Key Categories and Examples of HIPAA Review Questions: Data Handling & Privacy Rule Compliance Where is PHI stored, and who has access to it? How is patient information disposed of (e.g., shredding papers, wiping hard drives)? Are employees trained on how to handle patient information properly? Is patient information discussed in public areas or shared with unauthorized individuals? Security Rule & Risk Assessment Are all laptops, workstations, and mobile devices containing ePHI encrypted? How often are security risk assessments and vulnerability scans performed? Do all employees... Show more Key Categories and Examples of HIPAA Review Questions: Data Handling & Privacy Rule Compliance Where is PHI stored, and who has access to it? How is patient information disposed of (e.g., shredding papers, wiping hard drives)? Are employees trained on how to handle patient information properly? Is patient information discussed in public areas or shared with unauthorized individuals? Security Rule & Risk Assessment Are all laptops, workstations, and mobile devices containing ePHI encrypted? How often are security risk assessments and vulnerability scans performed? Do all employees have unique login credentials for systems that contain PHI? Are there procedures for identifying, responding to, and reporting security incidents? Administrative & Organizational Compliance Does the organization have signed Business Associate Agreements (BAAs) with vendors that access PHI? Is there a current Notice of Privacy Practices (NPP) provided to patients? What are the documented policies for granting access to PHI? Show less
Key Categories and Examples of HIPAA Review Questions:
Data Handling & Privacy Rule Compliance Where is PHI stored, and who has access to it? How is patient information disposed of (e.g., shredding papers, wiping hard drives)? Are employees trained on how to handle patient information properly? Is patient information discussed in public areas or shared with unauthorized individuals?
Security Rule & Risk Assessment Are all laptops, workstations, and mobile devices containing ePHI encrypted? How often are security risk assessments and vulnerability scans performed? Do all employees have unique login credentials for systems that contain PHI? Are there procedures for identifying, responding to, and reporting security incidents?
Administrative & Organizational Compliance Does the organization have signed Business Associate Agreements (BAAs) with vendors that access PHI? Is there a current Notice of Privacy Practices (NPP) provided to patients? What are the documented policies for granting access to PHI?
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.