HIPAA Questions and Answers | Latest
Version | 2025/2026 | Correct & Verified
What should be done if a HIPAA violation results in a breach of 500 or more patients’ PHI?
✔✔Notify the Department of Health and Human Services and affected individuals immediately.
Can PHI be printed and sent via regular mail?
✔✔Yes, but only with secure packaging and verification of the recipient.
What is a common administrative safeguard to prevent HIPAA violations?
✔✔Regular workforce training and awareness programs.
Can PHI be shared for fundraising purposes without patient consent?
✔✔Only if patients are given the option to opt out.
What is the role of the privacy officer?
✔✔Oversee HIPAA compliance, train staff, and handle complaints or breaches.
1
,Can patients request amendments to their PHI?
✔✔Yes, patients have the right to request corrections to their records.
How should PHI be protected when using remote work setups?
✔✔Use secure networks, VPNs, encryption, and follow organization policies.
Can a hospital release PHI to a family member if the patient is unconscious?
✔✔Yes, only if it is in the patient’s best interest and allowed by law.
What is the first action if a mobile device containing ePHI is lost?
✔✔Report immediately to IT and privacy officer for security measures.
What is the first step a healthcare worker should take when receiving a PHI request from a third
party?
✔✔Verify authorization and the purpose of the request.
Can PHI be stored on personal USB drives?
✔✔Only if the drive is encrypted and approved by organization policy.
2
, What should a workforce member do before discussing PHI over the phone?
✔✔Confirm the identity of the person they are speaking with.
Can PHI be shared via unsecured text messages?
✔✔No, unsecured texting is not allowed for PHI transmission.
What is a “minimum necessary” disclosure?
✔✔Providing only the information needed to accomplish a specific task.
Are family members automatically allowed to access a patient’s PHI?
✔✔No, access requires patient consent or legal authorization.
How should PHI be handled when sending faxes?
✔✔Confirm the recipient’s fax number and cover sheet, and verify receipt.
What is an example of administrative action to protect PHI?
✔✔Conducting regular employee HIPAA training.
3
Version | 2025/2026 | Correct & Verified
What should be done if a HIPAA violation results in a breach of 500 or more patients’ PHI?
✔✔Notify the Department of Health and Human Services and affected individuals immediately.
Can PHI be printed and sent via regular mail?
✔✔Yes, but only with secure packaging and verification of the recipient.
What is a common administrative safeguard to prevent HIPAA violations?
✔✔Regular workforce training and awareness programs.
Can PHI be shared for fundraising purposes without patient consent?
✔✔Only if patients are given the option to opt out.
What is the role of the privacy officer?
✔✔Oversee HIPAA compliance, train staff, and handle complaints or breaches.
1
,Can patients request amendments to their PHI?
✔✔Yes, patients have the right to request corrections to their records.
How should PHI be protected when using remote work setups?
✔✔Use secure networks, VPNs, encryption, and follow organization policies.
Can a hospital release PHI to a family member if the patient is unconscious?
✔✔Yes, only if it is in the patient’s best interest and allowed by law.
What is the first action if a mobile device containing ePHI is lost?
✔✔Report immediately to IT and privacy officer for security measures.
What is the first step a healthcare worker should take when receiving a PHI request from a third
party?
✔✔Verify authorization and the purpose of the request.
Can PHI be stored on personal USB drives?
✔✔Only if the drive is encrypted and approved by organization policy.
2
, What should a workforce member do before discussing PHI over the phone?
✔✔Confirm the identity of the person they are speaking with.
Can PHI be shared via unsecured text messages?
✔✔No, unsecured texting is not allowed for PHI transmission.
What is a “minimum necessary” disclosure?
✔✔Providing only the information needed to accomplish a specific task.
Are family members automatically allowed to access a patient’s PHI?
✔✔No, access requires patient consent or legal authorization.
How should PHI be handled when sending faxes?
✔✔Confirm the recipient’s fax number and cover sheet, and verify receipt.
What is an example of administrative action to protect PHI?
✔✔Conducting regular employee HIPAA training.
3
