HIPAA Guidelines for Clinical Practice

All Carrington College students and faculty are required to review the HIPAA Guidelines and then pass the HIPAA Exam EVERY YEAR while attending Carrington College. A grade of 80% or above is required to pass.


  1. Before taking this exam, read the HIPAA Guidelines for Healthcare Professionals provided in your introduction email.
  2. The HIPAA Exam is scored for immediate results.
  3. If you answered at least 16 of the 20 questions correctly (80%), you passed.
  4. Results are sent to the Home Office of Carrington College.
  5. If you did not score at least 80% correct, you will be instructed to re-take the exam.

All fields and test answers are required.

1. Each healthcare agency and provider must have policies and procedures for maintaining the privacy of Protected Health Information (PHI).


2. Under the HIPAA privacy rule, it is illegal to:

3. Healthcare agencies must have policies that provide guidelines for:

4. Patients have a right to:

5. Health care operations are defined as activities considered in support of treatment and payment for which protected health information could be used or disclosed without individual authorizations.


6. "Minimum Necessary" means, when protected health information is used, disclosed, or requested, reasonable efforts must be taken to determine how much information will be sufficient to serve the intended purpose.


7. Privacy regulations cover use of disclosure of personal health information in the following format:

8. It is important to remember that you should never discuss patient information with anyone unless it is for an approved purpose.


9. It is important that patients understand how their healthcare providers and insurer protect their information.


10. Which of the following is a procedure that protects the confidentiality of patient information?

11. It is the duty of every healthcare provider and agency to protect the confidentiality and privacy of patient healthcare information.


12. If you suspect a fellow employee of violating privacy policies, you should:

13. The Notice of Privacy Practices informs patients of their right to:

14. Knowingly releasing patient information can result in civil and/or criminal sanctions including fines and jail time.


15. Health Care Operations are described in the Notice of Private Practices (NPP).


16. While visiting his mother, Mrs. Jones' son, a laboratory technician, notices that the hospital has an electronic health record system. He recognizes the software program and wants to see how it works. He sits down at an open computer and begins to look at the program. The nurse should:

17. An individual who wishes to file a complaint concerning a violation of privacy may:

18. Mrs. White's daughter is assisting her mother in maintaining a personal health record. She asks the record department of the hospital for copies of important documents from her mother's medical records. Is the hospital allowed to release this information to Mrs. White's daughter?

19. If I forget to give a Notice of Privacy Practices (NPP) to a patient:

20. My practice can respond to a request to amend a record:

*Required Field