MCQ Quiz-Federal Regulation of Pharmacy Practice-HIPAA

MCQ Quiz: Federal Regulation of Pharmacy Practice: HIPAA

by

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a critical federal law that forms the bedrock of patient privacy protection in the United States. For pharmacists, who handle sensitive patient information daily, strict adherence to HIPAA is a legal and ethical imperative. This topic is a cornerstone of the Principles of Pharmacy Law and Ethics course “. This quiz will test your knowledge of the HIPAA Privacy Rule, the management of Protected Health Information (PHI), and the patient rights guaranteed by this landmark legislation.

1. HIPAA stands for:

  • a. Health Information Patient Access Act
  • b. Health Insurance Portability and Accountability Act
  • c. Healthcare Provider and Accountability Act
  • d. Honest Information and Privacy Assurance Act

Answer: b. Health Insurance Portability and Accountability Act

2. The primary purpose of the HIPAA Privacy Rule is to:

  • a. Set standards for the protection of individually identifiable health information.
  • b. Determine the price of medications.
  • c. Regulate the manufacturing of drugs.
  • d. Standardize the education of pharmacists.

Answer: a. Set standards for the protection of individually identifiable health information.

3. Any health information that can be used to identify a patient and relates to their past, present, or future health condition or payment for healthcare is known as:

  • a. Private Health Information (PHI)
  • b. Personal Health Identification (PHI)
  • c. Protected Health Information (PHI)
  • d. Patient Health and Info (PHI)

Answer: c. Protected Health Information (PHI)

4. Which of the following is considered one of the 18 HIPAA identifiers?

  • a. The patient’s name
  • b. The patient’s address
  • c. The patient’s date of birth
  • d. All of the above

Answer: d. All of the above

5. Under HIPAA, a pharmacy can use or disclose Protected Health Information (PHI) without patient authorization for TPO. TPO stands for:

  • a. Testing, Procedures, and Operations
  • b. Treatment, Payment, and Healthcare Operations
  • c. Transfer, Payment, and Oversight
  • d. Triage, Pharmacy, and Oncology

Answer: b. Treatment, Payment, and Healthcare Operations

6. Explaining patient privacy and confidentiality as required by HIPAA is a specific objective in the CIPPE course.

  • a. True
  • b. False

Answer: a. True

7. A pharmacist calls a physician’s office to clarify a dose on a prescription. This disclosure of PHI is permissible under which component of TPO?

  • a. Treatment
  • b. Payment
  • c. Operations
  • d. It is not a permissible disclosure.

Answer: a. Treatment

8. A pharmacy submits a claim to a patient’s insurance company for a dispensed medication. This is a permissible disclosure for the purpose of:

  • a. Treatment
  • b. Payment
  • c. Operations
  • d. Marketing

Answer: b. Payment

9. The “minimum necessary” standard under HIPAA means that a pharmacy should:

  • a. Use or disclose the maximum amount of PHI possible.
  • b. Use or disclose only the minimum amount of PHI needed to accomplish the intended purpose.
  • c. Only provide the minimum necessary amount of medication.
  • d. Only provide care to a minimum number of patients.

Answer: b. Use or disclose only the minimum amount of PHI needed to accomplish the intended purpose.

10. A pharmacy must provide each new patient with what document detailing how their PHI will be used and disclosed?

  • a. A copy of the HIPAA law.
  • b. A Notice of Privacy Practices (NPP).
  • c. A list of all employees.
  • d. A coupon for their first prescription.

Answer: b. A Notice of Privacy Practices (NPP).

11. The principles of pharmacy law are a core course in the curriculum.

  • a. True
  • b. False

Answer: a. True

12. A patient has the right to request and receive a copy of their pharmacy records.

  • a. True
  • b. False

Answer: a. True

13. A pharmacist is counseling a patient at a busy counter and another patient overhears the first patient’s name. This is an example of a(n):

  • a. Reportable HIPAA breach that requires patient notification.
  • b. Incidental disclosure, which is not a violation if reasonable safeguards are in place.
  • c. Willful violation of HIPAA.
  • d. Disclosure for payment.

Answer: b. Incidental disclosure, which is not a violation if reasonable safeguards are in place.

14. A pharmacist leaves a detailed voicemail on a patient’s family answering machine that includes the name of the drug and what it is for. This could be a:

  • a. Permissible disclosure.
  • b. Violation of the minimum necessary standard.
  • c. Best practice for patient communication.
  • d. Requirement under OBRA ’90.

Answer: b. Violation of the minimum necessary standard.

15. Counseling patients on the appropriate use of medications is a key objective that must be done in a HIPAA-compliant manner.

