HIPAA Basics
PHI
HIPAA in Practice
Violations and Penalties
100

What does HIPAA stand for?

Health Insurance Portability and Accountability Act

100

What does PHI stand for?

Protected Health Information

100

Can coworkers share PHI if both are involved in the project?

Yes

100

Is accessing a member’s record out of curiosity a violation?

Yes

200

What does HIPAA protect?

Patient privacy, medical records, personal information, and electronic data

200

Name 3 types of PHI.

Name, DOB, address, medical record #, etc.

200

What should you do if you send PHI to the email?

Report it immediately

200

What is a common HIPAA violation?

Talking about patients in public, accessing records without cause, lost/stolen devices with PHI, sending PHIA to the wrong person, improper disposal of PHI

300

Name the two main HIPAA rules.

Privacy Rule and Security Rule

300

Is de-identified data PHI?

No

300

What is the Minimum Necessary Rule?

Use/share the minimum PHI needed

300

Name a right patients have under HIPAA

Access their records, request corrections, receive privacy notice, request restrictions on info sharing, get an accounting of disclosures

400

Who must comply with HIPAA?

Covered entities and business associates

400

Can PHI be verbal, written, or electronic?

Yes, all of the above

400

Is texting PHI allowed on personal phones?

No

400

Can employees face personal penalties?

Yes, fines or criminal charges

500

What is the purpose of HIPAA?

To protect the privacy and security of health information

500

Give one example of an incidental disclosure.

Overhearing a name in a waiting room

500

Give one safeguard for PHI.

Lock cabinets, log out, privacy screens, etc.

500

What notice explains HIPAA rights?

Notice of Privacy Practices

M
e
n
u