Record your answers on this form by selecting the correct letter:
1. What is protected health information (PHI)?
2. The National HIPAA privacy regulation:
3. The proper way to dispose of documents that contain client/patient information is by giving the documents to the parent/guardian for shredding.
4. If a client or fellow provider asks you about the client information you are handling, what do you do?
5. What are examples of protected health information?
6. Why is the HIPAA Privacy Rule important and how does it benefit our clients?
7. The HIPAA Privacy Rule talks about minimum necessary in regards to disclosing records. Minimum necessary is:
8. Ways we can best protect PHI is with:
9. Which of the following are examples of physical safeguards?
10. Which of the following are examples of technical safeguards?
11. When discussing client information in public areas at HHS you should:
12. When sending email that contains client information you should:
13. How can you control access to PHI?
14. For unauthorized or improper use/disclosure of PHI, which of the following can happen to you?
15. When a privacy violation occurs, you should do the following:
16. When you become aware of a potential privacy or security breach, how soon should you contact the client’s parent/guardian and service coordinator?
WAUKESHA COUNTY DEPARTMENT OF HEALTH AND HUMAN SERVICES
I understand that Waukesha County Department of Health and Human Services (WCDHHS) has the legal and ethical responsibility to safeguard the privacy of all its clients and to protect the confidentiality of all the information we maintain in their written and/or electronic client file. I am aware that access to these records is governed by a variety of State and Federal Statutes and State Administrative Codes.
In the performance of my normal job duties, WCDHHS may give me access to information that is confidential in nature. This information may include, but is not limited to: billing information, records containing psychiatric, medical, Health and Human Services information, personnel records and/or payroll data of other employees and electronic computerized data.
My use and/or access to this type of information may be required because of the nature of my job duties and assignments. I am required to protect this data and maintain the highest degree of confidentiality regarding its use, both within WCDHHS and outside of WCDHHS to the extent that I use or access this information as a result of my job duties and assignments.
My use and/or access to confidential material as a result of my job duties and assignments is to be limited to only the information required by those job duties and assignments (“Need to Know”). If I use my job position or responsibilities to access information not required for my job, it will constitute misuse. Deliberate efforts to use the privileges accompanying my official duties to gain access to data I am not authorized for, by breaching installed security provisions or getting around them, will constitute abuse of my job responsibilities.
I am aware that further disclosure of this information without legal authorization, as outlined in State and Federal Statutes and State Administrative Codes, is prohibited. I understand that failure to follow this will expose me to the legal consequences identified in those specific statutes and codes. Even though my personal medical records or those of my family members may be maintained by WCDHHS, I must follow the same rules as any patient would when accessing those records.
I understand systems utilized by WCDHHS are equipped with security measures such as unique logins, passwords etc that prevent unauthorized access. My access is determined by my role within the organization. I am responsible for all entries, activities and access to accounts (systems with my user ID). I shall not share my password(s) with anyone or manipulate software or hardware configurations. I shall have no expectation of privacy in anything I create, store, send or receive on the computer system. I understand that monitoring my usage, access and activity can and will occur, without notification or request for authorization from me. Any misuse of privileges or violation of information systems will be investigated and appropriate corrective action taken.
Any abuse, misuse, or dissemination of any confidential information (whether listed above or not) will result in disciplinary action, which can include termination of employment. All employees, volunteers, students and contracted staff are required to uphold the confidentiality requirements beyond tenure with the County and will report any misuse of information to the HHS Privacy and Security Coordinator.
My electronic signature below indicates that I have read this confidentiality statement and understand my responsibilities. I further acknowledge that I have been trained in and reviewed the Waukesha County Policies and Procedures governing the creation, handling, and disposal of this confidential client information and will abide by established policies and procedures.