Information Security HIPAA Training Completion Form
Name: ___________________________________ Email: ____________________ Department: _________
Signature: _______________________________________________ Date: _______________
FIRST – please complete this 12-item training content quiz (CIRCLE THE CORRECT ANSWER). You
can refer back to the training slides if you aren’t sure about an answer.
1. To maintain the security of your network password, you
should:
a. keep it with your computer or laptop in case you forget it
b. never share it with anyone, including co-workers and family
members
c. use a simple password such as the name of your pet
d. email it to yourself so that you don't forget it.
7. Assuming you had access to protected health information,
which of the following is not considered protected health
information:
a. a mental health client's name
b. a Social Security number
c. a medical record number
d. a de-identified data set
2. Using the recommended rules for passwords, which example
of a password is the most secure?
a. fmhi4
b. pgsFM2a&
c. CFSFMHI
d. computer1
8. Protected Health Information does not need protection if it
is:
a. contained in an e-mail message
b. obtained verbally through a conversation
c. in hand written notes
d. None of the above (i.e., it must be protected in all of the above)
3. USF computers and the USF network may be used:
a. for operating a personal business not related to work.
b. only during regular business hours
c. only to conduct activities related to the mission and purposes
of USF.
d. for any reasonable purpose, as long as it is not illegal
9. Which of the following is NOT required documentation to
become an "authorized user" for protected health data:
a. a certificate indicating completion of the USF on-line
training.
b. a certificate indicating completion of HIPAA training.
c. a signed Data Confidentiality Agreement with the source of the
data.
d. an email from you to your Chair or Supervisor promising
confidentiality.
4. Most computer viruses:
a. enter a computer or a network through file downloads or a
transfer from a floppy disk
b. are special parts of programs that enhance the performance of a
computer
c. completely destroy your computer’s hard drive
d. are curable by taking antibiotics
5. All e-mail messages at USF may be monitored and can be
released under a public records request to the University.
a. True
b. False
6. To enhance the security of sensitive data at USF, the IT
department:
a. obtains background reports from the Florida Department of
Law Enforcement on all USF employees who have
network access
b. has installed small hidden video cameras at each entrance to
USF
c. systematically monitors the USF network for intrusions,
security incidents and inappropriate activity
d. All of the above
10. A “data custodian” is someone who:
a. monitors network activity for USF IT
b. is responsible for developing a data use agreement with a data
source and approves the scientific use of the data
c. “cleans up” data before it is made available for general use
d. is the liaison for USF IT with the University physical plant
staff
11. If you have data that are no longer needed, you should:
a. determine whether the data may be destroyed or deleted
pursuant to data use agreements before doing anything
b. maintain documentation on file for any data that is removed
and/or moved to a secure storage area
c. notify the Associate Dean for Information Services
d. Both a and b
12. It is acceptable to discard printed data in the recycle bins as
long as a large X is put on each page.
a. True
b. False
SECOND – Please send a paper copy of this form completed to the: USF IT HIPAA Security Office, SVC
4010. This will satisfy the training requirement for network access and using sensitive data at USF. Your
participation in the basic training is now complete. Thank you!