  • a. True
  • b. False

Answer: a. True

16. Which federal agency is primarily responsible for enforcing the HIPAA Privacy and Security Rules?

  • a. The FDA
  • b. The DEA
  • c. The Office for Civil Rights (OCR)
  • d. The Federal Trade Commission (FTC)

Answer: c. The Office for Civil Rights (OCR)

17. A pharmacy technician posts a photo on social media that has a prescription label with a patient’s name visible in the background. This is:

  • a. An acceptable use of social media.
  • b. A serious HIPAA violation.
  • c. An incidental disclosure.
  • d. Permissible if the patient’s face is not visible.

Answer: b. A serious HIPAA violation.

18. A patient’s right to request an “accounting of disclosures” means they can receive a list of:

  • a. All times their PHI has been used or disclosed for any reason.
  • b. Disclosures of their PHI made for purposes other than TPO (Treatment, Payment, Operations).
  • c. All prescriptions they have filled in the past year.
  • d. All the pharmacists who have viewed their profile.

Answer: b. Disclosures of their PHI made for purposes other than TPO (Treatment, Payment, Operations).

19. A pharmacist providing MTM services to a patient is a permissible use of PHI under the “Treatment” component of TPO.

  • a. True
  • b. False

Answer: a. True

20. A key administrative requirement of HIPAA for a pharmacy is to:

  • a. Designate a privacy officer.
  • b. Provide training to all employees.
  • c. Implement policies and procedures to protect PHI.
  • d. All of the above.

Answer: d. All of the above.

21. A patient’s spouse comes to pick up a prescription. The pharmacist can infer permission and disclose PHI to the spouse if:

  • a. The pharmacist uses their professional judgment and the patient has not previously objected.
  • b. The spouse knows the patient’s date of birth.
  • c. The spouse is paying for the prescription.
  • d. A pharmacist should never disclose PHI to a family member.

Answer: a. The pharmacist uses their professional judgment and the patient has not previously objected.

22. The HIPAA Security Rule specifically applies to:

  • a. Paper-based records only.
  • b. Spoken communication only.
  • c. Electronic Protected Health Information (ePHI).
  • d. The physical layout of the pharmacy.

Answer: c. Electronic Protected Health Information (ePHI).

23. The “Medication Safety” module in the curriculum relates to HIPAA because privacy breaches are a type of safety event.

  • a. True
  • b. False

Answer: a. True

24. A patient requests that the pharmacy not disclose information about a specific prescription to their insurance company. The patient is paying cash. The pharmacy:

  • a. Must still report it to the insurance company.
  • b. Can ignore the patient’s request.
  • c. Must honor the patient’s request.
  • d. Should refuse to fill the prescription.

Answer: c. Must honor the patient’s request.

25. A pharmacist’s professional code of ethics requires maintaining patient confidentiality, which aligns with the principles of HIPAA.

  • a. True
  • b. False

Answer: a. True

26. The law course PHA5703 is foundational to understanding HIPAA requirements.

  • a. True
  • b. False

Answer: a. True

27. Which of the following is NOT considered PHI?

  • a. A patient’s medical record number.
  • b. De-identified data used for a large research study.
  • c. A patient’s email address linked to their health condition.
  • d. A photograph of a patient’s face.

Answer: b. De-identified data used for a large research study.

28. An active learning session on pharmacy law is a key part of which course?

  • a. PHA5703 Principles of Pharmacy Law and Ethics
  • b. PHA5163L Professional Skills Lab 3
  • c. PHA5781 Patient Care I
  • d. PHA5782C Patient Care 2

Answer: a. PHA5703 Principles of Pharmacy Law and Ethics

29. The “minimum necessary” standard does not apply to disclosures made:

  • a. To the patient themselves.
  • b. To another healthcare provider for treatment purposes.
  • c. When required by law.
  • d. All of the above.

Answer: d. All of the above.

30. A pharmacist receives a subpoena for a patient’s records. The pharmacist should:

  • a. Immediately provide all of the patient’s records.
  • b. Refuse to provide any records.
  • c. Verify the validity of the subpoena and provide only the specific information requested.
  • d. Call the patient and ask them what to do.

Answer: c. Verify the validity of the subpoena and provide only the specific information requested.

31. The Notice of Privacy Practices (NPP) must be:

  • a. Given to the patient on their first service encounter.
  • b. Posted in a clear and prominent location in the pharmacy.
  • c. Made available on the pharmacy’s website if they have one.
  • d. All of the above.

Answer: d. All of the above.

32. A patient has a right to request an amendment to their health record if they believe it is inaccurate.

  • a. True, and the pharmacy must always make the change.
  • b. True, but the pharmacy can deny the request if it determines the record is accurate and complete.
  • c. False, patients cannot request amendments.
  • d. True, but only if the patient has a lawyer.

Answer: b. True, but the pharmacy can deny the request if it determines the record is accurate and complete.

