What’s Your HIPAA IQ? (A *mostly* funny quiz for therapists who’d rather be doing literally anything else)

HIPAA compliance: the never-ending anxiety attack disguised as a federal regulation. How well do you know it? Take this quiz to test your HIPAA IQ—and find out if you’re a compliance king/queen or one audit away from needing a new career.

1. A client emails you asking for a copy of their records. What do you do?

a) Immediately reply with “Sure, pumpkin!” and attach their records, because who has time for red tape?
b) Forward the email to your personal Gmail because it’s so much more convenient.
c) Verify their identity, discuss how they’d like to receive their records securely, and document everything like the responsible therapist you pretend to be.
d) Print out the records, put them in an envelope labeled “TOP SECRET,” and hand-deliver them in a trench coat and sunglasses.

2. You’re in a coffee shop when a colleague asks, “Hey, how’s that new client going?” You reply:

a) “Oh, Sarah? Yeah, she’s making great progress on her vaginismus!” while sipping your latte like a HIPAA-ignorant boss.
b) “Can we not do this here? My paranoia—I mean, my extensive knowledge of HIPAA—kicks in.”
c) Whisper, “Meet me in the parking lot in five minutes,” and dramatically slip behind a potted plant.
d) “New client? I only talk about my fictional clients. Like Bob, who definitely doesn’t exist. Definitely.”

3. You get a call from a very concerned “mom” asking about her adult child’s therapy sessions. She says she just needs to know they’re okay. What do you do?

a) Tell her everything—she sounds trustworthy!
b) Say, “I can’t confirm or deny if I even know this person,” and hang up before she gets any ideas.
c) Explain that you can’t share information without a signed release but encourage the client to check in with their mom if they’re comfortable.
d) Say, “Hold on, I’m getting another call,” then never return, because you’re not about that life.

4. It’s time for your required annual HIPAA risk analysis. You:

a) Say, “Oh sh*t, I was supposed to be doing that?” and Google what a risk analysis even is.
b) Copy and paste last year’s answers into this year’s form because nothing bad has happened (that you know of).
c) Actually take it seriously, evaluate potential security gaps, and implement new safeguards like a responsible adult.
d) Call it a vibe check for compliance and move on with your life.

5. Your laptop with client files gets stolen from your car. What’s the first thing you do?

a) Cry. A lot. Then Google “how much jail time for HIPAA violations?”
b) Call your lawyer, your liability insurance, and your therapist (because you’re gonna need one now).
c) Report the breach, follow all required steps, and update your security protocols like the competent therapist you are.
d) Post a reward flyer that says, “If found, please return. No questions asked… unless you read the files, in which case I have some questions.”

6. Your colleague insists that using an old-school paper calendar for client appointments is totally fine. You respond:

a) “Yeah, if you want to live on the edge.”
b) “Only if you store it in a locked drawer inside a locked room with an attack cat guarding it.”
c) “Let’s discuss encryption options for your 1997 planner, my dude.”
d) “Ah, yes, the good ol’ HIPAA-violating agenda. Classic move.”

7. A client texts you, “Can we reschedule?” from an unrecognized number. You:

a) Reply, “Who dis?” and hope for the best.
b) Assume it’s your dentist and confirm a totally unrelated appointment.
c) Keep it professional, confirm the client’s identity, and suggest using a secure platform.
d) Pretend you didn’t see it and wait for them to email.

8. You accidentally overhear two therapists discussing a client at the gym. Do you:

a) Walk up and say, “HIPAA, much?” before dramatically dropping a dumbbell.
b) Join the conversation because technically, you didn’t mean to overhear it.
c) Report the breach—or at least remind them that ellipticals aren’t soundproof booths.
d) Make intense eye contact until they get uncomfortable and leave.

Results:

  • Mostly A’s: HIPAA Outlaw – Well, damn! You are one email away from a full-blown HIPAA disaster. The compliance gods are shaking their heads. Before you get an unexpected invitation to an audit, grab my HIPAA Simplified Kit—because let’s be real, you need it.

  • Mostly B’s: HIPAA Paranoid – You follow the rules like a champ, but let’s be honest—you might also be wrapping your phone in tin foil. Relax, but don’t stop being cautious! And if you want HIPAA to feel a little easier, my HIPAA Simplified Kit has your back.

  • Mostly C’s: HIPAA Hero – You understand HIPAA, take compliance seriously, and are probably the person everyone texts for clarification. Congrats, you are the chosen one. But even you could use a shortcut—my HIPAA Simplified Kit helps you streamline compliance without losing your damn mind.

  • Mostly D’s: HIPAA Comedian – You know the rules but prefer to push the limits (with humor, of course). Just don’t joke your way into an audit, my friend. If you’d rather laugh than stress about compliance, check out my HIPAA Simplified Kit—because even rebels need to cover their asses sometimes.

About the author

Hey, I’m Iryna Arute—a licensed clinical psychologist, IFS consultant, and business coach for helping professionals. I get it: therapists want to focus on helping people, not drowning in paperwork and compliance BS. That’s why I created the HIPAA Simplified Kit—to make compliance easy, fast, and as painless as possible.

Want more tips, humor, and resources to make your private practice run smoothly?
Sign up for my newsletter! I promise not to spam you—just real talk, useful tools, and the occasional meme-worthy rant about therapist life.

👉 Join the newsletter here!

Previous
Previous

How to Determine What to Pay Hired Therapists in Your Group Practice

Next
Next

5 Most Common HIPAA Mistakes Solo Providers Make and How to Fix Them