School:
Date:
Information Privacy & Security Test Questions
Privacy & Security Policies and Procedures, HIPAA and Sarbanes-Oxley (SOX)
Please underline & bold the answer that you would like to select.
1. Under the HIPAA privacy rule, it is illegal to:
¦ Obtain information from a patient during treatment
¦ Share information obtained from a patient with the patient’s physician
¦ Fail to adequately protect health information from release
2. Tenet has policies that provide guidance for:
¦ Sanctions and mitigation
¦ Training requirements
¦ Neither of these answers
¦ Both of these answers
3. Tenet has policies and procedures that outline directives for maintaining the privacy of Protected Health Information (PHI).
¦ True
¦ False
4. Patient privacy means:
¦ Patients have a right to expect their health information will be protected
¦ Employees are no longer required to protect patient information
¦ Patients must take steps to protect their health information
5. Improper disclosure of PHI can result in a criminal penalty of up to $250,000 or 10 years of prison.
¦ True
¦ False
6. Individuals working in healthcare can share information they overhear while at work if:
¦ The patient is a famous person
¦ The individual’s job requires them to share the information
¦ The patient is a member of the individual’s family
¦ The patient is the individual’s friend
7. Tenet has policies to address:
¦ A patient’s right to amend his or her Protected Health Information (PHI)
¦ A patient’s right to restrict access to his or her Protected Health Information (PHI)
¦ Both of these answers
¦ Neither of these answers
8. Privacy protections cover a patient’s health information, such as reason for treatment, the patient’s name, address, social security number, and telephone number.
¦ True
¦ False
9. Healthcare operations are defined in the HIPAA privacy rules and are indirectly related to the treatment of a patient or payment for healthcare services.
¦ True
¦ False
10. Who is responsible for maintaining the privacy of Protected Health Information (PHI)?
¦ The patient
¦ Any member of the patient’s family
¦ Every employee and member of the workforce
11. If you suspect that someone is not following the Privacy Policies and Procedures, you should report this to your supervisor, local Compliance Officer or local Privacy Officer.
¦ True
¦ False
12. You can protect the confidentiality of patient information by:
¦ Making sure that your access IDs and passwords are not shared with others
¦ Making sure medical records are not left on the top of nursing station counters accessible to the public
¦ Making sure you do not access information that is not necessary for you to perform your job
¦ All of these answers are true
13. No matter what department you work in, you have a responsibility for assisting in protecting a patient’s confidential information.
¦ True
¦ False
14. What is the Notice of Privacy Practices (NPP)?
¦ A notice that is supplied to computer repair services to explain what file formats ar eused in the healthcare organization
¦ A notice included only in patient billing forms
¦ A notice required by HIPAA that tells all patients how their Protected Health Information (PHI) will be used and disclosed
15. Confidential information includes:
¦ Patient information
¦ Payroll information
¦ Trade secrets
¦ All of the above
16. Malicious software is any kind of software or code that could cause harm to an information system and includes viruses.
¦ True
¦ False
17. A fax containing confidential patient information is sent to a residence in error. This should be reported as an incident.
¦ True
¦ False
18. It is Christmas time and you want to stop by “Lots for Tots” on your way home to pick-up a toy for a neighbor’s child. You will be taking work home and that includes documents containing confidential information. Which of the following is the best method for securing that information?
¦ Put the files in a locked briefcase
¦ Put the briefcase in your trunk before going into the store
¦ Drop off your briefcase at home before going to the store
¦ Put the files in a folder and leave them on the front seat of your car
19. Company policy requires that software audits be performed once per year.
¦ True
¦ False
20. You received an e-mail with an attachment called “FunnyFotos.exe” from an unknown party. You should:
¦ Open the attachment and enjoy the funny photos
¦ Forward this e-mail to all of your friends
¦ Forward the e-mail to everyone you work with
¦ Delete the e-mail without opening it
21. You have 10 different passwords and have a hard time remembering them all so you have written them down. The best place to store this information is:
¦ Under “P” in your rolodex
¦ Under your keyboard
¦ Thumb tacked next to your computer
¦ None of the above
22. Your UserId is Abcdef01 and your password is Abcdef01. This is considered a strong password.
¦ True
¦ False
23. When faxing information, the fax must include a cover sheet that contains a confidentiality statement?
¦ True
¦ False
24. The Information Security Policies and Procedures identify three types of information classifications. Those classifications include:
¦ Confidential Information
¦ Proprietary Information
¦ Public Information
¦ All of the above