TL;DR
Study pharmacy laws, regulations, and compliance requirements at federal and state levels. Legal knowledge is essential for licensed pharmacy practice.
Free HIPAA & Compliance Practice Questions
Medical Assistant Certification (CMA/RMA) · Administrative Procedures
This module covers HIPAA & Compliance as part of the Administrative Procedures section, testing your understanding of core concepts and their practical application.
| Exam | Medical Assistant Certification (CMA/RMA) |
| Pass Rate | 72% |
| Duration | 160 minutes |
| Module | HIPAA & Compliance |
Why HIPAA & Compliance matters
HIPAA & Compliance appears on the Medical Assistant Certification (CMA/RMA) because healthcare professionals must understand the legal boundaries of their practice.
Sample Practice Questions (5)
1. An MA accidentally sends a fax containing Patient A's lab results to the wrong fax number (a local business). Upon discovering the error, the MA should FIRST:
- Immediately notify the privacy officer and/or supervisor and document the breach per the office incident reporting procedure
- Call the wrong recipient and ask them to shred the document, then consider the matter resolved
- Resend the fax to the correct number and delete the original fax confirmation page
- Wait to see if anyone reports the error before taking any action
2. A medical assistant accidentally sends a fax containing lab results for 50 patients to a wrong number — a local business. Under HIPAA breach notification requirements, the practice must:
- Notify only the office manager and document the incident internally
- Notify each affected individual in writing without unreasonable delay (within 60 days), notify the HHS Secretary, and if 500+ individuals are affected, notify prominent media outlets
- Notify the affected individuals in writing without unreasonable delay (within 60 days) and notify the HHS Secretary via the annual breach log since fewer than 500 individuals are affected
- Take no action since the fax was sent accidentally and no harm was intended
3. Protected health information (PHI) includes all of the following EXCEPT:
- De-identified data with all 18 HIPAA identifiers removed
- Patient name and date of birth
- Medical diagnosis and treatment records
- Social Security number linked to health information
Want more practice like this?
Start practicing free →4. A 16-year-old patient is being treated for a sexually transmitted infection. The patient's parent calls the office requesting the test results. In most states, the MA should:
- Not release the results to the parent without the minor's consent, as minors generally have the right to confidentiality for STI treatment
- Release all results to the parent since they have full access to their minor child's medical records
- Release only negative results but withhold positive results from the parent
- Tell the parent the results are pending until the minor can be consulted in person
5. The HIPAA minimum necessary standard requires that:
- Covered entities limit the use, disclosure, and request of PHI to the minimum amount needed to accomplish the intended purpose
- Patient records contain only the minimum information needed for billing
- Patients must provide the minimum amount of personal information at registration
- Providers must see a minimum number of patients per day
Ready to practice for the Medical Assistant Certification (CMA/RMA)?
Adaptive practice powered by Item Response Theory targets your weak areas. Start with 3 free sessions.
Start free practice →