UNIVERSITY OF PENNSYLVANIA HEALTH SYSTEM HIPAA EDUCATION ASSESSMENT

Last Name: Medical School:

First Name: Date Completing Assessment:

Be sure to read the HIPAA training document before completing this assessment. Check one answer box only for each of the seven questions below.

1)

Which statement is not correct? The Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA): A) Requires that the Department of Health and Human Services (HHS) defines rules for the protection of patient information B) Can be seen as a legislative expression of consumer concern for privacy C) Does not impose fines or penalties for violations of its Standards D) Requires that UPHS, as a covered entity, have a Notice of Privacy Practice (NPP) for patients that provides adequate notice of the uses and disclosures of protected health information (PHI) that may be made by UPHS

2)

Protected Health Information (PHI) refers to: A) Only the information that the patient does not want disclosed B) Individually identifiable health information information that enables someone to specifically identify a patient C) Only information accessed by clinicians D) Only information requested by a health insurance carrier 3) Under most circumstances, HIPAA does not restrict the use of Protected Health Information (PHI) for TPO. What does TPO refer to: A) Treatment of out-patients, protecting patient privacy, and maintaining privacy during routine hospital operations B) Treatment of patients, payment at the time of service, and routine hospital operations such as admissions discharges C) Treatment of patients and payment for medical procedures only D) Treatment of a patient, the payment for treatment and services, and healthcare operations

4)

Which statement best describes the Minimum Necessary Requirement: A) Hospitals should make reasonable efforts through their policies and procedures to limit employees access to PHI to the minimum necessary to accomplish the task B) Hospitals are required to limit clinicians access to medical records to the minimum necessary to treat the patient C) Hospitals are required to limit patients access to their records to the minimum necessary to understand their diagnosis D) Hospitals are not required to limit employee access to PHI to the minimum necessary

5)

Which statement is true regarding the Notice of Privacy Practice? A) The entity must provide an NPP that is written in plain language and contains these elements: describes how information about the patient may be used and disclosed, and how the patient can get access to this information. We must make a good faith effort to obtain a written acknowledgment that the patient received the NPP and if we cant obtain a written acknowledgment, we need to document the reasons why. B) The entity must have an NPP that is on file and only available to patients upon request and responsibilities C) The entity must have an NPP that is available to the patient at the time of discharge D) The entity must have an NPP that only has to be provided to a patients attorney upon written request

6)

If a patient requests that a CPUP practice contact him/her by e-mail only: A) The practice has no obligation under the Privacy Rule to honor the request B) The practice should provide the form necessary to make the request. If the request is reasonable; the practice must honor the request C) The practices office manager should require that the patient provide the reasons for the request before honoring the request D) The practice may refuse treatment to patients making requests for communication by alternate means

7)

Which statement best describes Patient Privacy at UPHS: A) UPHS Clinicians need to be aware of and protect patient privacy. Employees dont have to be concerned about it B) No matter where we work at UPHS, we should all be aware of, respect and protect our patients right to privacy C) Our information systems and our security measures will protect patient privacy. We dont have to change our behavior to ensure patient privacy D) The requirements of the Privacy Rule apply to the UPHS Chief Privacy Officer only