Before you access any PHI you should ask:

a. Do I need this information to perform my job?
b. Does this access comply with our BA agreement?
c. What is the least amount of information needed to perform my job?
d. All of the above

HITECH states that BA’s must now comply with the HIPAA Security Rule?

a. True
b. False

You work as an Indexing Clerk for a document imaging company and perform data entry for a variety of client
records. This week you are working on data entry for a local physician and come across the medical chart of a close friend. Your friend had mentioned that she had not been feeling well lately but hasn’t really given you any details. You realize that the profile for this job only requires you to enter the first name and medical records number which are easily identifiable at the top of all charts.
You are obviously concerned about her, what should you do?

a. Read through her chart to see what is going on with her, she is your friend and she won’t mind.

b. Call your friend and mention that you came across her chart at work and that you are concerned about
her.

c. Only review the minimum necessary information to perform your job and enter the details required
without reading the medical chart.

Which option is NOT a way to protect security?

a. Logging off your computer when not in use.
b. Choosing a password that is easily guessed.
c. Securing confidential materials when not in use.

How many work orders did SSBRM - South Carolina process in 2018?

a.  2,150

b.  3,750

c.  4,125

d. 5,200

Which of the following is NOT considered PHI?

a. Type of car they drive
b. Medical record number
c. Name

The HITECH Act includes increased penalties for violations of HIPAA’s Privacy and Security regulations?

a. True
b. False

As a provider of document destruction services, you are making a routine shred console pickup at a local
surgery center. As you begin to retrieve the items from the secure console, one of the surgical center
staff approaches you to retrieve a patient file that was placed in it by mistake.
Your response should be:

a. Allow them to retrieve the file. Although you are not familiar with this staff member, they are
in company uniform so they must work there.
HIPAA & HITECH for Business Associates

b. Ask the staff member for their name and department and seek authorization from an authorized company representative.

c. Politely decline, stating that it is against your company’s policy to allow clients to retrieve
documents from the console without permission.

When working with printed PHI, working on multiple jobs at once could be risky?

a. True
b. False

What Stevens & Stevens work year anniversary is Robert celebrating later this year?

a.  5 Years

b.  9 Years

c.  10 Years

d.  12 Years

Accidentally sending a fax containing PHI to a wrong number is a security incident and you should notify management.

a. True
b. False

Under HITECH, the BA does NOT have to respond to breaches?

a. True
b. False

As a business associate, you provide records management services for a local Department of Social
Services agency. They have requested that you produce an inventory report on a CD and mail it to their
office. The inventory report contains container listings to include names, social security numbers and
dates of birth.

a. Document the request and produce and mail the CD as requested.

b. Suggest that for security purposes, the report be emailed with encryption to an authorized
representative to avoid unauthorized access or disclosure.

c. Produce the report as requested but add encryption or password protection for security. Send
the disc by a carrier such as FedEx or UPS and require a delivery signature from the designated
authorized representative.

d. B and C

Empty prescription bottles discarded in a customer's shred container should be separated from the paper and put in trash.

a.  True

b.  False

What was the former name of this company prior to Stevens & Stevens BRM?