Questions & Answers
1. What are the four parts of the administrative simplification requirements of HIPAA?
2. Name three factors used to determine whether you need to comply with HIPAA.
3. What are the three categories of entities affected by HIPAA Medical Privacy Regulations?
4. What would business associates of covered entities consist of as it pertains to HIPAA’s regulation?
5. Who/what is covered by the HIPAA Privacy Rule? Give some examples.
6. What information is protected in HIPAA?
7. Describe the Basic Principle and Required Disclosures of HIPAA.
8. Is a health information organization (HIO) covered by the HIPAA Privacy Rule?
9. Does the HIPAA Privacy Rule inhibit electronic health information exchange across different states or jurisdictions?
10. How should a covered entity respond to any HIPAA Privacy Rule violation of a health information organization (HIO) acting as its business associate?
11. True or false: As a patient, your doctor must have you sign a HIPAA Consent and Release Form to share your ePHI or PHI with insurance providers who pay your medical bills. This is part of the HIPAA Privacy Rule.
12. After the patient provides consent and permission to the medical practice or covered entity, what agreement is needed between the medical practice and its downstream medical insurance claims processor or downstream medical specialist that requires the patient’s ePHI?
13. Why is security awareness training for all employees within a health care organization a major component of HIPAA compliance?
14. Under the HIPAA Security Rule, it is a requirement for a health care organization to have a security incident response plan and team to handle potential security incidents and breaches. Why is this a requirement?
15. True or false: It is a requirement for a health care organization to secure the transmission of ePHI through the public Internet.