HIPAA TRAINING FOR HEALTHCARE
STUDENTS EXAM QUESTIONS WITH
CORRECT ANSWERS
What does HIPAA stand for? - Answer-Health Insurance Portability and Accountability
Act
Where does HIPAA apply? - Answer-In all 50 states and U.S. territories
Which agency is responsible for enforcing HIPAA compliance? - Answer-HHS' Office for
Civil Rights (OCR)
Which of the following entities are not covered by HIPAA? - Answer-Journalists
Which HIPAA rule gives patients the right to view and obtain a copy of their healthcare
data? - Answer-The HIPAA Privacy Rule
HIPAA has many functions, but which of these is not an objective if HIPAA? - Answer-
Ensuring all Americans have health insurance
What is a HIPAA authorization? - Answer-Consent given by a patient for their PHI to be
used or shared for a reason not permitted by the HIPAA Privacy Rule
What is a business associate? - Answer-A third-party that performs a function or activity
on behalf of a covered entity that requires access to PHI
What is protected health information? - Answer-Health information that includes one or
more of the 18 identifiers that allows an individual to be identified from the health data
Which of these is not a HIPAA identifier? - Answer-Mother's maiden name
HITECH Stands for... - Answer-Health Information Technology for Economic and
Clinical Health
Which of these was NOT one of the aims of the HITECH Act? - Answer-To give public
health agencies more access to healthcare data
Which of the following was not mandatory until the HITECH Act was introduced? -
Answer-Notifications for patients whose PHI was exposed in a data breach
What was the purpose of HIPAA Omnibus Rule? - Answer-To implement changes to
HIPAA required by the HITECH Act
, Which of these are NOT part of the Administrative Simplification Rules? - Answer-
Elimination of complex rules for healthcare administrators
What was the purpose of the Security Rule? - Answer-To set minimum standards for
safeguarding protected health information
Why was the Enforcement Rule introduced? - Answer-To allow the Office for Civil
Rights to impose financial penalties on CEs for HIPAA violations
Which of these were not part of the HIPAA Omnibus Rule? - Answer-Mandatory use of
electronic health records
Before the Omnibus Rule was introduced, which of these was not possible? - Answer-
Issue fines to business associates for HIPAA violations
Before PHI is disclosed to a third party for a reason other than treatment, payment, or
for healthcare operations, healthcare employees must... - Answer-Obtain written
authorization from the patient
What is the Minimum Necessary Rule? - Answer-Only disclosing the minimum amount
of PHI to achieve the purpose for which it is disclosed
The HIPAA Privacy Rule protects what? - Answer-Individually identifiable health
information
Which of these is NOT part of the HIPAA Privacy Rule? - Answer-Mandatory
safeguards to ensure the confidentiality, integrity, and availability of healthcare data
What is the main purpose of the HIPAA Security Rule? - Answer-To set minimum
standards for security to ensure the confidentiality, integrity, and availability of ePHI
Which of these is covered in the HIPAA Security Rule? - Answer-Physical controls to
secure physical PHI
Which of these is not one of the patient rights under HIPAA? - Answer-The right to sue
healthcare providers for data breaches
A parent of a 15-year-old child wants to see their child's medical records. Which of the
following is true? - Answer-The parent can submit a request in writing and the
healthcare provider must give the parent a copy of their child's medical records
When a patient submits a request to access their PHI, a healthcare provider should...? -
Answer-All of the above
STUDENTS EXAM QUESTIONS WITH
CORRECT ANSWERS
What does HIPAA stand for? - Answer-Health Insurance Portability and Accountability
Act
Where does HIPAA apply? - Answer-In all 50 states and U.S. territories
Which agency is responsible for enforcing HIPAA compliance? - Answer-HHS' Office for
Civil Rights (OCR)
Which of the following entities are not covered by HIPAA? - Answer-Journalists
Which HIPAA rule gives patients the right to view and obtain a copy of their healthcare
data? - Answer-The HIPAA Privacy Rule
HIPAA has many functions, but which of these is not an objective if HIPAA? - Answer-
Ensuring all Americans have health insurance
What is a HIPAA authorization? - Answer-Consent given by a patient for their PHI to be
used or shared for a reason not permitted by the HIPAA Privacy Rule
What is a business associate? - Answer-A third-party that performs a function or activity
on behalf of a covered entity that requires access to PHI
What is protected health information? - Answer-Health information that includes one or
more of the 18 identifiers that allows an individual to be identified from the health data
Which of these is not a HIPAA identifier? - Answer-Mother's maiden name
HITECH Stands for... - Answer-Health Information Technology for Economic and
Clinical Health
Which of these was NOT one of the aims of the HITECH Act? - Answer-To give public
health agencies more access to healthcare data
Which of the following was not mandatory until the HITECH Act was introduced? -
Answer-Notifications for patients whose PHI was exposed in a data breach
What was the purpose of HIPAA Omnibus Rule? - Answer-To implement changes to
HIPAA required by the HITECH Act
, Which of these are NOT part of the Administrative Simplification Rules? - Answer-
Elimination of complex rules for healthcare administrators
What was the purpose of the Security Rule? - Answer-To set minimum standards for
safeguarding protected health information
Why was the Enforcement Rule introduced? - Answer-To allow the Office for Civil
Rights to impose financial penalties on CEs for HIPAA violations
Which of these were not part of the HIPAA Omnibus Rule? - Answer-Mandatory use of
electronic health records
Before the Omnibus Rule was introduced, which of these was not possible? - Answer-
Issue fines to business associates for HIPAA violations
Before PHI is disclosed to a third party for a reason other than treatment, payment, or
for healthcare operations, healthcare employees must... - Answer-Obtain written
authorization from the patient
What is the Minimum Necessary Rule? - Answer-Only disclosing the minimum amount
of PHI to achieve the purpose for which it is disclosed
The HIPAA Privacy Rule protects what? - Answer-Individually identifiable health
information
Which of these is NOT part of the HIPAA Privacy Rule? - Answer-Mandatory
safeguards to ensure the confidentiality, integrity, and availability of healthcare data
What is the main purpose of the HIPAA Security Rule? - Answer-To set minimum
standards for security to ensure the confidentiality, integrity, and availability of ePHI
Which of these is covered in the HIPAA Security Rule? - Answer-Physical controls to
secure physical PHI
Which of these is not one of the patient rights under HIPAA? - Answer-The right to sue
healthcare providers for data breaches
A parent of a 15-year-old child wants to see their child's medical records. Which of the
following is true? - Answer-The parent can submit a request in writing and the
healthcare provider must give the parent a copy of their child's medical records
When a patient submits a request to access their PHI, a healthcare provider should...? -
Answer-All of the above
