PHI or not?
HIPAA
Safe or Violation
Who's responsible?
Medical Matters
100

Is a medical record number without a name PHI?

Yes, it's still identifiable

100

What does HIPAA help protect?

A patient's private health information

100

A front desk staff member places a sign-in sheet with full names in public view. 

violation-sign in sheets must not reveal full PHI

100

Who can see an explanation of benefits (EOB)?

Only authorized individuals.

100

A patient asks the front desk about their test results. What is the best way to handle this?

The front desk should direct the patient to speak with clinical staff. Only Authorized personnel can provide results. 

200

If a hospital posts surgery logs online with no names, could it still be a PHI issue?

Yes, if it contains dates or identifiers

200

True or False: HIPAA only applies to Doctors and Nurses

False- it applies to anyone who handles patient information

200

A pharmacist discusses a patient's medication loudly at the counter. Breach?

Yes- it risks exposing PHI to unauthorized individuals

200

Who is responsible for protecting patient privacy?

Everyone on the team

200

A patient asks about a new diabetes medication. Who on the team can provide education about how it works and potential side effects?

The nurse, provider, or the pharmacist

300

Is bank information shared for medical billing PHI?

No, it's financial, unless tied to health information

300

What should you do if you see a privacy violation?

Report it to a supervisor or compliance officer 

300

A medical assistant looks up a friend's medical record out of curiosity.

Violation-This is unauthorized access and a serious HIPAA breach.

300

What is one thing your team does well to protect privacy? (open discussion)

Ex: everyone always logs out from their computer when stepping away to prevent unauthorized access to patient records. 

300

Who is responsible for reconciling a patient's medications during a routine visit?

Registered Nurse, Medical Assistant, and provider. Medications must be confirmed by provider.


400

Which of these is PHI? Device ID, login password, or security badge number?

Device ID

400

What can happen if HIPAA is violated?

(fines, warnings, training)

400

A lab tech accidentally emails a test result to the wrong provider but reports it immediately. Breach?

Possibly- It must be investigated under HIPAA breach protocols

400

What should you do if you see someone accidentally leave a chart open?

Close it and tell them

400

Who should be included in discharge teaching to ensure the patient understands their care plan?

The patient  and interprofessional care team.

500

Is a diagnosis without a name still PHI?

Only if it can be linked to an individual

500

True or False: HIPAA applies even if the patient is deceased 

True

500

A provider discusses a patients lab results with a coworker in the hallway.

Violation-PHI must be discussed in private settings only.

500

A patient overhears their diagnosis being discussed at the front desk. Who is responsible for preventing this kind of privacy breach?

The entire team involved

500

During team huddle, who is responsible for making sure care plans are accurate and PHI is protected?

Everyone present - each role contributes to accuracy and privacy