandivolunteersibeiprovided: a.imonthly b.iquarterly c.iannually d.ibiannuallyi-iCorrectiAnswer-c.iannually Contractiprovisionsiforibackgroundichecksiofivendoriemployeesiensurei performanceiof a.idueidiligenceionithird-parties b.ithirdiparties'iservicesitoitheiorganization c.iHIPAAiprivacyistandardiimplementation d.irequirementsirelateditoiSAMSHAi-iCorrectiAnswer- a.idueidiligenceionithird-parties Severalimedicalirecordsicannotibeilocated.iTheiprivacyiprofessionalihea rsithatitheiphysiciansiareitakingioriginalipatientirecordsihomeitoidictate.i Noitrackingiprocessiexitsiforimedicalirecords.iWhichiofitheifollowingiisit heiprivacyiprofessionals'iMOSTiappropriateiaction? a.icreateishadowirecords b.idevelopianiauditiprocess c.idesigniaimonitoringitool d.irecommendidisciplinei-iCorrectiAnswer-b.idevelopianiauditiprocess Theihealthiinformationimanagementidirectoriforiaihospitaliasksiaiprivac yiprofessionaliifitheiinformationiofiaideceasedipatienticareicanibeireleas editoitheipatient'sispouse.iIniwhichicircumstanceiwoulditheireleaseitoith eispouseibeipermitted? a.itheispouseiwasiinvolvediinitheipatient'sicareibeforeideath b.ipermissioniwasigrantediinitheipatient'siwill c.itheispouseihasihealthcareipoweriofiattorney d.itheispouseihasiaiwaiveriofiauthorizationi-iCorrectiAnswer- a.itheispouseiwasiinvolvediinitheipatient'sicareibeforeideath https://library.ahima.org/doc?oid=103866#.Ys9lOnbMI2w Aniemployeeicontactsiaiprivacyiprofessionaliaboutitheiemployee'siinvol vementiinipossibleiillegaliactivityiinvolvingimisuseiofiindividuallyiidentif iableiinformation.iWhichiofitheifollowingishoulditheiprivacyiprofessiona lidoiFIRST? a.iaskitheiCFOiforiassistance b.icontactilegalicounsel c.inotifyilocalilawienforcement d.ireferitheiemployeeitoiHRi-iCorrectiAnswer-b.icontactilegalicounsel Wheniaskeditoigiveiaipresentationitoitheiboardionitheiimplementationio fiaiprivacyiprogram,iaiprivacyiprofessionalishouldiconsideriwhichiofitheif ollowingielementsiFIRST? a.iprogramibudget b.ibudgetiplan c.itrainingiplan d.iprogramiscopei-iCorrectiAnswer-d.iprogramiscope Whichiofitheifollowingitopicsishouldibeiincludediiniaitrainingipresentati onioniprivacyisafeguards? a.irecyclingipaperidocuments b.imaintainingimedicalirecordsiforiaispecificinumberiofiyears c.irequiringiBAAsiofivendors d.ishreddingipaperidocumentsi-iCorrectiAnswer- d.ishreddingipaperidocuments WhatidoesiunsecurediPHIimeaniunderitheiHHSiSecretaryiiniguidancei- iCorrectiAnswer- MeansiPHIithatiisinotirenderediunusable,iunreadable,ioriindecipherablei toiunauthorizedipersonsithroughitheiuseiofiaitechnologyiorimethodolog yispecifiedibyitheiSecretaryiinitheiguidance Nameiexamplesiforiwhichianiauthorizationiisirequired,iotherithaniforius e/disclosureiofiPsychotherapyinotes:i-iCorrectiAnswer- marketingiandisalesiofiPHI 1.iWhatiareitheirequiredicoreielementsiofiaiVALIDiAuthorization.iRef.i45i CFRi164.508(b)i-iCorrectiAnswer-1.iDescription 2.iPurposeiuse/disclosure 3.iRecipient 4.iAuthorizedipersonimakingitheidisclosure 5.iExpirationidate 