With Respect To Permissions For Uses And Disclosures Hipaa
16 community-sourced questions and answers. Free — no login.
In the US, privacy protections for health information come from:
Privacy protections come from all of these sources - both federal and state law, as well as the requirements of private certification organizations.
Privacy, in the health information context discussed here, refers to:
The rules about who can access health information, and under what circumstances.
Under the federal HIPAA regulations, state health privacy laws:
Remain in effect if more stringent than what HIPAA provides.
What kinds of persons and organizations are affected by HIPAA's requirements?
Health care providers, health plans, and health information clearinghouses, their business associates, and the workers for those organizations.
HIPAA privacy protections cover identifiable personal information about the "past, present or future physical or mental health condition." What does that include?
Health information in any form or medium, as long as it is identified (or identifiable) as a particular person's information.
When patients receive a copy of an organization's Privacy Notice, they are asked to sign an acknowledgment. Why?
It shows they received it.
What are organizations covered by the federal HIPAA privacy law expected to do?
Organizations are expected to do all of these things.
Which of these is not a right under HIPAA?
To control all disclosures of information in the health record.
What does HIPAA's "minimum necessary" standard require of health care workers?
All of these are covered under "minimum necessary."
HIPAA's "incidental uses and disclosures" provision excuses deviations from the minimum necessary standard. What is excused?
Truly accidental "excess" uses and disclosures, where reasonable caution was otherwise used and there was no negligence.
When a privacy problem is discovered, which of the following is/are true?
All of the above
HIPAA allows health care organizations to control many information decisions. But where the patient retains control, which of the following is/are true?
If a person has a right to make a health care decision, then he/she has a right to control information associated with that decision.
With respect to permissions for uses and disclosures, HIPAA divides up health information into three categories. Into which category does information related to" treatment, payment and health care operations" go?
Uses or disclosures that can generally occur without any specific permission from the patient.
With respect to permissions for uses and disclosures, HIPAA divides up health information into three categories. Into which category do discussions with family members go?
Uses or disclosures that require generally oral agreement only.
With respect to permissions for uses and disclosures, HIPAA divides up health information into three categories. Into which category does information related to research, marketing and fundraising go?
Uses or disclosures that generally require specific written authorization.
Which of the following are organizations required to do under HIPAA?
All of the above; Organizations are expected to do all of these things.
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials