HIPPA Challenge Exam
1) In which of the following circumstances must an individual be given the opportunity to
agree or object to the use and disclosure of their PHI? - Answer A and C (correct)
Which of the following statements about the HIPAA Security Rule are true? - Answer All
of the above (correct)
A covered entity (CE) must have an established complaint process. - Answer True
(correct)
The e-Government Act promotes the use of electronic government services by the
public and improves the use of information technology in the government. - Answer
True (correct)
When must a breach be reported to the U.S. Computer Emergency Readiness Team? -
Answer Within 1 hour of discovery (correct)
Which of the following statements about the Privacy Act are true? - Answer All of the
above (correct)
7) What of the following are categories for punishing violations of federal health care
laws? - Answer All of the above (correct)
Which of the following are common causes of breaches? - Answer All of the above
(correct)
Which of the following are fundamental objectives of information security? - Answer All
of the above (correct)
If an individual believes that a DoD covered entity (CE) is not complying with HIPAA, he
or she may file a complaint with the: - Answer All of the above (correct)
Technical safeguards are: - Answer Information technology and the associated policies
and procedures that are used to protect and control access to ePHI (correct)
A Privacy Impact Assessment (PIA) is an analysis of how information is handled: -
Answer All of the above (correct)
A breach as defined by the DoD is broader than a HIPAA breach (or breach defined by
HHS). - Answer True (correct)
Which of the following are breach prevention best practices? - Answer All of this above
(correct)
1) In which of the following circumstances must an individual be given the opportunity to
agree or object to the use and disclosure of their PHI? - Answer A and C (correct)
Which of the following statements about the HIPAA Security Rule are true? - Answer All
of the above (correct)
A covered entity (CE) must have an established complaint process. - Answer True
(correct)
The e-Government Act promotes the use of electronic government services by the
public and improves the use of information technology in the government. - Answer
True (correct)
When must a breach be reported to the U.S. Computer Emergency Readiness Team? -
Answer Within 1 hour of discovery (correct)
Which of the following statements about the Privacy Act are true? - Answer All of the
above (correct)
7) What of the following are categories for punishing violations of federal health care
laws? - Answer All of the above (correct)
Which of the following are common causes of breaches? - Answer All of the above
(correct)
Which of the following are fundamental objectives of information security? - Answer All
of the above (correct)
If an individual believes that a DoD covered entity (CE) is not complying with HIPAA, he
or she may file a complaint with the: - Answer All of the above (correct)
Technical safeguards are: - Answer Information technology and the associated policies
and procedures that are used to protect and control access to ePHI (correct)
A Privacy Impact Assessment (PIA) is an analysis of how information is handled: -
Answer All of the above (correct)
A breach as defined by the DoD is broader than a HIPAA breach (or breach defined by
HHS). - Answer True (correct)
Which of the following are breach prevention best practices? - Answer All of this above
(correct)