6.iSignature/dates AiHIPAAiValidiAuthorizationimustiincludeialli6icoreielementsiandi3irequi redistatements,ilackiofianyiofitheseielementsiwouldibeiconsiderediai___ ______iauthorization.i-iCorrectiAnswer-DefectiveiAuthorization. Foriinstance: (i)iTheiauthorizationiexpirationidateihasipassedioritheiexpirationieventii siknownibyitheicoveredientityitoihaveioccurred; (ii)iTheiauthorizationihasinotibeenifillediouticompletelyi(missingicoreiele mentsiandirequiredistatements) (iii)iTheiauthorizationiisiknownibyitheicoveredientityitoihaveibeenirevok ed; (iv)iTheiauthorizationiviolatesiprovisioniofiaicompoundioriprohibitionio niconditioningiofiauthorizationsiifiapplicable; (v)iAnyimaterialiinformationiinitheiauthorizationiisiknownibyitheicovere dientityitoibeifalse. Ref.i45iCRi164.508(b)(2) WhatiareitheithreeitypeiofiAuthorizationiunderitheiHIPAAirulei- iCorrectiAnswer-Validi-iDefectivei-iCompound 45iCFRi§i164.508(b)(1),i(2)iandi(3) TrueioriFalse: Foridatesiasiidentifiersi(birthidate,iadmissionidate,idischargeidate,ietc),it heiyearionlyiexceptionitoidatesiisiwheniyeariindicatesianiageioveri89isinc eiveryifewiindividualsireachedithatimilestoneiwhenitheidefinitioniwasies tablishedi-iCorrectiAnswer-TRUE ThisiCodeiofiFederaliRegulationi(CFR)iappliesitoifederallyiassistediSubsta nceiUseiDisorderi(SUD)iprogramsiorialcohol/drugitreatmentiprogramsic onductedidirectlyibyitheifederalioristate/localigovernmenti- iCorrectiAnswer-42iCFRiParti2 TrueiofiFalse: TheiFederalilawi42iCFRiParti2iisisimilaritoitheiHIPAAistateilawipreemptio n,iwhereitheimoreirestrictiveiregulationiprevails.i-iCorrectiAnswer-TRUE TrueioriFalse: Parti2iProgramsimustialwaysilimititheiamountiofiinformationidisclosed,i eveniiniTreatmentisituations,iunlikeiHIPAAiwhereitheiTPOiexceptioniap plies.i-iCorrectiAnswer-TRUE ExamplesiofiNumbersiasiIdentifiers:i-iCorrectiAnswer- •iPhoneiandiFaxiNumbers •iEmailiAddresses •iSocialiSecurityiNumbers •iMedicaliRecordsiNumbers •iHealthiPlaniBeneficiaryiNumbers •iAccountiNumbers •iCertificate/LicenseiNumbers •iVehicleiIdentifiers •iDeviceiIdentifiers •iInternetiProtocoliAddress •iGeneticiInformation •iURLs Whichiofitheifollowingiusesiofipatientihealthiinformationidoinotirequirei theipatient'siauthorization? a.iTreatment,ipayment,ihealthicareiadministrationi(TPO) b.iMarketing c.iGeneticitestingiandiresearchistudies d.iReleaseiofipsychotherapyinotesi-iCorrectiAnswer-a.iTPO Whichiofitheifollowingiareiconsiderediprotectedihealthiinformationiund eriHIPAA?i a.iPhoneinumber b.iMedicalirecordinumber c.iLicenseiplateinumber d.iEmailiaddress e.ialliofitheiabovei-iCorrectiAnswer-e.ialliofitheiabove HIPAAirulesidoinotirequireiprovidersitoigrantipatientiaccessitoiwhichiofit heifollowingitypesiofiinformation? a.iAccountingidisclosures b.iOfficeivisitidocumentation c.iPsychotherapyinotes d.iMedicationilisti-iCorrectiAnswer-c.iPsychotherapyinotes Governmentiagenciesialsoihaveilimitsioniotheriinformationitheyimayicol lectiaboutiindividuals.iThei_______iActilimitsiand/orirestrictsitheisharin