HIPAA Privacy & Security Quiz

20 Questions | Total Attempts: 514

SettingsSettingsSettings
Please wait...
HIPAA Privacy & Security Quiz

This quiz is based off of the HIPAA Training & Awareness Powerpoint. Please print your results for your records.


Questions and Answers
  • 1. 
    PART 1 – HIPAA PRIVACY TRAINING1. What does “HIPAA” stand for?
    • A. 

      A. Health Insurance Portability and Accountability Act

    • B. 

      B. Health Industry Privacy and Accountability Act

    • C. 

      C. Health Insurance Privacy and Administration Act

    • D. 

      D. None of the above

  • 2. 
    2. The HIPAA Privacy Rule establishes national standards to protect individual’s medical records and other PHI. The Privacy Rule requires appropriate safeguards to protect the privacy of PHI, and set limits and conditions on the uses and disclosures that may be made of such information without patient authorization.
    • A. 

      True

    • B. 

      False

  • 3. 
    3. What is PHI (Protected Health Information)?
    • A. 

      A. Covered transactions (eligibility, enrollment, health care claims, payment, etc.) performed electronically

    • B. 

      B. Information about past or present mental or physical conditions of a patient

    • C. 

      C. Information that can be used to identify a patient

    • D. 

      D. All of the above

  • 4. 
    4. What does HIPAA do?
    • A. 

      A. Protects the privacy and security of patient’s health information

    • B. 

      B. Provides for electronic and physical security of a patient’s health information

    • C. 

      C. Prevent health care fraud and abuse

    • D. 

      D. All of the above

  • 5. 
    5. Under the right to Access, healthcare employees have the right to access their family members’ medical records directly, utilizing job-related access such as hospital information and medical records.
    • A. 

      True

    • B. 

      False

  • 6. 
    6. When can you use or disclose PHI?
    • A. 

      A. For the treatment of a patient

    • B. 

      B. For obtaining payment for services

    • C. 

      C. When the patient has authorized, in writing to the Covered Entity, allowing the Business Associate to follow the rule of the Covered Entity as described in the Business Associate Agreement

    • D. 

      D. All of the above

    • E. 

      E. None of the above

  • 7. 
    7. Privacy incidents most often occur from:
    • A. 

      A. Loss, damage, theft

    • B. 

      B. Accidentally sending a report containing PII to a person not authorized to view the report

    • C. 

      C. Discussing work related information, such as a person’s medical health record, in a public area

    • D. 

      D. All of the above

  • 8. 
    8. What is the possible consequences of Privacy Violations?
    • A. 

      A. Employee disciplinary actions

    • B. 

      B. Civil Monetary Penalties/ Fines

    • C. 

      C. Criminal Charges

    • D. 

      D. All of the above

  • 9. 
    9. Who at NJII must follow HIPAA Regulations?
    • A. 

      A. Every NJII employee, as we are the Business Associate for Covered Entities

    • B. 

      B. Only Upper Management

    • C. 

      C. Only the HIPAA Privacy and Security Officers

    • D. 

      D. None of the above

  • 10. 
    PART 2 – HIPAA SECURITY TRAINING10. HIPAA Security Rule addresses the privacy protection of ePHI. This rule defines standards, procedures, and methods for protecting ePHI with attention to how PHI is stored, accessed, transmitted, and audited. 
    • A. 

      True

    • B. 

      False

  • 11. 
    11. HIPAA Security Rule addresses which aspects of security
    • A. 

      A. Administrative Safeguards

    • B. 

      B. Physical Safeguards

    • C. 

      C. Technical Safeguards

    • D. 

      D. All of the Above

    • E. 

      E. None of the above

  • 12. 
    12. It is okay for me to share my User Name and Password Credentials because I know the person. 
    • A. 

      True

    • B. 

      False

  • 13. 
    13. Which workstation security safeguards are YOU responsible for using and/or protecting?
    • A. 

      A. User ID

    • B. 

      B. Password

    • C. 

      C. Log-off / Lock security measures

    • D. 

      D. All of the above

  • 14. 
    14. To guard against unauthorized access to ePHI that is being sent via email, you must ensure appropriate safeguard measures are take. For example: the Email is encrypted, Word or Excel Documents are encrypted or password protected, implementing the Minimum Necessary Requirements, or De-identification of PHI is being used. 
    • A. 

      True

    • B. 

      False

  • 15. 
    15. Which of these below is part of Technical Safeguards?
    • A. 

      A. Access Control

    • B. 

      B. Audit Control

    • C. 

      C. Integrity Control

    • D. 

      D. Transmission Security

    • E. 

      E. A and B only

    • F. 

      F. All of the above

  • 16. 
    16. For strong password protection you should use which of the following?
    • A. 

      A. Don’t use upper or capital letters or characters

    • B. 

      B. Use at least 8 characters, upper and lower case letter, numbers, and characters

    • C. 

      C. Use an easy and generic password so you remember it better

    • D. 

      D. None of the above

  • 17. 
    17. What is the goal of information security?
    • A. 

      A. Ensure that employee passwords contain at last 8 characters

    • B. 

      B. Eliminate all threat to information systems

    • C. 

      C. Provide a lock for all file cabinets in the building

    • D. 

      D. Protect the confidentiality, availability, and integrity of information and information systems

  • 18. 
    PART 3 – HITECH TRAINING18. Protected information can include information in any form or medium, including electronic, paper, or verbal form. 
    • A. 

      True

    • B. 

      False

  • 19. 
    19. We have established an Incident Management Policy & an Incident Response Team to focus on Incident Response, should a breach or incident occur. To your knowledge, what should be the first thing you do?   
    • A. 

      A. Call the Police

    • B. 

      B. Contact the Board of Directors

    • C. 

      C. Tell the whole office staff about the situation

    • D. 

      D. Immediately contact your Direct Report, contact the Incident Response Team ([email protected]), and contact the IT Department. (Be sure to complete the Incident Response Form.)

  • 20. 
    20. It is acceptable to wait to report a breach or incident until you personally try to figure out what happened.
    • A. 

      True

    • B. 

      False

Back to Top Back to top