HIPAA and Privacy Act Training -JKO Test with Answers
In which of the following circumstances must an individual be
given the opportunity to agree or object to the use and
disclosure of their PHI? - - A and C (answer) Which of the following are common causes of breaches? -
- All of the above (answer)
a). Before their information is included in a facility directory
Theft and intentional unauthorized access to PHI and personally
b). Before PHI directly relevant to a person's involvement with identifiable information (PII)
the individual's care or payment of health care is shared with
that person Human error (e.g. misdirected communication containing PHI or
PII)
Which of the following statements about the HIPAA Security Lost or stolen electronic media devices or paper records
Rule are true? - - All of the above (answer) containing PHI or PII
a). Established a national set of standards for the protection of
PHI that is created, received, maintained, or transmitted in Which of the following are fundamental objectives of information
electronic media by a HIPAA covered entity (CE) or business security? - - All of the above (answer)
associate (BA)
Confidentiality
b). Protects electronic PHI (ePHI)
Integrity
c). Addresses three types of safeguards - administrative,
technical and physical - that must be in place to secure Availability
individuals' ePHI
If an individual believes that a DoD covered entity (CE) is not
A covered entity (CE) must have an established complaint complying with HIPAA, he or she may file a complaint with the: -
process. - - True - All of the above (answer)
DHA Privacy Office
The e-Government Act promotes the use of electronic
government services by the public and improves the use of HHS Secretary
information technology in the government. - - True
(CORECT) MTF HIPAA Privacy Officer
When must a breach be reported to the U.S. Computer Technical safeguards are: - - Information technology and
Emergency Readiness Team? - - Within 1 hour of the associated policies and procedures that are used to protect
discovery and control access to ePHI
Which of the following statements about the Privacy Act are A Privacy Impact Assessment (PIA) is an analysis of how
true? - - All of the above (answer) information is handled: - - Physical measures, including
policies and procedures that are used to protect electronic
a). Balances the privacy rights of individuals with the information systems and related buildings and equipment, from
Government's need to collect and maintain information natural and environmental hazards, and unauthorized intrusion
(correct)
b). Regulates how federal agencies solicit and collect
personally identifiable information (PII)
A Privacy Impact Assessment (PIA) is an analysis of how
c). Sets forth requirements for the maintenance, use, and information is handled: - - All of the above
disclosure of PII To ensure handling conforms to applicable legal, regulatory, and
policy requirements regarding privacy
What of the following are categories for punishing violations of To determine the risks and effects of collecting, maintaining and
federal health care laws? - - All of the above (answer) disseminating information in identifiable form in an electronic
information system
Criminal penalties
Civil money penalties To examine and evaluate protections and alternative processes
Sanctions for handling information to mitigate potential privacy risks
1/3
In which of the following circumstances must an individual be
given the opportunity to agree or object to the use and
disclosure of their PHI? - - A and C (answer) Which of the following are common causes of breaches? -
- All of the above (answer)
a). Before their information is included in a facility directory
Theft and intentional unauthorized access to PHI and personally
b). Before PHI directly relevant to a person's involvement with identifiable information (PII)
the individual's care or payment of health care is shared with
that person Human error (e.g. misdirected communication containing PHI or
PII)
Which of the following statements about the HIPAA Security Lost or stolen electronic media devices or paper records
Rule are true? - - All of the above (answer) containing PHI or PII
a). Established a national set of standards for the protection of
PHI that is created, received, maintained, or transmitted in Which of the following are fundamental objectives of information
electronic media by a HIPAA covered entity (CE) or business security? - - All of the above (answer)
associate (BA)
Confidentiality
b). Protects electronic PHI (ePHI)
Integrity
c). Addresses three types of safeguards - administrative,
technical and physical - that must be in place to secure Availability
individuals' ePHI
If an individual believes that a DoD covered entity (CE) is not
A covered entity (CE) must have an established complaint complying with HIPAA, he or she may file a complaint with the: -
process. - - True - All of the above (answer)
DHA Privacy Office
The e-Government Act promotes the use of electronic
government services by the public and improves the use of HHS Secretary
information technology in the government. - - True
(CORECT) MTF HIPAA Privacy Officer
When must a breach be reported to the U.S. Computer Technical safeguards are: - - Information technology and
Emergency Readiness Team? - - Within 1 hour of the associated policies and procedures that are used to protect
discovery and control access to ePHI
Which of the following statements about the Privacy Act are A Privacy Impact Assessment (PIA) is an analysis of how
true? - - All of the above (answer) information is handled: - - Physical measures, including
policies and procedures that are used to protect electronic
a). Balances the privacy rights of individuals with the information systems and related buildings and equipment, from
Government's need to collect and maintain information natural and environmental hazards, and unauthorized intrusion
(correct)
b). Regulates how federal agencies solicit and collect
personally identifiable information (PII)
A Privacy Impact Assessment (PIA) is an analysis of how
c). Sets forth requirements for the maintenance, use, and information is handled: - - All of the above
disclosure of PII To ensure handling conforms to applicable legal, regulatory, and
policy requirements regarding privacy
What of the following are categories for punishing violations of To determine the risks and effects of collecting, maintaining and
federal health care laws? - - All of the above (answer) disseminating information in identifiable form in an electronic
information system
Criminal penalties
Civil money penalties To examine and evaluate protections and alternative processes
Sanctions for handling information to mitigate potential privacy risks
1/3
