Privacy Act and HIPAA Training
I. Module 1: Interactive Knowledge Check
1. True or False? Under HIPAA, a person or entity that provides services to a CE
that do not involve the use or disclosure of PHI would be considered a BA.
The correct answer is B - False.
2. The correct answer is B - In this scenario, Betty’s decision to provide John with
the patient’s complete medical file absent a legitimate need to do so for the
purpose of performing his job duties is in direct violation of the HIPAA Privacy
Rule’s minimum necessary standard. As is the case with all covered entities,
Valley Forge MTF must ensure that members of its workforce only access,
use, and/or disclose PHI as is necessary to perform their job duties.
3. Which of the following is required?
A. An authorization is required
B. The patient must be given an opportunity to agree or object to the use or
disclosure
C. Neither an authorization nor an opportunity to agree or object is required.
The correct answer is B - The patient must be given an opportunity to agree
or object to the use or disclosure.
4. The Chief Medical Officer for Valley Forge MTF utilizing PHI is conducting a
monthly physician peer review operations exercise.
Which of the following is required?
A. An authorization is required
B. The patient must be given an opportunity to agree or object to the use or
1
, Privacy Act and HIPAA Training
disclosure
C. Neither an authorization nor an opportunity to agree or object is required
The correct answer is C - Neither an authorization nor an opportunity to agree
or object is required.
5. Abigail Adams is a TRICARE beneficiary and patient at Valley Forge MTF and
is applying for Sun Life Insurance. Sun Life has requested some of Abigail’s
medical records in order to evaluate her application.
Which of the following is required?
A. An authorization is required
B. The patient must be given an opportunity to agree or object to the use or
disclosure
C. Neither an authorization nor an opportunity to agree or object is required
The correct answer is A - An authorization is required.
6. Dr. Jefferson sends a patient’s medical record to the surgeon’s office in
support of a referral for treatment he made for the patient.
Which of the following is required?
A. An authorization is required
B. The patient must be given an opportunity to agree or object to the use or
disclosure
C. Neither an authorization nor an opportunity to agree or object is required
The correct answer is C - Neither an authorization nor an opportunity to agree
or object is required.
2
I. Module 1: Interactive Knowledge Check
1. True or False? Under HIPAA, a person or entity that provides services to a CE
that do not involve the use or disclosure of PHI would be considered a BA.
The correct answer is B - False.
2. The correct answer is B - In this scenario, Betty’s decision to provide John with
the patient’s complete medical file absent a legitimate need to do so for the
purpose of performing his job duties is in direct violation of the HIPAA Privacy
Rule’s minimum necessary standard. As is the case with all covered entities,
Valley Forge MTF must ensure that members of its workforce only access,
use, and/or disclose PHI as is necessary to perform their job duties.
3. Which of the following is required?
A. An authorization is required
B. The patient must be given an opportunity to agree or object to the use or
disclosure
C. Neither an authorization nor an opportunity to agree or object is required.
The correct answer is B - The patient must be given an opportunity to agree
or object to the use or disclosure.
4. The Chief Medical Officer for Valley Forge MTF utilizing PHI is conducting a
monthly physician peer review operations exercise.
Which of the following is required?
A. An authorization is required
B. The patient must be given an opportunity to agree or object to the use or
1
, Privacy Act and HIPAA Training
disclosure
C. Neither an authorization nor an opportunity to agree or object is required
The correct answer is C - Neither an authorization nor an opportunity to agree
or object is required.
5. Abigail Adams is a TRICARE beneficiary and patient at Valley Forge MTF and
is applying for Sun Life Insurance. Sun Life has requested some of Abigail’s
medical records in order to evaluate her application.
Which of the following is required?
A. An authorization is required
B. The patient must be given an opportunity to agree or object to the use or
disclosure
C. Neither an authorization nor an opportunity to agree or object is required
The correct answer is A - An authorization is required.
6. Dr. Jefferson sends a patient’s medical record to the surgeon’s office in
support of a referral for treatment he made for the patient.
Which of the following is required?
A. An authorization is required
B. The patient must be given an opportunity to agree or object to the use or
disclosure
C. Neither an authorization nor an opportunity to agree or object is required
The correct answer is C - Neither an authorization nor an opportunity to agree
or object is required.
2