giofiinformationibetweenigovernmentiagencies. a.iFreedomiofiInformation b.iPrivacy c.iHIPAA d.iOmnibusi-iCorrectiAnswer-b.iPrivacy Thei"NoticeiofiPrivacyiPractices"iexplainsitheiwaysitheipracticeiwilliuseip atientiinformationiandidescribesipatients'irightsiregardingitheiriinforma tion. a.iTrue b.iFalsei-iCorrectiAnswer-a.iTrue 45iCFRi164.520(b)(1)(iv) Thereiareithreeithingsithatiaipracticeimustidoiregardingicommunicatingi withitheipatientiaboutiprivacyipracticesiandiprocedures,iexceptiforionei ofitheifollowing: a.iGiveieveryipatientiainoticeidescribingitheiphysicianiofficeiprivacyiprac tices b.iMakeiai"goodifaith"ieffortitoiobtainitheipatient'siwritteniacknowledg mentiofireceivingitheinotice c.iObtainitheipatient'siauthorizationiforidisclosuresioriusesinoticoveredi byithei"NoticeiofiPrivacyiPractices" d.iGiveieveryipatientiaicopyiofihisioriherimedicalirecordi- iCorrectiAnswer-d.iGiveieveryipatientiaicopyiofihisioriherimedicalirecord Whichigovernmentiagency(ies)iissuesiCertificatesiofiConfidentialityitoip rotectitheiprivacyiofisubjectsienrollediinisensitiveibiomedical,ibehaviora l,iclinical,ioriotheriresearch.iSelectiallithatiapply. a.iOfficeiofiCiviliRights b.iFoodiandiDrugiAdministration c.iOccupationaliSafetyiandiHealthiAdministration d.iNationaliInstitutesiofiHealth e.iOfficeiforiHumaniResearchiProtectionsi-iCorrectiAnswer- b.iandid.i(FDAiandiNIH) Sign- inisheetsiincludeiprotectedihealthiinformation.iHowever,itheyimayibeiu sediwithoutiviolatingiprivacyirulesiforithisireason: a.iPatientinameiisinotiprotectedihealthiinformation b.iTheisign- inisheetiisiusediforihealthicareioperationsiandiisiconsideredianiincidental idisclosure c.iTheipatientinameiisiusuallyinotilegible d.iNotiallipersonsisigningitheisheetiareipatientsi-iCorrectiAnswer- b.iTheisign- inisheetiisiusediforihealthicareioperationsiandiisiconsideredianiincidental idisclosure d.iReportisuspicionsitoitheiofficeimanager,iprivacy/securityiofficer,ioriot heridesignatedipersoni-iCorrectiAnswer- d.iReportisuspicionsitoitheiofficeimanager,iprivacy/securityiofficer,ioriot heridesignatediperson AistaffimemberineedsitoileaveiaiHIPAAicompliantimessageioniaivoicema ilioriwithisomeoneielse.iWhichiofitheifollowingiisinotianiacceptableipract iceiwhenicontactingipatientsiviaiphone? a.iFollowingitheiminimuminecessaryistandardiwhenileavingiaimessagei withiwhoeverianswersitheiphone b.iLeavingidetailediPHIioniaivoicemailiwithoutihavingitheipatient'sipermi ssion c.iLeavingitheiminimumiamountiofiinformationineeded:iname,inumber,i andipracticeioriphysicianiname d.iLeavingiaidetailedimessage,iifitheipatientihasigivenipermissionitoidois oi-iCorrectiAnswer- b.iLeavingidetailediPHIioniaivoicemailiwithoutihavingitheipatient'sipermi ssion Workstationisecurityiisiamongitheiphysicalisafeguardistandards.iWhichii temibelowiisinotianiappropriateipractice? a.iWorkstationsiplacediiniaiphysicallyisecureilocation b.iVisitorsishouldinotibeiableitoiviewiinformationionicomputeriscreens c.iAdministratoriworkstationsithaticanienableioridisableisecurityifeature