HIPPA FINAL PAPER 2026 QUESTIONS WITH
ANSWERS GRADED A+
◉ The Security Rule requires covered entities to maintain reasonable
and appropriate _____ for protecting e-PHI. Answer: administrative,
technical, and physical safeguards
◉ Does this description represent Required or Addressable according to
the Security Rule?
The given standard is mandatory and, therefore, must be complied with.
Answer: Required
◉ Which of the following are administrative safeguards according to
HIPAA's Security Rule: (mark 3 of the 4 options) Answer: Assign a
privacy officer
Implement employee training
Review policies and procedures
, ◉ Which of the following are technical safeguards according to
HIPAA's Security Rule: (Mark 3 of the 4 options) Answer: Assign a
unique name and/or number for identifying and tracking user identity
Establish (and implement as needed) procedures for obtaining necessary
ePHI during an emergency
Implement a mechanism to encrypt and decrypt ePHI
◉ Which of the following are physical safeguards according to HIPAA's
Security Rule: Answer: E. [all others]
◉ Which is NOT considered best practices to meet HIPAA's Security
Rule: Answer: Do not set a timed lock-screen to avoid leaving live
computer/tablet/phone screens unattended
◉ I work at a BA that manages billing for physicians. I took a screenshot
of a screen that showed some pieces of PHI and emailed it to our IT
department so they could help with an IT issue I am having. I am not
sure if we have a BAA with our email provider. Answer: B. Security
Rule not met
◉ In my office, the computers that have ePHI stored on them are all
located in a special room that has a key fob to enter. Only specific roles
have access to those key fobs. Answer: A. Security Rule met
ANSWERS GRADED A+
◉ The Security Rule requires covered entities to maintain reasonable
and appropriate _____ for protecting e-PHI. Answer: administrative,
technical, and physical safeguards
◉ Does this description represent Required or Addressable according to
the Security Rule?
The given standard is mandatory and, therefore, must be complied with.
Answer: Required
◉ Which of the following are administrative safeguards according to
HIPAA's Security Rule: (mark 3 of the 4 options) Answer: Assign a
privacy officer
Implement employee training
Review policies and procedures
, ◉ Which of the following are technical safeguards according to
HIPAA's Security Rule: (Mark 3 of the 4 options) Answer: Assign a
unique name and/or number for identifying and tracking user identity
Establish (and implement as needed) procedures for obtaining necessary
ePHI during an emergency
Implement a mechanism to encrypt and decrypt ePHI
◉ Which of the following are physical safeguards according to HIPAA's
Security Rule: Answer: E. [all others]
◉ Which is NOT considered best practices to meet HIPAA's Security
Rule: Answer: Do not set a timed lock-screen to avoid leaving live
computer/tablet/phone screens unattended
◉ I work at a BA that manages billing for physicians. I took a screenshot
of a screen that showed some pieces of PHI and emailed it to our IT
department so they could help with an IT issue I am having. I am not
sure if we have a BAA with our email provider. Answer: B. Security
Rule not met
◉ In my office, the computers that have ePHI stored on them are all
located in a special room that has a key fob to enter. Only specific roles
have access to those key fobs. Answer: A. Security Rule met
