Filters
Question type
Study Flashcards

Compliance to the Security Rule is solely the responsibility of the Security Officer.

Correct Answer

verifed

verified

What step is part of reporting of security incidents?


A) Report disclosure to all patients.
B) Notation of incident is to be excluded from the patient's medical record.
C) Notify Business Associates and Trading Partners of the breach.
D) Change passwords to protect from further invasion.

Correct Answer

verifed

verified

The ability to continue after a disaster of some kind is a requirement of Security Rule. What item is considered part of the contingency plan or business continuity plan?


A) Regular biohazard drills
B) Risk analysis
C) Emergency mode operation plan
D) Find someone to figure the payroll

Correct Answer

verifed

verified

C

Reasonable physical safeguards for patient care areas include:


A) a staff escort at all times.
B) having monitors turned away from viewing by visitors.
C) have a sign-in and sign-out register for all visitors.
D) provide all visitors with your policy document.

Correct Answer

verifed

verified

"At home" workers such as transcriptionists are not required to follow the workstation security rules for passwords, viewing of monitors by others, or locking of computer screens.

Correct Answer

verifed

verified

Which of the following items is a technical safeguard of the Security Rule?


A) Workstation location
B) Data backup plan
C) Sufficient storage capacity
D) Entity authentication

Correct Answer

verifed

verified

Match the HIPAA term with the correct definition.

Premises
An ongoing process that considers the risk to electronic information and the data itself to determine if there is adequate security for the system to keep exposure to loss or alteration of PHI to a minimum.
A study to find the problems or gaps between current practices and what the Security Rule requires.
Implementing policies and procedures to prevent, detect, and contain any intrusions of security or unauthorized access.
A process whereby cost-effective security control measures may be selected to balance the cost of security control measures against the losses expected if these measures were not in place.
Responses
Gap analysis
Risk analysis
Risk management
Security management

Correct Answer

An ongoing process that considers the risk to electronic information and the data itself to determine if there is adequate security for the system to keep exposure to loss or alteration of PHI to a minimum.
A study to find the problems or gaps between current practices and what the Security Rule requires.
Implementing policies and procedures to prevent, detect, and contain any intrusions of security or unauthorized access.
A process whereby cost-effective security control measures may be selected to balance the cost of security control measures against the losses expected if these measures were not in place.

Risk analysis in the Security Rule considers


A) when the Security Officer includes budget items to pay for a better computer system.
B) how hard it is for hackers to access the computer system.
C) a balance between what is cost-effective and the potential risks of disclosure.
D) the cost of insurance to cover possible losses.

Correct Answer

verifed

verified

Whenever a device has become obsolete, the Security Office must


A) check the item off the list of equipment to maintain in the facility.
B) verify that the facility does not need the equipment any more before selling it.
C) log the date of disposal and the amount of its depreciation.
D) record when and how it is disposed and that all data was deleted from the device.

Correct Answer

verifed

verified

The act of changing readable text into a vast series of "garbled" characters using complex mathematical algorithms is called


A) decoded messages.
B) transmission architecture.
C) HIPAA protocol.
D) encryption.

Correct Answer

verifed

verified

The documentation for policies and procedures of the Security Rule must be kept for


A) 3 years.
B) 5 years.
C) 6 years.
D) until the next fiscal year.

Correct Answer

verifed

verified

Security of e-PHI has to do with keeping the data secure from a breach in the information system's security protocols.

Correct Answer

verifed

verified

The Security Rule addresses four areas in order to provide sufficient physical safeguards. Which of the following is NOT one of them?


A) Workstation security
B) Device and media controls
C) Facility access controls
D) Electronic signatures
E) Workstation location and access

Correct Answer

verifed

verified

The Office of HIPAA Standards may not initiate an investigation without receiving a formal complaint.

Correct Answer

verifed

verified

If a business visitor is also a Business Associate, that individual does not need to be escorted in the building to ensure protection of PHI.

Correct Answer

verifed

verified

False

The Administrative Safeguards mandated by HIPAA include which of the following?


A) Unique health plan identifiers
B) Workforce security training
C) Evaluation of computer security effectiveness
D) Sanctions for unauthorized disclosures

Correct Answer

verifed

verified

To protect e-PHI that is sent through the Internet, a covered entity must use encryption technology to minimize the risks. E-PHI that is "at rest" must also be encrypted to maintain security.

Correct Answer

verifed

verified

One good requirement to ensure secure access control is to install automatic logoff at each workstation.

Correct Answer

verifed

verified

Integrity of e-PHI requires confirmation that the data


A) has been backed up routinely.
B) is accurate and has not been altered, lost, or destroyed in an unauthorized manner.
C) has accepted all changes and modifications to the medical record.
D) has been reviewed by the Security Officer as being accurate.

Correct Answer

verifed

verified

Only monetary fines may be levied for violation under the HIPAA Security Rule.

Correct Answer

verifed

verified

False

Showing 1 - 20 of 47

Related Exams

Exam 1

Introduction to Hipaa

37 Questions

Exam 2

Privacy Issues Explained

37 Questions

Exam 3

Transactions and Code Sets

31 Questions

Exam 5

Unique Health Identifiers and Hipaa Myths

43 Questions

Show Answer