Healthcare Compliance and Confidentiality Best Practices Quiz

HIPAA governs the protection of personal health information in the US.

A breach occurs when healthcare information is improperly disclosed, such as discussing a patient's condition with another patient.

PHI stands for Protected Health Information.

Covered entities under HIPAA include health plans, healthcare clearinghouses, and healthcare providers transmitting health information electronically.

Sharing PHI for treatment purposes between providers doesn't require specific authorization under HIPAA.

Title II of HIPAA addresses the privacy and security of patient health information.

HIPAA's Privacy Rule requires healthcare providers to inform patients about privacy practices.

The minimum necessary standard involves sharing only the necessary patient information for a particular purpose.

Encrypting ePHI on portable devices is a recommended security measure.

HIPAA compliance is enforced by the Office for Civil Rights (OCR).

The right to obtain health records within 15 days is not explicitly granted to patients under HIPAA.

The Security Rule of HIPAA requires the implementation of various safeguards including physical, administrative, and technical measures.

Covered entities must notify individuals of a breach without undue delay, but no later than 60 days after discovery.

HIPAA requires a waiver of authorization from an IRB or Privacy Board for using or disclosing PHI for research without individual consent.

Covered entities must review and update HIPAA security measures as necessary, considering technological and operational changes, and at least annually.