FREE CHPC Safeguarding Patient Information Questions and Answers

Question 1

What is an example of a technical safeguard under the HIPAA Security Rule?

Accepted Answer

Implementing encryption for electronic Protected Health Information (ePHI)

Answer

Technical safeguards under the HIPAA Security Rule refer to the technology and policies used to protect electronic Protected Health Information (ePHI) and control access to it. Implementing encryption for ePHI is a prime example of a technical safeguard. Encryption renders the data unreadable and unusable to unauthorized individuals, significantly enhancing its security during transmission and storage.

Question 2

A hospital employee leaves a laptop containing unencrypted ePHI in their car, and it is stolen. What must the organization do under the HIPAA Breach Notification Rule?

Accepted Answer

Notify affected individuals, the OCR, and possibly the media

Answer

This scenario describes a breach of unsecured ePHI, as the laptop was unencrypted and stolen. Under the HIPAA Breach Notification Rule, organizations must notify affected individuals without unreasonable delay. If the breach affects 500 or more individuals, notification to the OCR and the media is also required, making this the comprehensive correct action.

Question 3

Which of the following is NOT required as a physical safeguard under HIPAA?

Accepted Answer

Encrypting PHI stored on mobile devices

Answer

Encryption of PHI stored on mobile devices is classified as a technical safeguard under HIPAA, not a physical safeguard. Physical safeguards focus on protecting physical access to electronic information systems and the facilities that house them, such as limiting access to areas and securing physical records. Technical safeguards, like encryption, protect ePHI within electronic systems by controlling access and ensuring data integrity.

Question 4

A nurse accesses the electronic health record (EHR) of a friend who is admitted to the hospital without a work-related reason.
What type of safeguard failure does this represent?

Accepted Answer

Physical safeguard failure

Answer

This scenario could be considered a physical safeguard failure if the nurse gained access to the EHR through a workstation that was not adequately secured according to the organization's physical safeguard policies. For example, if a workstation was left logged in or in an area accessible to the nurse without proper authorization, allowing them to physically sit down and access the system. While the act of accessing the data is electronic, the vulnerability could stem from a lack of physical workstation security.

Question 5

What is the best way to safeguard PHI on mobile devices such as laptops or smartphones?

Accepted Answer

Implementing encryption for PHI

Answer

Implementing encryption for PHI is considered the best way to safeguard data on mobile devices. Encryption renders the information unreadable and unusable to unauthorized individuals if the device is lost or stolen, providing a strong layer of protection directly to the data itself. While other measures like strong passwords and antivirus are important, encryption directly addresses the risk of data compromise.

(CHPC) Certified in Healthcare Privacy Compliance Practice Test

(CHPC) Certified in Healthcare Privacy Compliance Practice Test

FREE CHPC Safeguarding Patient Information Questions and Answers