HIPAA AND PRIVACY ACT TRAINING JKO
COMPLETE SOLUTION SET REAL QUESTIONS
2026
● True or False - HIPAA allows the use and disclosure of PHI for
treatment, payment, and health care operations (TPO) without the
patient's consent or authorization. Answer: True
● True or False - "Use" is defined under HIPAA as the release of
information containing PHI outside of the covered entity (CE). Answer:
False
● Which of the following is NOT electronic PHI (ePHI)? Answer:
Health information stored on paper in a file cabinet (correct)
● Which of the following statements about the HIPAA Security Rule are
true? Answer: All of the above
- Established a national set of standards for the protection of PHI that is
created, received, maintained, or transmitted in electronic media by a
HIPAA covered entity (CE) or business associate (BA)
- Protects electronic PHI (ePHI)
- Addresses three types of safeguards - administrative, technical and
physical - that must be in place to secure individuals' ePHI
, ● Which of the following are fundamental objectives of information
security? Answer: All of the above
- Confidentiality
- Integrity
- Availability
● Physical safeguards are: Answer: Physical measures, including
policies and procedures that are used to protect electronic information
systems and related buildings and equipment, from natural and
environmental hazards, and unauthorized intrusion
● Technical safeguards are: Answer: Information technology and the
associated policies and procedures that are used to protect and control
access to ePHI
● Which HHS Office is charged with protecting an individual patient's
health information privacy and security through the enforcement of
HIPAA? Answer: Office for Civil Rights (OCR)
● What of the following are categories for punishing violations of
federal health care laws? Answer: All of the above
- Criminal penalties
- Civil money penalties
COMPLETE SOLUTION SET REAL QUESTIONS
2026
● True or False - HIPAA allows the use and disclosure of PHI for
treatment, payment, and health care operations (TPO) without the
patient's consent or authorization. Answer: True
● True or False - "Use" is defined under HIPAA as the release of
information containing PHI outside of the covered entity (CE). Answer:
False
● Which of the following is NOT electronic PHI (ePHI)? Answer:
Health information stored on paper in a file cabinet (correct)
● Which of the following statements about the HIPAA Security Rule are
true? Answer: All of the above
- Established a national set of standards for the protection of PHI that is
created, received, maintained, or transmitted in electronic media by a
HIPAA covered entity (CE) or business associate (BA)
- Protects electronic PHI (ePHI)
- Addresses three types of safeguards - administrative, technical and
physical - that must be in place to secure individuals' ePHI
, ● Which of the following are fundamental objectives of information
security? Answer: All of the above
- Confidentiality
- Integrity
- Availability
● Physical safeguards are: Answer: Physical measures, including
policies and procedures that are used to protect electronic information
systems and related buildings and equipment, from natural and
environmental hazards, and unauthorized intrusion
● Technical safeguards are: Answer: Information technology and the
associated policies and procedures that are used to protect and control
access to ePHI
● Which HHS Office is charged with protecting an individual patient's
health information privacy and security through the enforcement of
HIPAA? Answer: Office for Civil Rights (OCR)
● What of the following are categories for punishing violations of
federal health care laws? Answer: All of the above
- Criminal penalties
- Civil money penalties
