Chapter 14 Review Questions

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following statements is true of a business associate's HIPAA/HITECH compliance requirements?

A business associate's HIPPA/HITECH compliance requirements are the same as a health-care providers'

Which of the following statements best defines the documented policies and procedures for managing day-to-day operations, conduct, and access of workforce members to ePHI, as well as the selection, development, and use of security controls?

Administrative safeguards

A breach notification must include which of the following information?

All of the above

The Final Omnibus Rule made significant changes in coverage, enforcement, and patient protection in which of the following ways?

All of the above

Which of the following are considered health-care providers by the HIPAA Security Rule?

All of the above

Per DHHS guidance, which of the following activities are included in the risk management process? (Choose two)

Analysis Management

Which of the following statements best defines authorization?

Authorization is the process of granting users or systems a predetermined level of access to information resources

Which of the following statements is false?

Clinical-based access is granted by patient name

Which of the following is NOT a HIPAA/HITECH Security Rule category?

Compliance

Which of the following is NOT true?

DHHS never publishes the breach cases being investigated and archived to maintain the privacy of the health-care provider

Which of the following federal agencies is responsible for HIPAA/HITECH administration, oversight, and enforcement?

Department of Health and Human Services

A HIPAA standard defines what a covered entity must do; implementation specifications ________

Describe how it must be done and/or what it must achieve

The safe harbor provision applies to

Encrypted data

In the context of HIPAA/HITECH, which of the following is NOT a factor to be considered in the determination of "reasonable and appropriate" security measures?

Geographic location of the CE

Which of the following statements is NOT true?

HIPAA has also been adopted in Brazil and Canada

Which of the following protocols/mechanisms cannot be used for transmitting ePHI?

HTTP

Which of the following is an entity that provides payment for medical services such as health insurance companies, HMOs, government health plans, or government programs that pay for health care such as Medicare, Medicaid, military, and veterans' programs?

Health plan

Which of the following defines what a breach is?

Impermissible acquisition, access, or use or disclosure of unsecured PHI, unless the covered entity or business associate demonstrates that there is a low probability that the PHI has been compromised

Which of the following statements is true?

Implementation specifications are either required or addressable

Granting the minimal amount of permissions necessary to do a job reflects the security principle of ________

Least privilege

Which of the following is NOT an acceptable end-of-life disposal process for media that contains ePHI?

Recycle it

Users should be trained to recognize and ________ a potential security incident

Report

The security incident procedures standard addresses which of the following?

Reporting and responding to cybersecurity incidents

Both the HITECH Act and the Omnibus Rule refer to unsecure data, which means data ________

That is unencrypted

Which of the following statements is true?

The CE must also provide notice to "prominent media outlets" if the breach affects more than 500 individuals in a state or jurisdiction

Which of the following changes was NOT introduced by the Omnibus Rule?

The Omniubus Rule explicitly denied enforcement authority to State Attorneys General

Which of the following is NOT true about security awareness training?

The campaign should not be extended to anyone who interacts with the CE's ePHI

Which of the following statements best describes the intent of the initial HIPAA legislation adopted in 1996?

The intent of the initial HIPAA legislation was to simplify and standardize the health-care administrative process

To demonstrate that there is a low probability that a breach compromised ePHI, a CE or business associate must perform a risk assessment that addresses which of the following minimum standards?

The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification

Which of the following statements is true of the role of a HIPAA Security Officer?

The role of a HIPPA Security Officer is responsible for overseeing the development of policies and procedures, management and supervision of the use of security measures to protect data, and oversight of personnel access to data


Conjuntos de estudio relacionados

BIO 121: Chapter 2 - Healthy Diets

View Set

Accounting chapter 8 wiley questions

View Set

Marketing CH. 17, Mktg chapter 17, 18, 19, 20,21, MKTG ch. 18, Marketing chapter 19, Marketing Chapter 18, Marketing Chapter 18, Marketing CH. 17, Marketing CH. 17, Marketing Chapter 18, Chapter 16, Intro to Bus. Chapter 13, Marketing 4, Chapter 16,...

View Set