Greenmark IT HIPAA Quiz
What does the acronym HIPAA stand for?
Health Insurance Portability and Accountability Act
Health Insurance Portability and Privacy Act
Health Information Primary Accounting Act
Is your organization subject to HIPAA?
Yes
I don't know
No, because we have too few employees
No
Do you outsource your IT, computer and networking needs to an outside firm?
Yes
No, we do it ourselves or have internal IT staff
Does your organization have a BAA (Business Associates Agreement) in place with your IT firm?
Yes
No
I don't know
No, we're too small
Your IT provider has employees, some of which may not deal with IT issues. Which employees does your IT provider provide HIPAA training to?
Just the IT staff.
Just the IT staff that comes on-site.
The people that answer the phone.
The accounting staff.
People that deliver supplies and equipment.
Staff that repair office equipment, like copiers and shredders.
All staff.
No staff.
I don't know.
Do you have copies of your IT providers' internal policies and procedures on file?
Yes
No, we aren't required to
No
How does the Omnibus rule affect my relationship with my IT provider?
It has no effect
The Omnibus rule says that my organization can only do business with a HIPAA-compliant IT provider
Even though my IT provider is not HIPAA-compliant, I can continue to do business with them but my organization assumes all liability
How many patients does your organization serve? (Choose the closest answer)
100
500
1,000
2,000
5,000
10,000
If your organization has a data breach, how many patient records must be affected before you are required to report the breach to local media outlets (newspaper, television, Facebook, press statement, etc)?
100
500
1,000
2,000
5,000
10,000
PHYSICAL SECURITY QUESTIONS - Click Next to Continue
PHYSICAL SECURITY QUESTIONS - Click Next to Continue
Which physical security controls does your facility have in place?
Door locks
Monitored alarm system
Video cameras
Walls separating waiting areas from staff areas and patient care areas
Sliding window between the waiting area and the receptionist.
What brand of privacy filter do you have on your computer monitor?
3M
Fellowes
Kensington
Kantek
I don't know
None
Do all of your computer monitors have privacy filters?
Yes
Some do, some don't
No
You have just received a HIPAA audit notification, and a few of the controls requested aren't in place yet, or you didn't know about them. Do you:
Respond that you don't have these controls in place
Respond that you are working on putting these controls in place
Respond that you have these controls in place, and provide documentation
Quickly put together the controls you are missing, and provide post-dated documentation
How many line items does a typical HIPAA audit form have?
10-25
26-50
51-100
101-150
151-200
201-300
301-400
401-500
How do you submit your response to the HIPAA audit form?
US Postal Service Mail
Email
Fax
HHS Website
How many organizations are audited per year?
I've never heard of anyone getting audited.
200
400
1,000
5,000
10,000
If your organization receives a fine, who pays?
My organization does
My organization won't have to pay anything, we will promise to do better and negotiate it down to just a warning
My Errors & Omissions Insurance will cover the fine
My General Liability Insurance Policy will cover the fine
If your organization has a data breach, what is the least amount it will cost to manage it, not counting fines and legal expenses?
$100
$500
$1,000
$5,000
$10,000
$50,000
$100,000
$200,000
$500,000
$1,000,000
If your organization is fined, what is the minimum amount you can expect to pay?
$500
$1,000
$5,000
$10,000
$250,000
$500,000
$1,000,000
$2,000,000
$10,000,000
RISK ASSESSMENT QUESTIONS - Click Next to Continue
RISK ASSESSMENT QUESTIONS - Click Next to Continue
Does your organization have a written risk analysis?
Yes
No
I don't know
How many threats are defined in your risk analysis?
1-5
6-10
11-15
16-20
21-25
25+
None
I don't know
According to your risk analysis, what is your risk rating?
A+
B+
C+
D+
E
F
We don't have one
I don't know
Is your facility in or near a flight path?
Yes
No
Does your organization's risk assessment plan identify a plane crash as a possible threat?
Yes
No
Is your facility less than 50 feet from a highway?
Yes
No
Does your organization's risk assessment plan identify a heavy truck crashing into your building as a possible threat?
Yes
No
Does your risk analysis have a defined scope that defines all systems that cremate ePHI?
Yes
No
I don't know
Wut?
How often does your organization provide HIPAA training to your employees?
Once a year
Twice a year
Three times a year
Four times a year
Bi-annually
We aren't required to.
Who receives HIPAA training in your organization?
Providers
Receptionists
Nursing staff
Medical coders
Human Resources staff
Management
Owners
Internal IT staff
Janitorial Staff
Building maintenance staff
Where do you store your HIPAA training logs?
In a file cabinet
In a drawer
Electronically on our server
We don't keep any HIPAA training logs
EMPLOYEE SANCTION QUESTIONS - Click Next to Continue
EMPLOYEE SANCTION QUESTIONS - Click Next to Continue
If your organization has an employee that doesn't follow HIPAA rules, what happens to them?
They are rewarded
They are given a verbal warning
They are given a written warning
They are suspended with pay
They are suspended without pay
They are terminated
We don't need to do anything
When an employee breaks a HIPAA rule, who documents the infraction?
We don't need to document infractions
Human Resources
Management
Provider
Owner
Who has control of your domain name?
My website designer
Me
My IT company
No one
I don't know
What software was used to build your website?
HTML
Joomla
Wordpress
Drupal
Wix
I don't know
Apache
Do you have a BAA with your web hosting provider?
Yes
No, we aren't required to
How often is your website software updated?
Never
Once a month
Quarterly
Twice a year
Once a year
I don't know
If you need to make changes to your website right now, how would you do that?
I'd call my IT company to make the changes
I'd log into the website and make the changes myself
I'd have an employee do it for me
I don't know
Do you have patient testimonials on your website?
Yes
No
Where do you store your patient testimonial authorization documents?
In a file cabinet
In a drawer
Electronically in our computer system
We aren't required to have anything on file for patient testimonials
We don't have any, the patients just gave us verbal permission
Does your network have a "server" that stores patient data?
Yes
No, we just store everything on our computers
No, because our medical records software is "In The Cloud".
Is your server located in a physically secure room that cannot be accessed by anyone except your IT staff?
Yes
No
Does your server employ WDE (Whole Drive Encryption)?
Yes
No
I don't know
Do your workstations and laptops employ WDE (Whole Drive Encryption)?
Yes
No
I don't know
Where are the keys to your encrypted drives kept?
In a file cabinet
On our server in an electronic format
In the cloud
In Active Directory
Is your WIFI encrypted?
Yes
No
I don't know
Do you have guest WIFI in any of your facilities?
Yes
No
Is your guest WIFI physically separate from your staff WIFI?
Yes
No
I'm not sure
You replace an existing computer with a new one. What happens to the old one?
We give or sell it to an employee for home use.
Our IT provider takes it with them when they are finished replacing it.
We keep it.
The machine doesn't leave the facility until it is securely wiped.
In the TV show "Grey's Anatomy", how many PHI breaches are there per episode on average?
1
2
3
4
5
6
7
8
{"name":"Greenmark IT HIPAA Quiz", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What does the acronym HIPAA stand for?, If your organization has a data breach, what is the least amount it will cost to manage it?, If your organization has a data breach, how many patient records must be affected before you are required to report the breach to local media outlets (newspaper, television, Facebook, press statement, etc)?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}