HIPAA Basics
HIPAA protects this type of information.
What is Protected Health Information (PHI)?
Confidential information should only be shared on a __________ basis.
What is need-to-know?
If a client threatens harm to themselves or others, confidentiality may be broken because of this duty.
What is duty to report / duty to warn?
Documentation should be factual, objective, and free from this.
What is opinion or judgmental language?
Using your personal phone to photograph a client file.
What is a confidentiality violation?
PHI includes name plus this type of information.
What is medical, mental health, treatment, or diagnosis information?
True or False: If another staff member asks for information, you must automatically share it.
What is False?
Child abuse disclosures must be reported to this type of authority.
What is law enforcement or child protective services?
Instead of writing “She was crazy and out of control,” documentation should include this.
What is specific observed behavior?
Posting on social media: “Rough shift at work tonight 😩 these residents are wild.”
What is indirect identification / contextual identification risk?
True or False: HIPAA only applies to doctors and hospitals.
What is False?
The purpose of confidentiality policy is to protect these three things.
What are clients, staff, and the organization?
True or False: If you are unsure whether something is reportable, you should ignore it until you’re certain.
What is False?
Client files should always be stored in this manner
What is secure, locked, or password-protected systems?
You step away from your computer in a shared office. What must you do to protect confidentiality?
What is log out or lock the screen?
Under HIPAA, information may be disclosed without consent in cases of this type of emergency.
What is threat to safety / medical emergency / mandatory reporting situation?
A staff member overhears confidential information being discussed improperly. According to most policies, they should do this.
What is report it to a supervisor or follow reporting procedures?
Mandatory reporting laws override confidentiality in cases involving this. (Name two.)
What are abuse, neglect, threats of harm, or court orders?
True or False: Records must be organized and accessible to authorized staff and auditors at any time.
What is True?
You text a coworker about a resident’s behavior using your personal phone. This is risky because it may violate what two protections?
What are secure communication policy and data protection standards?
Name three identifiers that make health information protected under HIPAA
What are name, date of birth, address, Social Security number, medical record number, or other identifying data?
Violations of confidentiality may result in these four types of consequences.
What are discipline, termination, civil liability, and possible criminal penalties?
Failure to report when required may result in this type of personal consequence for staff.
What is legal liability, fines, loss of license, or criminal charges?
Why is over-documenting personal details unrelated to services a confidentiality risk?
What is it increases exposure of sensitive information and violates minimum necessary standards?
Name two risks of discussing client information in public areas like parking lots, restaurants, or hallways.
What are being overheard and unauthorized disclosure of confidential information?