CPMS HIPAA and Patient Privacy Questions and Answers

Question 1

A medical scribe is working remotely from home. Which of the following actions represents a potential HIPAA Security Rule violation?

Accepted Answer

Using a personal laptop that is not encrypted to access the EHR.

Answer

The HIPAA Security Rule requires specific technical safeguards for electronic protected health information (ePHI). Using an unencrypted personal device to access patient data is a significant security risk and a violation, as encryption renders data unreadable to unauthorized users.

Question 2

While documenting a patient encounter, a scribe overhears a nurse in the hallway discussing another patient's recent diagnosis with a colleague. According to HIPAA, this is an example of:

Accepted Answer

A reportable breach of confidentiality.

Answer

Discussing specific patient information in public areas like hallways where the conversation can be overheard by unauthorized individuals is a violation of the patient's privacy and constitutes a reportable breach. Incidental disclosures are permissible only when reasonable safeguards are in place, which is not the case in a public hallway conversation.

Question 3

Which of the following is considered Protected Health Information (PHI) under HIPAA?

Accepted Answer

A patient's appointment reminder email sent to their personal account.

Answer

PHI includes any individually identifiable health information. An email address linked to the fact that an individual has a medical appointment is considered PHI because it connects a personal identifier with health-related information.

Question 4

A patient notices an incorrect date of birth in their electronic health record and requests a correction. According to the HIPAA Privacy Rule, what right is the patient exercising?

Accepted Answer

Right to Amend PHI

Answer

The HIPAA Privacy Rule gives patients the right to request an amendment or correction to their PHI if they believe it is inaccurate or incomplete. Healthcare providers are required to have a process in place to respond to such requests.

Question 5

A medical scribe is asked by their physician to access the medical record of a celebrity who is not their patient, out of curiosity. What HIPAA principle would this action directly violate?

Accepted Answer

The Minimum Necessary Rule

Answer

The Minimum Necessary Rule is a key provision of the HIPAA Privacy Rule that requires covered entities to limit the use and disclosure of PHI to the minimum amount necessary to accomplish the intended purpose. Accessing a record without a legitimate job-related reason (i.e., for treatment, payment, or healthcare operations) is a clear violation of this principle.

CPMS - Certified Professional Medical Scribe Practice Test

CPMS - Certified Professional Medical Scribe Practice Test

CPMS HIPAA and Patient Privacy Questions and Answers