The HIPAA privacy rule was enacted in August 1996 in an attempt to reform healthcare and respond to issues concerning the electronic transmission of patient health information. HIPAA complaints and violations can compromise patients and lead to fines ranging from $100 to $1,500,000 — and even imprisonment. In today’s cybersecurity climate, it’s vital that all locum tenens providers are well-versed in HIPAA compliance to ensure the privacy and security of patients’ health information. So, how well do you know HIPAA provisions? Take our HIPAA quiz to find out.

HIPAA Quiz: What’s Your HIPAA Compliance IQ?

Below you’ll find 10 questions covering various components of HIPAA compliance. Click below to find the correct answer.

Which of the following is NOT a purpose of HIPAA?

1. To prevent abuse of information in health insurance and healthcare.
2. To establish continuous healthcare coverage for patients who are switching jobs.
3. To better manage protected health information.
4. All of the above are purposes of HIPAA.

True or false: While healthcare providers must follow HIPAA rules, health insurance companies are not responsible for protecting patient information.

1. True
2. False

True or false: Billing information is protected under HIPAA

1. True
2. False

A “covered entity” is:

1. A patient who has consented to keeping his or her information completely public.
2. Any healthcare professional who has direct patient relationships.
3. Required by law to follow HIPAA rules.
4. B and C.

In the context of HIPAA, what is the difference between privacy and confidentiality?

1. Healthcare providers are only responsible for maintaining patient privacy.
2. Privacy is the patient’s right, while confidentiality is the provider’s, company’s, or program’s obligation to protect the patient’s privacy.
3. Patients can ask for their information to be kept private, but not confidential.
4. They mean the same thing.

In which cases can a facility legally share patient information?

1. When working with other members of a patient’s healthcare team to determine best treatment options.
2. A facility is never allowed to share patient information.
3. When making a legally mandated report or disclosure.
4. A and C.

In which cases can a healthcare provider legally share patient information?

1. Judicial proceedings.
2. Identification of a dead body.
3. A healthcare provider is never allowed to share patient information.
4. A and B.

Which of the following is an example of a good precaution to protect patient information?

1. Locking paper records and setting computer passwords.
2. Not using patients’ names in public areas.
3. Taking the family aside and speaking quietly when discussing a patient’s state.
4. All of the above are responsible precautions to take.

What does “NPP” stand for?

1. No patient protection.
2. Non-private practice.
3. Notice of privacy practices.
4. Non-protected patient.

In addition to healthcare providers and other involved professionals, who is allowed legal access to a patient’s protected health information (PHI)?

1. The patient’s spouse.
2. The patient’s boss.
3. The patient’s long-term boyfriend or girlfriend.
4. None of the above.