HIPAA-Confidentiality, Rights and Responsibilities

Welcome to the HIPAA-Confidentiality, Rights and Responsibilities. This quiz contains 16 questions. In order for you to pass, you must answer 13 of 16 correctly. At the end of the quiz you will be notified of the number of questions you answered correctly. If you did not get at least 13 correct, you must take the quiz again

First & Last Name (required)
HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA provides safeguards for PHI (protected health information) and rights for persons served. HIPAA privacy standards identify who has access to what PHI, persons' served rights of control over their health care information, defines inappropriate access and use of health care information, and determines who is accountable for protecting it.



QUESTION 1: PHI refers to information that is protected under HIPAA regulations?

All information in a persons' served file is considered confidential, not just health-related information. This includes, but is not limited to: medical records, personal information, past records, programming issues, etc. The following information, relative to individuals receiving services from Progress Industries, shall be held confidential: names and addresses of individuals receiving services, and types of services; information concerning the social and economic conditions or circumstances of persons served; evaluations, medical or psychiatric data, including diagnosis and history of disease and/or disability. None of this information shall be disclosed to or used by any person or agency except for purposes of administration of programs or services.



QUESTION 2: The name and address of persons served is considered confidential?

PHI also includes any individually identifiable health information. This includes:

• Name
• Address
• Birthdate, admission date, discharge date, date of death, etc.
• Telephone numbers
• Fax numbers
• Electronic mail addresses
• Social security numbers
• Medical records numbers
• Health plan beneficiary numbers
• Account numbers
• Certificate/license numbers
• Vehicle identifiers
• Device identifiers and serial numbers
• Web URL's
• Internet Protocol (IP) address numbers
• Biometric information – fingerprints, etc.
• Full face photographic images
• Any other unique identifying numbers, characteristics, etc.



QUESTION 3: Photographs and fingerprints are forms of protected health information because they can be used to identify a person served.

HIPAA regulations do not pertain to workers compensation, education, and employment records.
Practical steps must be taken to avoid breaches of PHI to persons who are not authorized to have this information. It is each staff person's responsibility to reasonably safeguard against incidental disclosure of information and provide information that is the minimum necessary.



QUESTION 4: It is every employee's responsibility to safeguard against unauthorized access to PHI.

A breach is when PHI is released or disclosed or made accessible to people who are not authorized to have such information. Examples of how breaches occur are:

• Having PHI on cell phones, or i-pads or laptops that are not secure.
• Saving PHI to removable devises (such as thumb drives) that are not secure
• Saving PHI anywhere other than to a secure network
• Talking in public areas (restrooms, lobby, restaurants, etc)
• Forgetting to log off your computer
• Having visitors at your work place
• Taking photos at work
• Use of social media at work
• Having your car broke into and PHI is stolen



QUESTION 5: Talking about persons served in public areas or taking their photos could cause a breach of confidential information.

What can I do to prevent breaches of PHI?

• Log off your computer when you are not using it
• Do not share your login in names or passwords with ANYONE
• Do not save any PHI to removable devises, and only to network drives
• Never take photos at work unless asked to do so by a supervisor, for investigative purposes
• Never use social media while working
• Make sure all hand-held devices are password protected.
• Do not allow family or friends to come to your work place.



QUESTION 6: Staff should not access social media at work.

If you discover that confidential information has been breached, you should contact Shelly Nesheim, the Privacy Officer for Progress Industries.

Penalties can be accessed for people who fail to protect PHI. Whether deliberate or accidental, breaches can cost employees and employers up to thousands, even millions of dollars in penalties.



QUESTION 7: Failing to protect persons served health information could cost thousands of dollars in penalties.

Progress Industries is responsible to secure all PHI against loss, defacement, tampering or use by unauthorized persons. Records should be protected in locked files under the direct supervision of the individuals' program manager. Written consent from the person served and/or guardian is required before release of any PHI.

Oral transmission of the contents of the persons' served records should only be given to persons authorized to hear such information. Those persons are the individual's assigned worker from IVRS (Iowa Vocational Rehabilitation Services), County Social Workers, Case Managers, Department of Human Services, State and Federal auditors, and others authorized by law and/or licensing agencies.

When information is released without a signed consent, there shall be documentation of what information was released, to whom the information was released, and circumstances prompting the release. In the case of accreditation or certification, Progress Industries may require, before releasing information, that the outside party sign a statement that the information is essential to the performance of the outside party's work and that the outside party recognizes the confidentiality of the information and will not disclose any information which personally identifies persons served. When such a release is granted, a note shall be entered in the persons' served record.




