http://gettinslaw.com/hipaa/category/hipaa/pop-quiz/ Test your knowledge! Discover what HIPAA requires in different situations. HIPAA Pop Quiz, a blog series from Gettins' Law STAT Privacy: http://gettinslaw.com/hipaa/category/hipaa/pop-quiz/
Published on: Mar 4, 2016
Transcripts - Popquiz slide
Test your HIPAA Knowledge.
I use my home computer to do work at home. Do I have to configure my home computer to automatically logoff
during periods of inactivity?
a. No. HIPAA only governs covered entities and does not extend to requirements to personal computers.
b. Yes. Covered entities that allow employees to telecommute or work out of home-based offices, and
have access to e-PHI, must implement appropriate safeguards to protect the organization’s data. The automatic
logoff implementation specification is addressable, and must therefore be implemented if, after an assessment,
the entity has determined that the specification is a reasonable and appropriate safeguard in its environment. If
the entity decides that the logoff implementation specification is not reasonable and appropriate, it must
document that determination and implement an equivalent alternative measure, presuming that the alternative is
reasonable and appropriate.
To log on to computers, all our employees use the same password and ID. Is this okay under HIPAA?
a. No. Under the HIPAA Security Rule, covered entities, regardless of their size, are required, under §
164.312(a)(2)(i) to “assign a unique name and/or number for identifying and tracking user identity.” A “user”
is defined in § 164.304 as a “person or entity with authorized access.”
b. Yes. Under the HIPAA Security Rule, small entity exception covered entities with fewer than ten
(10) users under § 164.312(a)(22)(i) to “assign a common name and/or number for identifying and tracking
user identity.” A “user” is defined in § 164.304 as a “person or entity with authorized access.”
Was it a violation of the HIPAA for Northeast Women’s Healthcare Clinic to report the patient to law
a. Yes, it was a violation of Northeast Women’s Healthcare Clinic. Healthcare providers may only provide
patient information pursuant a court-ordered warrant, subpoena, or summons.
b. No, when checking-in the patient gave a fake driver license and that is a crime which occurred on
Northeast Women’s Healthcare Clinic premise. Healthcare providers, under HIPAA, may be report crimes that
occur at their premise to law enforcement.
Does the HIPAA Privacy Rule require covered entities to keep patients’ medical records for any period
a. No. But, HIPAA does require that records pertaining to HIPAA privacy rights be retained for 6
b. Yes. HIPAA requires that all medical records be retained for 6 years
c. Yes. HIPAA only requires that genetic testing records be retained for 6 years
Where must the Notice of Privacy Practices be posted?
a. On health plan’s and health care provider’s consumer website
b. On the health plan’s and health care FaceBook and other social media pages
c. In a clear and easy to find location at health care provider offices
d. A and C, but not B
e. A and B, but not C
Who are your potential HIPAA Business Associates?
Select the best choice!
a. Your landlord
b. Your email provider
c. Your business consultant
d. Your virtual cloud provider
e. Your web-based practice manage provider
g. All but A
h. All but A and F
i. All but F and E
Get the answers instantly!