#1
What does HIPAA stand for?
Health Insurance Portability and Accountability Act
Healthcare Information Privacy and Assurance Act
Human Immunodeficiency Virus Protection and Authorization Act
Hazardous Incident Prevention and Authorization Act
#2
Which of the following is an example of an 'Incidental Disclosure' under HIPAA?
Sharing PHI for treatment purposes
Unintentional disclosure during an otherwise permitted use or disclosure
Patient's explicit consent for disclosure
Providing PHI to law enforcement without a warrant
#3
Under HIPAA, which of the following entities is considered a covered entity?
A local grocery store
A fitness trainer
A healthcare provider that transmits health information electronically
A pet grooming service
#4
In the context of HIPAA, what is the purpose of the Privacy Rule?
To ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI)
To establish guidelines for medical billing
To protect the privacy of individually identifiable health information
To enforce mandatory vaccinations for healthcare workers
#5
What is the purpose of the HIPAA Administrative Simplification provisions?
To establish guidelines for reporting breaches of unsecured PHI
To ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI)
To simplify the administration of healthcare services
To define the rights of patients to access their health information
#6
Which of the following is NOT considered Protected Health Information (PHI) under HIPAA?
Patient's name and address
Medical record numbers
Email addresses without patient's name
Social Security numbers
#7
What is the primary goal of the Security Rule in HIPAA?
To ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI)
To establish guidelines for medical billing
To regulate the physical security of healthcare facilities
To enforce mandatory vaccinations for healthcare workers
#8
Which HIPAA rule addresses the privacy of individually identifiable health information?
Security Rule
Breach Notification Rule
Privacy Rule
Enforcement Rule
#9
In the context of HIPAA, what does the term 'Business Associate' refer to?
Any healthcare professional
A covered entity providing healthcare services
A person or organization that performs functions on behalf of a covered entity involving the use or disclosure of PHI
A healthcare insurance provider
#10
What is the purpose of the HIPAA Enforcement Rule?
To regulate the physical security of healthcare facilities
To establish procedures for investigating and enforcing compliance with HIPAA rules
To define the rights of patients to access their health information
To enforce security measures in healthcare facilities
#11
What is the concept of 'Minimum Necessary' under the HIPAA Privacy Rule?
Only disclosing the maximum amount of PHI necessary for a particular purpose
Sharing all available patient information with any healthcare professional
Keeping all patient information confidential, regardless of the circumstances
Disclosing every detail of a patient's medical history upon request
#12
Who is responsible for enforcing and investigating HIPAA violations?
Centers for Disease Control and Prevention (CDC)
Food and Drug Administration (FDA)
Office for Civil Rights (OCR)
Department of Health and Human Services (HHS)
#13
What is the maximum penalty for a HIPAA violation for willful neglect and is not corrected within 30 days?
$10,000
$50,000
$100,000
$1.5 million
#14
What is the purpose of the Breach Notification Rule in HIPAA?
To define the rights of patients to access their health information
To establish guidelines for reporting breaches of unsecured PHI
To regulate the use of electronic health records
To enforce security measures in healthcare facilities
#15
Under HIPAA, how long do covered entities have to retain documentation of their privacy policies and procedures?
2 years
5 years
10 years
Indefinitely
#16
Which of the following is a requirement for a valid authorization for the use or disclosure of PHI under HIPAA?
The authorization must be written in any language understood by the patient
The authorization must be valid for 5 years
The authorization must specify the purposes for which the information may be used
The authorization is not required for any disclosure of PHI
#17
What is the role of the HIPAA Privacy Officer in a covered entity?
To enforce security measures in healthcare facilities
To investigate and enforce compliance with HIPAA rules
To develop and implement policies and procedures for HIPAA compliance
To regulate the physical security of healthcare facilities