1. B

Protects patient data confidentiality and integrity.

2. B

Includes any identifiable information tied to health conditions.

3. C

Employees must know how to protect PHI.

4. B

Adults learn best when content applies immediately to their work.

5. B

Privacy violation occurs when data is shared improperly.

6. B

Ensures third parties safeguard PHI.

7. A

Focuses on electronic PHI security.

8. C

Medical record numbers identify patients directly.

9. C

HIPAA mandates notification within 60 days.

10. A

Only necessary data should be accessed or used.

11. B

OCR enforces HIPAA compliance.

12. B

Scenarios help learners apply regulations in context.

13. A

Firewalls protect ePHI from external threats.

14. A

Case studies help demonstrate real impact.

15. D

Life insurance agencies aren’t covered entities.

16. B

Adults prefer practical and relevant learning.

17. C

Encryption prevents unauthorized data access.

18. C

Leaving files visible is a breach risk.

19. A

Covered entities are providers transmitting health data.

20. B

Outlines how PHI may be used or disclosed.

21. C

Regular analyses identify security risks.

22. B

Access must be provided promptly upon request.

23. C

Annual or as-needed retraining ensures compliance.

24. B

Physical security measures protect PHI.

25. A

Covers all PHI forms—paper, oral, electronic.

26. B

Violations can result in severe fines or jail.

27. B

Public health disclosures are exceptions.

28. B

Large breaches require media and HHS notification.

29. B

Assessments reinforce key principles.

30. A

De-identified means removing all personal identifiers.

31. C

Marketing uses require explicit consent.

32. B

Prompt reporting prevents greater harm.

33. A

Mentors should model correct privacy practices.

34. D

Marketing isn’t part of the Security Rule.

35. B

Signed documentation proves compliance effort.

36. B

Patients can request corrections to inaccurate data.

37. A

Constructive feedback reinforces learning.

38. C

A zip code alone doesn’t identify individuals.

39. A

Discussing PHI publicly violates the Privacy Rule.