HIPAA - Health Insurance Portability and Accountability Act The Omnibus Rule Questions and Answers

Question 1

The HIPAA Omnibus Rule of 2013 modified the Breach Notification Rule by replacing the subjective "harm threshold." An impermissible use or disclosure of PHI is now presumed to be a breach unless the covered entity or business associate demonstrates what?

Accepted Answer

There is a low probability that the protected health information has been compromised.

Answer

The Omnibus Rule established that an impermissible use or disclosure of unsecured PHI is presumed to be a breach. This presumption can only be overcome if a risk assessment, considering at least four specific factors, demonstrates a 'low probability that the PHI has been compromised.' The previous 'harm threshold' was considered too subjective.

Question 2

A patient pays for a specific medical procedure entirely out-of-pocket and explicitly requests that the provider not share any information about this service with their health insurance plan. According to the rights expanded by the HIPAA Omnibus Rule, how must the provider respond?

Accepted Answer

The provider must agree to the restriction request.

Answer

The HIPAA Omnibus Rule strengthened patient rights by requiring covered entities to agree to a patient's request to restrict disclosure of their PHI to a health plan if the disclosure is for payment or healthcare operations and the patient has paid for the service or item out-of-pocket in full.

Question 3

How did the HIPAA Omnibus Rule fundamentally change the liability of a business associate's subcontractors?

Accepted Answer

Subcontractors are now directly liable for compliance with the HIPAA Rules and can face penalties from the Office for Civil Rights (OCR).

Answer

A major change in the Omnibus Rule was extending direct liability to the subcontractors of business associates. If a subcontractor creates, receives, maintains, or transmits PHI on behalf of a business associate, they are also considered a business associate and are directly liable for complying with applicable HIPAA rules.

Question 4

Which of the following provisions was incorporated into the HIPAA Privacy Rule by the Omnibus Final Rule to prohibit its use in underwriting?

Accepted Answer

Genetic Information Nondiscrimination Act (GINA).

Answer

The HIPAA Omnibus Rule incorporated provisions from the Genetic Information Nondiscrimination Act (GINA). This expressly prohibits health plans from using or disclosing genetic information for underwriting purposes, such as determining eligibility or premium rates.

Question 5

Following the 2013 Omnibus Rule, which of the following statements is a required addition to a covered entity's Notice of Privacy Practices (NPP)?

Accepted Answer

A statement that the individual has the right to be notified following a breach of their unsecured PHI.

Answer

The Omnibus Rule mandated several updates to the Notice of Privacy Practices (NPP) to reflect new patient rights and rule changes. Among these is the requirement to include a statement that individuals have a right to, and will be, notified if a breach of their unsecured PHI occurs.

HIPAA - Health Insurance Portability and Accountability Act Practice Test

HIPAA - Health Insurance Portability and Accountability Act Practice Test

HIPAA - Health Insurance Portability and Accountability Act The Omnibus Rule Questions and Answers