CHPC - HIPAA - 1-20 QUESTIONS AND
ANSWERS WITH VERIFIED SOLUTIONS
100% CORRECT RATED A+
1. What subpart in Part 164 deals with Privacy?
Answer✔✔: Subpart E: Privacy... Privac-E
Subpart E in Part 164 of HIPAA deals with the privacy rule, governing how health
information is protected and used.
2. What subpart in Part 164 deals with Breach Notifications?
Answer✔✔: Subpart D: "D"arn it! We have a breach!
Subpart D governs breach notification rules under HIPAA, explaining how
breaches of health information must be reported.
3. What subpart in Part 164 deals with Security?
Answer✔✔: Subpart C: "C"-curity
Subpart C focuses on the security of health information, outlining the standards
and implementation specifications for ensuring the confidentiality, integrity, and
availability of protected health information.
4. What are the 3 components that make up security?
Answer✔✔: Confidentiality, Integrity, Availability
These are the core principles of security, ensuring that information is kept private
(confidential), accurate and trustworthy (integrity), and accessible when needed
(availability).
, 5. What's wrong with this statement: "We need to identify if this breach is
reportable?"
Answer✔✔: All breaches are reportable.
Under HIPAA, any breach of PHI is reportable, though there are different
reporting timelines depending on the severity of the breach.
6. When is the deadline for reporting breaches to the Secretary?
Answer✔✔:
o For breaches affecting 500 or more: 60 days from discovery.
o For breaches affecting less than 500: By the 60th day of the year
following when the breach was discovered.
These are the timelines for reporting breaches to the Department of Health and
Human Services (HHS).
7. Covered Entities and their Business Associates must comply with all of the
Security and Privacy Rules - True or False?
Answer✔✔: False (as Business Associates are not required to comply with
all of the Privacy Rules)
Business Associates are required to comply with many of the Privacy Rule
requirements, but not all. Their primary responsibility lies in the Security Rule and
ensuring the confidentiality, integrity, and availability of PHI.
8. The designated privacy official and the designated security official under
HIPAA must be different individuals.
Answer✔✔: False (as the same official may be designated both roles)
The privacy officer and security officer can be the same individual in a Covered
Entity, though this is not a requirement.
ANSWERS WITH VERIFIED SOLUTIONS
100% CORRECT RATED A+
1. What subpart in Part 164 deals with Privacy?
Answer✔✔: Subpart E: Privacy... Privac-E
Subpart E in Part 164 of HIPAA deals with the privacy rule, governing how health
information is protected and used.
2. What subpart in Part 164 deals with Breach Notifications?
Answer✔✔: Subpart D: "D"arn it! We have a breach!
Subpart D governs breach notification rules under HIPAA, explaining how
breaches of health information must be reported.
3. What subpart in Part 164 deals with Security?
Answer✔✔: Subpart C: "C"-curity
Subpart C focuses on the security of health information, outlining the standards
and implementation specifications for ensuring the confidentiality, integrity, and
availability of protected health information.
4. What are the 3 components that make up security?
Answer✔✔: Confidentiality, Integrity, Availability
These are the core principles of security, ensuring that information is kept private
(confidential), accurate and trustworthy (integrity), and accessible when needed
(availability).
, 5. What's wrong with this statement: "We need to identify if this breach is
reportable?"
Answer✔✔: All breaches are reportable.
Under HIPAA, any breach of PHI is reportable, though there are different
reporting timelines depending on the severity of the breach.
6. When is the deadline for reporting breaches to the Secretary?
Answer✔✔:
o For breaches affecting 500 or more: 60 days from discovery.
o For breaches affecting less than 500: By the 60th day of the year
following when the breach was discovered.
These are the timelines for reporting breaches to the Department of Health and
Human Services (HHS).
7. Covered Entities and their Business Associates must comply with all of the
Security and Privacy Rules - True or False?
Answer✔✔: False (as Business Associates are not required to comply with
all of the Privacy Rules)
Business Associates are required to comply with many of the Privacy Rule
requirements, but not all. Their primary responsibility lies in the Security Rule and
ensuring the confidentiality, integrity, and availability of PHI.
8. The designated privacy official and the designated security official under
HIPAA must be different individuals.
Answer✔✔: False (as the same official may be designated both roles)
The privacy officer and security officer can be the same individual in a Covered
Entity, though this is not a requirement.
