Free HIPAA compliance
quiz & training

Test and reinforce your team's HIPAA awareness. Answer ten multiple-choice questions covering the privacy and security basics behind 45 CFR §164.308(a)(5), see your score and an explanation for every question live, then download a training completion record as Word or PDF. Everything runs in your browser, so nothing you enter leaves your device.

The quiz

Participant

Questions

1. Which of the following is protected health information (PHI)?

2. What does the "minimum necessary" rule mean?

3. When may PHI be shared without the patient's written authorization?

4. What is the best practice for your account password and login?

5. An email urgently asks you to click a link and "verify your login" for the records system. What should you do?

6. What is the proper way to dispose of paper records containing PHI?

7. If you suspect a breach of PHI, who should you tell?

8. Which of these is a core patient right under HIPAA?

9. What is a Business Associate Agreement (BAA)?

10. Why should PHI on laptops and mobile devices be encrypted?

Training record

0/10 answered 0%

Passing score is 80%.

HIPAA AWARENESS TRAINING RECORD

HIPAA AWARENESS TRAINING RECORD

Score: 0/10 (0%)

Result: In progress

Question review

Q1. Which of the following is protected health information (PHI)? Not yet answered.

Q2. What does the "minimum necessary" rule mean? Not yet answered.

Q3. When may PHI be shared without the patient's written authorization? Not yet answered.

Q4. What is the best practice for your account password and login? Not yet answered.

Q5. An email urgently asks you to click a link and "verify your login" for the records system. What should you do? Not yet answered.

Q6. What is the proper way to dispose of paper records containing PHI? Not yet answered.

Q7. If you suspect a breach of PHI, who should you tell? Not yet answered.

Q8. Which of these is a core patient right under HIPAA? Not yet answered.

Q9. What is a Business Associate Agreement (BAA)? Not yet answered.

Q10. Why should PHI on laptops and mobile devices be encrypted? Not yet answered.

Training acknowledgement

The participant named above has reviewed the core HIPAA privacy and security basics covered in this quiz, including what protected health information is, the minimum necessary rule, permitted uses and disclosures, safeguarding logins and devices, recognizing phishing, secure disposal, breach reporting, and patient rights.

Organizations should keep a record of security awareness and training for each workforce member, in line with 45 CFR 164.308(a)(5).

Participant signature: __________________________ Date: ______________

Supervisor signature: __________________________ Date: ______________

Generated by BlockSurvey

How the HIPAA compliance quiz works

1

Answer the questions

Add your name, then work through ten multiple-choice questions on HIPAA privacy and security basics.

2

See your score and feedback

A live score banner and a per-question review show what you got right, the correct answer, and a short explanation.

3

Download the record

Export a training completion record as a PDF or an editable Word file. Nothing you enter ever leaves your device.

Free, secure, and HIPAA-standard by default

HIPAA expects you to train your workforce on privacy and security under 45 CFR §164.308(a)(5) and to keep a record that it happened. This quiz helps you do both without a paywall or an email wall:

01

100% in-browser

The quiz and the record are built on your device; nothing is uploaded.

02

No account required

No sign-up, no email wall, no tracking.

03

A real completion record

The full record as Word or PDF at no cost, with the score and a signature line.

What HIPAA training should cover

Good HIPAA awareness training gives every workforce member a working grasp of:

  1. What protected health information is, and how to recognize it.
  2. The minimum necessary standard, so staff reach only the PHI they need.
  3. Permitted uses and disclosures, such as treatment, payment, and health care operations.
  4. Safeguarding logins and devices with strong, private passwords and encryption.
  5. Spotting phishing and social-engineering attempts.
  6. Secure disposal of paper and electronic records that held PHI.
  7. How and to whom to report a suspected breach.
  8. Core patient rights, including access to their own records.

Built For Every Healthcare Organization

Whether you are onboarding a new hire or running an annual refresher, this quiz gives your team a quick, consistent way to check HIPAA awareness, and it works alongside HIPAA-compliant survey software when you collect health data through forms.

New-hire onboarding

Give every new team member a HIPAA grounding on day one.

Annual staff refresher

Run a yearly awareness check and keep the completion record.

Small practices without an LMS

Train staff without paying for a learning management system.

Business associates

Brief your own staff on the PHI you handle for healthcare clients.

Front-desk & clinical teams

Reinforce the everyday habits that keep patient data safe.

IT teams & MSPs

Roll out a quick awareness check across the practices you support.

Collecting PHI through forms or surveys?

HIPAA-compliant survey software from BlockSurvey signs a BAA with you, so the tool you use to gather health data is covered too.

More free HIPAA tools

Explore more

Frequently asked questions

Does this quiz satisfy the HIPAA training requirement?

It helps, but it is not a full substitute on its own. HIPAA requires you to train workforce members on your own policies and procedures under 45 CFR 164.308(a)(5), and to repeat that training periodically and when things change. This quiz reinforces the core awareness topics, like what PHI is, the minimum necessary rule, phishing, and breach reporting, and it gives you a completion record to keep. Pair it with training on your specific policies, systems, and role-based procedures to meet the requirement.

How often is HIPAA training required?

There is no single fixed interval in the rule, but HIPAA expects training for each new workforce member within a reasonable time after they start, and refresher training on a periodic basis and whenever something material changes, such as a new system that handles PHI, a policy update, or a new threat. Many organizations run awareness training at least once a year and log each completion. Use this quiz as one part of that recurring cycle.

Can I keep a record of completion?

Yes. Once you finish the quiz you can download a training completion record as Word or PDF that includes the participant name, the date, the score, and a per-question review, plus a signature line for the participant and supervisor. Keeping training records is part of the documentation HIPAA expects under 45 CFR 164.308(a)(5), so save or print the file and file it with your other compliance evidence.

Is my score or the participant name stored anywhere?

No. The whole quiz runs in your browser. The name you enter, the answers you pick, and the score are never sent to or stored on any server, which is why no sign-up is required. When you download the completion record, the file is generated on your device. If you close the tab without downloading, nothing is kept, so export the record when you are done.

What score do I need to pass?

This quiz uses a passing score of 80 percent, which is 8 of the 10 questions correct. The score updates live as you answer, and once every question is answered the banner shows whether the result is a pass. You can review the explanation under each question and change any answer, so it also works as a learning tool rather than a one-shot test. Your own organization may set a different passing bar for its formal training.

Is this a substitute for legal advice?

No. This quiz is an awareness and training aid that reflects common HIPAA requirements, but it is not legal advice and is not guaranteed to be complete or suitable for your specific situation. Your services, your state's laws, and your own risk analysis can add requirements. Have your training program and policies reviewed by qualified counsel or a compliance professional before you rely on them.
Scripts are blocked. This site won’t work properly. If you’re using Brave, click the Shields icon and turn off Block scripts. Otherwise disable your ad blocker for this site.