152 Introduction to Health Information Privacy and Security CHECK YOUR UNDERSTANDING 6.1 Instructions: Indicate whether the following statements are true or false (T or F 1. All types of final administrative rules must be preceded by a Notice of Proposed Rulemaking. 2. A BA must only comply with HIPAA if a written contract is in place tha identifies it as a BA. 3. The theft of data that has been secured does not constitute a breach. 4. If 500 or more people are affected by a PHI breach, the Secretary of HHS must be notified immediately. 5. Per HITECH, BAs must comply with the administrative, physica technical safeguards of the HIPAA Security Rule Individual Rights (Section 13405 individuals to take, withoult aJ must continue to be given to new patients. navInng HaVllg tO aJR 10I to NPP CHECK YOUR UNDERSTANDING 6.2 Instructions: Indicate whether the following statements are true or false (T or F). 1. HITECH gives state attorneys general the power to bring civil actions in federal district court on behalf of residents negatively affected by a HIPAA 2. Per HITECH, covered entities never have to agree to individuals' requests 3. The penalty amount for a violation of HIPAA due to wilful neglect is the 4. According to the January 2013 final rulemaking, PHI of a decedent loses its 5. The access report proposed by the May 31, 2011 Notice of Proposed violation to restrict uses and disclosures of PHI for carrying out TPO. same whether the violation was corrected or not. PHI status 50 years after the individual's death. Rulemaking would include both uses and disclosures of PHl. REAL-WORLD CASE 152 Introduction to Health Information Privacy and Security CHECK YOUR UNDERSTANDING 6.1 Instructions: Indicate whether the following statements are true or false (T or F 1. All types of final administrative rules must be preceded by a Notice of Proposed Rulemaking. 2. A BA must only comply with HIPAA if a written contract is in place tha identifies it as a BA. 3. The theft of data that has been secured does not constitute a breach. 4. If 500 or more people are affected by a PHI breach, the Secretary of HHS must be notified immediately. 5. Per HITECH, BAs must comply with the administrative, physica technical safeguards of the HIPAA Security Rule Individual Rights (Section 13405 individuals to take, withoult aJ must continue to be given to new patients. navInng HaVllg tO aJR 10I to NPP CHECK YOUR UNDERSTANDING 6.2 Instructions: Indicate whether the following statements are true or false (T or F). 1. HITECH gives state attorneys general the power to bring civil actions in federal district court on behalf of residents negatively affected by a HIPAA 2. Per HITECH, covered entities never have to agree to individuals' requests 3. The penalty amount for a violation of HIPAA due to wilful neglect is the 4. According to the January 2013 final rulemaking, PHI of a decedent loses its 5. The access report proposed by the May 31, 2011 Notice of Proposed violation to restrict uses and disclosures of PHI for carrying out TPO. same whether the violation was corrected or not. PHI status 50 years after the individual's death. Rulemaking would include both uses and disclosures of PHl. REAL-WORLD CASE