HIPAA EXAM REVIEW QUESTIONS WITH
CORRECT ANSWERS
What is HIPAA? - Answer-Health Insurance Portability and Accountability Act
A US law designed to provide privacy standards to protect patients' medical records and
other health information provided to health plans, doctors, hospitals and other health
care providers.
What do the HIPAA guidelines define? - Answer-The guidelines defined:
-What data should be considered as Protected Health Information (PHI)
-Who should be allowed access to it
-When it could be disclosed
-For what purpose(s) is the information being disclosed
https://www.hipaajournal.com/hipaa-privacy-guidelines/
What does HIPAA consider to be PHI? - Answer-Any "individually identifiable health
information" that individually or together could reveal a patient's identity.
-Name, address, ZIP code or telephone number
-The past, present or future physical or mental condition of a patient
-The provision of any treatment or healthcare service to a patient
-The past, present, or future payment for treatment or healthcare services to a patient.
https://www.hipaajournal.com/hipaa-privacy-guidelines/
Disclosing PHI without client's consent - Answer--The purpose of disclosing PHI is to
provide a healthcare service to the patient or for payment for the healthcare service.
-The only other times that PHI can be disclosed without a patient's authorization is when
it is:
-Required by law
-Required by the Office for Civil Rights as part of a HIPAA compliance audit
-When disclosure is in the public's interests or in the patient's interests (for example, if
the patient is a victim of child abuse, neglect or domestic violence.)
https://www.hipaajournal.com/hipaa-privacy-guidelines/
"Minimum Necessary Rule" - Answer-Even when PHI is disclosed, employees bound to
HIPAA only disclose the minimum amount of information/PHI necessary to achieve the
stated purpose
https://www.hipaajournal.com/hipaa-privacy-guidelines/
-The disclosing party has sole responsibility for ensuring that the minimum PHI is
released (for example: insurance companies requesting info do not have a say in what
needs to be disclosed to them)
https://www.apaservices.org/practice/update/2013/07-25/hipaa-final-rule.pdf
Fines for Violating HIPAA - Answer--Also called "Unauthorized Disclosure of PHI"
The revised criteria now made the failure to report a breach of PHI an offense unless it
could be proven and documented that a low risk of harm existed
CORRECT ANSWERS
What is HIPAA? - Answer-Health Insurance Portability and Accountability Act
A US law designed to provide privacy standards to protect patients' medical records and
other health information provided to health plans, doctors, hospitals and other health
care providers.
What do the HIPAA guidelines define? - Answer-The guidelines defined:
-What data should be considered as Protected Health Information (PHI)
-Who should be allowed access to it
-When it could be disclosed
-For what purpose(s) is the information being disclosed
https://www.hipaajournal.com/hipaa-privacy-guidelines/
What does HIPAA consider to be PHI? - Answer-Any "individually identifiable health
information" that individually or together could reveal a patient's identity.
-Name, address, ZIP code or telephone number
-The past, present or future physical or mental condition of a patient
-The provision of any treatment or healthcare service to a patient
-The past, present, or future payment for treatment or healthcare services to a patient.
https://www.hipaajournal.com/hipaa-privacy-guidelines/
Disclosing PHI without client's consent - Answer--The purpose of disclosing PHI is to
provide a healthcare service to the patient or for payment for the healthcare service.
-The only other times that PHI can be disclosed without a patient's authorization is when
it is:
-Required by law
-Required by the Office for Civil Rights as part of a HIPAA compliance audit
-When disclosure is in the public's interests or in the patient's interests (for example, if
the patient is a victim of child abuse, neglect or domestic violence.)
https://www.hipaajournal.com/hipaa-privacy-guidelines/
"Minimum Necessary Rule" - Answer-Even when PHI is disclosed, employees bound to
HIPAA only disclose the minimum amount of information/PHI necessary to achieve the
stated purpose
https://www.hipaajournal.com/hipaa-privacy-guidelines/
-The disclosing party has sole responsibility for ensuring that the minimum PHI is
released (for example: insurance companies requesting info do not have a say in what
needs to be disclosed to them)
https://www.apaservices.org/practice/update/2013/07-25/hipaa-final-rule.pdf
Fines for Violating HIPAA - Answer--Also called "Unauthorized Disclosure of PHI"
The revised criteria now made the failure to report a breach of PHI an offense unless it
could be proven and documented that a low risk of harm existed
