Articles page     HIPAA page    

HIPAA Enforcement - True or False Quiz


Let's warm up:
1. HIPAA stands for Health Insurance Portability and Accountability Act of 1996.

2. Health care organizations covered by the recently issued final regulations have until April 14, 2003 to comply with the HIPAA regulations.

Ready? Set? Go!

HIPAA Implementation:

3. Providers must obtain consent for the use of a patient’s protected health information for treatment, payment and health care operations.

4. Employees do not need to refrain from discussing patient information in hallways and elevators.

5. Medical records belong to the health care provider and, therefore, patients do not have a right to access the information contained therein.

6. A patient does have the right to request amendments be made to his / her protected health information.

7. A health care provider has 60 days to respond to a patient’s request to amend his / her protected health information.

8. Patient consent to the release of protected health information is not required in the case of an indirect treatment relationship (e.g.; a consultant physician), in emergencies, when the physician is required by law to treat a patient or when it is not possible to obtain consent due to substantial barriers to communication and consent is inferred.

9. Patient authorizations are required for any use or disclosure of protected health information not covered by a consent.

10. Patient consents can be written in legalize.

HIPAA Penalties:

11. There are both civil and criminal HIPAA penalties if the regulations are not adhered to.

12. Civil penalties will be imposed for general noncompliance with HIPAA regulations.

13. Even though HIPAA regulations require that a covered organization designate a privacy official, there will be no penalties for disregarding this requirement because there is a personnel shortage in the industry.

14. Civil penalties for noncompliance are fines of $100 for each violation, with a maximum total fine of $25,000 per person for all identical violations in the same calendar year.

15. The Office of the Inspector General will enforce the civil penalties.

16. Criminal penalties will be imposed for criminal conduct, such as wrongful uses and disclosures of health information.

17. Civil and criminal penalties may be imposed on a health care employee who sells a patient’s health information to a commercial third party.

18. Criminal penalties for noncompliance include fines up to $250,000 and jail time for up to 10 years, or both.

19. A civil penalty will not be imposed if the individual who committed the violation did not know and would not have known even if he had exercised reasonable diligence, that he had violated a HIPAA provision.

20. A civil penalty will not be imposed if the individual or health care organization has a reasonable basis, other than willful neglect, and corrects the failure to comply within 30 days of discovering the violation.

21. Health care organizations will never be held responsible for employee violations of the regulations, even if the employee acted within the scope of his job.

22. Unlike a fraud and abuse compliance program, the implementation of a privacy compliance program does not help to mitigate the penalties that may be imposed upon a health care organization for violating the privacy regulations.

23. A privacy officer who actively develops and implements a privacy compliance program is unlikely to be at risk for isolated or unintended violations of the privacy regulations.

For more information, please Call or E-mail



Articles page     HIPAA page     top of this article