• Call (262) 548-7212



    Record your answers on this form by selecting the correct letter:

    1. What provides the establishment of a nationwide framework for the protection of patient confidentiality, security of electronic systems and the electronic transmission of data?
    2. What does PHI stand for?
    3. Why is the Privacy Rule important?
    4. Protected Health Information (PHI) is information relating to:
    5. PHI needs to be protected in what sources of media?
    6. You are responsible for your username/password when accessing the computer system as well as all information accessed under this logon.
    7. HIPAA allows workers to use, share or release only the minimum necessary information to perform your job without compromising patient care.
    8. Which of the following is considered PHI that must be protected:
    9. Accessing more information than is required to perform your job duties is a violation of HIPAA and may become a breach of PHI.
    10. A local celebrity is a client at HHS. Since we are all “HIPAA-tized” it’s okay to talk with other staff about the celebrity and share details of their care.
    11. It is okay to view the records of your family and/or friends when you want to know what is going on with them.
    12. Sarah leaves printed client information on the MFD and goes on a home visit. Is this permissible to do?
    13. Which of the following are ways we can protect confidentiality?
    14. The Notice of Privacy Practices (NPP) gives clients/patients notice about the use/disclosure of their PHI, as well as their rights in accessing their own health information.
    15. Staff should be aware of what is included in the NPP, where it is posted and where copies can be obtained.
    16. It is permissible to discuss client information or have discussions with clients in the elevator, lobby, hallway or other public area.
    17. It is permissible to share information with other staff that you accidentally overhear or see about a client.
    18. Faxing PHI should be limited in nature. Ways we can safeguard the PHI we do fax would include:
    19. Can you dispose of pill containers/documents/CDs/DVDs that contain PHI in the open trash and recycle bins or should it go into the confidential shredding bins?
    20. Examples of how we protect the security of client information include:
    21. Who is the Acting HHS HIPAA Privacy & Security Coordinator that you would report potential/actual HIPAA incidents/violations to?
    22. True or False: It is okay to leave your computer unlocked when you leave your work area, since you will be away from your computer for only for a couple minutes.
    23. Which of the following are examples of a breach?
    24. What are the penalties you could face for breaching client/patient confidentiality?
    25. True or False: It is okay to take pictures/videos on your mobile device at work and post it to Facebook or other social media outlets, even when clients could possibly be walking through and may be in the background of the picture or video.
    26. Requirements surrounding user IDs and passwords include:
    27. True or False: A breach is considered “discovered” on the first day a covered entity knows or should have known about it.
    28. True or False: The technical, physical and policy safeguards we have in place to secure PHI are not fully effective without the cooperation of all staff.
    29. You are required to report any potential/actual HIPAA incidents/violations that you either willing or unwillingly participate in or witness immediately to the HHS HIPAA Privacy/Security Coordinator or your supervisor


    I understand that Waukesha County Department of Health and Human Services (WCDHHS) has the legal and ethical responsibility to safeguard the privacy of all its clients and to protect the confidentiality of all the information we maintain in their written and/or electronic client file. I am aware that access to these records is governed by a variety of State and Federal Statutes and State Administrative Codes.


    In the performance of my normal job duties, WCDHHS may give me access to information that is confidential in nature. This information may include, but is not limited to: billing information, records containing psychiatric, medical, Health and Human Services information, personnel records and/or payroll data of other employees and electronic computerized data.

    My use and/or access to this type of information may be required because of the nature of my job duties and assignments. I am required to protect this data and maintain the highest degree of confidentiality regarding its use, both within WCDHHS and outside of WCDHHS to the extent that I use or access this information as a result of my job duties and assignments.

    My use and/or access to confidential material as a result of my job duties and assignments is to be limited to only the information required by those job duties and assignments (“Need to Know”). If I use my job position or responsibilities to access information not required for my job, it will constitute misuse. Deliberate efforts to use the privileges accompanying my official duties to gain access to data I am not authorized for, by breaching installed security provisions or getting around them, will constitute abuse of my job responsibilities.

    I am aware that further disclosure of this information without legal authorization, as outlined in State and Federal Statutes and State Administrative Codes, is prohibited. I understand that failure to follow this will expose me to the legal consequences identified in those specific statutes and codes. Even though my personal medical records or those of my family members may be maintained by WCDHHS, I must follow the same rules as any patient would when accessing those records.


    I understand systems utilized by WCDHHS are equipped with security measures such as unique logins, passwords etc that prevent unauthorized access. My access is determined by my role within the organization. I am responsible for all entries, activities and access to accounts (systems with my user ID). I shall not share my password(s) with anyone or manipulate software or hardware configurations. I shall have no expectation of privacy in anything I create, store, send or receive on the computer system. I understand that monitoring my usage, access and activity can and will occur, without notification or request for authorization from me. Any misuse of privileges or violation of information systems will be investigated and appropriate corrective action taken.


    Any abuse, misuse, or dissemination of any confidential information (whether listed above or not) will result in disciplinary action, which can include termination of employment. All employees, volunteers, students and contracted staff are required to uphold the confidentiality requirements beyond tenure with the County and will report any misuse of information to the HHS Privacy and Security Coordinator.

    My electronic signature below indicates that I have read this confidentiality statement and understand my responsibilities. I further acknowledge that I have been trained in and reviewed the Waukesha County Policies and Procedures governing the creation, handling, and disposal of this confidential client information and will abide by established policies and procedures.