HIPPA and HITECH Test

1. HIPPA guidelines require healthcare entities such as CLRMC to appoint a facility privacy
officer (FPO). This individual is responsible for receiving and handling patient privacy
complaints.
a. True
b. False

2. The “Need to Know Philosophy” means that no colleague, affiliated physician, or other
healthcare partner, provider, or student has the right to any information other than what is
necessary to perform his or her job.
a. True
b. False

3. What is HITECH and what is the purpose?

a. Creates a nationwide electronic health record.
b. Tells hospitals how to manage electronic records.
c. Makes massive changes to privacy and security laws.
d. Both a and c

4. Which of the following is considered inappropriate access?

a. Discussing your patient’s condition with one of the physicians on the case.
b. Medical records department assessing a patient’s data.
c. Physician viewing information on any of the patients in their practice
d. Viewing your neighbor’s information at their request.

5. Convicted health plans, providers, clearinghouses, and business associates that knowingly and
improperly disclose information or obtain information under false pretenses will be subject to
criminal penalties.
a. True
b. False

6. Examples of Protected Health Information (PHI) include which of the following?

a. Medical record number, account number, or social security number.
b. Photographic images & electronic email address.
c. Address including street, city, county, zip code, and phone numbers.
d. All of the above.

Updated 5-2014
 7. If a student witnesses a privacy violation they should:
a. Make a written report to the FPO to include: root cause, mitigating factors, and
suggested actions to correct the violation and/or prevent future violations.
b. Individual must notify, in writing, his/her director supervisor and be ready for possible
retaliation.
c. The individual should report the incident to the local media so the violation can be
publically exposed.
d. Students should report any violations to their instructor.

8. Which of the following could jeopardize our patients and our hospital?
a. Safely using email by encrypting when sending PHI outside the company.
b. Getting help or more information about Patient Privacy and HIPAA as needed.
c. Recognizing signs of someone attempting to legally access our systems.
d. Using your cell phone to photograph yourself and a patient which you post to the
internet or social networking site (Facebook, Twitter, Instagram) with a touching story
of a great patient outcome.

9. Some examples of appropriate handling of PHI include all of the following Except:
a. Not leaving PHI (billing or clinical) on your desk, printer, copier, fax machines.
b. Always putting the full patient name on white boards and outside the patient’s room to
avoid critical errors with the misidentification of patients.
c. Always giving your patient the opportunity to object to having healthcare discussed in
front of family and/or visitors.
d. Never leaving electronic health records unattended in patient care areas.

10. “Social Engineers” are con artists who attempt to gain access to confidential information by
deceiving you. (Beware of “Phishing”). Ways to outwit them include:
a. If you think you have witnessed an attempted or successful security breach, report it to
FISO or Helpdesk immediately
b. If you see someone you are not familiar with, politely ask for their ID and if ask if you
can assist them.
c. Give the requested information over the phone immediately.
d. Both a and b.

Updated 5-2014