RHIA Domain 5 Study Questions and Answers | Latest Version | 2025/2026 | Correct & Verified

RHIA Domain 5 Study Questions and
Answers | Latest Version | 2025/2026 |
Correct & Verified
Which of the following is a potential consequence of failing to follow HIPAA security rules?

A) Staff training

✔✔B) Civil and criminal penalties, fines, and reputational harm

C) More efficient EHR usage

D) Increased patient engagement



Which of the following is an example of safeguarding PHI in emails?

A) Sending PHI unencrypted to colleagues

✔✔B) Encrypting emails containing PHI

C) Forwarding PHI to personal email

D) Printing and leaving emails on desks



Which of the following is part of risk management in HIM?

A) Clinical care

✔✔B) Identifying and mitigating threats to ePHI

C) Billing workflow

D) Appointment scheduling



Which of the following describes a HIPAA-covered entity?


1

,A) Any IT company

✔✔B) Healthcare providers, health plans, and healthcare clearinghouses

C) Schools

D) Retail companies



Which of the following is an example of improper access to PHI?

A) Physician reviewing patient chart

✔✔B) Administrative staff checking a neighbor’s medical record without authorization

C) Nurse viewing assigned patient chart

D) Auditor reviewing records with consent



Which of the following is a required HIPAA security safeguard for electronic records?

A) Paper shredding

✔✔B) Access control and audit trails

C) Posting patient info publicly

D) Open workstation access



Which of the following is part of business associate responsibilities?

A) Approve medical treatment

✔✔B) Protect PHI according to HIPAA rules

C) Schedule patient appointments

D) Provide clinical care



2

,Which of the following is a common method of protecting portable storage devices containing

PHI?

A) Leaving them unlocked

B) Sharing among colleagues

✔✔C) Encrypting and securely storing when not in use

D) Writing passwords on paper next to the device



Which of the following demonstrates compliance with HIPAA’s minimum necessary standard?

A) Sharing all patient records with the billing department

B) Giving all staff full access to the EHR

✔✔C) Only providing PHI needed to perform job duties

D) Posting PHI on bulletin boards



Which law mandates the protection of electronic protected health information (ePHI)?

A) ADA

B) HITECH

✔✔C) HIPAA

D) FERPA



What is the purpose of access controls in an EHR system?

A) Ensure backup is complete

B) Increase system speed

✔✔C) Limit access based on user roles

3

, D) Notify patients automatically



Which of the following is an example of a technical safeguard?

A) Employee confidentiality agreement

B) Privacy policy manual

✔✔C) Encryption of health data

D) HIPAA training session



What does PHI stand for?

A) Patient Health Indicator

✔✔B) Protected Health Information

C) Personal Health Index

D) Public Health Initiative



Which action would be considered a breach of HIPAA privacy rules?

A) Sharing treatment information with the patient

✔✔B) Sending a patient’s record to a friend without authorization

C) Reviewing your own medical record

D) Discussing general statistics without identifiers



What is the purpose of audit trails in health information systems?

A) Measure patient satisfaction

✔✔B) Track access and activity of users

4