Deck 2: Privacy Issues Explained

A) permission to reveal PHI for payment of services provided to a patient.
B) permission to reveal PHI for comprehensive treatment of a patient.
C) permission to reveal PHI for normal business operations of the provider's facility.
D) all of the above.
E) both A and B.

A) diagnosis and a payer.
B) individual and a physician.
C) health care provider and a patient or two businesses.
D) diagnosis and an individual.

A) applies only to protected health information (PHI).
B) establishes policies for covered entities.
C) details when authorization to release PHI is needed.
D) none of the above.
E) both answers A and C.

A) a person younger than 21 who lives independently and is self-supporting.
B) a person younger than 18 who is married or divorced and possesses decision-making rights.
C) a person younger than 16 who lives independently and is self-supporting.
D) a person younger than 18 who is totally self-supporting and possesses decision-making rights.

A) Only the HIPAA Officer
B) Office workers who send electronic PHI
C) All staff members, paid or not paid
D) All clinical staff members

A) When incidental to a permitted use and disclosure
B) When releasing process or psychotherapy notes
C) For public interest and to benefit the public
D) When releasing to the individual whose health information it is

A) Centers for Medicare and Medicaid Services
B) Department of Health and Human Services
C) Department of Justice
D) Office for Civil Rights

A) $100.
B) $500.
C) $1000.
D) $5000.

A) for any advertising purpose.
B) only when the patient or family has not chosen to "opt-out" of the published directory.
C) to announce on a radio station who has been admitted.
D) so that pharmaceutical organizations may offer the patients special offers on their drugs.

A) limited data set that has been de-identified for research purposes.
B) IIHI without withholding any information.
C) only IIHI when patients have given written authorization.
D) any PHI a covered entity may choose to send them in relation to the diagnoses they are researching.

A) business associate contracts with vendors to protect privacy of PHI.
B) written policy and procedures.
C) a designated privacy official.
D) a workforce trained in state law.

A) complying with BA provisions.
B) confusion about the NOPP provisions.
C) releasing information to relatives of patients.
D) lack of a standardized process to release PHI.

A) the treatment plan for the patient.
B) a summary of medications the patient is prescribed.
C) the therapist's impressions of the patient.
D) the current state of the patient, medications prescribed, and their side effects.

A) the replaced portion of the record is destroyed.
B) the provider has the option to reject the amendment.
C) there is a new file made just for the amendment.
D) it is not possible without a court order.

A) in-house lab technicians, transcriptionists, and billing specialists.
B) health plan agents, in-house transcriptionists, and office billing specialists.
C) biometric device repairman, legal counsel to a clinic, and outside coding service.
D) nonclinical staff such as the hospital billing office, housekeeping staff, and maintenance workers.

A) increase in theft of medical information for criminal purposes.
B) possible difference in opinion between patient and physician regarding the diagnosis and treatment.
C) ease of human entry error when posting patient information.
D) all of the above.
E) both B and C.

A) are kept by the HIPAA officer only.
B) must be only in electronic format.
C) are not necessary.
D) must be available to all employees.

A) an individual may sue the offending health care provider.
B) an individual may join a class action lawsuit against the provider.
C) the individual should report them to the local county sheriff.
D) there is no option to sue a health care provider for HIPAA violations.

A) About 25%
B) About 50%
C) About 75%
D) About 90%