silocatediinisecureiareas d.iComputeristationsilocatediiniaipatientiwaitingiroomi-iCorrectiAnswer- d.iComputeristationsilocatediiniaipatientiwaitingiroom ReportingiofiBreachesi-imandateditoireport/notifyito:i-iCorrectiAnswer- individualsiaffectedi(moreithani10iaffected,ipostioniwebsite) HHSiSecretaryi(moreithani500iaffected,inoilaterithani60idayifromibreachi discovery) mediai(ifimoreithani500iaffected,inoilaterithani60idayifromibreachidisco very) Ifiapplicable: businessiassociatei(mustinotifyiCEinoilaterithani60idayifromibreachidisco very) https://www.hhs.gov/hipaa/for-professionals/breach- notification/index.html CEidoesn'tihaveitoireportiifibreachiposesinoiharmitoitheiindividual. Ifiinformationiisiencryptediisiiticonsiderediaibreach?i-iCorrectiAnswer- NO https://www.hhs.gov/hipaa/for-professionals/breach- notification/guidance/index.html Breachiisiassumediunlessicoveredientityicanidemonstratei_____i- iCorrectiAnswer-LoProCoi(LowiProbabilityiofidataiCompromised) https://www.hhs.gov/hipaa/for-professionals/breach- notification/index.html BreachiNotificationiunderiARRA,iwhatiisithis?i-iCorrectiAnswer- ARRAi(Amer.iRecoveryiReinvestmentiAct).iBreachinotificationiwasipass ediasipartiofiARRAiofi2009,irequiringicoveredientitiesitoipromptlyinotifie diaffectediindividualsiofiaibreachi(wheniandihowiyouinotifyiaiPHIibreachi hasioccurred) Nameitheiprocessitoiassessiifiani"impermissible"iisiaibreach.i- iCorrectiAnswer-RiskiAssessment. Asiapplicable,idemonstrateiLoProCoibasedionitheifollowingiriskiassessm entifactors: 1.iTheinatureiandiextentiofitheiPHIiinvolved,iincludingitheitypesiofiidenti fiersianditheilikelihoodiofire-identification; 2.iTheiunauthorizedipersoniwhoiuseditheiPHIioritoiwhomitheidisclosurei wasimade; 3.iWhetheritheiPHIiwasiactuallyiacquiredioriviewed;iand 4.iTheiextentitoiwhichitheiriskitoitheiPHIihasibeenimitigated. https://www.hhs.gov/hipaa/for-professionals/breach- notification/index.html ThreeiexceptionsitoitheidefinitioniofiBreach:i-iCorrectiAnswer- 1.iUnintentionali(acquisition,iuse,idisclosureiofiPHI) 2.iInadvertenti(disclosureiofiPHI) SomeiofitheilargestibreachesireporteditoiHHSihaveiinvolvedibusinessiass ociates.iPenaltiesiareiincreasediforinoncomplianceibasedionitheileveliofi negligence,iwithiaimaximumipenaltyiofi$1.5imillioniperiviolation. AiviolationiofiPHIiisiconsiderediaibreachiwhen: a.iTheiaffectediindividualifindsihis/heriidentityistolen b.iItioccurs. c.iTheicoveredientityioriBusinessiAssociateiconcludesitheianalysisiofiwhe theritheifactsiconstituteiaibreach. d.iTheiincidentibecomesiknown.i-iCorrectiAnswer- c.iTheicoveredientityioriBusinessiAssociateiconcludesitheianalysisiofiwhe theritheifactsiconstituteiaibreach. Initheieventiofiaicyber-attackiorisimilariemergency,ianientity:i a.iMustiexecuteiitsiresponseiandimitigationiproceduresiandicontingency iplans. b.iShouldireportitheicrimeitoiotherilawienforcementiagencies. c.iShouldireportiallicyberithreatiindicatorsitoifederaliandiinformation- sharingiandianalysisiorganizationsi(ISAOs). d.iMustireportitheibreachitoitheiOfficeiofiCiviliRightsi(OCR)iasisooniasipos