← All answer keys
Health & SafetyAnswer Key

Healthstream Hipaa Training

5 community-sourced questions and answers. Free — no login.

Community-sourced. Answers may be wrong or out of date. Always verify with your official training portal before submitting. Not affiliated with any branch, agency, or vendor. Details.
QUESTION 1

Question 1: The PHI of 600 patients in Tennessee was breached. Whom should be notified? a. HHS secretary b. Patients involved c. Media d. All of the above

ANSWER

Your Answer All of the above Feedback All of these need to be notified.

QUESTION 2

Question 2: Which use/disclosure of PHI is allowed under the HIPAA Privacy Rule? a. Releasing information about a celebrity patient to the media b. Requesting unnecessary information about a patient out of curiosity c. Discussing a patient's case with a provider involved in the patient's care d. Chatting about a patient w/ a provider not involved in the patient's care

ANSWER

Your Answer Discussing a patient's case with a provider involved in the patient's care Feedback PHI should be disclosed only to those with a need to know, such as providers involved in the patient's care.

QUESTION 3

Question 3: Which disclosure/use of PHI is allowed under the HIPAA Privacy Rule? a. Releasing a patients PHI to the patient when he or she requests access b. Releasing a patients PHI to the media when the media requests access c. Releasing a patients PHI to the patient's best friend when the friend requests access d. Releasing a patients PHI to the patients co-workers when the co-workers request access

ANSWER

Your Answer Releasing a patient's PHI to the patient when he or she requests access Feedback PHI must be released to a patient when he or she requests access. Friends, co-workers, and the media should not be given access to PHI, unless the patient provides clear, written permission.

QUESTION 4

Question 4: Which of the following is a technical safeguard for PHI? a. Removing electronic PHI from media before media reuse b. Ensuring that PHI sent electronically is not changed improperly c. Controlling physical access to workstations d. Authorizing and/or supervising employees who work w/ electronic PHI

ANSWER

Your Answer Ensuring that PHI sent electronically is not changed improperly Feedback A technical safeguard for PHI required under HIPAA is integrity control: measures for ensuring that 1) PHI sent electronically is not changed improperly and 2) any improper changes will be detected.

QUESTION 5

Question 5: What is the civil penalty for unknowingly violating HIPAA? a. $1000 to $50,000 b. $112 to $55,910 c. At least $50,000 d. $10,000 to $50,000

ANSWER

Your Answer $112 to $55,910 Feedback The civil penalty for unknowingly violating HIPAA is $112 to $55,910.

Looking for a different version?

CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").

Search all study materials