Have an account?
Skip to Content
Build your own quiz
Professional Development
University -
Professional Development
HIPAA Security and Privacy Training
20 questions
Show Answers
See Preview
- 1. Multiple Choice
The HIPAA Security Rule requires covered entities to: (Select all that apply.)4
maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic protected health information (e-PHI).
Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit.
Identify and protect against reasonably anticipated threats to the security or integrity of the information.
Protect against reasonably anticipated, impermissible uses or disclosures.
Ensure compliance by their workforce.
- 2. Multiple Choice
A covered entity must designate a ___________________ who is responsible for developing and implementing its security policies and procedures.4
physician
security official
police officer
custodian
- 3. Multiple Choice
The HIPAA Security Rule requires a covered entity to implement policies and procedures for authorizing access to e-PHI only when such access is appropriate based on the user or recipient's role (role-based access).4
True
False
- 4. Multiple Choice
A covered entity may disclose protected health information (PHI) without a patient's written permission for:1
Treatment purposes
Payment
Health care operations activities
All of the above
- 5. Multiple Choice
A covered entity must obtain the patient's written authorization for any use or disclosure of protected health information (PHI) in which circumstances? (Select all that apply.)1
Marketing activities
Research
PHI sales and licensing
Information sharing needed for treatment
- 6. Multiple Choice
The Privacy Rule does not restrict the use or disclosure of ____________________________, which neither identifies nor provides a reasonable basis to identify an individual.1
non-protected health information (non-PHI)
reverse PHI
regulated PHI
de-identified health information
- 7. Multiple Choice
Protected health information (PHI) is considered de-identified by HIPAA Privacy Rule standards by: (Select all that apply.)1
absence of actual knowledge by the covered entity that the remaining information could be used alone or in combination with other information to identify the individual
removal of only patient name and date of birth
a formal determination by a qualified expert
the removal of 18 specified individual identifiers
- 8. Multiple Choice
The HIPAA Privacy Rule covers: (Select all that apply.)4
Health plans
Health care clearinghouses
Health care providers who conduct certain financial and administrative transactions electronically.
Life insurance companies
- 9. Multiple Choice
Examples of proper disposal methods of protected health information (PHI) may include: (Select all that apply.)4
tossing into the trashcan or recycle bin.
clearing (using software or hardware products to overwrite media with non-sensitive data).
purging (degaussing or exposing the media to a strong magnetic field in order to disrupt the recorded magnetic domains).
destroying (disintegration, pulverization, melting, incinerating, or shredding).
- 10. Multiple Choice
The Privacy Rule generally requires covered entities to take reasonable steps to limit uses, disclosures, or requests (if the request is to another covered entity) of protected health information (PHI) to the minimum necessary to accomplish the intended purpose, known as the minimum necessary standard.2
True
False
- 11. Multiple Choice
A health care provider or other covered entity must obtain permission from a patient prior to notifying public health authorities of the occurrence of a reportable disease.2
True
False
- 12. Multiple Choice
The HIPAA Privacy Rule allows pharmacists to give advice about over-the-counter medicines to customers.2
True
False
- 13. Multiple Choice
A health care provider wants to disclose protected health information (PHI) about a student to a school nurse or physician. Does the HIPAA Privacy Rule allow this?2
Yes. The HIPAA Privacy Rule allows covered health care providers to disclose PHI about students to school nurses, physicians, or other health care providers for treatment purposes, without the authorization of the student or student’s parent.
No. The HIPAA Privacy Rule mandates parental consent in this case.
- 14. Multiple Choice
Covered entities, such as physician’s offices, may use patient sign-in sheets or call out patient names in waiting rooms, so long as the information disclosed is appropriately limited.2
True
False
- 15. Multiple Choice
The HIPAA Privacy Rule applies to all forms of patients’ protected health information, whether electronic, written, or oral. In contrast, the Security Rule covers only protected health information that is in electronic form.4
True
False
- 16. Multiple Choice
Security standards that involve the automated processes used to protect data and control access to data, such as using encrypted and decrypted data, are called:4
Administrative safeguards
Physical safeguards
Technical safeguards
- 17. Multiple Choice
Security standards that include assignment or delegation of security responsibility to an individual and security training requirements are called:4
Administrative safeguards
Physical safeguards
Technical safeguards
- 18. Multiple Choice
Security standards that include the mechanisms required to protect electronic systems, equipment, and the data they hold, from threats, environmental hazards, and unauthorized intrusion, are called:4
Administrative safeguards
Physical safeguards
Technical safeguards
- 19. Multiple Choice
In the event of a cyber-attack or similar emergency, an entity: (Select all that apply.)3
Must execute its response and mitigation procedures and contingency plans.
Should report the crime to other law enforcement agencies.
Should report all cyber threat indicators to federal and information-sharing and analysis organizations (ISAOs).
Must report the breach to the Office of Civil Rights (OCR) as soon as possible, but no later than 60 days after the discovery of a breach affecting 500 or more individuals.
- 20. Multiple Choice
In determining the amount of any civil money penalty for violations of HIPAA, the following factors are considered: (Select all that apply.)2
The nature and extent of the violation.
The nature and extent of the harm resulting from the violation.
The history of prior compliance with the administrative simplification provisions, including violations, by the covered entity or business associate.
The financial condition of the covered entity or business associate.
Such other matters as justice may require.
- Answer choicesTagsAnswer choicesTags