Activity 3. Chapter 11 updated1.6.20 (1).docx - HIM 169 ACTIVITY 3 Chapter 11 \u2013 HIPAA Privacy Rule Part II Short answer True\/False(10 points 1 HIPAA

Chapter 11 – HIPAA Privacy Rule: Part II Short answer/ True/False (10 points) 1. HIPAA requires the following documents, NPP, Consent & Authorization TRUE FALSE 2. Document given to each patient that explains how a covered entity will use their PHI notice of privacy practices 3. List the two situations where HIPAA requires use or disclosure of PHI without the individual's authorization You can use/disclose PHI without patient agreement for public health activities related to disease control and prevention. 4. ______________ gives an individual the right to inspect and obtain a copy of PHI Right of access 5. An authorization permits but does not require a covered entity to disclose PHI TRUE FALSE 6. The covered entity may deny the request for an amendment except: A. Record is not created by the covered entity B. Not part of the DRS C. Is inaccurate and incomplete – book says is accurate or complete as it stands D. All of the above 7. HITECH defines a _____________________ as an "unauthorized acquisition, access, use or disclosure of PHI. Breach of confidentiality 8. A _____________________________ must approve federally funded research Institutional review board 9. The lessening of negative consequences is known as mitigation 10. This is the opportunity to request that communications of PHI be routed to an alternative location or by an alternative method Individual Right of Confidential Communications HIM 169 ACTIVITY 3

Case Study (5 Points) There are many aspects of HIPAA that patients do not see. One thing they do see, however, is the Notice of Privacy Practices (NPP) when it is presented to them. Some covered entities realize the importance of the NPP, but others do not. Metropolitan Family Medical Practice (MFMP) believes that the NPP is a waste of time, money, and effort. The office manager believes that patients don’t read it or keep it when it is given to them. As such, MFMP has discontinued the practice of providing it to patients or updating it. 1. Is this a HIPAA violation with respect to every patient who seeks services at MFMP on a given day? Why or why not? Yes, this is HIPAA violation. They do not follow NPP which allow some control over PHI and it is one among the administrative requirements, however it may not be the same with every patient who visited on the day because it may not be the first encounter.