HIPAA PRACTICE TEST EXAM 2025
QUESTIONS AND ANSWERS
For PHI disclosures in which their is personal gain, or for malicious purposes, federal penalties
can include up to _____ year(s) in prison. - ANS A. 10
Which of the following would be considered a Business Associate?
A. covered entity
B. government agency
C. documentation consultant
D. healthcare provider - ANS C. Documentation Consultant
The HIPAA Security Rule protects:
A. electronic data
B. written data
1 @COPYRIGHT THESTAR 2025/2026
,C. verbal data - ANS A. Electronic data
PHI can be recorded on paper or verbally. The electronic documentation of PHI is not covered
under the HIPAA rules.
A. False
B. True - ANS A. False
If you suspect someone is violating the healthcare facility's privacy policy, you should:
A. Report the activity to your supervisor for further follow-up
B. Approach the person yourself and inform them of the correct way to do things.
C. Say nothing.
D. Watch the person closely in order to determine that you are correct with your suspicions. -
ANS A. Report the activity to your supervisor for further follow-up
Under HIPAA, as part of a patient's right to restrict their PHI, a patient can request that they not
be listed in the patient directory:
A. False
B. True - ANS B. True
2 @COPYRIGHT THESTAR 2025/2026
, The development of policies and procedures that address e-PHI security would fall under which
type of safeguard required by the Security Rule of HIPAA?
A. administrative
B. electronic
C. technical
D. physical - ANS A. administrative
A healthcare employee's access to PHI is usually determined by their:
A. Education
B. Job duties in the healthcare organization.
C. Length of employment - ANS B. Job duties in the healthcare organization.
What does the abbreviation NPP represent in relation to HIPAA?
A. Notice of Privacy Practices
B. Notice of Potential Problems
C. Notice of Patient Practices
3 @COPYRIGHT THESTAR 2025/2026
QUESTIONS AND ANSWERS
For PHI disclosures in which their is personal gain, or for malicious purposes, federal penalties
can include up to _____ year(s) in prison. - ANS A. 10
Which of the following would be considered a Business Associate?
A. covered entity
B. government agency
C. documentation consultant
D. healthcare provider - ANS C. Documentation Consultant
The HIPAA Security Rule protects:
A. electronic data
B. written data
1 @COPYRIGHT THESTAR 2025/2026
,C. verbal data - ANS A. Electronic data
PHI can be recorded on paper or verbally. The electronic documentation of PHI is not covered
under the HIPAA rules.
A. False
B. True - ANS A. False
If you suspect someone is violating the healthcare facility's privacy policy, you should:
A. Report the activity to your supervisor for further follow-up
B. Approach the person yourself and inform them of the correct way to do things.
C. Say nothing.
D. Watch the person closely in order to determine that you are correct with your suspicions. -
ANS A. Report the activity to your supervisor for further follow-up
Under HIPAA, as part of a patient's right to restrict their PHI, a patient can request that they not
be listed in the patient directory:
A. False
B. True - ANS B. True
2 @COPYRIGHT THESTAR 2025/2026
, The development of policies and procedures that address e-PHI security would fall under which
type of safeguard required by the Security Rule of HIPAA?
A. administrative
B. electronic
C. technical
D. physical - ANS A. administrative
A healthcare employee's access to PHI is usually determined by their:
A. Education
B. Job duties in the healthcare organization.
C. Length of employment - ANS B. Job duties in the healthcare organization.
What does the abbreviation NPP represent in relation to HIPAA?
A. Notice of Privacy Practices
B. Notice of Potential Problems
C. Notice of Patient Practices
3 @COPYRIGHT THESTAR 2025/2026
