Aurora Mental Health Center

HIPAA BASICS
HIPAA BREACH NOTIFICATION RULE
PRIVACY AND CONFIDENTIALITY

QUIZ

PLEASE RETURN THE QUIZ TO

TISH / HIS

1. Every person who works for Aurora Mental Health Center, paid or unpaid, part time or full
time, must be trained on the HIPAA regulation.
Quiz: HIPAA Basics / HIPAA Breach Notification Rule / Privacy and Confidentiality
April 2010

Page 1 of 5

a. True
b. False
2. HIPAA provides the first, comprehensive, federal health privacy protections.
a. True
b. False
3. The client has the right to request:
a.
b.
c.
d.

Access to their health information

Amendment to their record
Restriction of information disclosures
All of the above

4. We, as a provider, are allowed to deny a clients request to access to their information when:
a. The clinician determines that the information would be harmful to the client.
b. The client has agreed to waive access during the time they are participating in
research.
c. The clinician does not want the client to have the information.
d. All the above
e. Both a and b
5. What is the name of the organization that oversees compliance with the HIPAA regulation?
a.
b.
c.
d.

Colorado Division of Behavioral Health

Office for Civil Rights
Central Intelligence Agency
Coast Guard

6. The Privacy Rule provides for criminal and civil penalties for noncompliance.
a. True
b. False
7. Privacy refers to the clients right to control how their information is used and disclosed.
a. True
b. False
8. No matter what our job is, we all have a duty to protect the clients privacy.
a. True
b. False

9. Information about a client should never be discussed in the following places:

Quiz: HIPAA Basics / HIPAA Breach Notification Rule / Privacy and Confidentiality
April 2010

Page 2 of 5

a.
b.
c.
d.
e.

Hallways
Elevators
Parking lots
Restrooms
All of the above

10. It is permissible to email a funny story about a client to my friend, if I dont use the clients
name.
a. True
b. False
11. Depending on the circumstances, the Breach Notification Rule requires Aurora Mental Health
Center to report a confidentiality breach to the following people:
a.
b.
c.
d.

Client
Department of Health and Human Services
Media
All of the above

12. If I have knowledge of a confidentiality breach, I will do the following:

a.
b.
c.
d.

Immediately, report it to my Program Director

Complete the Report of Potential Confidentiality Breach
Give the form to my Program Director
All of the above

13. Which of the following are examples of events that I am required to report to my Program
Director?
a.
b.
c.
d.
e.
f.

A medication profile is faxed to the wrong number.

A volunteer, who does not have a need to know, is given access to MindLinc.
A laptop is stolen.
Un-shredded client information is found in a trash container.
An unauthorized person is seen reading a client record.
All of the above

If your work does not require you to interact with clients

or use the clinical record in any way, you may stop here.
Please sign and date the last page and send the quiz to Tish Gallagher/HIS.
THANK YOU FOR YOUR TIME!

14. Releases are required for both verbal and written disclosures to third parties.

Quiz: HIPAA Basics / HIPAA Breach Notification Rule / Privacy and Confidentiality
April 2010

Page 3 of 5

a. True
b. False
15. How many days does HIPAA allow before we must respond to a request for information?
a.
b.
c.
d.

10
15
30
45

16. If a disclosure is required by law, we do not need a Release.

a. True
b. False
17. HIPAA requires us to track all disclosures that are made without the clients authorization.
a. True
b. False
18. The following people are allowed to accept service on a subpoena.
a.
b.
c.
d.

Support staff
A supervisor
Only the person named on the subpoena
All of the above

19. If a subpoena has been served on me via fax or mail,

a.
b.
c.
d.
e.

I can ignore it because the attorney should know that personal service is the law.
I may contact the attorney to request personal service.
I can accept service by fax or mail. It is an option that I have.
All of the above
Both b and c

20. The clients original clinical record may be taken to these places:
a.
b.
c.
d.

School, for a conference

Court, in response to Subpoena to Produce
Home, to complete charting
None of the above the original chart never leaves AuMHC

21. There are statutes and common law to support the psychologist-patient privilege.
a. True
b. False

22. The following information may be given to law enforcement without a Release.

Quiz: HIPAA Basics / HIPAA Breach Notification Rule / Privacy and Confidentiality
April 2010

Page 4 of 5

a.
b.
c.
d.
e.

Basic biographical information

Basic physical information
Date and time of injury
Date and time of treatment
All of the above

Please sign and date below.

Maria Garibay Campos
Signature

Date

Maria Garibay Campos

Please print your name.

Mentor
Program Assigned To

9/30/15

Please send the completed quiz to Tish Gallagher / HIS.

THANK YOU FOR YOUR TIME!

Quiz: HIPAA Basics / HIPAA Breach Notification Rule / Privacy and Confidentiality
April 2010

Page 5 of 5