In which of the following circumstances must an individual be given the opportunity to agree or
object to the use and disclosure of their PHI?
A) Before their information is included in a facility directory
B) Prior to disclosure to a business associate
C) Before PHI directly relevant to a person's involvement with the individual's care or payment
of health care is shared with that person
D) A and C Correct Answer: A and C
Which of the following statements about the HIPAA Security Rule are true?
A) Established a national set of standards for the protection of PHI that is created, received,
maintained, or transmitted in electronic media by a HIPAA covered entity (CE) or business
associate (BA)
B) Protects electronic PHI (ePHI)
C) Addresses three types of safeguards - administrative, technical and physical - that must be in
place to secure individuals' ePHI
D) All of the above Correct Answer: All of the above
A covered entity (CE) must have an established complaint process. Correct Answer: True
The e-Government Act promotes the use of electronic government services by the public and
improves the use of information technology in the government. Correct Answer: True
When must a breach be reported to the U.S. Computer Emergency Readiness Team?
A) Within 1 hour of discovery
B) Within 24 hours of discovery
C) Within 48 hours of discovery
D) Within 72 hours of discovery Correct Answer: Within 1 hour of discovery
Which of the following statements about the Privacy Act are true?
A) Balances the privacy rights of individuals with the Government's need to collect and maintain
information
B) Regulates how federal agencies solicit and collect personally identifiable information (PII)
C) Sets forth requirements for the maintenance, use, and disclosure of PII
D) All of the above Correct Answer: All of the above
What of the following are categories for punishing violations of federal health care laws?
A) Criminal penalties
B) Civil money penalties
C) Sanctions
D) All of the above Correct Answer: All of the above
Which of the following are common causes of breaches?
A) Theft and intentional unauthorized access to PHI and personally identifiable information (PII)
B) Human error (e.g. misdirected communication containing PHI or PII)