Introduction

The Knowledge Check consists of 10 questions. You must score 80% or higher to successfully complete this course.

When you are ready, click the Knowledge Check button to begin.

Question 1: Scenario

Which of the following are examples of HIPAA privacy violations?

Check all that apply.

Question 1: Options

[1] Providing a Health Care Provider with patient information for treatment purposes.

[2] Providing an incorrect ID card to a patient.

[3] Discussing patient information with a friend at lunch.

[4] Sending PHI via encrypted email to an authorized recipient.

Question 1: Feedback

Information may be securely disclosed to Health Care Providers providing treatment and to authorized recipients. It’s not okay to discuss Protected Health Information with an unauthorized recipient. Always verify the recipient of PHI before disclosing any information or patient ID cards.

For more information about the correct answer, see Section 2.1, What is Protected Health Information?

Question 2: Scenario

To what extent can you use, access, and disclose PHI?

Question 2: Options

[1] The minimum degree necessary required for payment and healthcare operations.

[2] To the minimum degree necessary to ensure a profit for our organization.

[3] Generally, if you can access PHI, you can use it.

[4] All of the above.

Question 2: Feedback

The minimum necessary standard requires that PHI accessed, used, or disclosed is limited to the minimum amount necessary for the intended purpose, with the exception of treatment.

For more information about the correct answer, see Section 3.2, Minimum Necessary Standard.

Question 3: Scenario

You receive a document containing an individual’s name, address, e-mail address, device implant date, and model and serial number of device. Which of the information is considered PHI?

Question 3: Options

[1] Device implant date.

[2] Model and serial number of device.

[3] All of the information is PHI.

[4] None of the information is PHI.

[5] Name, address, and e-mail address.

Question 3: Feedback

An individual’s name, address, e-mail address, device implant date, and model and serial number of device are all considered PHI.

For more information about the correct answer, see Section 2.1, What is Protected Health Information?

Question 4: Scenario

You receive a call regarding a privacy concern. What should you do?

Question 4: Options

[1] Try to resolve the situation.

[2] Direct the concern to your local Privacy Steward or the Privacy Office.

[3] Determine if it’s a valid concern and then report it to the appropriate department.

[4] Nothing. Privacy concerns are a normal part of our business.

Question 4: Feedback

If a privacy concern is received, you should direct the concern to your local Privacy Steward or Abbott’s Privacy Office as soon as possible.

For more information about the correct answer, see Section 4.4, Reporting Your Concerns.

Question 5: Scenario

What’s your responsibility in protecting PHI?

Check all that apply.

Question 5: Options

[1] To know and follow our organization’s HIPAA security and privacy policies for safeguarding PHI.

[2] To know what PHI is and report all violations to the Privacy Office.

[3] None. I don’t ever work with PHI.

Question 5: Feedback

All Abbott personnel have a responsibility to protect PHI. Understanding and following Abbott’s HIPAA privacy and security policies help to safeguard an individual’s personal information.

For more information about the correct answer, see Section 2.2, Understanding Your Responsibilities.

Question 6: Scenario

When you comply with HIPAA, you support an individual’s right to determine who can access their PHI and ensure that PHI is only provided to authorized recipients.

Check all that apply.

Question 6: Options

[1] Abbott will verify the identity of an authorized recipient before disclosing PHI.

[2] Individuals have legal rights regarding who can access their PHI.

[3] Abbott has the final say in who can access our patients and customer’s PHI.

Question 6: Feedback

When you comply with HIPAA, you support an individual’s right to determine who can access their PHI and ensure that PHI is only provided to authorized recipients.

For more information about the correct answer, see Section 2.3, Individuals have Rights.

Question 7: Scenario

Under HIPAA rules, an individual has the right to request which of the following:

Question 7: Options

[1] A copy of their health record.

[2] Corrections to their health record.

[3] Restrictions on the disclosure of their PHI.

[4] All of the above.

Question 7: Feedback

An individual has the right to request a copy of their health record, corrections to their record, and restrictions on the disclosure of their PHI.

For more information about the correct answer, see Section 2.3, Individuals have Rights.

Question 8: Scenario

You are only responsible for securing electronic forms of PHI.

Question 8: Options

[1] True. Having conversations about PHI is just part of our business and requires no security controls.

[2] False. Reasonable safeguards need to be taken to secure all PHI, regardless of form.

Question 8: Feedback

All forms of PHI require that you follow Abbott’s practices for safeguarding PHI.

For more information about the correct answer, see Section 4.2, Securing PHI.

Question 9: Scenario

As you scan your badge to enter a restricted area, a coworker approaches you and asks you to hold the door. Should you let them follow you in?

Question 9: Options

[1] Yes, as long as you’re sure she works at Abbott.

[2] Yes, as long as she says she’s authorized to work in that area.

[3] Yes, as long as she has an employee badge.

[4] No, all employees need to scan their badges to enter a restricted area.

Question 9: Feedback

Regardless of the individual, or their level of authority, Abbott requires all employees use their badge when entering a restricted area.

For more information about the correct answer, see Section 4.3, Potential Violations & Consequences.

Question 10: Scenario

Most states have created their own medical privacy laws. Does this mean they are exempt from complying with HIPAA?

Check all that apply.

Question 10: Options

[1] Yes. HIPAA only applies if a state does not have privacy laws aimed at protecting PHI.

[2] No. HIPAA applies to all states, regardless of whether they have medical privacy laws that are separate from HIPAA.

Question 10: Feedback

HIPAA applies to all states. However, the general standard is that if a state’s law is more protective of individual’s PHI, companies are required to adhere to both HIPAA and the state’s additional requirements.

For more information about the correct answer, see Section 2.4, State-Specific Privacy Laws.

All questions remain unanswered

Overall Feedback

No results are available, as you have not completed the Knowledge Check.

Congratulations! You have successfully passed the Knowledge Check and completed the course.

Please review your results below by clicking on each question.

Once you are done, you must click the EXIT [X] icon in the course title bar before closing your browser window or browser tab.

Sorry, you did not pass the Knowledge Check. Take a few minutes to review your results below by clicking on each question.

When you are done, click the Retake Knowledge Check button.