Health Information Compliance Alert

Security Quiz Answers

1. False. You should use only HIPAA-compliant practice management software, but the privacy and security rules cover every facet of computer activity, including how the systems are actually used.

2. False. HIPAAprivacy and security regulations cover a wide variety of issues besides the storage and sharing of PHI. Example: You must also address internal security policies and personnel security training.

3. True. It is important to have and use the right forms, but that won't satisfy the wide variety of other HIPAArequirements.

4. True. Although the Medicare portion of HIPAAlaw exempts practices with less than 10 employees from electronic billing, this exemption does not apply to any other portion of HIPAAlaw.

5. False. HIPAArequires a designated Privacy Officer for facilities of every size.

6. True. The OCR's HIPAA-compliance enforcement plan is complaint-based: patients, employees and business associates may report noncompliance at the OCR's Web site.

7. False. Many of HIPAA's requirements apply to any health care facility, regardless of how it does its billing.

8. False. You must follow all regulations. When two regulations address the same issue, the strictest rule must be followed, although you should not sacrifice full compliance with other regulations.

Reprinted from www.breakwatersecurity.com with the permission of Breakwater Security Associates.