exam questions

Exam CIPP-US All Questions

View all questions & answers for the CIPP-US exam

Exam CIPP-US topic 1 question 42 discussion

Actual exam question from IAPP's CIPP-US
Question #: 42
Topic #: 1
[All CIPP-US Questions]

SCENARIO -
Please use the following to answer the next question:
Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse.
Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients’ Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issues.
On the morning of his first day, Declan noticed that the newly hired receptionist handed each patient a HIPAA privacy notice. He wondered if it was necessary to give these privacy notices to returning patients, and if the radiology department could reduce paper waste through a system of one-time distribution.
He was also curious about the hospital’s use of a billing company. He questioned whether the hospital was doing all it could to protect the privacy of its patients if the billing company had details about patients’ care.
On his first day Declan became familiar with all areas of the hospital’s large radiology department. As he was organizing equipment left in the halfway, he overheard a conversation between two hospital administrators. He was surprised to hear that a portable hard drive containing non-encrypted patient information was missing. The administrators expressed relief that the hospital would be able to avoid liability. Declan was surprised, and wondered whether the hospital had plans to properly report what had happened.
Despite Declan’s concern about this issue, he was amazed by the hospital’s effort to integrate Electronic Health Records (EHRs) into the everyday care of patients. He thought about the potential for streamlining care even more if they were accessible to all medical facilities nationwide.
Declan had many positive interactions with patients. At the end of his first day, he spoke to one patient, John, whose father had just been diagnosed with a degenerative muscular disease. John was about to get blood work done, and he feared that the blood work could reveal a genetic predisposition to the disease that could affect his ability to obtain insurance coverage. Declan told John that he did not think that was possible, but the patient was wheeled away before he could explain why. John plans to ask a colleague about this.
In one month, Declan has a paper due for one his classes on a health topic of his choice. By then, he will have had many interactions with patients he can use as examples. He will be pleased to give credit to John by name for inspiring him to think more carefully about genetic testing.
Although Declan’s day ended with many questions, he was pleased about his new position.
What is the most likely way that Declan might directly violate the Health Insurance Portability and Accountability Act (HIPAA)?

  • A. By being present when patients are checking in
  • B. By speaking to a patient without prior authorization
  • C. By ignoring the conversation about a potential breach
  • D. By following through with his plans for his upcoming paper
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
impchoi
Highly Voted 2 years ago
Should be D: "Other than for treatment, covered entities must make reasonable efforts to limit the use and disclosure of PHI to the minimum necessary in order to accomplish the intended purpose." He isn't involved in the potential breach, which is why he isn't trained for it, and doesn't know all the facts of the situation. He has not obligation doesn't need to investigate any further based on anything that he heard.
upvoted 6 times
...
twiny
Most Recent 3 months, 2 weeks ago
Selected Answer: D
The correct answer is D. By following through with his plans for his upcoming paper. HIPAA violations can occur when an individual's PHI is improperly disclosed without consent. In this scenario, Declan is planning to use John's name and information related to his medical situation for a paper, which would be a direct violation of HIPAA. Sharing patient information, especially identifying details like names, without explicit authorization is prohibited under HIPAA, unless certain exceptions apply (such as for treatment, payment, or healthcare operations). Since John has not given consent for his information to be shared (Declan did not even ask for it), Declan would be violating HIPAA by including this information in his paper. According to the author, the correct answer is C. By ignoring the conversation about a potential breach. While reporting breaches is important and ignoring the conversation about a potential breach may be ethically concerning, it is not a direct HIPAA violation.
upvoted 1 times
...
Bhimesh
8 months, 3 weeks ago
Selected Answer: D
What is the most likely way that Declan might “DIRECTLY” violate the Health Insurance Portability and Accountability Act (HIPAA)? Should be D. By following through with his plans for his upcoming paper - (Directly) • A. By being present when patients are checking in – it wont violate the HIPAA • B. By speaking to a patient without prior authorization – it wont hurt • C. By ignoring the conversation about a potential breach –INDIRECT – overheard, this would be considered hearsay, which is generally inadmissible • D. By following through with his plans for his upcoming paper - Directly A HIPAA violation refers to the failure to comply with HIPAA rules, which can include ‘Unauthorized access, use, or Disclosure ‘ of Protected Health Information (PHI),
upvoted 1 times
...
[Removed]
1 year, 7 months ago
My thoughts: The question asks what is the most "likely" way he violated HIPPA. The most likely way is that he disclosed PHI of someone at the hospital in the paper that is published publicly. Whereas, D may be correct, but remember that he would need to disclose this if there is a high probability of breach. Here, he merely heard it from others without actual evidence so it is not likely that this would be a HIPPA violation, but could. Since the question is about likelihood of a violation, D is more of a right answer.
upvoted 1 times
...
Supp2023
1 year, 8 months ago
In my opinion, C is still right- as a hospital employee, if he ignores the conversation about the breach, then he is equally responsible. Although, I believe the hospital would be at fault here, not each individual employee. Thoughts anyone?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago