Privacy Act and HIPAA Clinical
Refresher Questions and Answers |
Latest Version | 2025/2026 | Correct &
Verified
Which of the following is considered Protected Health Information (PHI)?
A. A patient’s favorite color
✔✔B. A patient’s date of birth and diagnosis
C. A doctor’s professional license number
D. A hospital’s address
When can a healthcare provider share patient information without consent?
A. To friends asking about the patient
✔✔B. For treatment, payment, or healthcare operations
C. To a neighbor curious about the patient’s health
D. For social media posts
Which of the following is an example of a HIPAA violation?
✔✔A. Leaving a patient’s chart open where others can see it
1
,B. Using encrypted email for communication
C. Locking patient files in a secure cabinet
D. Discussing patient care in a private office
What is required before disclosing PHI to a third party for research?
A. Nothing, research is always allowed
✔✔B. Patient authorization or an IRB waiver
C. Only the researcher’s request letter
D. Oral permission from a nurse
Which law gives patients the right to access their own medical records?
A. FERPA
B. OSHA
✔✔C. HIPAA
D. HITECH
How long must healthcare providers retain HIPAA-related documents?
A. 1 year
2
, B. 3 years
✔✔C. 6 years
D. 10 years
Which of the following is a patient right under HIPAA?
A. The right to delete records permanently
✔✔B. The right to request corrections to records
C. The right to stop all billing
D. The right to refuse all care
What is the minimum necessary rule in HIPAA?
A. Providers must always share all information
B. Patients cannot limit disclosures
✔✔C. Only share the least amount of PHI needed to do the job
D. Employees may access all files
Which of these is an administrative safeguard for HIPAA?
✔✔A. Training employees on privacy policies
3
Refresher Questions and Answers |
Latest Version | 2025/2026 | Correct &
Verified
Which of the following is considered Protected Health Information (PHI)?
A. A patient’s favorite color
✔✔B. A patient’s date of birth and diagnosis
C. A doctor’s professional license number
D. A hospital’s address
When can a healthcare provider share patient information without consent?
A. To friends asking about the patient
✔✔B. For treatment, payment, or healthcare operations
C. To a neighbor curious about the patient’s health
D. For social media posts
Which of the following is an example of a HIPAA violation?
✔✔A. Leaving a patient’s chart open where others can see it
1
,B. Using encrypted email for communication
C. Locking patient files in a secure cabinet
D. Discussing patient care in a private office
What is required before disclosing PHI to a third party for research?
A. Nothing, research is always allowed
✔✔B. Patient authorization or an IRB waiver
C. Only the researcher’s request letter
D. Oral permission from a nurse
Which law gives patients the right to access their own medical records?
A. FERPA
B. OSHA
✔✔C. HIPAA
D. HITECH
How long must healthcare providers retain HIPAA-related documents?
A. 1 year
2
, B. 3 years
✔✔C. 6 years
D. 10 years
Which of the following is a patient right under HIPAA?
A. The right to delete records permanently
✔✔B. The right to request corrections to records
C. The right to stop all billing
D. The right to refuse all care
What is the minimum necessary rule in HIPAA?
A. Providers must always share all information
B. Patients cannot limit disclosures
✔✔C. Only share the least amount of PHI needed to do the job
D. Employees may access all files
Which of these is an administrative safeguard for HIPAA?
✔✔A. Training employees on privacy policies
3
