1) According to HIPAA regulations, pharmacy teams are considered covered entities because they:
Dispense medication to patients and counsel patients
Create records, transmit patient health information, and bill services
Allow patients to purchase magazines, cosmetics, and toys at the pharmacy register
Take continuing education activities before each license renewal
2) Which of the following is not protected health information (PHI)?
Patient name
Telephone number
Biometric data
Temperature scan
3) Which of the following is a critical step for a covered entity to implement security management and ensure HIPAA compliance?
Purchase a new computer
Have all phone calls go directly to voicemail
Conduct a risk assessment
Install video surveillance
4) As of 2024, protected patient records now include substance use disorder (SUD) treatment records. These records were made confidential to
address concerns that discrimination and fear of prosecution may deter people from entering treatment for SUDs.
ensure that SUDs records do not become part of a patient’s EHRs.
enable all members of a health care team to see the patient’s SUD records.
help clinicians identify drug diversion cases.
5) A clinician’s role is to protect identifiable patient information from inadvertent disclosure. Which of the following is PHI?
A brochure in the waiting area about smoking cessation programs
Billing information from last month’s new and refill prescriptions
A letter to residents with a photograph of a healthy heart and exercise tips
Billing information from the wholesaler to the pharmacy department
6) A patient comes to the pharmacy after being discharged from the hospital, where they were treated for a Legionella infection. The patient tells you they believe HIPAA has been violated because the State Health Department called them at home asking how they contracted Legionnaires’ disease. How do you respond?
Ask if they are taking university classes because health records can always be disclosed to a school without written authorization as long as the individual is actively enrolled in the university.
Advise the patient to call the police because PHI about Legionella may not be disclosed without a patient’s permission, and someone improperly shared information after their discharge.
Advise that public health agencies can collect health information to prevent or control disease, and note that Legionella infection is a nationally notifiable disease monitored by the CDC.
Inform the patient that everything is okay because protected health information is available to anyone who requests it, and a notice about data sharing is prominently posted in hospitals and on hospital websites.
7) According to the HIPAA Breach Notification rule, entities must report a breach affecting more than 500 individuals within
24 hours
30 days
60 days
90 days
8) What is the maximum financial penalty per year for HIPAA violations?
$250,000
$1,502,231
$4.8 million
$2,134,831
9) Which of the following represents a permissible disclosure of PHI without patient consent?
Reporting a patient with a diagnosis of tuberculosis to the health department
Sharing the patient's diagnosis with family members
Posting a patient's success stories on social media with the patient’s name
Discussing specifics about a patient's case with a colleague in a setting where others may hear the conversation
10) A clinician interested in learning how to navigate AI and how to enter patient cases to determine diagnosis asks for advice. Which choice below is the best advice to provide?
Only enter the patient’s defined PHI identifiers
AI should always be used to streamline the documentation of patient interactions
Personal health information can be entered on an online AI platform, so long as the system has an activated VPN
Personal health information should not be entered on an online AI platform directly or through an AI inquiry without adequate security protocols

Question

1) According to HIPAA regulations, pharmacy teams are considered covered entities because they:
Dispense medication to patients and counsel patients
Create records, transmit patient health information, and bill services
Allow patients to purchase magazines, cosmetics, and toys at the pharmacy register
Take continuing education activities before each license renewal
2) Which of the following is not protected health information (PHI)?
Patient name
Telephone number
Biometric data
Temperature scan
3) Which of the following is a critical step for a covered entity to implement security management and ensure HIPAA compliance?
Purchase a new computer
Have all phone calls go directly to voicemail
Conduct a risk assessment
Install video surveillance
4) As of 2024, protected patient records now include substance use disorder (SUD) treatment records. These records were made confidential to
address concerns that discrimination and fear of prosecution may deter people from entering treatment for SUDs.
ensure that SUDs records do not become part of a patient’s EHRs.
enable all members of a health care team to see the patient’s SUD records.
help clinicians identify drug diversion cases.
5) A clinician’s role is to protect identifiable patient information from inadvertent disclosure. Which of the following is PHI?
A brochure in the waiting area about smoking cessation programs
Billing information from last month’s new and refill prescriptions
A letter to residents with a photograph of a healthy heart and exercise tips
Billing information from the wholesaler to the pharmacy department
6) A patient comes to the pharmacy after being discharged from the hospital, where they were treated for a Legionella infection. The patient tells you they believe HIPAA has been violated because the State Health Department called them at home asking how they contracted Legionnaires’ disease. How do you respond?
Ask if they are taking university classes because health records can always be disclosed to a school without written authorization as long as the individual is actively enrolled in the university.
Advise the patient to call the police because PHI about Legionella may not be disclosed without a patient’s permission, and someone improperly shared information after their discharge.
Advise that public health agencies can collect health information to prevent or control disease, and note that Legionella infection is a nationally notifiable disease monitored by the CDC.
Inform the patient that everything is okay because protected health information is available to anyone who requests it, and a notice about data sharing is prominently posted in hospitals and on hospital websites.
7) According to the HIPAA Breach Notification rule, entities must report a breach affecting more than 500 individuals within
24 hours
30 days
60 days
90 days
8) What is the maximum financial penalty per year for HIPAA violations?
$250,000
$1,502,231
$4.8 million
$2,134,831
9) Which of the following represents a permissible disclosure of PHI without patient consent?
Reporting a patient with a diagnosis of tuberculosis to the health department
Sharing the patient's diagnosis with family members
Posting a patient's success stories on social media with the patient’s name
Discussing specifics about a patient's case with a colleague in a setting where others may hear the conversation
10) A clinician interested in learning how to navigate AI and how to enter patient cases to determine diagnosis asks for advice. Which choice below is the best advice to provide?
Only enter the patient’s defined PHI identifiers
AI should always be used to streamline the documentation of patient interactions
Personal health information can be entered on an online AI platform, so long as the system has an activated VPN
Personal health information should not be entered on an online AI platform directly or through an AI inquiry without adequate security protocols

Your name

Your answer