NR 661 HIPAA Exam 2025| Actual Exam Questions and Answers

NR 661 HIPAA Exam 2025| Actual
Exam Questions and Answers
Question 1: Under the HIPAA privacy rule, it is illegal to:
A) Share PHI with the patient‘s consent
B) Disclose PHI without authorization for non-treatment purposes
C) Use PHI for billing purposes
D) Discuss PHI with authorized healthcare providers
Correct Answer: B) Disclose PHI without authorization for non-treatment purposes
Explanation: HIPAA prohibits disclosing PHI without patient authorization unless for permitted
purposes like treatment, payment, or healthcare operations.


Question 2: Healthcare agencies must have policies that provide guidelines for:
A) Handling PHI securely
B) Public disclosure of patient records
C) Sharing PHI on social media
D) Unlimited access to PHI by staff
Correct Answer: A) Handling PHI securely
Explanation: Agencies must have policies to ensure PHI is accessed, used, and disclosed
securely, per HIPAA requirements.


Question 3: Patients have a right to:
A) Access their PHI
B) Demand public disclosure of their records
C) Prevent all use of their PHI
D) Share PHI with unauthorized parties
Correct Answer: A) Access their PHI

,Explanation: Under HIPAA, patients have the right to access, review, and obtain copies of their
PHI.


Question 4: Health care operations are defined as activities considered in support of treatment
and payment for which PHI could be used or disclosed without individual authorizations, such
as:
A) Quality improvement activities
B) Marketing campaigns
C) Public health advertisements
D) Social media posts
Correct Answer: A) Quality improvement activities
Explanation: Healthcare operations include activities like quality improvement, staff training,
and billing, where PHI may be used without authorization.


Question 5: ―Minimum Necessary‖ means, when PHI is used, disclosed, or requested, reasonable
efforts must be taken to:
A) Limit information to what is sufficient for the purpose
B) Share all available PHI
C) Avoid using PHI entirely
D) Disclose PHI publicly
Correct Answer: A) Limit information to what is sufficient for the purpose
Explanation: The ―minimum necessary‖ rule requires limiting PHI use or disclosure to the least
amount needed for the intended purpose.


Question 6: Privacy regulations cover use or disclosure of PHI in the following format:
A) Electronic, paper, and oral
B) Only electronic records
C) Only written records
D) Only verbal communications
Correct Answer: A) Electronic, paper, and oral

, Explanation: HIPAA protects PHI in all forms—electronic, paper, and oral communications.


Question 7: You should ___ discuss patient information with anyone unless it is for an approved
purpose.
A) Never
B) Always
C) Freely
D) Occasionally
Correct Answer: A) Never
Explanation: PHI should only be discussed for authorized purposes (e.g., treatment, payment,
operations), per HIPAA.


Question 8: It is important that patients understand how their healthcare providers and insurer
protect their information, via:
A) Notice of Privacy Practices
B) Public website disclosure
C) Social media updates
D) Verbal discussions only
Correct Answer: A) Notice of Privacy Practices
Explanation: The Notice of Privacy Practices (NPP) informs patients about how their PHI is
protected and their rights under HIPAA.


Question 9: Procedure that protects the confidentiality of patient information:
A) Using secure passwords for EHR access
B) Leaving patient charts open in public areas
C) Discussing PHI in public spaces
D) Sharing PHI with unauthorized staff
Correct Answer: A) Using secure passwords for EHR access
Explanation: Secure passwords prevent unauthorized access to electronic PHI, maintaining
confidentiality.