Questions and Answers
1. In which of the following circumstances must an individual be given the
opportunity to agree or object to the use and disclosure of their PHI?
Answer -Before PHI directly relevant to a persons involvement with the individual's care or
payment of health care is shared with that person.
-Before their information is included in a facility directory
(select both of those)
2. Which of the following statements about the HIPAA Security Rule
are true?
Answer All of the above
3. Administrative safeguards are
1/
6
, Answer Administrative actions, and policies and procedures that are used to
manage the selection, development, implementation and maintenance of security measures to protect
electronic PHI
(ePHI). These safeguards also outline how to manage the conduct of the workforce in relation to the
protection of ePHI
4. Physical safeguards are
Answer Physical measures, including policies and procedures that are used to protect electronic
information systems and related buildings and equipment, from natural and environmental hazards,
and unauthorized intrusion
5. Technical safeguards are
Answer Information technology and the associated policies and procedures that are
used to protect and control access to Ephi
6. Which HHS Office is charged with protecting an individual patient's
2/
6