HIPAA and Privacy Act Training (1.5 hrs) (DHA-US001)
Questions With Complete Solutions
A breach as defined by the DoD is broader than a HIPAA breach
(or breach defined by HHS). Correct Answers True
A covered entity (CE) must have an established complaint
process. Correct Answers True
A Privacy Impact Assessment (PIA) is an analysis of how
information is handled: Correct Answers All of the above
A Systems of Records Notice (SORN) serves as a notice to the
public about a system of records and must: Correct Answers All
of the above
Administrative safeguards are: Correct Answers Administrative
actions, and policies and procedures that are used to manage the
selection, development, implementation and maintenance of
security measures to protect electronic PHI (ePHI). These
safeguards also outline how to manage the conduct of the
workforce in relation to the protection of ePHI
An incidental use or disclosure is not a violation of the HIPAA
Privacy Rule if the covered entity (CE) has: Correct Answers
All of the above
HIPAA provides individuals with the right to request an
accounting of disclosures of their PHI. Correct Answers True
, If an individual believes that a DoD covered entity (CE) is not
complying with HIPAA, he or she may file a complaint with the:
Correct Answers All of the above
If an individual believes that a DoD covered entity (CE) is not
complying with HIPAA, he or she may file a complaint with the:
Correct Answers All of the above
Physical safeguards are: Correct Answers Physical measures,
including policies and procedures that are used to protect
electronic information systems and related buildings and
equipment, from natural and environmental hazards, and
unauthorized intrusion
Select all that apply: In which of the following circumstances
must an individual be given the opportunity to agree or object to
the use and disclosure of their PHI? Correct Answers Both A
and C
-Before PHI directly relevant to a person's involvement with the
individual's care or payment of health care is shared with that
person
- Before their information is included in a facility directory
Select all that apply: The HIPAA Privacy Rule permits use or
disclosure of a patient's PHI in accordance with an individual's
authorization that: Correct Answers Includes core elements and
required statements set forth in the HIPAA Privacy Rule and
DoD's implementing issuance; Is written and signed by the
patient
Questions With Complete Solutions
A breach as defined by the DoD is broader than a HIPAA breach
(or breach defined by HHS). Correct Answers True
A covered entity (CE) must have an established complaint
process. Correct Answers True
A Privacy Impact Assessment (PIA) is an analysis of how
information is handled: Correct Answers All of the above
A Systems of Records Notice (SORN) serves as a notice to the
public about a system of records and must: Correct Answers All
of the above
Administrative safeguards are: Correct Answers Administrative
actions, and policies and procedures that are used to manage the
selection, development, implementation and maintenance of
security measures to protect electronic PHI (ePHI). These
safeguards also outline how to manage the conduct of the
workforce in relation to the protection of ePHI
An incidental use or disclosure is not a violation of the HIPAA
Privacy Rule if the covered entity (CE) has: Correct Answers
All of the above
HIPAA provides individuals with the right to request an
accounting of disclosures of their PHI. Correct Answers True
, If an individual believes that a DoD covered entity (CE) is not
complying with HIPAA, he or she may file a complaint with the:
Correct Answers All of the above
If an individual believes that a DoD covered entity (CE) is not
complying with HIPAA, he or she may file a complaint with the:
Correct Answers All of the above
Physical safeguards are: Correct Answers Physical measures,
including policies and procedures that are used to protect
electronic information systems and related buildings and
equipment, from natural and environmental hazards, and
unauthorized intrusion
Select all that apply: In which of the following circumstances
must an individual be given the opportunity to agree or object to
the use and disclosure of their PHI? Correct Answers Both A
and C
-Before PHI directly relevant to a person's involvement with the
individual's care or payment of health care is shared with that
person
- Before their information is included in a facility directory
Select all that apply: The HIPAA Privacy Rule permits use or
disclosure of a patient's PHI in accordance with an individual's
authorization that: Correct Answers Includes core elements and
required statements set forth in the HIPAA Privacy Rule and
DoD's implementing issuance; Is written and signed by the
patient
