Show:
HIPAA Basics
PHI
Privacy Rule
Breaches & Violations
Scenarios
100

What does HIPAA stand for?

Health Insurance Portability and Accountability Act

100

What does PHI stand for?

Protected Health Information

100

What does the HIPAA Privacy Rule protect?

Patient health information

100

What is a HIPAA breach?

Unauthorized access, use, or disclosure of PHI

100

You see a coworker accessing a patient record without reason. What should you do?

Report it

200

In what year was HIPAA enacted?

1996

200

Give one example of PHI.

Name, address, medical record number, diagnosis, etc.

200

Who must follow HIPAA rules?

Covered entities and business associates

200

What is an example of a HIPAA violation?

Discussing patient info in public

200

You accidentally send PHI to the wrong email. What is your next step?

Report immediately

300

What is the main purpose of HIPAA?

To protect patient health information and ensure privacy/security

300

Is a patient’s appointment date considered PHI?

Yes

300

Can a patient request access to their records?

Yes

300

Can employees be personally penalized for violations?

Yes

300

Is it okay to share PHI with a coworker who is not involved in the case?

No

400

Which department enforces HIPAA?

U.S. Department of Health and Human Services (HHS)

400

What makes information “PHI”?

It identifies a patient and relates to their health, care, or payment

400

What right allows patients to request corrections to their records?

Right to amend

400

Within what general timeframe should a HIPAA breach be reported internally?

As soon as possible

400

You’re in an elevator discussing a patient. Is this allowed?
 

No

500

What are the two main rules under HIPAA?

Privacy Rule and Security Rule

500

Can PHI be shared without patient authorization? When?

Yes, for treatment, payment, and healthcare operations (TPO)

500

Under the HIPAA Privacy Rule, what is the primary goal when handling patient information?

To ensure that individuals’ health information is properly protected while allowing the flow of information needed to provide quality healthcare

500

A nurse accidentally opens the wrong patient’s chart but immediately closes it without reading further or taking action. No information is shared. 

Is this a breach or a violation? Explain.

A violation (unauthorized access), but may not be considered a reportable breach depending on risk assessment

500

A patient asks you to share their info with a family member. What must you verify?

Authorization/consent