← All answer keys
Health & SafetyAnswer Key

Which Of The Following Are Considered Hipaa Privacy Administrative Requirements

20 community-sourced questions and answers. Free — no login.

Community-sourced. Answers may be wrong or out of date. Always verify with your official training portal before submitting. Not affiliated with any branch, agency, or vendor. Details.
QUESTION 1

What is the first step a covered entity is expected to take, according to HIPAA standards, if one of its business entities has violated a standard or a breach has occurred?

ANSWER

Take reasonable steps to resolve it

QUESTION 2

Psychotherapy notes are treated exactly the same as other health care information.

ANSWER

False

QUESTION 3

Which of the following must appear on a covered entity's NPP?

ANSWER

All of the above

QUESTION 4

Individuals do not have the right to request amendments to their medical records.

ANSWER

False

QUESTION 5

Which of the following would be considered protected health information?

ANSWER

All of the above

QUESTION 6

A covered entity creates a process that ensures that data it receives and transmits is correct and in the same state it was before the transaction. What kind of technical safeguard is this considered to be?

ANSWER

Integrity control

QUESTION 7

Which of the following is NOT a permitted use of protected health information under HIPAA?

ANSWER

Patient's medical diagnosis given to an outside caller

QUESTION 8

A hospital reports specific cases of an outbreak of a communicable disease to a public health authority. This is permissible because

ANSWER

It is in the public interest

QUESTION 9

The same covered entities that must comply with HIPAA privacy standards are also required to comply with HIPAA security standards.

ANSWER

True

QUESTION 10

Which of the following are general security rules under HIPAA?

ANSWER

All of the above

QUESTION 11

A business associate does not need to do risk analysis and management.

ANSWER

False

QUESTION 12

What type of safeguard limits access to locations where PHI is kept and maintained?

ANSWER

Physical safeguard

QUESTION 13

Covered entities are required to provide PHI and medical information when it is requested by the individual.

ANSWER

True

QUESTION 14

A set of members of a health plan have authorized the health plan to use specific parts of their PHI in a marketing campaign. Which of the following is true about this activity by the health plan?

ANSWER

The health plan must only use the minimum necessary information

QUESTION 15

Which of the following is considered part of a designated record set? (select all that apply)

ANSWER

Patient's diagnosis Patient's treatment plan Patient's billing record

QUESTION 16

Which of the following would NOT be considered marketing communication?

ANSWER

A medical practice introduces a new physician to patients

QUESTION 17

Which of the following requires authorization from the patient for disclosure of PHI? Select all that apply.

ANSWER

A husband asks for his wife's diagnosis at a physician's office

QUESTION 18

Implementing appropriate security measures should be part of a covered entity's risk analysis.

ANSWER

True

QUESTION 19

Which of the following are considered HIPAA privacy administrative requirements?

ANSWER

All of the above

QUESTION 20

A hospital receives a request to provide a patient's medical record to a correctional facility. The patient then requests an accounting of disclosures. Does the hospital need to include the disclosure to the correctional facility? Why or why not?

ANSWER

No; this use or disclosure is permitted and does not need to be included

Looking for a different version?

CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").

Search all study materials