HIPAA PRACTICE TEST QUESTIONS
AND ANSWERS
HIPAA provisions cover which of the following? - Answer-Privacy of health information;
security of electronic health information; restrictions on how health information is used
and disclosed; definitions of the covered entities that are subject to it's standards
Which of the following entities, as a business associate of a covered entity, are also
required to follow HIPAA standards? - Answer-An independent medical transcriptionist
providing services to a practitioner; third-party billing or claims processing; a health
insurance company sourced by a hospital system for health plan services; consultant
services contracted by a private practice
Health care providers, health care clearinghouses, health plans, and their business
associates, are subject to HIPAA Privacy & Security rules. - Answer-True
Electronic Protected Health Information (e-PHI) is the main focus of the HIPAA Privacy
Rule? - Answer-False; The HIPAA Security Rule is the rule that focuses on e-PHI and
the protection of certain health information that is maintained or transmitted
electronically.
Examples of PHI include: - Answer-Email address or postal address; all elements of
dates except year; biometric identifiers such as fingerprints; web/internet URLs
As a student in a placement site for fieldwork, internship, or clinical rotation, I may have
access to PHI and am subject to HIPAA and may have to complete additional HIPAA
training administered by that site. - Answer-True
Under HIPAA, patients have certain rights contained in which document: - Answer-
Notice of Privacy Practices
Your grandpa's best friend just had surgery at your assigned training site. Your family
asked about the friend's prognosis. How should you respond? - Answer-Explain that it is
a violation of the patient's privacy for you to ask around or look at her medical record.
The minimum necessary patient information may be discussed in private post-
conferences with faculty, but all PHI should be removed from any hard copy records
present so that they are properly de-identified in accordance with HIPAA. - Answer-True
As a student with access to e-PHI, it is alright to post a vague status update on social
media regarding the type of patients or clients I encountered at my placement site. -
Answer-False
AND ANSWERS
HIPAA provisions cover which of the following? - Answer-Privacy of health information;
security of electronic health information; restrictions on how health information is used
and disclosed; definitions of the covered entities that are subject to it's standards
Which of the following entities, as a business associate of a covered entity, are also
required to follow HIPAA standards? - Answer-An independent medical transcriptionist
providing services to a practitioner; third-party billing or claims processing; a health
insurance company sourced by a hospital system for health plan services; consultant
services contracted by a private practice
Health care providers, health care clearinghouses, health plans, and their business
associates, are subject to HIPAA Privacy & Security rules. - Answer-True
Electronic Protected Health Information (e-PHI) is the main focus of the HIPAA Privacy
Rule? - Answer-False; The HIPAA Security Rule is the rule that focuses on e-PHI and
the protection of certain health information that is maintained or transmitted
electronically.
Examples of PHI include: - Answer-Email address or postal address; all elements of
dates except year; biometric identifiers such as fingerprints; web/internet URLs
As a student in a placement site for fieldwork, internship, or clinical rotation, I may have
access to PHI and am subject to HIPAA and may have to complete additional HIPAA
training administered by that site. - Answer-True
Under HIPAA, patients have certain rights contained in which document: - Answer-
Notice of Privacy Practices
Your grandpa's best friend just had surgery at your assigned training site. Your family
asked about the friend's prognosis. How should you respond? - Answer-Explain that it is
a violation of the patient's privacy for you to ask around or look at her medical record.
The minimum necessary patient information may be discussed in private post-
conferences with faculty, but all PHI should be removed from any hard copy records
present so that they are properly de-identified in accordance with HIPAA. - Answer-True
As a student with access to e-PHI, it is alright to post a vague status update on social
media regarding the type of patients or clients I encountered at my placement site. -
Answer-False
