AAPC – CPB – CHAPTER 1 PRACTICAL APPLICATION – FULL QUESTIONS AND
ANSWERS -QUESTIONS 1 TO 20
QUESTION# 1
Which of the following scenarios constitutes a violation of HIPAA?
A. A healthcare provider discussing a patient’s medical condition with
another provider involved in the patient’s care.
B. A doctor sharing patient information with an insurance company for
billing purposes.
C. A nurse accessing a patient’s medical records to verify medication
dosages for a scheduled procedure.
D. Correct: An employee of a medical facility sharing a patient’s health
information with a friend without the patient’s consent.
Feedback: Sharing patient information without proper authorization,
violates HIPAA regulations, which protect patient privacy and ensure the
confidentiality of health information.
QUESTION# 2
Which of the following actions is encouraged by the HITECH Act to improve
healthcare via the use of technology?
A. Correct: Implementing electronic health records (EHR) systems to
reduce paperwork and improve patient care.
B. Allowing unrestricted access to patient health records by any hospital
employee.
C. Requiring patients to manually track their own health information
without digital assistance.
D. Prohibiting the use of any electronic communication in patient care to
protect privacy.
Feedback: The HITECH Act promotes the adoption and meaningful use of
health information technology, such as EHR systems, to enhance
healthcare quality, safety, and efficiency.
QUESTION# 3
, Under the HIPAA Privacy Rule, which of the following practices is permissible?
A. Correct: Sharing PHI with family members involved in the patient’s care
without the patient’s explicit authorization when the patient is present
and does not object.
B. Disclosing a patient’s protected health information (PHI) to an
employer without patient consent for job-related purposes.
C. Using patient information for marketing purposes without obtaining
prior authorization from the patient.
D. Posting patient information on social media to highlight a successful
treatment.
Feedback: Under HIPAA, PHI can be shared with family members involved
in the patient’s care if the patient is present and does not object.
QUESTION# 4
Which of the following methods is considered acceptable for deidentifying
health information under HIPAA?
A. Removing only the patient’s name and Social Security number from the
health records.
B. Encrypting the health information and keeping the encryption key in a
separate, secure location.
C. Correct: Stripping all identifiers such as names, geographic data
smaller than a state, and all elements of dates related to the
individual.
D. Using patient initials instead of full names while leaving other
identifiers intact.
Feedback: The Safe Harbor Method involves removing specific identifiers to
ensure that health information is de-identified in compliance with HIPAA
standards. To meet the safe harbor method, the following 18 identifiers must
be removed:
1. Names.
2. All geographic subdivisions smaller than a state, except for the initial three
digits of a ZIP code if, according to the current publicly available data from
the Bureau of the Census:
a. The geographic unit formed by combining all ZIP codes with the same
three initial digits contains more than 20,000 people; and
ANSWERS -QUESTIONS 1 TO 20
QUESTION# 1
Which of the following scenarios constitutes a violation of HIPAA?
A. A healthcare provider discussing a patient’s medical condition with
another provider involved in the patient’s care.
B. A doctor sharing patient information with an insurance company for
billing purposes.
C. A nurse accessing a patient’s medical records to verify medication
dosages for a scheduled procedure.
D. Correct: An employee of a medical facility sharing a patient’s health
information with a friend without the patient’s consent.
Feedback: Sharing patient information without proper authorization,
violates HIPAA regulations, which protect patient privacy and ensure the
confidentiality of health information.
QUESTION# 2
Which of the following actions is encouraged by the HITECH Act to improve
healthcare via the use of technology?
A. Correct: Implementing electronic health records (EHR) systems to
reduce paperwork and improve patient care.
B. Allowing unrestricted access to patient health records by any hospital
employee.
C. Requiring patients to manually track their own health information
without digital assistance.
D. Prohibiting the use of any electronic communication in patient care to
protect privacy.
Feedback: The HITECH Act promotes the adoption and meaningful use of
health information technology, such as EHR systems, to enhance
healthcare quality, safety, and efficiency.
QUESTION# 3
, Under the HIPAA Privacy Rule, which of the following practices is permissible?
A. Correct: Sharing PHI with family members involved in the patient’s care
without the patient’s explicit authorization when the patient is present
and does not object.
B. Disclosing a patient’s protected health information (PHI) to an
employer without patient consent for job-related purposes.
C. Using patient information for marketing purposes without obtaining
prior authorization from the patient.
D. Posting patient information on social media to highlight a successful
treatment.
Feedback: Under HIPAA, PHI can be shared with family members involved
in the patient’s care if the patient is present and does not object.
QUESTION# 4
Which of the following methods is considered acceptable for deidentifying
health information under HIPAA?
A. Removing only the patient’s name and Social Security number from the
health records.
B. Encrypting the health information and keeping the encryption key in a
separate, secure location.
C. Correct: Stripping all identifiers such as names, geographic data
smaller than a state, and all elements of dates related to the
individual.
D. Using patient initials instead of full names while leaving other
identifiers intact.
Feedback: The Safe Harbor Method involves removing specific identifiers to
ensure that health information is de-identified in compliance with HIPAA
standards. To meet the safe harbor method, the following 18 identifiers must
be removed:
1. Names.
2. All geographic subdivisions smaller than a state, except for the initial three
digits of a ZIP code if, according to the current publicly available data from
the Bureau of the Census:
a. The geographic unit formed by combining all ZIP codes with the same
three initial digits contains more than 20,000 people; and