QUESTION 8: Persons served records should be kept in locked files under the supervision of the individual's program manager.

Any information release should be limited to that which is necessary for the individual or agency requesting the information. Release forms should be completed in full prior to the release of any information. Release forms should contain content to be released, the form to be released, to whom, for what purpose, the name of the person concerned, the date signed, the length of time authorized, and the signature of the person legally authorized to sign. Persons served and their guardians have full access to the information in their records. Persons served may review their records and take notes or photocopy. Exceptions to a signed release of information shall be permitted only for disclosures required by law, bona fide emergencies, and provider certification or licensure purposes.

Persons served have a right to file a complaint with the Privacy Officer. Persons served may amend information Progress Industries has about them by submitting a written request to the Privacy Officer.




QUESTION 9: Releases of information should include the name of the person to whom the information is to be released.

All persons served have the same rights as everyone else. All staff will abide by these rights and will assist each person served to understand and pursue their rights. Staff will treat all persons served with dignity and respect.

Basic Rights include: I have the right to say what's on my mind; I have the right to practice the religion of my choice; I have the right to sexual expression; I have the right to the same treatment as everyone else even if my race, color, religion, beliefs, national origin, citizenship, sexual preference, age, gender, disability or illness is different; I have the right to vote; I have the right to be protected from others taking my life, freedom an belongings without following legal steps.




QUESTION 10: Persons served have the right to vote.

Rights about Self-Advocacy/Choices are: I have the right to speak for myself and help decide what happens in my life; I have the right to receive all information I need to make those decisions; I have the right to ask for help or say no to help from others.

Rights about grievances are: I have the right to disagree with any decision make about me; I have the right to receive help in trying to change a decision; I have the right to complain about staff if I think they are being unfair; I have the right to fair treatment from staff even if I have complained about them.




QUESTION 11: Persons served have the right to complain about staff if they feel they are not being treated fairly.

Rights about Communication are: I have the right to talk to or keep in touch with people of my choice; I have the right to send and receive unopened mail.

Rights about Confidentiality/Privacy are: I have the right to personal privacy; I have the right to have information about me kept private.

Rights about Finances are: I have the right to be paid for work I do at my job site; I have the right to my own money and my own belongings; I have the right to purchase property and enter into contracts.

Rights about Treatment are: I have the right to kind and fair treatment from everyone; I have the right to not be forced to do something I don't want or fear to do.




QUESTION 12: Persons served have the right to purchase property and enter into contracts.

Rights regarding Relationships are: I have the right to have friends and relationships; I have the right to be alone with visitors.

Rights involving Community Membership are: I have the right to go and/or be part of activities in my community.

Rights regarding Restrictions are: I have the right to be free of unnecessary limits (restrictions); I have the right to have restrictions on me looked at regularly.




QUESTION 13: Persons served have the right to be alone with visitors.

Staff will also assist each person served to become aware, and understand the following responsibilities. General responsibilities include: understand the laws or ask for help if I do not understand them; treat others nicely; let others know if I am not being treated nicely; never hurt others; let others know if someone is hurting me; take part in and know what my plan is and to ask questions if I do not understand something; be honest when I do not agree with something; respect others' feelings and privacy about sex; respect others when they say no to sex; learn, understand and make informed decisions regarding sexual relationships I choose; make arrangements when I want to go someplace; let others know when I change my mind or decide not to go somewhere.




QUESTION 14: Persons served are not expected to take part in or know what is in their plan.

Responsibilities at home include: respect others' right to privacy; let others know when I want to be alone; speak up if I feel like I am being forced to do something; keep my house safe and clean; let others know if something is wrong at my home; let others know if I need help; let others know when I am sick or not feeling well; follow my doctor's orders about medications, diet and my health; budget my money and pay my bills; spend my money on things I need/want within my budget; use the telephone in a respectful way; take good care of my belongings.




QUESTION 15: It is the persons served responsibility to follow doctor orders regarding medications but not diet and exercise.

Responsibilities at work include: get to work on time; look my best on the job; follow the work rules; do my best at my job; be friendly with co-workers; be willing to learn new things; talk to my supervisor if I am having a problem; keep my work area safe, neat and clean; return from breaks and lunch on time.




QUESTION 16: If a person served is having a problem at their work site, instead of speaking with their supervisor, they should be encouraged to go home and talk to their residential staff about the problem.

Non-Disclosure Agreement
As part of my employment with Progress Industries ("PI"), I have access to protected health information ("PHI") protected by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). By submitting my quiz, I am attesting that: