HCA 201 EXAM 3 QUESTIONS AND ANSWERS 2026
HIM - Answers - Health Information Management
HIPAA - Answers - Health Insurance Portability and Accountability Act (Aug.1996)
-created the privacy & security rule
-Kassenbaum-Kennedy Bill : new privacy/security standards
-originally intended to protect health coverage fro employees for change/lose their jobs
-but, actually did not provide "portability" for health insurance
-regulations to improve security of electronic health transactions and privacy of health
information
Can you sue if someone violates HIPAA rights? - Answers - No
There is no private cause of action due to violation of HIPAA
-Can only sue for invasion of privacy
Health Information - Answers - any information whether oral or recorded in any
form/medium related to the provision of or payment for healthcare
PHI - Answers - Protected Health Information
-any health-related information that identifies or can be used to identify the individual to
whom it pertains
Covered entity - Answers - -a health plan
-healthcare clearinghouse
-healthcare provider
-that which transmits any health info in electronic form
Who owns medical records? - Answers - the covered entity
-state law generally provides that healthcare providers own & have physical possession
of health records
-but, pts can have access to them
Patients and Medical Records - Answers - -pts have a right to:
-view records
-copy
-have records sent
-request correction to any facility of their choice
(under HIPAA)
Business Associates - Answers - -outside persons/organizations that use PHI while
providing services on behalf of a covered entity
(ex. billing, claims processing, utilization review)
, HIPAA Privacy & Security - Answers - -due to electronic transactions/medical records
-covers all patient identifiable data
-requires full-time security program (ex. privacy/security officer training, monitoring)
-huge civil & criminal penalties
HIPAA Patient Rights - Answers - -access/copy of records
-request correction or amending records
-limit use & disclosure
-accounting of disclosures (other than tx, payment, or healthcare operations)
-notice of privacy practices (NPP)
-file complaint
Identifiable data - Answers - anything that can be used to identify or track a patient
How many indicators are there of PHI? - Answers - 18
(ex. name, DOB, date of death, pictures, social security)
Disclosure of PHI is permitted for: - Answers - (give the minimum necessary to disclose
info)
-if required by law
-to report abuse, neglect, or domestic violence
-healthcare oversight activities
-evidence in judicial/administrative proceedings
-aid law enforcement investigation
-coroners, medical examiners, funeral directors
-for organ, eye, or tissue donation
-certain research
-avert a serious threat to health or safety
-for certain government functions, such as national security
-worker's compensation claims
HITECH Act - Answers - Health Information Technology for Economic and Clinical
Health Act
-sharply increased the administrative penalties that included criminal penalties of fines
and prison time of up to 10 years
-if breach of unsecured PHI affects 500 or more indivs, a covered entity must notify the
secretary of HHS of the breach no later than 60 calendar days from discovery
HIPAA Risk Areas - Answers - -shared passwords
-inappropriate access
-internet security
-physical security
-lax information habits
-breach of confidentiality
HIM - Answers - Health Information Management
HIPAA - Answers - Health Insurance Portability and Accountability Act (Aug.1996)
-created the privacy & security rule
-Kassenbaum-Kennedy Bill : new privacy/security standards
-originally intended to protect health coverage fro employees for change/lose their jobs
-but, actually did not provide "portability" for health insurance
-regulations to improve security of electronic health transactions and privacy of health
information
Can you sue if someone violates HIPAA rights? - Answers - No
There is no private cause of action due to violation of HIPAA
-Can only sue for invasion of privacy
Health Information - Answers - any information whether oral or recorded in any
form/medium related to the provision of or payment for healthcare
PHI - Answers - Protected Health Information
-any health-related information that identifies or can be used to identify the individual to
whom it pertains
Covered entity - Answers - -a health plan
-healthcare clearinghouse
-healthcare provider
-that which transmits any health info in electronic form
Who owns medical records? - Answers - the covered entity
-state law generally provides that healthcare providers own & have physical possession
of health records
-but, pts can have access to them
Patients and Medical Records - Answers - -pts have a right to:
-view records
-copy
-have records sent
-request correction to any facility of their choice
(under HIPAA)
Business Associates - Answers - -outside persons/organizations that use PHI while
providing services on behalf of a covered entity
(ex. billing, claims processing, utilization review)
, HIPAA Privacy & Security - Answers - -due to electronic transactions/medical records
-covers all patient identifiable data
-requires full-time security program (ex. privacy/security officer training, monitoring)
-huge civil & criminal penalties
HIPAA Patient Rights - Answers - -access/copy of records
-request correction or amending records
-limit use & disclosure
-accounting of disclosures (other than tx, payment, or healthcare operations)
-notice of privacy practices (NPP)
-file complaint
Identifiable data - Answers - anything that can be used to identify or track a patient
How many indicators are there of PHI? - Answers - 18
(ex. name, DOB, date of death, pictures, social security)
Disclosure of PHI is permitted for: - Answers - (give the minimum necessary to disclose
info)
-if required by law
-to report abuse, neglect, or domestic violence
-healthcare oversight activities
-evidence in judicial/administrative proceedings
-aid law enforcement investigation
-coroners, medical examiners, funeral directors
-for organ, eye, or tissue donation
-certain research
-avert a serious threat to health or safety
-for certain government functions, such as national security
-worker's compensation claims
HITECH Act - Answers - Health Information Technology for Economic and Clinical
Health Act
-sharply increased the administrative penalties that included criminal penalties of fines
and prison time of up to 10 years
-if breach of unsecured PHI affects 500 or more indivs, a covered entity must notify the
secretary of HHS of the breach no later than 60 calendar days from discovery
HIPAA Risk Areas - Answers - -shared passwords
-inappropriate access
-internet security
-physical security
-lax information habits
-breach of confidentiality
