HIMT1200 FINAL EXAM 2025/2026 BANK
2 VERSIONS ACTUAL QUESTIONS
WITH DETAILED ANSWERS WITH
STUDY GUIDE EXPERT VERIFIED FOR
GUARANTEED PASS/ALREADY
GRADED A+
Dr. Watson is known to chronically not remember his
password and ask other physicians and nurses to use their
passwords. This is reported by various staff, but the
security officer ignores the complaints since Dr. Watson is
the chief of staff. The hospital most likely has not
complied with which of the following? -
....ANSWER...sanction policy
Tarasoff v. The Regents of the University of California is a
landmark case related to the release of psychiatric patient
information without patient authorization. The healthcare
provider must release such information based on what
circumstance? - ....ANSWER...duty to warn
,Mary is 13 years old and her parents are divorced. Mary's
mom has custody of Mary. Mary has recently been in the
hospital and her mother is now seeking a copy of Mary's
health record. Who must sign the authorization form that
will enable Mary's mother to access Mary's record? -
....ANSWER...Mary's mother since she has custody of
Mary
Dr. Smith, a member of the medical staff, asks to see the
medical records of his adult daughter who was hospitalized
in your institution for a tonsillectomy at age 16. The
daughter is now 25. Dr. Jones was the patient's physician.
Of the options below what is the best course of action? -
....ANSWER...Inform Dr. Smith that he cannot access his
daughter's health record without her signed authorization
allowing him access to the record.
Mitigation is - ....ANSWER...lessening the harmful effects
of wrongful use or disclosure of PHI
The HIPAA Security Rule allows flexibility in
implementation based on reasonableness and
appropriateness. What does the covered entity use to
,make these determinations? - ....ANSWER...size of the
covered entity
security capabilities of the covered entity's system
costs of security measures
Correct all of these
The HIPAA "Security Awareness and Training"
administrative safeguard requires all of the following
addressable implementation programs for an entity's
workforce except - ....ANSWER...disaster recovery plan
Marty Jones has been out of work for 3 months and has
recently applied for a position at a local factory. As part of
the employment process the employer has asked Mr. Jones
to complete a pre-employment physical that includes
genetic testing for any diseases that might interfere with
Mr. Jones' ability to run an expensive piece of factory
equipment. Of the options below what is the best option? -
....ANSWER...Mr. Jones informs the employer that GINA
, regulations prohibit employers from requiring genetic
information as part of the employment process.
The OIG has specific compliance guidance for all of the
following entities except - ....ANSWER...pharmacies
Although HIPAA is not the first piece of federal privacy
legislation, it is more expansive than the Federal Privacy
Act of 1974, which applied privacy rules to -
....ANSWER...federal agencies
The EMTALA regulations include all but which of the
following? - ....ANSWER...Non-Medicare, indigent patients
must be transferred to the nearest Level 1 trauma center.
Breach notification requirements apply to -
....ANSWER...HIPAA covered entities
HIPAA business associates
non-business associate PHR vendor
2 VERSIONS ACTUAL QUESTIONS
WITH DETAILED ANSWERS WITH
STUDY GUIDE EXPERT VERIFIED FOR
GUARANTEED PASS/ALREADY
GRADED A+
Dr. Watson is known to chronically not remember his
password and ask other physicians and nurses to use their
passwords. This is reported by various staff, but the
security officer ignores the complaints since Dr. Watson is
the chief of staff. The hospital most likely has not
complied with which of the following? -
....ANSWER...sanction policy
Tarasoff v. The Regents of the University of California is a
landmark case related to the release of psychiatric patient
information without patient authorization. The healthcare
provider must release such information based on what
circumstance? - ....ANSWER...duty to warn
,Mary is 13 years old and her parents are divorced. Mary's
mom has custody of Mary. Mary has recently been in the
hospital and her mother is now seeking a copy of Mary's
health record. Who must sign the authorization form that
will enable Mary's mother to access Mary's record? -
....ANSWER...Mary's mother since she has custody of
Mary
Dr. Smith, a member of the medical staff, asks to see the
medical records of his adult daughter who was hospitalized
in your institution for a tonsillectomy at age 16. The
daughter is now 25. Dr. Jones was the patient's physician.
Of the options below what is the best course of action? -
....ANSWER...Inform Dr. Smith that he cannot access his
daughter's health record without her signed authorization
allowing him access to the record.
Mitigation is - ....ANSWER...lessening the harmful effects
of wrongful use or disclosure of PHI
The HIPAA Security Rule allows flexibility in
implementation based on reasonableness and
appropriateness. What does the covered entity use to
,make these determinations? - ....ANSWER...size of the
covered entity
security capabilities of the covered entity's system
costs of security measures
Correct all of these
The HIPAA "Security Awareness and Training"
administrative safeguard requires all of the following
addressable implementation programs for an entity's
workforce except - ....ANSWER...disaster recovery plan
Marty Jones has been out of work for 3 months and has
recently applied for a position at a local factory. As part of
the employment process the employer has asked Mr. Jones
to complete a pre-employment physical that includes
genetic testing for any diseases that might interfere with
Mr. Jones' ability to run an expensive piece of factory
equipment. Of the options below what is the best option? -
....ANSWER...Mr. Jones informs the employer that GINA
, regulations prohibit employers from requiring genetic
information as part of the employment process.
The OIG has specific compliance guidance for all of the
following entities except - ....ANSWER...pharmacies
Although HIPAA is not the first piece of federal privacy
legislation, it is more expansive than the Federal Privacy
Act of 1974, which applied privacy rules to -
....ANSWER...federal agencies
The EMTALA regulations include all but which of the
following? - ....ANSWER...Non-Medicare, indigent patients
must be transferred to the nearest Level 1 trauma center.
Breach notification requirements apply to -
....ANSWER...HIPAA covered entities
HIPAA business associates
non-business associate PHR vendor
