RHIA Domain 5 Study Questions and
Answers | Latest Version | 2025/2026 |
Correct & Verified
Which of the following is a potential consequence of failing to follow HIPAA security rules?
A) Staff training
✔✔B) Civil and criminal penalties, fines, and reputational harm
C) More efficient EHR usage
D) Increased patient engagement
Which of the following is an example of safeguarding PHI in emails?
A) Sending PHI unencrypted to colleagues
✔✔B) Encrypting emails containing PHI
C) Forwarding PHI to personal email
D) Printing and leaving emails on desks
Which of the following is part of risk management in HIM?
A) Clinical care
✔✔B) Identifying and mitigating threats to ePHI
C) Billing workflow
D) Appointment scheduling
Which of the following describes a HIPAA-covered entity?
1
,A) Any IT company
✔✔B) Healthcare providers, health plans, and healthcare clearinghouses
C) Schools
D) Retail companies
Which of the following is an example of improper access to PHI?
A) Physician reviewing patient chart
✔✔B) Administrative staff checking a neighbor’s medical record without authorization
C) Nurse viewing assigned patient chart
D) Auditor reviewing records with consent
Which of the following is a required HIPAA security safeguard for electronic records?
A) Paper shredding
✔✔B) Access control and audit trails
C) Posting patient info publicly
D) Open workstation access
Which of the following is part of business associate responsibilities?
A) Approve medical treatment
✔✔B) Protect PHI according to HIPAA rules
C) Schedule patient appointments
D) Provide clinical care
2
,Which of the following is a common method of protecting portable storage devices containing
PHI?
A) Leaving them unlocked
B) Sharing among colleagues
✔✔C) Encrypting and securely storing when not in use
D) Writing passwords on paper next to the device
Which of the following demonstrates compliance with HIPAA’s minimum necessary standard?
A) Sharing all patient records with the billing department
B) Giving all staff full access to the EHR
✔✔C) Only providing PHI needed to perform job duties
D) Posting PHI on bulletin boards
Which law mandates the protection of electronic protected health information (ePHI)?
A) ADA
B) HITECH
✔✔C) HIPAA
D) FERPA
What is the purpose of access controls in an EHR system?
A) Ensure backup is complete
B) Increase system speed
✔✔C) Limit access based on user roles
3
, D) Notify patients automatically
Which of the following is an example of a technical safeguard?
A) Employee confidentiality agreement
B) Privacy policy manual
✔✔C) Encryption of health data
D) HIPAA training session
What does PHI stand for?
A) Patient Health Indicator
✔✔B) Protected Health Information
C) Personal Health Index
D) Public Health Initiative
Which action would be considered a breach of HIPAA privacy rules?
A) Sharing treatment information with the patient
✔✔B) Sending a patient’s record to a friend without authorization
C) Reviewing your own medical record
D) Discussing general statistics without identifiers
What is the purpose of audit trails in health information systems?
A) Measure patient satisfaction
✔✔B) Track access and activity of users
4
Answers | Latest Version | 2025/2026 |
Correct & Verified
Which of the following is a potential consequence of failing to follow HIPAA security rules?
A) Staff training
✔✔B) Civil and criminal penalties, fines, and reputational harm
C) More efficient EHR usage
D) Increased patient engagement
Which of the following is an example of safeguarding PHI in emails?
A) Sending PHI unencrypted to colleagues
✔✔B) Encrypting emails containing PHI
C) Forwarding PHI to personal email
D) Printing and leaving emails on desks
Which of the following is part of risk management in HIM?
A) Clinical care
✔✔B) Identifying and mitigating threats to ePHI
C) Billing workflow
D) Appointment scheduling
Which of the following describes a HIPAA-covered entity?
1
,A) Any IT company
✔✔B) Healthcare providers, health plans, and healthcare clearinghouses
C) Schools
D) Retail companies
Which of the following is an example of improper access to PHI?
A) Physician reviewing patient chart
✔✔B) Administrative staff checking a neighbor’s medical record without authorization
C) Nurse viewing assigned patient chart
D) Auditor reviewing records with consent
Which of the following is a required HIPAA security safeguard for electronic records?
A) Paper shredding
✔✔B) Access control and audit trails
C) Posting patient info publicly
D) Open workstation access
Which of the following is part of business associate responsibilities?
A) Approve medical treatment
✔✔B) Protect PHI according to HIPAA rules
C) Schedule patient appointments
D) Provide clinical care
2
,Which of the following is a common method of protecting portable storage devices containing
PHI?
A) Leaving them unlocked
B) Sharing among colleagues
✔✔C) Encrypting and securely storing when not in use
D) Writing passwords on paper next to the device
Which of the following demonstrates compliance with HIPAA’s minimum necessary standard?
A) Sharing all patient records with the billing department
B) Giving all staff full access to the EHR
✔✔C) Only providing PHI needed to perform job duties
D) Posting PHI on bulletin boards
Which law mandates the protection of electronic protected health information (ePHI)?
A) ADA
B) HITECH
✔✔C) HIPAA
D) FERPA
What is the purpose of access controls in an EHR system?
A) Ensure backup is complete
B) Increase system speed
✔✔C) Limit access based on user roles
3
, D) Notify patients automatically
Which of the following is an example of a technical safeguard?
A) Employee confidentiality agreement
B) Privacy policy manual
✔✔C) Encryption of health data
D) HIPAA training session
What does PHI stand for?
A) Patient Health Indicator
✔✔B) Protected Health Information
C) Personal Health Index
D) Public Health Initiative
Which action would be considered a breach of HIPAA privacy rules?
A) Sharing treatment information with the patient
✔✔B) Sending a patient’s record to a friend without authorization
C) Reviewing your own medical record
D) Discussing general statistics without identifiers
What is the purpose of audit trails in health information systems?
A) Measure patient satisfaction
✔✔B) Track access and activity of users
4
