In which of the following circumstances must an individual be given the opportunity to agree or
object to the use and disclosure of their PHI? Correct Answer: -Before their information is
included in a facility directory
-Before PHI directly relevant to a person's involvement with the individual's care or payment of
health care is shared with that person
Which of the following statements about the HIPAA Security Rule are true? Correct Answer:
All of the above
-a national set of standards for the protection of PHI that is created, received, maintained, or
transmitted in electronic media by a HIPAA covered entity (CE) or business associate (BA)
-Protects electronic PHI (ePHI)
- Addresses three types of safeguards - administrative, technical and physical - that must be in
place to secure individuals' ePHI
A covered entity (CE) must have an established complaint process. Correct Answer: true
The e-Government Act promotes the use of electronic government services by the public and
improves the use of information technology in the government. Correct Answer: true
When must a breach be reported to the U.S. Computer Emergency Readiness Team? Correct
Answer: 1 hour
Which of the following statements about the Privacy Act are true? Correct Answer: All of the
above
What of the following are categories for punishing violations of federal health care laws? Correct
Answer: All of the above
Which of the following are common causes of breaches? Correct Answer: All of the above
Which of the following are fundamental objectives of information security? Correct Answer: All
of the above
If an individual believes that a DoD covered entity (CE) is not complying with HIPAA, he or she
may file a complaint with the: Correct Answer: All of the above
Technical safeguards are: Correct Answer: Information technology and the associated policies
and procedures that are used to protect and control access to ePHI (correct)
A Privacy Impact Assessment (PIA) is an analysisof how information is handled Correct
Answer: All of the above
A breach as defined by the DoD is broader than a HIPAA breach (or breach defined by HHS).
Correct Answer: true