Focus training on the questions your staff trip up on.
New and veteran employees alike need thorough HIPAA training. You can test your newer employees’ HIPAA know-how with a general quiz that will help you gauge the most beneficial direction for your training. Here’s a quick “starter” quiz from the Clay County Public Health Center in Missouri.
1. Dr. Jones, head of surgery, asks to see Kristi Smith’s chart. Dr. Jones is not Kristi’s physician but Kristi is his wife’s best friend and he wants to see how she is doing. What do you do?
a) Give Dr. Jones the chart.
2. You enter a conference room for a meeting and notice that several reports with patient information are on a table. What do you do?
a) Throw the reports in the trash.
3. A prominent politician is a patient at the facility where you work. Administration wants you to check his medical record to be sure his surgery was successful. Your job gives you access to everyone’s patient records. What should you do?
a) Look at his medical record but don’t share any information.
4. You notice that someone has left a computer terminal used to enter orders while still logged onto the system. You leave it as is, thinking the person will return shortly. Later, a patient looks at what has been entered on the screen. Who is responsible for this breach of privacy?
a) You. You should have protected the information from being disclosed.
5. Discussions about patients or patient information in public areas, such as the cafeteria, may be overheard by unauthorized listeners and may violate the patient’s right to privacy.
a) True
6. You overhear a fellow employee telling someone over the phone about one of the patients in your area. You believe the other person on the phone is the employee’s sister. What do you do?
a) Report your suspicions to your supervisor.
7. James Rose, a patient in your care, has had a bad reaction to his medications. You try to reach Dr. Jones, his physician, for instructions. You find out that the doctor is at his health club. You call there and get the receptionist. What should you do?
a) Tell the receptionist to tell Dr. Jones that Mr. Rose has had an adverse reaction and to call you back immediately.
8. You are logging into your computer first thing Monday morning. You enter your password but get a message that your login failed. You try again and it doesn’t work. You are positive that you are using the correct password. What do you do?
a) Notify the help desk or your computer support of your problem so they can research the problem.
9. It is not appropriate for me to access or use a patient’s protected health information:
a) When treating a patient or billing for services provided to a patient.
10. When storing sensitive information on laptops and mobile devices, you should:
a) Only do it sparingly.
ANSWER KEY: 1. b 2. d 3. c 4. c 5. a 6. d 7. d 8. a 9. c 10. e.
b) Ask Dr. Jones for the appropriate written authorization to review Kristi’s chart.
c) Tell Dr. Jones that he cannot see the chart since he is not the patient’s physician.
d) Tell Dr. Jones that you are too busy to get the chart.
b) Leave the reports where you found them.
c) Notify environmental services to come clean the room.
d) Return the reports to whoever left them, if you can determine who that is. Otherwise, give the reports to your supervisor.
b) Look at the chart and share only information that is public knowledge.
c) Explain that no one in healthcare should look at patient records unless involved in that patient’s care or has business responsibilities or written authorization from the patient or his/her representative.
b) The person who left the terminal while still logged on.
c) Both.
b) False
b) Report your suspicions to your facility’s privacy director.
c) Tell the patient about what you overheard.
d) A or B.
b) Have the receptionist page Dr. Jones to the phone.
c) Tell the receptionist to ask Dr. Jones to call you back immediately.
d) B or C.
b) Since you can’t work on your computer, take this opportunity to clear out your inbox.
c) Ask your coworker to let you use her login ID and password.
d) Find a computer that someone else is already logged into and work from that computer.
b) To perform my job responsibilities.
c) To find out about my friend’s condition after seeing her in the clinic waiting area.
b) Not do it at all.
c) Use encryption if you must store or transmit sensitive information.
d) Only store it on Blackberries or PDAs, not laptops.
e) B or C.