33. The “HITECH” Act strengthened HIPAA by:

  • a. Introducing stricter penalties for violations.
  • b. Adding breach notification requirements.
  • c. Both a and b.
  • d. Neither a nor b.

Answer: c. Both a and b.

34. Under the HITECH Act’s breach notification rule, a pharmacy must notify a patient following a breach of their unsecured PHI.

  • a. True
  • b. False

Answer: a. True

35. A pharmacist leaving a computer screen with patient profiles visible to the public is a potential violation of HIPAA.

  • a. True
  • b. False

Answer: a. True

36. A “business associate” under HIPAA is:

  • a. Any employee of the pharmacy.
  • b. An external person or entity that performs functions on behalf of the pharmacy and has access to PHI (e.g., a software vendor).
  • c. The patient’s spouse.
  • d. The prescribing physician.

Answer: b. An external person or entity that performs functions on behalf of the pharmacy and has access to PHI (e.g., a software vendor).

37. Which of the following is an example of a “healthcare operation” for which PHI disclosure is permitted?

  • a. Marketing a non-health related product to a patient.
  • b. Selling a patient list to a pharmaceutical company.
  • c. Internal quality assessment and improvement activities.
  • d. Disclosing information to a patient’s employer.

Answer: c. Internal quality assessment and improvement activities.

38. The HIPPE curriculum requires students to display professionalism, which includes maintaining confidentiality.

  • a. True
  • b. False

Answer: a. True

39. A pharmacist can be held personally liable for a HIPAA violation.

  • a. True
  • b. False

Answer: a. True

40. A key aspect of HIPAA’s Security Rule is ensuring the:

  • a. Confidentiality, Integrity, and Availability of electronic PHI.
  • b. Low cost of prescription drugs.
  • c. Speed of dispensing.
  • d. Physical comfort of the pharmacy staff.

Answer: a. Confidentiality, Integrity, and Availability of electronic PHI.

41. The most important reason for a pharmacist to be an expert on HIPAA is to:

  • a. Avoid penalties and fines.
  • b. Protect patient privacy and maintain patient trust.
  • c. Pass the MPJE.
  • d. All of the above.

Answer: d. All of the above.

42. A patient requests a list of all disclosures of their PHI for the past year. This is their right under HIPAA.

  • a. True
  • b. False

Answer: a. True

43. Which of the following is NOT one of the TPO exceptions to requiring patient authorization?

  • a. A pharmacist calling a doctor to clarify a dose.
  • b. A pharmacy submitting a claim to an insurer.
  • a. A pharmacist providing a patient’s medication list to their employer for a work-related issue.
  • d. A pharmacy conducting an internal audit of its dispensing accuracy.

Answer: c. A pharmacist providing a patient’s medication list to their employer for a work-related issue.

44. A pharmacy must make a “good faith effort” to obtain a signed acknowledgment of the Notice of Privacy Practices from a new patient.

  • a. True
  • b. False

Answer: a. True

45. If a patient refuses to sign the acknowledgment of the NPP, the pharmacist can:

  • a. Refuse to provide any pharmacy services to the patient.
  • b. Still provide treatment to the patient, but must document the refusal.
  • c. Require the patient to pay cash for all prescriptions.
  • d. Report the patient to the Office for Civil Rights.

Answer: b. Still provide treatment to the patient, but must document the refusal.

46. Proper disposal of documents containing PHI (e.g., shredding) is a requirement of HIPAA.

  • a. True
  • b. False

Answer: a. True

47. The CIPPE curriculum explicitly requires students to be able to explain patient privacy under HIPAA.

  • a. True
  • b. False

Answer: a. True

48. A conversation between two pharmacists about a patient’s therapy is permissible if conducted:

  • a. In the middle of a crowded store.
  • b. In a way that minimizes the chance of being overheard by the public.
  • c. On their personal social media accounts.
  • d. With the patient’s family members.

Answer: b. In a way that minimizes the chance of being overheard by the public.

49. The overall purpose of HIPAA in the context of pharmacy practice is to:

  • a. Create barriers to providing efficient patient care.
  • b. Establish a national standard to protect patient privacy while allowing for the flow of health information needed to provide high-quality care.
  • c. Increase the amount of paperwork required for each prescription.
  • d. Give patients full control over all uses of their health information.

Answer: b. Establish a national standard to protect patient privacy while allowing for the flow of health information needed to provide high-quality care.

50. The ultimate reason to master HIPAA regulations is to:

  • a. Fulfill a legal duty and uphold the ethical principle of confidentiality, thereby building trust with patients.
  • b. Avoid penalties.
  • c. Pass the MPJE.
  • d. Both a and c.

Answer: d. Both a and c.

Leave a Comment