HCCA - CHPC Study Questions (MASTER FLASHCARDS) Actual Questions and Answers 2024/2025 with complete solutions;100% verified
6 views 0 purchase
Course
HCCA - CHPC
Institution
HCCA - CHPC
A privacy professional is reviewing a program for an academic medical center that include a faculty group
practice, hospital, student health center, and self-funded group health plan. The privacy professional
should evaluate if the program has notices for:
a. GINA
b. FMLA
c. HIPAA
d. FISMA - ...
HCCA - CHPC Study Questions
(MASTER FLASHCARDS)
A privacy professional is reviewing a program for an academic medical center that include a faculty group
practice, hospital, student health center, and self-funded group health plan. The privacy professional
should evaluate if the program has notices for:
a. GINA
b. FMLA
c. HIPAA
d. FISMA - b. HIPAA
A photo of a nurse doing a procedure on a patient in the hospital has been posted on a social networking
site. HR has identified the nurse in the photo and the patient. HR asks the privacy professional for a
recommendation for disciplianary action. Before providing a recommendation, the privacy professional
should determine if the
a. 60-day timeline for reporting the breach to DHHS has lapsed
b. photo was posted during work hours or an unpaid break
c. nurse was aware that she was being photographed
d. patient says they gave permission for the photo - c. nurse was aware that she was being
photographed
1. What are the required core elements of a VALID Authorization. Ref. 45 CFR 164.508(b) - 1.
Description
2. Purpose use/disclosure
3. Recipient
4. Authorized person making the disclosure
5. Expiration date
6. Signature/dates
38 U.S.C. 7332 deals with confidentially of patient medical record information related to:
a. drug abuse, sexually transmitted diseases, and tuberculosis
,b. HIV/AIDS status
c. drug abuse, alcoholism, infection with the HIV virus, and sickle cell anemia
d. mental illness, HIV status, drug and alcohol abuse - c. drug abuse, alcoholism, infection with the
HIV virus, and sickle cell anemia
45 CFR 164 - Subpart C outlines the three safeguards to ensure the _____, ____, ____ of ePHI that both,
CE and BA must implement to ensure compliance and protect against anticipated threats, and/or
reasonably anticipated uses/disclosures (incidental/inadvertent/unintentional) - Confidentiality,
integrity, availability
Note: Accidental - must be reported. An accidental HIPAA violation refers to the unauthorized disclosure
of PHI (protected health information) without intent. Despite having safeguards and protective measures
in place, there is still a possibility of breaching HIPAA regulations. These types of violations could include
an employee accidentally seeing a different patient's medical records, an email being sent to the wrong
person or the loss or theft of a personal device that contains PHI.
https://www.hipaajournal.com/accidental-hipaa-violation/
A clinic has patient data that an independent researcher would like to access. The researcher only needs
de-identified information, but the clinic does not have the resources to strip the patients identifiers from
the data being requested. The researcher does have the resources and offers to remove the identifiers
before beginning the research. A privacy official should inform that it can provide the PHI to the
researcher if the clinic:
a. notifies each patient whose information is disclosed
b. modifies the hospital's NPP
c. requires the researcher to obtain waiver of authorization
d. has the researcher show proof of privacy training - c. requires the researcher to obtain waiver
of authorization
A co-worker is called away for a short errand and leaves the clinic PC logged onto the confidential
information system. You need to look up information using a computer. Aside from notifying the
appropriate person, what is the best approach you should take?
a. To save time, just continue working under your co-worker's User-ID.
b. Log you co-worker off and re-login under your own User-ID and password.
c. Do nothing.
,d. All of the answers. - b. Log you co-worker off and re-login under your own User-ID and
password.
A Covered Entity may denied an individual access to their PHI under specific circumstances set forth in
45 CFR 164.524 (a)(2), which of the following doesn't fall under those circumstances:
a. Request for psychotherapy notes
b. if it jeopardizes the health, safety, security, rehab of individual (e.g. inmate's' request, suicidal patient)
c. during the course of research/clinical trial
d. to request restrictions of their PHI - a. Request for psychotherapy notes
Under the HIPAA Privacy Rule, individual has the right to request a copy, an amendment and restrictions
to their PHI, request confidential communications involving your PHI, and list of disclosures. See 45 CFR §
164.524 (a)(2)
A covered entity may disclose protected health information (PHI) without a patient's written permission
for:
a. Treatment purposes
b. Payment
c. Health care operations activities
d. All of the above - d. All of the above (a covered entity may use or disclose PHI for TPO)
A covered entity may use or disclose PHI for TPO...what does TPO stand for - Treatment
Payment
Health Care Operations
A covered entity must designate a ___________________ who is responsible for developing and
implementing its security policies and procedures.
a. physician
, b. security official
c. police officer
d. custodian - b. security official
A covered entity must obtain the patient's written authorization for any use or disclosure of protected
health information (PHI) in which circumstances?
a. Marketing activities
b. Research
c. PHI sales and licensing
d. Information sharing needed for treatment
e. A and C only
f. All of the above - e. A and C only
Ref. Permitted Uses and Disclosures section - https://www.hhs.gov/hipaa/for-professionals/privacy/laws-
regulations/index.html
A health care provider wants to disclose protected health information (PHI) about a student to a school
nurse or physician. Does the HIPAA Privacy Rule allow this?
Yes. The HIPAA Privacy Rule allows covered health care providers to disclose PHI about students to
school nurses, physicians, or other health care providers for treatment purposes, without the
authorization of the student or student's parent.
OR
No. The HIPAA Privacy Rule mandates parental consent in this case. - Yes!
A health system implemented an EHR in 55 clinics. The privacy professional is told employees are
inconsistently interpreting the policy addressing employee access to EHR. Which of the following is the
privacy professional's BEST strategy?
a. Collaborate with HR to ensure appropriate discipline
b. Perform an audit under Attorney-Client Privilege
c. Conduct surveys of clinic employees concerns
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ACADEMICMATERIALS. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.