HIPAA AND PRIVACY ACT TRAINING EXAM
SCRIPT 2026 QUESTIONS WITH SOLUTIONS
GRADED A+
◉ If an individual believes that a DoD covered entity (CE) is not
complying with HIPAA, he or she may file a complaint with the:
Answer: All of the above
◉ Technical safeguards are: Answer: Information technology and the
associated policies and procedures that are used to protect and
control access to ePHI
◉ A Privacy Impact Assessment (PIA) is an analysis of how
information is handled: Answer: All of the above
◉ A breach as defined by the DoD is broader than a HIPAA breach
(or breach defined by HHS). Answer: True
◉ Which of the following are breach prevention best practices?
Answer: All of the above
◉ An incidental use or disclosure is not a violation of the HIPAA
Privacy Rule if the covered entity (CE) has: Answer: All of the above
, ◉ Under the Privacy Act, individuals have the right to request
amendments of their records contained in a system of records.
Answer: True
◉ Which HHS Office is charged with protecting an individual
patient's health information privacy and security through the
enforcement of HIPAA? Answer: Office for Civil Rights (OCR)
◉ Physical safeguards are: Answer: Physical measures, including
policies and procedures that are used to protect electronic
information systems and related buildings and equipment, from
natural and environmental hazards, and unauthorized intrusion
◉ Which of the following would be considered PHI? Answer: An
individual's first and last name and the medical diagnosis in a
physician's progress report
◉ The minimum necessary standard: Answer: All of the above
◉ Under HIPAA, a covered entity (CE) is defined as: Answer: All of
the above
SCRIPT 2026 QUESTIONS WITH SOLUTIONS
GRADED A+
◉ If an individual believes that a DoD covered entity (CE) is not
complying with HIPAA, he or she may file a complaint with the:
Answer: All of the above
◉ Technical safeguards are: Answer: Information technology and the
associated policies and procedures that are used to protect and
control access to ePHI
◉ A Privacy Impact Assessment (PIA) is an analysis of how
information is handled: Answer: All of the above
◉ A breach as defined by the DoD is broader than a HIPAA breach
(or breach defined by HHS). Answer: True
◉ Which of the following are breach prevention best practices?
Answer: All of the above
◉ An incidental use or disclosure is not a violation of the HIPAA
Privacy Rule if the covered entity (CE) has: Answer: All of the above
, ◉ Under the Privacy Act, individuals have the right to request
amendments of their records contained in a system of records.
Answer: True
◉ Which HHS Office is charged with protecting an individual
patient's health information privacy and security through the
enforcement of HIPAA? Answer: Office for Civil Rights (OCR)
◉ Physical safeguards are: Answer: Physical measures, including
policies and procedures that are used to protect electronic
information systems and related buildings and equipment, from
natural and environmental hazards, and unauthorized intrusion
◉ Which of the following would be considered PHI? Answer: An
individual's first and last name and the medical diagnosis in a
physician's progress report
◉ The minimum necessary standard: Answer: All of the above
◉ Under HIPAA, a covered entity (CE) is defined as: Answer: All of
the above
