Please Complete the Quiz Below. HIPAA Privacy Quiz Staff Member's Name* First Last Email Address* Who is covered under HIPAA?*ClearinghousesHealthcare providers that transmit standard transactions electronicallyHealth plansAll of the aboveMy auntie and I are very close. We go out to lunch every week, and she always asks me, "How's work?" I tell her about the patients that I've been caring for. I never mention their names, so the patients are de-identified. That's okay, right?*YesNoWhat can happen to a person who knowingly violates patient privacy for personal gain or malicious harm? Multiple Answers are possible* Disciplinary action Loss of access privileges Fines and penalties Imprisonment You're an employee of the medical center's Environmental Services department. One day, when you're working in the Emergency Room, you see the ambulance bring in your neighbor, Bill. You hear someone say that Bill will be taken to the Operating Room. Bill's wife also works for the medical center in another department. True or False? You should call Bill's wife right away and tell her that he is in the Emergency Room.*TrueFalseAre members of the workforce who are not involved in a patient's care allowed to review the patient's chart out of curiosity?*YesNoWhat makes a good password? Multiple Answers are possible* Using a wide range of characters Using mixed case in words Using mnemonics to help you remember passwords None of the above If someone forgets his log-in ID, can I let him use mine?*Yes, if he is an employee and you know him.Yes, if he is an employee and you know him.No, sharing log-in IDs and passwords is a security violation.a and bWhat are some things I can do to be more alert to Privacy and Security?*Keep it to yourself!Report incidents.Activate screen saver with a password.Improve your password strength and don't share it with anyone.Make sure your Virus Scanner is enabled.Do not install unauthorized software.All of the aboveYou try to log-in to the computer three times. Each time, a message box tells you that your password is incorrect. What should you do?*Ask a co-worker to log-in for you.Try different combinations of letters and numbers. Maybe one of them will work.Call the Help Desk.Notify your supervisor.What does "minimum necessary" mean? Multiple Answers are possible* I am only expected to complete the minimum requirements of my job. A workforce member's access to PHI is limited to only what is needed to perform his/her responsibilities. Requests for and disclosures of PHI are limited to what is needed to perform the task. A medical center is no longer allowed to provide information about patients to the media under any circumstances. Should I report a security or privacy violation?*No, that is a task for the police.Yes, but only the really serious ones.Yes, all workforce members have a responsibility to report suspected and actual violations. Ask the supervisor about the proper reporting procedures.Over the past two years, you've collected many, many sheets of paper that contain patient names and other identifiable health information. You’d like to get rid of some of this paper. What should you do?*Use it as scratch paper.Throw it in the trashcan.Destroy it or put it in the Shred-Ex box.Who is responsible for addressing patient complaints about privacy?*Nurse ManagerPrivacy OfficerSafety OfficerCompliance OfficerTrue or False? Under HIPAA, a patient has the following rights: a. To receive a Notice of Privacy Practices. b. To see or receive a copy of his/her protected health information (PHI). c. To request that his/her PHI be corrected. d. To ask for PHI to be sent to him/her at a different address or a different way. e. To request limits on how his/her PHI is used and disclosed. f. To receive a list of disclosures.*TrueFalseThe Notice of Privacy Practices:*Explains how the medical center will use or disclose patients' protected health information.Is a list of private physicians who practice at the medical center.Describes how the medical center will protect the privacy of employee records. a. Explains how the medical center will use or disclose patients' protected health information. If an activity is not covered in the Notice, the patient's authorization is required before his/her PHI is used or disclosed for the activity. 16) You're a social worker. SomeoneYou're a social worker. Someone calls and says, "This is… uh… Officer Robert Brown with the… uh… HPD. I'm looking for Leslie Greenfield. Her boyfriend… uh, husband… no, fiancé reported her missing. There's plenty newspaper piled up by her house. He says she was at your hospital before. Where is she now?" What should you do?*Are Consents and Authorizations the same?*Yes. They can be used interchangeably.No. Consents are used to get the patient's permission to use or disclose health information for treatment, payment or business operations. Authorizations are used to obtain permission to disclose PHI for activities outside the realm of treatment, payment or business operations.