HIPAA Test Review 2025 Questions and
Answers
_____________ refers to who should have access to health information, what
constitutes the patient's rights to confidentiality, and what constitutes inappropriate
access to health records - --Answer --privacy
Lane Hospital has a contract with Sani-Clean, a local company, to come into the
hospital to pick up the facility's linens for off-site laundering. Sani-Clean is: - --
Answer --not a business associate because it does not use or disclose
individually identifiable health information
When a patient revokes authorization for release of information after a healthcare
entity has already released the information, the healthcare entity in this case: - --
Answer --is protected by the privacy act
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was
originally established to achieve all of the following except - --Answer --
establish standard terminology for EHRs
....COPYRIGHT ©️ 2025 ALL RIGHTS RESERVED...TRUSTED & VERIFIED 1
, True or false? A covered entity is a health plan, healthcare clearinghouse, or
healthcare provider that stores confidential records. - --Answer --false
Employees in the hospital's Patient Accounting office may have legitimate access
to patient health information without patient authorization based on what HIPAA
standard / principle? - --Answer --minimum necessary
The purpose of a notice of privacy practices is to inform patients of - --
Answer --how a healthcare provider may use and share the patient's health
information
A newly hired Privacy Officer at a large physician practice observes the following
practices. Which is a violation of the HIPAA Privacy Rule? - --Answer --Dr.
Lawson gives names of asthma patients to a pharmaceutical company
A patient has the right to request a(n) ______________________, which
describes where the covered entity has disclosed patient information for the past 6
years outside of treatment, payment, and healthcare operations. - --Answer -
-accounting of disclosures
Training in PHI policies and procedures means that - --Answer --every
member of the covered entities workforce must be trained
PHI (Protected Health Information) - --Answer --relates to past, present or
future health, healthcare or payment for healthcare
....COPYRIGHT ©️ 2025 ALL RIGHTS RESERVED...TRUSTED & VERIFIED 2
Answers
_____________ refers to who should have access to health information, what
constitutes the patient's rights to confidentiality, and what constitutes inappropriate
access to health records - --Answer --privacy
Lane Hospital has a contract with Sani-Clean, a local company, to come into the
hospital to pick up the facility's linens for off-site laundering. Sani-Clean is: - --
Answer --not a business associate because it does not use or disclose
individually identifiable health information
When a patient revokes authorization for release of information after a healthcare
entity has already released the information, the healthcare entity in this case: - --
Answer --is protected by the privacy act
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was
originally established to achieve all of the following except - --Answer --
establish standard terminology for EHRs
....COPYRIGHT ©️ 2025 ALL RIGHTS RESERVED...TRUSTED & VERIFIED 1
, True or false? A covered entity is a health plan, healthcare clearinghouse, or
healthcare provider that stores confidential records. - --Answer --false
Employees in the hospital's Patient Accounting office may have legitimate access
to patient health information without patient authorization based on what HIPAA
standard / principle? - --Answer --minimum necessary
The purpose of a notice of privacy practices is to inform patients of - --
Answer --how a healthcare provider may use and share the patient's health
information
A newly hired Privacy Officer at a large physician practice observes the following
practices. Which is a violation of the HIPAA Privacy Rule? - --Answer --Dr.
Lawson gives names of asthma patients to a pharmaceutical company
A patient has the right to request a(n) ______________________, which
describes where the covered entity has disclosed patient information for the past 6
years outside of treatment, payment, and healthcare operations. - --Answer -
-accounting of disclosures
Training in PHI policies and procedures means that - --Answer --every
member of the covered entities workforce must be trained
PHI (Protected Health Information) - --Answer --relates to past, present or
future health, healthcare or payment for healthcare
....COPYRIGHT ©️ 2025 ALL RIGHTS RESERVED...TRUSTED & VERIFIED 2