sible,ibutinoilaterithani60idaysiafteritheidiscoveryiofiaibreachiaffectingi5 00iorimoreiindividuals. e.iAlliofitheiabovei-iCorrectiAnswer-e.iAlliofitheiabove Ref.ihttps://www.hhs.gov/sites/default/files/cyber-attack-checklist- 06-2017.pdf Aiprivacyiprofessionalihasibeeninotifiedithatithereihadibeeniaidataibreac hiofiaiclinicalisystemicontainingiPHI.iWhichiofitheifollowingiisitheisourcei ofitheinotificationirequirements? a.iFERPAiProvisions b.iHIPAAiSecurityiRule c.iHITECHiActi d.iPrivacyiActi-iCorrectiAnswer-c.iHITECHiActi Remember,iHITECHiwasisignediintoilawiasipartiofiARRAi2009itoipromote iadoptioniofimeaningfuliuse Aiphotoiofiainurseidoingiaiprocedureioniaipatientiinitheihospitalihasibee nipostedioniaisocialinetworkingisite.iHRihasiidentifieditheinurseiinitheiph otoianditheipatient.iHRiasksitheiprivacyiprofessionaliforiairecommendat ioniforidisciplianaryiaction.iBeforeiprovidingiairecommendation,itheipri vacyiprofessionalishouldidetermineiifithe a.i60-dayitimelineiforireportingitheibreachitoiDHHSihasilapsed b.iphotoiwasipostediduringiworkihoursiorianiunpaidibreak c.inurseiwasiawareithatisheiwasibeingiphotographed d.ipatientisaysitheyigaveipermissioniforitheiphotoi-iCorrectiAnswer- c.inurseiwasiawareithatisheiwasibeingiphotographed BreachiNotificationiContent:i-iCorrectiAnswer- 1.iBriefiDescriptioniandiDateiofiEvent 2.iDateiofiDiscovery 3.iDescriptioniofitheitypesiofiunsecurediPIIiandiPHI 4.iStepsitheieffectediindividualimayitakeitoiprotectithemselves 5.iBriefidescriptioniofistepsitakenitoiinvestigate,imitigateiandiprotectiag ainstianyifurtheriBreaches 6.iContactiproceduresitoiaskiquestions,iincludingiaitoll- freeinumber,iemailiaddress,iwebsite,iand/oripostaliaddress 7.iMayiincludeidiscretionaryicontentisuchiasiaidescriptioniofiWorkforcei Memberisanctions. Whatiisitheidefinitioniofiaibreachiofiprotectedihealthiinformation? a.iAccess,iuse,ioridisclosureiofiPHIithaticompromisesisecurityioriprivacyi ofitheiPHI b.iInadvertentireleaseioficlinicaliinformation c.iAniincidentiiniwhichiPHIileavesitheiphysicianipractice d.iTheftiofianyiequipmentifromiaiphysicianiofficeiorihospitali- iCorrectiAnswer- a.iAccess,iuse,ioridisclosureiofiPHIithaticompromisesisecurityioriprivacyi ofitheiPHI TrueioriFalse:i AniindividualidoesinotihaveiairightitoiaccessitheiriPHIithatiisinotipartiofiai designatedirecordiseti-iCorrectiAnswer-TRUE AiStateilawirequiresithatiaihealthicareiproviderigiveiindividualsioneifreei copyiofitheirimedicalirecordsibutiHIPAAipermitsitheiprovideritoichargeiai fee.iDoesiHIPAAioverrideitheiStateilaw?i-iCorrectiAnswer-No. TheihealthicareiproviderimusticomplyiwithitheiStateilawiandiprovideithe ioneifreeicopy.ihttps://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html Canianiindividual,ithroughitheiHIPAAirightiofiaccess,ihaveihisioriherihealt hicareiprovideriorihealthiplanisenditheiindividual'siPHIitoiaithirdiparty?i- iCorrectiAnswer- Yes,iifirequestedibyianiindividual.iMustibeiiniwriting,isigned,iandiindicat