My Responsibility Under Hipaa Includes
17 community-sourced questions and answers. Free — no login.
What is the maximum criminal penalty that you could be subject to if you violate HIPAA?
10 years in prison and $250,000 in monetary fines
PHI (Protected Health Information) requires individually identifiable health information to be protected
True
Physical security includes which of the following?
Locking doors and desks Keeping PHI out of view of those around you Storing computer equipment safely o All of the above
Once I leave my job, I can talk about patient's/client's PHI (Protected Health Information) as much as I want
False
HIPAA means that we can ignore other federal and state laws protecting health information
False
Because of my rights of privacy, I do not have to worry about my employer auditing my computer for HIPAA compliance purposes
False
If a co-worker breaches HIPAA and I detect it, there is no way I will get in trouble if I do not report it
False
My responsibility under HIPAA includes:
Handling PHI as if it were my own Disposing of scrap paper and other documents with PHI by shredding or confidential disposal Accessing PHI, only the minimum necessary, to do my job Discussing potential violations or any HIPAA concerns with the supervisor, manager or the designated HIPAA Privacy/Security Official o All of the above
What is a privacy breach?
A team member fails to maintain confidentiality by discussing patient health information on social media Lab results are sent to the wrong patient or recipient A laptop or Smartphone containing electronic PHI is lost or stolen - and the device is not encrypted A computer hacker gains access to systems that contain PHI o All of the above
As a healthcare worker, you may share PHI for
Treatment Payment Healthcare Operations o All of the above
The most secure passwords are
Combinations of upper- and lowercase letters and numbers that are at least six characters long
HIPAA requires me to take immediate action, such as intervening and reporting to the proper authority, if I suspect or detect:
A HIPAA violation A violation of one of my employee's protocol protecting PHI (Protected Health Information A breach of patient confidentiality o All of the above
A patient may inspect or copy his or her entire medical record except for
Psychotherapy notes Notes or information compiled for use in a civil, criminal, or administrative proceeding Information that a licensed provider determines will likely endanger the life or safety of the patient or another person o All of the above
What should you tell an individual who asks for information about HIPAA or his or her privacy rights?
Give copies of the organization's notice of privacy practices and tell the individual to direct further questions to the privacy officer
The privacy rule's minimum necessary standard requires providers to
Determine who needs what information and only provide the necessary amount and type
In regard to PHI, front desk staff should
Make sure PHI is not easily viewable to others by closing files and turning computer monitors
What are my obligations to my employer regarding HIPAA?
Comply with HIPAA law and regulations Comply with my employer's security rules, regulations, and policies Report violations of HIPAA and my employer's security requirements o All of the above
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials