HIPAA Security Training Test
Quiz-summary
0 of 20 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
Information
HIPAA Security Training Test
|
You must specify a text. |
|
|
You must specify a text. |
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 20 questions answered correctly
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
-
You need to score at least 80% to receive your Certificate of Completion. You may refresh the page to retry.
09-19-2024 -
09-19-2024
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Answered
- Review
-
Question 1 of 20
1. Question
What is HIPAA?
Correct
D. Congress passed the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to give the Department of Health and Human Services (“DHHS”) the authority to regulate the security and privacy of patient information.
Incorrect
D. Congress passed the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to give the Department of Health and Human Services (“DHHS”) the authority to regulate the security and privacy of patient information.
-
Question 2 of 20
2. Question
What is PHI? (select the best answer)
Correct
Although PHI is three letters of the alphabet, the best answer is Protected Health Information. D is almost correct, but covered entities do not have to protect all confidential consumer information under HIPAA, only that portion of such information that is PHI.
Incorrect
Although PHI is three letters of the alphabet, the best answer is Protected Health Information. D is almost correct, but covered entities do not have to protect all confidential consumer information under HIPAA, only that portion of such information that is PHI.
-
Question 3 of 20
3. Question
What is the maximum criminal penalty that you could be subject to if you violate HIPAA?
Correct
A is correct as being the maximum penalty for improperly using or disclosing individually identifiable health information for commercial advantage, personal gain, or malicious harm. D is the penalty for such use or disclosure that is not for the improper reasons specified in A.
Incorrect
A is correct as being the maximum penalty for improperly using or disclosing individually identifiable health information for commercial advantage, personal gain, or malicious harm. D is the penalty for such use or disclosure that is not for the improper reasons specified in A.
-
Question 4 of 20
4. Question
HIPAA requires me to take immediate action, such as intervening and reporting to the proper authority, if I suspect or detect:
Correct
D is correct because HIPAA requires immediate action to report or correct not only an actual breach of confidentiality, but also a violation of HIPAA or your employer’s policies protecting PHI even if they do not result in an actual breach.
Incorrect
D is correct because HIPAA requires immediate action to report or correct not only an actual breach of confidentiality, but also a violation of HIPAA or your employer’s policies protecting PHI even if they do not result in an actual breach.
-
Question 5 of 20
5. Question
What are my obligations as to my employer in regard to HIPAA?
Correct
D is correct. All of the obligations are required.
Incorrect
D is correct. All of the obligations are required.
-
Question 6 of 20
6. Question
HIPAA means that we can ignore other federal and state laws protecting health information.
Correct
B. False. HIPAA preempts (does away with) federal and state law that is inconsistent with HIPAA except, among others, laws that give more privacy protection than HIPAA, such as AIDS, mental health, and substance abuse confidentiality laws. Thus, you must continue to comply with those laws, as well as with HIPAA.
Incorrect
B. False. HIPAA preempts (does away with) federal and state law that is inconsistent with HIPAA except, among others, laws that give more privacy protection than HIPAA, such as AIDS, mental health, and substance abuse confidentiality laws. Thus, you must continue to comply with those laws, as well as with HIPAA.
-
Question 7 of 20
7. Question
Because of my right to privacy, I don’t have to worry about my employer auditing my computer use for HIPAA compliance purposes.
Correct
B. False. In virtually every state and the federal system, an employee does not have an expectation of privacy in his or her employer’s computer equipment that the employee uses at work. Thus, the employer can (and must) audit for HIPAA compliance.
Incorrect
B. False. In virtually every state and the federal system, an employee does not have an expectation of privacy in his or her employer’s computer equipment that the employee uses at work. Thus, the employer can (and must) audit for HIPAA compliance.
-
Question 8 of 20
8. Question
If a coworker breaches HIPAA and I detect it, but do nothing; no way exists for me to get into trouble.
Correct
B. False. You may be subject to employee discipline for failure to take corrective action when a coworker breaches HIPAA or for failure to report the breach.
Incorrect
B. False. You may be subject to employee discipline for failure to take corrective action when a coworker breaches HIPAA or for failure to report the breach.
-
Question 9 of 20
9. Question
I can use my personal laptop computer for necessary work involving PHI for work-related purposes as long as I follow my employer’s policies and procedures.
Correct
A. True. Unless your employer prohibits such use, HIPAA does not prohibit using personal devices so long as the use is HIPAA compliant.
Incorrect
A. True. Unless your employer prohibits such use, HIPAA does not prohibit using personal devices so long as the use is HIPAA compliant.
-
Question 10 of 20
10. Question
Which of the following must I be familiar with?
Correct
D. All of the above. You must be familiar with all of your employer’s policies and procedures for protecting PHI.
Incorrect
D. All of the above. You must be familiar with all of your employer’s policies and procedures for protecting PHI.
-
Question 11 of 20
11. Question
Once I leave my job, I can talk about patients’/clients’ PHI as much as I want.
Correct
B. False. The duty to maintain confidentiality of PHI under HIPAA and many other federal and state laws extends past the termination of employment.
Incorrect
B. False. The duty to maintain confidentiality of PHI under HIPAA and many other federal and state laws extends past the termination of employment.
-
Question 12 of 20
12. Question
Technical security measures, such as encryption, firewalls, antivirus software, and the like, are the only methods of protecting electronic PHI.
Correct
B. False. Not only are technical security measures not the only measures, but also they may actually be the least effective. Physical security is very important. If a person cannot access a terminal, he or she cannot attempt to defeat a log-on procedure. Similarly, administrative security measures, such as a sanction policy to control behavior—to force workers to follow policies and procedures—may be more effective than technical security measures.
Incorrect
B. False. Not only are technical security measures not the only measures, but also they may actually be the least effective. Physical security is very important. If a person cannot access a terminal, he or she cannot attempt to defeat a log-on procedure. Similarly, administrative security measures, such as a sanction policy to control behavior—to force workers to follow policies and procedures—may be more effective than technical security measures.
-
Question 13 of 20
13. Question
If I report a violation of my employer’s policy intended to protect PHI in good faith, I will not face retaliation.
Correct
A. True. Failure to report, however, could result in employee discipline.
Incorrect
A. True. Failure to report, however, could result in employee discipline.
-
Question 14 of 20
14. Question
Who should I first report a suspected breach of confidentiality to?
Correct
C. Is the correct answer
Incorrect
C. Is the correct answer
-
Question 15 of 20
15. Question
If you don’t understand a HIPAA policy or procedure, you should—
Correct
B. The proper procedure when you don’t understand a policy or procedure is to seek clarification from a supervisor, the privacy or security officer, or other competent person.
Incorrect
B. The proper procedure when you don’t understand a policy or procedure is to seek clarification from a supervisor, the privacy or security officer, or other competent person.
-
Question 16 of 20
16. Question
Which of the following is a physical safeguard of the Security Rule?
Correct
E. Is the correct answer
Incorrect
E. Is the correct answer
-
Question 17 of 20
17. Question
Because of HIPAA and the “need-to-know” rule, I must restrict my information access to only the information that I am authorized to access.
Correct
A is the correct answer. HIPAA restricts access to individuals who have a bona fide need to know.
Incorrect
A is the correct answer. HIPAA restricts access to individuals who have a bona fide need to know.
-
Question 18 of 20
18. Question
The minimum necessary rule limits the amount of information that a clinician may obtain during an intake.
Correct
B. False. The minimum necessary rule does not apply to PHI obtained, used, or disclosed for treatment (clinical) purposes.
Incorrect
B. False. The minimum necessary rule does not apply to PHI obtained, used, or disclosed for treatment (clinical) purposes.
-
Question 19 of 20
19. Question
Sending your friends an email containing a joke about a patient that violates your employer’s policies is not a HIPAA violation if the patient is not offended.
Correct
B. False. Forwarding an email containing a dirty joke at work is improper for several reasons, including creating a hostile work environment and violation of an employer’s email policy.
Incorrect
B. False. Forwarding an email containing a dirty joke at work is improper for several reasons, including creating a hostile work environment and violation of an employer’s email policy.
-
Question 20 of 20
20. Question
I have been trained on HIPAA, the HIPAA Security Rule, the Privacy Rule, and my employer’s HIPAA policies and procedures and will learn the contents of each policy that applies to me and will comply with HIPAA, the Security Rule, the Privacy Rule, and my employer’s policies and procedures. I further understand that I may face disciplinary action if I do not.
Correct
A. True. You have been trained. It’s now up to you!
Incorrect
A. True. You have been trained. It’s now up to you!