eipersoniorientityitoibeisentitoiaccordingly. https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html Underiwhaticircumstancesimayiaicoveredientityidenyianiindividual'sireq uestiforiaccessitoitheiindividual'siPHI?i-iCorrectiAnswer- 1.iinformationithatiisinotipartiofiaidesignatedirecordisetimaintainedibyit heicoveredientity 2.iinformationiexceptedifromirightiofiaccessisuchipsychoinotesioriinilegal iproceedings 3.iifitheiinformationiisilikelyitoiendangeritheilifeioriphysicalisafetyiofitheii ndividualiorianotheriperson.i Listioficonditionsiforidenialiofiaccess,iseei45iCFRi164.524(a)(2)-(4) https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html IfiCEideniesirequestitoiaccessiindividual'siPHI,iCEimustiprovideidenialiini writinginoilaterithani____icalendaridayifromirequest.i-iCorrectiAnswer- 30icalendaridaysi(ori60iifiextensionigranted).iSeei45iCFRi164.524(b)(2). https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html DoesianiindividualihaveiairightiunderiHIPAAitoiaccessimoreithanijustitest iresultsifromiaiclinicalilaboratory?i-iCorrectiAnswer-Yes. Otherithanitestiresults,itheilaboratoryiisirequireditoiprovideiaccessitoialli ofitheiPHIiaboutitheiindividualithatiisiiniitsidesignatedirecordiset.i(sameir uleiappliesitoidiagnostics/radiology) https://www.hhs.gov/hipaa/for- professionals/privacy/guidance/access/index.html WhenidoesitheiHIPAAiPrivacyiRuleipermitiaicoveredientityioriitsibusines siassociateitoidiscloseiPHIitoianiHIEiforipurposesiofireportingitheiPHIitoiai PHA,iwithoutianiindividual'siauthorization?i-iCorrectiAnswer- 1.iwhenirequiredibyilaw 2.iforipublicihealthipurposes https://www.hhs.gov/hipaa/for-professionals/special-topics/public- health/index.html CaniaiCEidiscloseiParti2irelatediprogramsiwithouticonsentioripatient'siau thorizationiifipatient'siinformationiiside- identified,ioriuseiforiresearch,ioritoireportiabuseiandiotherimedicalieme rgencies.iYesioriNo.i-iCorrectiAnswer-YES Thoseiareiaifewiexceptionsioriuniqueicircumstancesiconsent/authorizat ioniisinotirequired. MayiaicoveredientityidiscloseiPHIitoiaiPHAithroughianiHIEiwithoutireceiv ingiaidirectirequestifromitheiPHA?i-iCorrectiAnswer- Yes,iforipublicihealthiactivities,ipermissioniisinotirequired. Foriexample,iaicityihealthidepartmenti(aiPHA)ithatiisiauthorizedibyilawit oiobtainiCOVID- 19irelateditestiresults,ianditoitrackitheioverallihealthiofitheiindividualsit estedioveritime. https://www.hhs.gov/hipaa/for-professionals/special-topics/public- health/index.html RequestitoiAmendi-iCorrectiAnswer- Patientihasitheirightitoirequestianiamendmentitoitheiridesignatedirecor disetiifitheyidetermineiitimayibeiinaccurate. Providericanidenyirequestiifideterminedirecordsiisiaccurate.iButipatienti caniaskithatitheiristatementiofiinaccuracyibeiplacediinitheifile. RightitoiAccountingiofiDisclosuresi-iCorrectiAnswer- Patientsiareientitleditoiknowitheiidentityiofitoiwhomiinformationiisidiscl osed,ianditheipurposeiofitheidisclosure