HIPAA Test Review Questions and
Answers | Latest Version | 2025/2026 |
Correct & Verified
Is it permissible for a healthcare worker to view their own medical record?
✔✔Yes, they have the right to access their own PHI.
What is a HIPAA authorization?
✔✔A formal written permission from a patient to use or disclose their PHI.
Can PHI be disclosed for law enforcement purposes?
✔✔Yes, but only under specific legal requirements, such as a subpoena or court order.
Can you leave a patient’s medical chart unattended on a desk?
✔✔No, PHI must always be secured and not accessible to unauthorized persons.
What is the main difference between the Privacy Rule and the Security Rule?
✔✔The Privacy Rule protects all PHI, while the Security Rule specifically protects electronic
PHI.
1
,When must a HIPAA breach be reported?
✔✔As soon as possible after discovery, in accordance with regulatory timelines.
Can PHI be shared with family members during an emergency?
✔✔Yes, if it is in the patient’s best interest and allowed by law.
What is an example of a physical safeguard for PHI?
✔✔Locking filing cabinets and restricting office access.
What is the primary goal of HIPAA?
✔✔To ensure the privacy and security of patients’ health information.
What type of information is protected under HIPAA?
✔✔All identifiable health information related to diagnosis, treatment, or payment.
Who is considered a covered entity under HIPAA?
✔✔Health care providers, health plans, and healthcare clearinghouses.
2
, Can a patient give verbal permission to share their health information?
✔✔Yes, but it is recommended to document it in writing whenever possible.
What is the minimum necessary standard in HIPAA?
✔✔Only access or share the minimum amount of PHI needed to complete a task.
What is an example of a technical safeguard for PHI?
✔✔Using passwords and encryption for electronic records.
What is an example of an administrative safeguard for PHI?
✔✔Implementing policies, procedures, and staff training to protect information.
Can patient information be discussed in a public area at the hospital?
✔✔No, HIPAA requires that PHI not be disclosed where others might overhear.
Who is responsible for ensuring HIPAA compliance in a healthcare organization?
✔✔The HIPAA privacy officer or compliance officer.
3
Answers | Latest Version | 2025/2026 |
Correct & Verified
Is it permissible for a healthcare worker to view their own medical record?
✔✔Yes, they have the right to access their own PHI.
What is a HIPAA authorization?
✔✔A formal written permission from a patient to use or disclose their PHI.
Can PHI be disclosed for law enforcement purposes?
✔✔Yes, but only under specific legal requirements, such as a subpoena or court order.
Can you leave a patient’s medical chart unattended on a desk?
✔✔No, PHI must always be secured and not accessible to unauthorized persons.
What is the main difference between the Privacy Rule and the Security Rule?
✔✔The Privacy Rule protects all PHI, while the Security Rule specifically protects electronic
PHI.
1
,When must a HIPAA breach be reported?
✔✔As soon as possible after discovery, in accordance with regulatory timelines.
Can PHI be shared with family members during an emergency?
✔✔Yes, if it is in the patient’s best interest and allowed by law.
What is an example of a physical safeguard for PHI?
✔✔Locking filing cabinets and restricting office access.
What is the primary goal of HIPAA?
✔✔To ensure the privacy and security of patients’ health information.
What type of information is protected under HIPAA?
✔✔All identifiable health information related to diagnosis, treatment, or payment.
Who is considered a covered entity under HIPAA?
✔✔Health care providers, health plans, and healthcare clearinghouses.
2
, Can a patient give verbal permission to share their health information?
✔✔Yes, but it is recommended to document it in writing whenever possible.
What is the minimum necessary standard in HIPAA?
✔✔Only access or share the minimum amount of PHI needed to complete a task.
What is an example of a technical safeguard for PHI?
✔✔Using passwords and encryption for electronic records.
What is an example of an administrative safeguard for PHI?
✔✔Implementing policies, procedures, and staff training to protect information.
Can patient information be discussed in a public area at the hospital?
✔✔No, HIPAA requires that PHI not be disclosed where others might overhear.
Who is responsible for ensuring HIPAA compliance in a healthcare organization?
✔✔The HIPAA privacy officer or compliance officer.
3
