HIPxx
PHI
Education
Breach
Access
Privacy and Security Rule
100
Is it HIPPA, HIPAA or HIPPO?
HIPAA
100
What does PHI stand for?
Protected Health Information
100
Who is required to have HIPAA Compliance training?
All Caris employees
100
What is a breach of HIPAA?
An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.
100
When should you access PHI?
Only when it relates to being able to complete your job duties.
100
What is the HIPAA Privacy Rule?
The Federal Law that sets standards for uses and disclosures of PHI and sets limits on the use/disclosure of PHI that may be made without a HIPAA authorization.
200
What government entity enforces the HIPAA Privacy Rule?
The US Department of Health and Human Services (HHS) through the Office of Civil Rights (OCR).
200
True or False, HIPAA only applies to living individuals.
False, it applies deceased individuals for 50 years after the date of death.
200
How often are Caris employees required to receive HIPAA training?
Upon hire and annually there after. And as needed/ad hoc.
200
Once a breach is determined, within how many days must breach notification be provided to the patient(s)?
Individual notifications must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach.
200
What does TPO stand for?
Treatment, Payment and Healthcare Operations
200
What is the HIPAA Security Rule?
The Federal law that sets standards to protect Electronic Protected Health Information (ePHI) that is created, received, used or maintained by a covered entity or business associate.
300
What is HIPAA (definition)?
HIPAA establishes standards to protect the privacy and security of health information, including individually identifiable health information (aka PHI).
300
Is the Caris TN# considered PHI?
Yes, it is a unique identifier for a patient.
300
Is participation in a clinical trial considered treatment?
No, a participant in a clinical trial is considered a subject not a patient. Subjects may or may not be harmed when participating on a clinical trial.
300
What is the minimum and maximum fine for a single breach of HIPAA?
$100 to $50,000 fine per breach.
300
What are reasons to access or disclose PHI without consent?
For Treatment, Payment and Healthcare Operations
300
What form of information is the HIPAA Security rule limited to?
Electronic PHI only. The Security Rule does not apply to to PHI on paper or orally discussed.
400
What are the three HIPAA Covered Entities
Health Plan, Healthcare Provider, or Healthcare Clearinghouse
400
Give at least 5 examples of PHI.
TN#, Name, Date of Birth, Address, email address, phone number, SSN#, License plate #, relatives names, IP Address, or any information that can be used to identifier a patient either on its own or combined with other information (examples include photos, biometric and tattoos)
400
Who is the Privacy Officer, Chief Information Security Officer, and Chief Compliance Officer?
Bonnie Anderson Maxey, Privacy Officer
Chris Thompson, CISO
Ginger Appleberry, CCO
400
Give at least four examples of potential breaches that can occur in Caris offices?
Snooping, throwing PHI in regular trash, Sending PHI to the wrong recipient, hacking access to Portal, sending PHI without encrypting the email, disclosing PHI to someone who doesn't need the information for their job duties, posting PHI on social media, not locking or logging off your computer
400
What is the minimum necessary standard?
Limits uses and disclosures of PHI to the minimum necessary amount needed to carry out the purposes of the use or disclosure?
400
What does the Notice of Privacy Practices (NPP) contain?
How the patient's PHI will be used and disclosed, the patient's rights, and the covered entity's duties.
500
What does HIPAA stand for?
Health Insurance Portability and Accountability Act
500
What is required before releasing PHI (except for TPO reasons)?
A valid HIPAA authorization.
500
How can Caris employees report a HIPAA or Compliance concern?
The Caris Compliance Hotline toll free number (1-855-290-3380) or
My Compliance App 
(use Caris for the code), or
Healthicity 
500
Who must be notified when a breach affects more than 500 patient records?
The patients, the government (Notice to Security of HHS), Prominent media (in the state or jurisdiction when breach affects more than 500 patients/residents)
500
True or false: I may look at MY test results/PHI with my work access to Caris information.
False, Caris policy requires that access to your medical information should be requested like any other patient - through the ordering provider, or a request to have your patient information released with a valid HIPAA authorization.
500
What are the three main components of the HIPAA Security Rule.
Administrative (polices & procedures), Technical, and Physical safeguards.