Did you configure your anti-virus to scan automatically?
Because UltraLinq is classified as a Business Associate, we are not required to comply with the Privacy Rule.
Which of the following are major tenets of HIPAA?
Protects the privacy of a patient's health information.
Provides for electronic and physical security of a patient's information.
Prevents healthcare fraud and abuse.
All of the above.
You received a CD containing some pirated software that you need. You should probably go ahead and install it, right?
Yes, I have a Mac.
Yes, I have appropriate security programs installed.
No, installing unlicensed software violates the terms set forth in the UltraLinq handbook.
No, my Macbook Air does not have an optical drive.
You decide to take some time to clean out your desk drawers. You come across some CDs with X-Ray exams that a client was nice enough to send us, and pitch them in the trash without destroying them. What else could you have done to VIOLATE our HIPAA policy?
Shred everything that contains PHI.
Apply a password to prevent unauthorized access to your operating system.
Conduct frequent virus scans.
Give a demo at a trade show using a live customers' patient data.
The "Security Rule" is comprised of three safeguards: Administrative, Physical and Technical.
A laptop has gone missing! You suspect it had a bunch of patient information on it, but can’t be sure. You know you are responsible for reporting any potential breaches immediately. What’s the best way to cover your butt?
Find the missing equipment.
Do nothing and play dumb about the missing equipment.
Write an e-mail and call Peter detailing what has happened.
Find a funny animated GIF and post it in Slack, along with an announcement the laptop is missing.
You are working from home because of the big storm. So you log into the UltraLinq website and you store your login information in your browser. That’s ok, right?
Yes, it’s my home computer. I do what I want.
No, it potentially allows access to PHI for people who should not access PHI.
A trial version of antivirus on your computer expired so you uninstalled it. Because you require a password to login to your operating system your computer is still secure.
Which policy does UltraLinq NOT employ to maintain HIPAA compliance?
Making all new users go through an authorization process by their account’s HIPAA Officer.
Requires all clients to sign a Business Associate Agreement prior to uploading.
Has a specific individual responsible for HIPAA compliance (Peter).
Publishing a HIPAA newsletter for our customers so they know we are compliant.
The penalties for a breach of PHI are the same regardless of severity and negligence.
In what ways did the HITECH Act affect Business Associates like UltraLinq? (Choose all that apply)
It made Business Associates have to do a lot more paperwork.
HITECH required that Business Associates get their products certified by an authorized certifier.
It gave State Attorneys General the option of bringing criminal charges against negligent offenders.
It required that Business Associates and Covered Entities have Business Associate agreements in place prior to exchanging PHI.
HIPAA has many different facets, and protecting patient data is UltraLinq's primary focus. There are two Rules in HIPAA that provide guidance on how Covered Entities and their Business Associates must protect patient data. What are those rules?
Patient Medical Health Record Rule
Healthcare Fraud Rule
While calling in to pay his bill, Vasant asks Brett to fax him a patient report. Because Client Service is busy playing darts; he decides to send the faxes. Which steps did Brett take to ensure all UltraLinq policies are followed? (Choose all that apply)
Documented the fax in Salesforce or Zendesk.
Shredded the report after faxing it.
Made sure to keep a copy of the report on his desk just in case Vasant wants another copy tomorrow.
Providing instructions for Vasant so he can create the report on his own next time.
Protected Health Information (PHI) is specific information that can be used to identify an individual all by itself; or information pertaining to an individuals medical care; or billing information. If you want to ANONYMIZE a report, which piece(s) of information can remain without disclosing PHI (Choose all that apply)?
Type of exam done
Social Security Number