HIPAA and Privacy Act Training -JKO
Questions and Answers | Latest
Version | 2025/2026 | Correct & Verified
What information is protected under HIPAA?
✔✔Any data that identifies a patient and relates to their health, treatment, or payment.
Can a nurse share patient information with another nurse on the same shift without consent?
✔✔Yes, if it is necessary for treatment and patient care.
What is a covered entity under HIPAA?
✔✔A healthcare provider, health plan, or healthcare clearinghouse that handles PHI.
When must a HIPAA breach be reported?
✔✔As soon as the breach is discovered, following organizational policies and federal
requirements.
What is a Privacy Officer responsible for?
✔✔Overseeing HIPAA compliance, training, and protecting patient information.
1
,Can PHI be shared for research purposes without patient authorization?
✔✔Yes, if it is de-identified or approved by an Institutional Review Board (IRB).
How should paper medical records be disposed of?
✔✔By shredding, incinerating, or using another secure destruction method.
Is it acceptable to post patient information on a whiteboard for staff reminders?
✔✔No, it is only acceptable if the information is minimal, necessary, and not identifiable to
unauthorized individuals.
What is the purpose of the HIPAA Security Rule?
✔✔To protect electronic PHI with administrative, physical, and technical safeguards.
What is considered a physical safeguard under HIPAA?
✔✔Locked file cabinets, restricted facility access, and secure disposal of PHI.
What does de-identified information mean?
2
, ✔✔Information stripped of all identifiers that could link it to an individual patient.
Can PHI be accessed by employees who are not involved in patient care?
✔✔No, access should be limited to those with a legitimate job-related need.
What is the minimum necessary rule?
✔✔Employees should only access the least amount of PHI needed to perform their duties.
Can patient information be shared with family members during an emergency?
✔✔Yes, if it is in the patient’s best interest and allowed under HIPAA.
How should electronic PHI be protected when transmitted via email?
✔✔Using encryption or secure healthcare portals.
Is it acceptable to talk about a patient in a public area if no names are used?
✔✔No, information could still be identifiable to others.
What is the purpose of a Business Associate Agreement (BAA)?
3
Questions and Answers | Latest
Version | 2025/2026 | Correct & Verified
What information is protected under HIPAA?
✔✔Any data that identifies a patient and relates to their health, treatment, or payment.
Can a nurse share patient information with another nurse on the same shift without consent?
✔✔Yes, if it is necessary for treatment and patient care.
What is a covered entity under HIPAA?
✔✔A healthcare provider, health plan, or healthcare clearinghouse that handles PHI.
When must a HIPAA breach be reported?
✔✔As soon as the breach is discovered, following organizational policies and federal
requirements.
What is a Privacy Officer responsible for?
✔✔Overseeing HIPAA compliance, training, and protecting patient information.
1
,Can PHI be shared for research purposes without patient authorization?
✔✔Yes, if it is de-identified or approved by an Institutional Review Board (IRB).
How should paper medical records be disposed of?
✔✔By shredding, incinerating, or using another secure destruction method.
Is it acceptable to post patient information on a whiteboard for staff reminders?
✔✔No, it is only acceptable if the information is minimal, necessary, and not identifiable to
unauthorized individuals.
What is the purpose of the HIPAA Security Rule?
✔✔To protect electronic PHI with administrative, physical, and technical safeguards.
What is considered a physical safeguard under HIPAA?
✔✔Locked file cabinets, restricted facility access, and secure disposal of PHI.
What does de-identified information mean?
2
, ✔✔Information stripped of all identifiers that could link it to an individual patient.
Can PHI be accessed by employees who are not involved in patient care?
✔✔No, access should be limited to those with a legitimate job-related need.
What is the minimum necessary rule?
✔✔Employees should only access the least amount of PHI needed to perform their duties.
Can patient information be shared with family members during an emergency?
✔✔Yes, if it is in the patient’s best interest and allowed under HIPAA.
How should electronic PHI be protected when transmitted via email?
✔✔Using encryption or secure healthcare portals.
Is it acceptable to talk about a patient in a public area if no names are used?
✔✔No, information could still be identifiable to others.
What is the purpose of a Business Associate Agreement (BAA)?
3
