Test Your HIPAA Compliance Knowledge

HIPAA requires that the healthcare industry trains its employees handling PHI about data safety. But in 2020 alone, there were 29 million health records exposed in a breach. Clearly, there have been some training failures.

Protected data breaches contain information that could lead to disastrous situations for multiple parties. It is in everyone’s best interest to prevent them instead of cleaning up the aftermath. It's certainly less costly that way!

Training is essential. For something as serious as HIPAA compliance, training needs to be top-notch.

Can your employees pass this HIPAA quiz?

What industries need to comply with HIPAA laws? Is it A) Every American business regardless of industry… B) Covered entities and business associates in healthcare… C) All physicians but not registered nurses in hospitals and clinics… or D) All US citizens and residents above the age of 18

The correct answer is B) covered entities and business associates in healthcare.

Under the HIPAA privacy rule, which of the following is NOT a patient right? Is it A) The right to ask to see or get a copy of their health records… B) the right to have corrections added to their health information… C) the right to request that the healthcare entity issue them an in-depth technical report of the breach, if there is a breach… or D) the right to be notified of how their health information is used/shared

The correct answer is C. The Privacy Rule does not mandate that a healthcare entity provide a patient with an in-depth technical report of the breach, if there is a breach.

The Notice of Privacy Practices must be… A) Given to the patient to review on their first visit… B) Given to the patent to review on every visit… C) Provided to every individual entering the hospital/clinic waiting room, regardless of whether they are a patient or not.. Or D) Posted online; no need to provide a physical copy in-person

The correct answer is A. A healthcare provider needs to give a patient a notice of privacy practices to review on their very first visit.

The Minimum Necessary Standard refers to… A) A minimal quota of patients to serve by a clinic within a calendar month… B) The understanding that healthcare employees must only look at patient's PHI on as-needed basis… C) The minimum amount of days that must pass between changing company computer passwords… or D) none of the above

The correct answer is B. Healthcare entities must share PHI to the minimum necessary amount. Hence, it is called the minimum necessary standard.

True or False… If an employee perceives a PHI "privacy incident" that could result in a data breach, they are required to notify the Privacy Officer.
True! The faster you handle the situation, the less penalties will occur. Brushing privacy incidents under the rug is not a good practice.

What should an organization do with devices containing PHI once they get old? Do they A) Get thrown in the garbage… B) Get taken to a proper state recycling center for computer hardware… C) get mailed to the patient or their next of kin… or D) be accounted for and kept secure until they can be safely wiped or physically destroyed

The correct answer is D. You have to take every precaution that no one can assess the health information during the disposal process.

What kind of protected health information is covered by HIPAA? Is it A) electronic PHI… B) Spoken PHI… C) PHI on paper… or D) all of the above
The correct answer is D. All forms of protected health information are covered by HIPAA.

Under HIPAA, it is permitted to access patient health files out of curiosity if… A) you keep it to yourself… B) you know the patient very well… C) the patient's family was asking about it or D) Under no circumstances
The correct answer is D. It’s a trick question! A HIPAA breach can get you fired. Just don't do it.

Computer security is… A) A purely technical function… B) Exclusively the responsibility of the user… C) A combination of technical and user security measures and vigilance… or D) Is not covered by HIPAA regulations.
The correct answer is C. It involves both technical and user security measures. It also involves a great deal of vigilance.

Yes or no? If a patient is transferred to a different medical facility for specialized treatment, the healthcare provider can provide the specialized facility with the patient’s PHI.

The answer is yes! PHI can be shared between healthcare providers for the purpose of ensuing apt medical care for the patient.

This is just a small sample of the questions every healthcare employee should be able to answer. Especially those handling PHI. How did you do with our quiz?

► Reach out to Etactics @ https://www.etactics.com​
►Subscribe: https://rb.gy/pso1fq​ to learn more tips and tricks in healthcare, health IT, and cybersecurity.
►Find us on LinkedIn:   / etactics-inc  
►Find us on Facebook:   / ​  

#HIPAATest #HIPAATraining