• Call (262) 548-7212


  • HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)  

    HIPAA PRIVACY AND SECURITY ASSESSMENT FOR NEW HIRES
    (WAUKESHA COUNTY EMPLOYEES / CONTRACTED STAFF / STUDENTS / INTERNS / VOLUNTEERS)

    HIPAA TRAINING MATERIALS
    HIPAA Security Compliance Videos
    HIPAA Privacy Compliance Videos

    Record your answers on this form by selecting the correct letter:

    1. Protected Health Information (PHI) is information relating to:
                         
    2. Which of the following is considered PHI that must be protected:
                         
    3. Following the "Minimum Necessary Rule" means we should do which of the following:
                         
    4. What two things govern what information can be discussed?
                         
    5. PHI needs to be protected in what sources of media?
                         
    6. Why is the Privacy Rule important?
                         
    7. The HITECH Act of 2009 includes the following:
                         
    8. The Notice of Privacy Practices (NPP) gives clients/patients notice about the use/disclosure of their PHI, as well as their rights in accessing their own health information.
                         
    9. When does a client/patient need to sign the Notice of Privacy Practices (NPP)?
                         
    10. The HIPAA Privacy Rule grants individuals rights over the use of their health information and they include:
                         
    11. Under the HITECH Act, Business Associates can be held liable if a breach of PHI occurs.
                         
    12. Under the HITECH Act, Business Associates must:
                         
    13. When a privacy or security incident or violation occurs, you should do the following:
                         
    14. What are the safeguards listed in the HIPAA Security Rule we need to follow to protect our client’s information?
                         
    15. Any documents/containers containing PHI can be placed in the open trash and recycle bins for disposal and/or destruction.
                         
    16. A nurse has a bag of empty client/patient prescription bottles with labels still affixed. What is the proper way to dispose of the bottles?
                         
    17. Pick the TRUE statement:
                         
    18. Is it a violation of our client’s/patient’s privacy to view/access their record for reasons outside of your role within the organization?
                         
    19. Is the use of a fax cover sheet optional when faxing confidential information?
                         
    20. Pick the TRUE statement:
                         
    21. Examples of technical safeguards include:
                         
    22. Proper disposal methods of items that contain PHI or e-PHI include:
                         
    23. Ana regularly uses a laptop and a mobile device when she is on home visits. What ways can Ana keep her laptop/mobile device secure?
                         
    24. April consistently forgets to wear her name badge. Is this considered a violation of the HIPAA Security Rule?
                         
    25. To prevent an unauthorized person from accessing PHI on your computer under your name what should you do?
                         
    26. How can you protect our facilities?
                         
    27. To help keep your computer password secure, you should:
                         
    28. When printing documents containing PHI, you should pick up your documents from the printer
                         
    29. The clean desk policy includes:
                         
    30. Which of the following are examples of breaches?
                         
    31. What are the penalties you could face for breaching client/patient confidentiality?
                         
    32. Within how many days must a client/patient be contacted if a breach of their PHI has occurred?
                         
    33. How many clients/patients have to be affected by a breach of PHI before we need to report the breach to media/print outlets and the Department of Health and Human Services?
                         
    34. Employee Melissa walks past Therapist Jane and Client Craig while they are discussing Craig’s medications and diagnoses. What type of HIPAA violation is this considered to be?
                         
    35. What type of HIPAA violation would have been committed if you deliberately use or disclose confidential information or choose to ignore the rules, policies and procedures we have in place?
                         
    36. When you become aware of a potential privacy or security incident or breach, how soon should you contact your supervisor and the HHS HIPAA Privacy and Security Coordinator?
                         

    WAUKESHA COUNTY DEPARTMENT OF HEALTH AND HUMAN SERVICES
    CONFIDENTIALITY/NON-DISCLOSURE AGREEMENT

    I understand that Waukesha County Department of Health and Human Services (WCDHHS) has the legal and ethical responsibility to safeguard the privacy of all its clients and to protect the confidentiality of all the information we maintain in their written and/or electronic client file. I am aware that access to these records is governed by a variety of State and Federal Statutes and State Administrative Codes.

    PRIVACY:

    In the performance of my normal job duties, WCDHHS may give me access to information that is confidential in nature. This information may include, but is not limited to: billing information, records containing psychiatric, medical, Health and Human Services information, personnel records and/or payroll data of other employees and electronic computerized data.

    My use and/or access to this type of information may be required because of the nature of my job duties and assignments. I am required to protect this data and maintain the highest degree of confidentiality regarding its use, both within WCDHHS and outside of WCDHHS to the extent that I use or access this information as a result of my job duties and assignments.

    My use and/or access to confidential material as a result of my job duties and assignments is to be limited to only the information required by those job duties and assignments (“Need to Know”). If I use my job position or responsibilities to access information not required for my job, it will constitute misuse. Deliberate efforts to use the privileges accompanying my official duties to gain access to data I am not authorized for, by breaching installed security provisions or getting around them, will constitute abuse of my job responsibilities.

    I am aware that further disclosure of this information without legal authorization, as outlined in State and Federal Statutes and State Administrative Codes, is prohibited. I understand that failure to follow this will expose me to the legal consequences identified in those specific statutes and codes. Even though my personal medical records or those of my family members may be maintained by WCDHHS, I must follow the same rules as any patient would when accessing those records.

    SECURITY:

    I understand systems utilized by WCDHHS are equipped with security measures such as unique logins, passwords etc that prevent unauthorized access. My access is determined by my role within the organization. I am responsible for all entries, activities and access to accounts (systems with my user ID). I shall not share my password(s) with anyone or manipulate software or hardware configurations. I shall have no expectation of privacy in anything I create, store, send or receive on the computer system. I understand that monitoring my usage, access and activity can and will occur, without notification or request for authorization from me. Any misuse of privileges or violation of information systems will be investigated and appropriate corrective action taken.

    GENERAL OBLIGATIONS:

    Any abuse, misuse, or dissemination of any confidential information (whether listed above or not) will result in disciplinary action, which can include termination of employment. All employees, volunteers, students and contracted staff are required to uphold the confidentiality requirements beyond tenure with the County and will report any misuse of information to the HHS Privacy and Security Coordinator.

    My electronic signature below indicates that I have read this confidentiality statement and understand my responsibilities. I further acknowledge that I have been trained in and reviewed the Waukesha County Policies and Procedures governing the creation, handling, and disposal of this confidential client information and will abide by established policies and procedures.