Wednesday, May 13, 2015 Think You Know HIPAA? Take This Quick Quiz A solid understanding of the Health Insurance Portability and Accountability Act (HIPAA) is crucial to the survival of a physical therapist's (PT) practice, so taking the time to read through a free online guide to HIPAA (.pdf) from the Department of Health and Human Services (HHS) is a good investment in your future. The new guide is one of many resources available to PTs and physical therapist assistants at APTA's HIPAA webpage. Want to test what you already know? Take this quick HIPAA quiz. Scroll down for the answers. TRUE or FALSE: You keep your practice's protected health records (PHIs) in secured files. However, the janitorial company you hire to clean your office nightly also has access to the room in which these records are stored. That makes your janitorial company a Business Associate (BA) that must enter into a BA contract with your practice. TRUE or FALSE: Should a breach occur, your notification responsibilities may vary, depending on how many individuals were affected. TRUE or FALSE: HIPAA applies to all records in your office that contain personal identifying information, including personnel records containing employee information. TRUE or FALSE: Even though HIPAA is a federal law, state laws can require you to meet additional or stricter requirements. TRUE or FALSE: Patients can choose where and how they want any communication from your practice delivered to them—for example, requesting that appointment reminder voicemails only be left on a work phone. ANSWERS: FALSE. As long as your PHIs are secured and inaccessible, janitorial companies do not need to sign BA contracts. Other services you might hire out—for example, a web designer who improves your website's ability for patients who want to view or download their personal health information—would be considered a BA. TRUE. Breaches that affect 500 or more individuals are subject to different notification rules—both to the individuals affected and to HHS. FALSE. Employment records or records covered by the Family Educational Rights and Privacy Act (FERPA) are not covered by HIPAA rules. TRUE. HIPAA does not override any state laws that do not conflict with HIPAA or that offer greater privacy protections. TRUE. Patients have many rights under HIPAA, including the right to request that communication be through certain channels only. Patients can also request that your practice restrict certain disclosures to family members or others about the individual's general condition, location, or death.