← All answer keys
Health & SafetyAnswer Key

Hipaa Example

26 community-sourced questions and answers. Free — no login.

Community-sourced. Answers may be wrong or out of date. Always verify with your official training portal before submitting. Not affiliated with any branch, agency, or vendor. Details.
QUESTION 1

Is it a HIPAA violation if the following occurs: An inappropriate conversation regarding a particular patient takes place in a public area

ANSWER

YES

QUESTION 2

Is it a HIPAA violation if the following occurs: Taking electronic or paper copies of a patient's medical records off premises for a legitimate business purpose, and leaving them in an unsecured location.

ANSWER

YES

QUESTION 3

Is it a HIPAA violation if the following occurs: A careless mistake causes mail containing protected health information to go to a 3rd party who has no need to know this information.

ANSWER

YES

QUESTION 4

Is it a HIPAA violation if the following occurs: Taking electronic or paper copies of a patient's medical records off premises for a legitimate business purpose, and leaving this in a secured location

ANSWER

NO

QUESTION 5

Is it a HIPAA violation if the following occurs: Sending protected health information to a 3rd party through a properly encrypted e-mail

ANSWER

NO

QUESTION 6

Is it a HIPAA violation if the following occurs: Gaining access to your own protected health information/account information with your own user ID and password

ANSWER

YES

QUESTION 7

Is it a HIPAA violation if the following occurs: Gaining access to any protected health information regarding an individual patient out of curiosity or because the individual is a friend

ANSWER

YES

QUESTION 8

Is it a HIPAA violation if the following occurs: Discarding protected health information in a regular trash bin

ANSWER

YES

QUESTION 9

Is it a HIPAA violation if the following occurs: Sharing your own user ID and password in order to access patient records

ANSWER

YES

QUESTION 10

Is it a HIPAA violation if the following occurs: Posting patient information on a public forum

ANSWER

YES

QUESTION 11

Is it a HIPAA violation if the following occurs: Selling or disclosing a patient's protected health information for personal or financial gain

ANSWER

YES

QUESTION 12

Which of the following is NOT among HIPAA's primary purpose? A. To develop standards and requirements to protect the security of individuals' health information. B. To ensure that all Americans have health insurance. C. To develop standards and requirements to protect the privacy of individuals' health information.

ANSWER

B

QUESTION 13

When a medical clinic needed help converting its patient database into mailing labels for its holiday cards, it turned to Bob's Mail Service, a new, local company that specializes in direct-mail processing. The only possible hitch is that Bob's Mail Service has not implemented any privacy or security policies. Should the clinic use Bob's Mail Service for this project? A. Yes, as long as the mailing labels will be returned. B. No. C. Maybe.

ANSWER

B

QUESTION 14

A pharmaceutical company set up a service to send regular e-mail messages to remind people to take their anti-depressant medications. Due to a programming error, each individual who received an e-mail could see the names of all of the others to whom reminders were being sent to. Does this present a HIPAA problem? A. Yes. B. No. C. I don't know.

ANSWER

B

QUESTION 15

If a patient wants to know who will have access to their personal health information, what should they do? A. Call their primary physician. B. Call the facility they were treated at and speak to the HIPAA Privacy Officer. C. Call their insurance carrier.

ANSWER

B

QUESTION 16

A friend of yours is curious about another friend's medical account and offers to compensate you for the information. How should you respond? A. No way man! B. Sure, if you pay me $1,000! C. Maybe, but I need approval from the client.

ANSWER

A

QUESTION 17

Arcadia retained consultant Bob's Bait Shop & Computer Repair to resolve a technical issue with the company's medical record system. John, Arcadia's attorney, asked Bob to sign a Business Associate Agreement confirming that he will comply with HIPAA regulations regarding protected health information. Which of the following statements is the MOST accurate? A. John has no right to request this since consultants are not regulated by HIPAA. B. John should find another consultant if Bob fails to sign a Business Associate Agreement. C. Consultants need to safeguard PHI in many other ways, but do not need to confirm their own policies in writing.

ANSWER

B

QUESTION 18

During a staff meeting, Jason, Director of Corporate Compliance at Arcadia, said that the more strict HIPAA regulations apply instead of the state law. John, the CEO, argued that the state's less strict law apply instead of the HIPAA regulations. Who is correct? A. Jason B. John C. Neither of them

ANSWER

A

QUESTION 19

What does HIPAA stand for

ANSWER

The Health Insurance Portability and Accountability Act.

QUESTION 20

PHI, or Protected Health Information

ANSWER

PHI covers any part of a patient's medical record or medical history. •It includes the detailed billing documents sent to the insurance (the UB or the 1500), the medical records, the results of any tests, the fact that the patient had tests, the patient's personal information (such as a social security number), and the diagnosis.

QUESTION 21

Covered Entities

ANSWER

organizations that provide or pay for health care services need to comply in safeguarding patients' PHI. They can include health care providers (like doctors or hospitals) and health plans (like Blue Cross insurance). They can also include health care clearinghouses, which are the companies that help transmit electronic health care documents and information.

QUESTION 22

Business Associates.

ANSWER

These individuals who do the work for a covered entity (and are still held to HIPAA standards) are called Business Associates. Billing Companies who work for hospitals, which are covered entities As an employee of a revenue cycle management company, YOU are also a business associate.

QUESTION 23

breach of information

ANSWER

A breach is a situation where paper or electronic medical records are taken or removed from a covered entity without written permission. Most common types of breaches: Theft of paper records Theft of IT Equipment Improper disposal of paper records Hacking computers IT mishandling

QUESTION 24

Privacy Standards

ANSWER

"Rules, conditions, or requirements developed to ensure the privacy of patient information" PHI cannot be used or disclosed unless: An individual's permission or authorization is obtained. Disclosure is specifically permitted or required under HIPAA. The disclosure is logged and that log is retained by the disclosing entity. Providers are not required to get patient consent or disclose information for treatment, payment, or health care operations.

QUESTION 25

Minimum Necessary

ANSWER

Information disclosed on a Need to know basis

QUESTION 26

Impact of HIPAA Violations

ANSWER

Civil Penalties Criminal Penalties Patient Identify Theft Damaged Reputation

Looking for a different version?

CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").

Search all study materials