HIPAA MBC

Acronyms

Security

Hodgepodge

True/False

Q&A

100

Each letter in HIPAA stands for this.

What is Health Insurance Portability and Accountability Act?

100

Sheriffs, deputies, officers and other law enforcement personnel are 'covered entities' under HIPAA. T/F

What is false? Typically, law enforcement personnel are exempt from HIPAA requirements

100

You must obtain this prior to sharing or releasing information to others who aren't on file?

Authorization/consent to speak with them from the member

100

You are allowed to hold a patient's medical record until they come current in their account. T/F

What is False? It is a HIPAA violation to withhold any patient's medical record. You are allowed to charge a reasonable copy and administrative fee.

100

Can we discuss a client's PHI with other providers involved in their care or other provider to whom we are referring them?

Yes. This is part of treatment and does not require authorization.

200

Individually identifiable health information

What is PHI or Protected Health Information?

200

Removing the name, address, social security number, pictures and descriptive information about the patient.

What is deidentification?

200

What should you do before you leave your computer?

Lock it

200

True or False? It's okay to plug your phone into your computer to charge it

False

200

How often is HIPAA compliance training required in a healthcare setting?

Upon hire and annually

300

A legal, written statement detailing the provider's privacy practices, given to every patient.

What is NPP or Notice of Privacy Practices?

300

Registers of hospital patients are allowed under HIPAA. T/F

What is True? As long as the patient is allowed to 'opt out' of being placed on the register.

300

In any medical organization, this person makes sure there are policies in place and personnel are properly trained in HIPAA, privacy and security of patient medical information.

Who is the Privacy Officer? HIPAA mandates the designation of a Privacy Officer in any medical organization.

300

It is a violation of HIPAA for you as a medical biller/coder to talk with a colleague about a patient in the hospital elevator. T/F

What is true? When working as an MBC in the business of healthcare, are a covered entity.

300

If your state law is stricter than HIPAA, the law you must follow

What is stricter state law?

400

This department investigates and prosecutes HIPAA violations.

Who are the OCR or Office of Civil Rights?

400

What are the first 2 pieces of information you need to verify the caller?

Member's first and last name

DOB

400

What year was HIPAA established?

1996

400

It is a violation of HIPAA for the spouse of a patient to talk about the patient's medical condition in the hospital cafeteria. T/F

What is false? Family members are not healthcare providers, thus not 'covered entities' and not bound by HIPAA.

400

Can we fax PHI?

Yes, if standard precautions are taken to ensure reasonable security of the transmitted data

500

An Employer's Tax ID Number

What is EIN or Employer Identification Number?

500

The physician is allowed to share patient information with the patient's family members, if the family member will be involved in their care. T/F

What is True?

500

This is how long HIPAA records must be retained.

What is six years? Releases, authorizations, NPPs and agreements restricting disclosure of PHI.

500

T/F If your co-worker is locked out of their computer and needs to access information quickly and asks to use your computer, it's okay to let them use your computer?

False - this is NEVER okay.

500

A basic HIPAA principle, this describes what PHI you should access in order to do your job.

What is minimum necessary? What you need to know (to do your job)