HIPAA AND PRIVACY ACT TRAINING PRACTICE
TEST 2026 QUESTIONS WITH ANSWERS
GRADED A+
◉ Under HIPAA, a covered entity (CE) is defined as: Answer: All of
the above
- A health plan
- A health care clearinghouse
- A health care provider engaged in standard electronic transactions
covered by HIPAA
◉ The e-Government Act promotes the use of electronic government
services by the public and improves the use of information
technology in the government. Answer: True
◉ Which of the following is NOT electronic PHI (ePHI)? Answer:
Health information stored on paper in a file cabinet
◉ When must a breach be reported to the U.S. Computer Emergency
Readiness Team? Answer: Within 1 hours of discovery
, ◉ A breach as defined by the DoD is broader than a HIPAA breach
(or breach defined by HHS). Answer: True
◉ Which of the following are breach prevention best practices?
Answer: All of the above
- Access only the minimum amount of PHI/personally identifiable
information (PII) necessary
- Logoff or lock your workstation when it is unattended
- Promptly retrieve documents containing PHI/PHI from the printer
◉ A covered entity (CE) must have an established complaint
process. Answer: True
◉ The minimum necessary standard: Answer: All of the above
- Limits uses, disclosures, and requests for PHI to the minimum
necessary amount of PHI needed to carry out the intended purposes
of the use or disclosure
- Does not apply to exchanges between providers treating a patient
- Does not apply to uses or disclosures made to the individual or
pursuant to the individual's authorization
TEST 2026 QUESTIONS WITH ANSWERS
GRADED A+
◉ Under HIPAA, a covered entity (CE) is defined as: Answer: All of
the above
- A health plan
- A health care clearinghouse
- A health care provider engaged in standard electronic transactions
covered by HIPAA
◉ The e-Government Act promotes the use of electronic government
services by the public and improves the use of information
technology in the government. Answer: True
◉ Which of the following is NOT electronic PHI (ePHI)? Answer:
Health information stored on paper in a file cabinet
◉ When must a breach be reported to the U.S. Computer Emergency
Readiness Team? Answer: Within 1 hours of discovery
, ◉ A breach as defined by the DoD is broader than a HIPAA breach
(or breach defined by HHS). Answer: True
◉ Which of the following are breach prevention best practices?
Answer: All of the above
- Access only the minimum amount of PHI/personally identifiable
information (PII) necessary
- Logoff or lock your workstation when it is unattended
- Promptly retrieve documents containing PHI/PHI from the printer
◉ A covered entity (CE) must have an established complaint
process. Answer: True
◉ The minimum necessary standard: Answer: All of the above
- Limits uses, disclosures, and requests for PHI to the minimum
necessary amount of PHI needed to carry out the intended purposes
of the use or disclosure
- Does not apply to exchanges between providers treating a patient
- Does not apply to uses or disclosures made to the individual or
pursuant to the individual's authorization
