FREE CHPC HIPAA and Healthcare Privacy Standards Questions and Answers

Which of the following is considered Protected Health Information (PHI) under HIPAA?

Please select 3 correct answers

Patient's medical record number

Email address used for healthcare communication

Age of a patient over 90 years old

State of residence without any other identifiers

Correct! Wrong!

PHI includes any identifiable health information related to a patient’s physical or mental health, healthcare provision, or payment for healthcare. This includes medical record numbers, email addresses, and ages over 89 (considered identifiers under HIPAA due to the small population size). However, general state of residence alone is not PHI unless combined with other identifiers.

What is the main purpose of the HIPAA Privacy Rule?

To ensure healthcare organizations have strong cybersecurity controls

To establish national standards for protecting individuals’ medical records and PHI

To prevent fraud and abuse in healthcare

To create standardized electronic health record (EHR) systems

Correct! Wrong!

The HIPAA Privacy Rule sets national standards for protecting patients' medical records and PHI. It ensures that individuals have rights over their health information, including rights to access, amend, and restrict the disclosure of their PHI.

A healthcare organization experiences a data breach involving the exposure of unencrypted PHI. What steps must they take according to the HIPAA Breach Notification Rule?

Please select 3 correct answers

Notify affected individuals within 60 days of discovering the breach

Report the breach to the Office for Civil Rights (OCR)

Notify local law enforcement immediately

Provide notification to the media if the breach affects more than 500 individuals

Correct! Wrong!

Under the HIPAA Breach Notification Rule, organizations must:
Notify affected individuals within 60 days. Report the breach to the OCR. Notify the media if more than 500 individuals are affected. Law enforcement notification is not mandatory unless required by other regulations or circumstances.

Which of the following scenarios would NOT be considered a HIPAA violation?

A nurse discusses a patient’s condition with a friend without authorization

A doctor shares PHI with a business associate under a signed Business Associate Agreement (BAA)

A receptionist leaves a list of patient names and phone numbers in a public area

A billing clerk accesses a patient’s record without a legitimate need

Correct! Wrong!

Under HIPAA, PHI can be shared with a business associate if there is a signed Business Associate Agreement (BAA) ensuring the associate complies with HIPAA requirements. The other options involve unauthorized access or disclosure, which would be considered HIPAA violations.

What rights does a patient have under the HIPAA Privacy Rule?

Please select 3 correct answers

The right to access and obtain copies of their medical records

The right to request an amendment to their medical records

The right to delete all their PHI upon request

The right to receive a list of disclosures of their PHI

Correct! Wrong!

Access and obtain copies of their medical records. Request amendments to their records if they believe information is incorrect. Receive an accounting of disclosures (a list of when their PHI was shared outside treatment, payment, and operations). However, patients cannot request deletion of PHI under HIPAA, as healthcare organizations are legally required to maintain certain records.

FREE CHPC HIPAA and Healthcare Privacy Standards Questions and Answers

Which of the following is considered Protected Health Information (PHI) under HIPAA?

What is the main purpose of the HIPAA Privacy Rule?

A healthcare organization experiences a data breach involving the exposure of unencrypted PHI. What steps must they take according to the HIPAA Breach Notification Rule?

Which of the following scenarios would NOT be considered a HIPAA violation?

What rights does a patient have under the HIPAA Privacy Rule?

Related Post