DWC: HIPPA REVIEW PRACTICE EXAM
TEST.
Once health information has been de-identified, which of the following is true - CORRECT ANSWER there
are no restrictions on its use or disclosure
HIPAA is an acronym for - CORRECT ANSWER Health Insurance Portability and Accountability Act of 1996
To de-identify health information you must remove at least - CORRECT ANSWER all of the above and
many more
The types of organizations that HIPAA applies to are known as - CORRECT ANSWER covered entities
A covered entity can be the business associate of another covered entity. - CORRECT ANSWER True
Persons or organizations, who are not members of a covered entity's workforce, that perform certain
functions on behalf of, or provide services to, a covered entity that involve the use of health information
are known as - CORRECT ANSWER business associates
Under HIPAA, the acronym PHI stands for - CORRECT ANSWER protected health information
The designation of a Privacy Officer by a covered entity is optional. - CORRECT ANSWER False
Which of the following are administrative requirements that covered entities must implement -
CORRECT ANSWER all of the above
In order to be a covered entity, a health care provider must electronically transmit health information in
connection with certain HIPAA transactions. - CORRECT ANSWER True
There are two methods to de-identify health information: a formal determination by a qualified
statistician, or by the removal of specified identifiers. - CORRECT ANSWER True
, Prior to HIPAA, no generally accepted standards or requirements for protecting health information
existed in the health care industry. - CORRECT ANSWER True
Which one of these groups is NOT typically covered under HIPAA - CORRECT ANSWER health spas
HIPAA is - CORRECT ANSWER Federal legislation
An authorization is NOT required under which circumstance: - CORRECT ANSWER All of the above
How many categories of Public Interest and Benefit Activities disclosures are there - CORRECT ANSWER
Twelve
A covered entity MUST disclose protected health information in only these two situations. - CORRECT
ANSWER To an individual who requests access and to U.S. Health and Human Services pursuant to an
investigation
A covered entity may not use or disclose protected health information EXCEPT in these two situations -
CORRECT ANSWER As the individual authorizes in writing and as the Privacy rule permits
An individual must first sign an authorization to obtain access to his or her own PHI - CORRECT ANSWER
False
Under the "Minimum Necessary" standard, a covered entity must: - CORRECT ANSWER both A and C
An authorization is NOT required for disclosures relating to treatment, payment or health care
operations. - CORRECT ANSWER True
Besides the HIPAA regulations, you can obtain additional written guidance from: - CORRECT ANSWER
Both A and B
Which of the following is NOT a requirement for a valid authorization? - CORRECT ANSWER notarization
TEST.
Once health information has been de-identified, which of the following is true - CORRECT ANSWER there
are no restrictions on its use or disclosure
HIPAA is an acronym for - CORRECT ANSWER Health Insurance Portability and Accountability Act of 1996
To de-identify health information you must remove at least - CORRECT ANSWER all of the above and
many more
The types of organizations that HIPAA applies to are known as - CORRECT ANSWER covered entities
A covered entity can be the business associate of another covered entity. - CORRECT ANSWER True
Persons or organizations, who are not members of a covered entity's workforce, that perform certain
functions on behalf of, or provide services to, a covered entity that involve the use of health information
are known as - CORRECT ANSWER business associates
Under HIPAA, the acronym PHI stands for - CORRECT ANSWER protected health information
The designation of a Privacy Officer by a covered entity is optional. - CORRECT ANSWER False
Which of the following are administrative requirements that covered entities must implement -
CORRECT ANSWER all of the above
In order to be a covered entity, a health care provider must electronically transmit health information in
connection with certain HIPAA transactions. - CORRECT ANSWER True
There are two methods to de-identify health information: a formal determination by a qualified
statistician, or by the removal of specified identifiers. - CORRECT ANSWER True
, Prior to HIPAA, no generally accepted standards or requirements for protecting health information
existed in the health care industry. - CORRECT ANSWER True
Which one of these groups is NOT typically covered under HIPAA - CORRECT ANSWER health spas
HIPAA is - CORRECT ANSWER Federal legislation
An authorization is NOT required under which circumstance: - CORRECT ANSWER All of the above
How many categories of Public Interest and Benefit Activities disclosures are there - CORRECT ANSWER
Twelve
A covered entity MUST disclose protected health information in only these two situations. - CORRECT
ANSWER To an individual who requests access and to U.S. Health and Human Services pursuant to an
investigation
A covered entity may not use or disclose protected health information EXCEPT in these two situations -
CORRECT ANSWER As the individual authorizes in writing and as the Privacy rule permits
An individual must first sign an authorization to obtain access to his or her own PHI - CORRECT ANSWER
False
Under the "Minimum Necessary" standard, a covered entity must: - CORRECT ANSWER both A and C
An authorization is NOT required for disclosures relating to treatment, payment or health care
operations. - CORRECT ANSWER True
Besides the HIPAA regulations, you can obtain additional written guidance from: - CORRECT ANSWER
Both A and B
Which of the following is NOT a requirement for a valid authorization? - CORRECT ANSWER notarization
