Show:
HIPxx
PHI
Education
Breach
Access
Privacy and Security Rule
100

Is it HIPPA, HIPAA or HIPPO?

HIPAA


100

What does PHI stand for?

Protected Health Information

100

Who is required to have HIPAA Compliance training?

All Caris employees

100

What is a breach of HIPAA?

An impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.

100

When should you access PHI?

Only when it relates to being able to complete your job duties.

100

What is the HIPAA Privacy Rule?

The Federal Law that sets standards for uses and disclosures of PHI and sets limits on the use/disclosure of PHI that may be made without a HIPAA authorization. 

200

What government entity enforces the HIPAA Privacy Rule?

The US Department of Health and Human Services (HHS) through the Office of Civil Rights (OCR).

200

True or False, HIPAA only applies to living individuals.

False, it applies deceased individuals for 50 years after the date of death.

200

How often are Caris employees required to receive HIPAA training?

Upon hire and annually there after. And as needed/ad hoc. 

200

Once a breach is determined, within how many days  must breach notification be provided to the patient(s)?

Individual notifications must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach.

200

What does TPO stand for?

Treatment, Payment and Healthcare Operations

200

What is the HIPAA Security Rule?

The Federal law that sets standards to protect Electronic Protected Health Information (ePHI) that is created, received, used or maintained by a covered entity or business associate. 

300

What is HIPAA (definition)? 

HIPAA establishes standards to protect the privacy and security of health information, including individually identifiable health information (aka PHI).

  

300

Is the Caris TN# considered PHI?

Yes, it is a unique identifier for a patient.

300

Is participation in a clinical trial considered treatment?

No, a participant in a clinical trial is considered a subject not a patient.  Subjects may or may not be harmed when participating on a clinical trial.  

300

What is the minimum and maximum fine for a single breach of HIPAA?

$100 to $50,000 fine per breach.

300

What are reasons to access or disclose PHI without consent?

For Treatment, Payment and Healthcare Operations

300

What form of information is the HIPAA Security rule limited to?

Electronic PHI only.  The Security Rule does not apply to to PHI on paper or orally discussed.

400

What are the three HIPAA Covered Entities

Health Plan, Healthcare Provider, or Healthcare Clearinghouse

400

Give at least 5 examples of PHI.

TN#, Name, Date of Birth, Address, email address, phone number, SSN#, License plate #, relatives names, IP Address, or any information that can be used to identifier a patient either on its own or combined with other information (examples include photos, biometric and tattoos) 

400

Who is the Privacy Officer, Chief Information Security Officer, and Chief Compliance Officer?

Bonnie Anderson Maxey, Privacy Officer
Chris Thompson, CISO
Ginger Appleberry, CCO

400

Give at least four examples of potential breaches that can occur in Caris offices?

Snooping, throwing PHI in regular trash, Sending PHI to the wrong recipient, hacking access to Portal, sending PHI without encrypting the email, disclosing PHI to someone who doesn't need the information for their job duties, posting PHI on social media, not locking or logging off your computer

400

What is the minimum necessary standard?

Limits uses and disclosures of PHI to the minimum necessary amount needed to carry out the purposes of the use or disclosure?

400

What does the Notice of Privacy Practices (NPP) contain?

How the patient's PHI will be used and disclosed, the patient's rights, and the covered entity's duties.

500

What does HIPAA stand for?

Health Insurance Portability and Accountability Act

500

What is required before releasing PHI (except for TPO reasons)?

A valid HIPAA authorization.

500

How can Caris employees report a HIPAA or Compliance concern?


The Caris Compliance Hotline toll free number (1-855-290-3380)  or

My Compliance App

(use Caris for the code),   or 

Healthicity    


500

Who must be notified when a breach affects more than 500 patient records?

The patients, the government (Notice to Security of HHS), Prominent media (in the state or jurisdiction when breach affects more than 500 patients/residents)

500

True or false:  I may look at MY test results/PHI with my work access to Caris information. 

False, Caris policy requires that access to your medical information should be requested like any other patient - through the ordering provider, or a request to have your patient information released with a valid HIPAA authorization. 

500

What are the three main components of the HIPAA Security Rule.

Administrative (polices & procedures), Technical, and Physical safeguards.