Chapter 13 Review Questions
d. Internal threats
1. The greatest threats to organizational security stem from __________.
b. Internal to the organization
12. What is the most common type of security threat to a health information system?
d. Federal Trade Commission
13. With whom may patients may file a complaint if they suspect medical identity theft violations?
c. Fair and Accurate Credit Transactions Act
14. Which of the following requires financial institutions develop written medical identity theft programs?
d. Defer all issues related to medical identity theft to the in-house attorney
15. The role of the HIM professional in medical identity theft protection programs includes all of the following except __________.
c. User name and password and token
17. Which of the following is an example of two-factor authentication?
c. Facility policy
18. The predetermined time for an automatic log-off from the system is mandated by __________.
a. Audit trail.
19. The capture of data by a hospital's data security system that shows multiple invalid attempts to access the patients' database is an example of a(n) __________.
c. Context-based
2. The director of health information services is allowed access to the medical record tracking system when providing the proper log-in and password. Under which access security mechanism is the director allowed access to the system?
a. Cryptography
20. Which of the following defines the study of encryption and decryption techniques?
d. E-mail scrubbing
21. Common safeguards utilized to protect e-mail communication include all but which of the following?
a. Data back-up, data recovery and emergency mode of operations.
22. Key components to a contingency or disaster plan, mandated by the HIPAA Security Rule include __________.
a. User compliance with policy and procedures.
23. The most important protection against loss of data is __________.
d. Organizational policy
24. When determining the appropriate password composition, the HIIM professional should refer to which of the following?
d. Palm scanners
25. Which of the following is not an access control commonly utilized by covered entities for compliance with the HIPAA security rule?
a. Role-based
3. An individual designated as an inpatient coder may have access to an electronic medical record in order to code the record. Under which access security mechanism is the coder allowed access to the system?
c. Context-based
4. Under which access security mechanism would an individual be allowed access to ePHI if they have a proper log-in and password, belong to a specified group, and their workstation is located in a specific place within the facility?
a. Holding an individual employee accountable for actions b. Reconstructing electronic events c. Detecting a hacker d. Recognizing when a system is having problems --all of the above is the answer
An audit trail is a good tool for which of the following?
d. Restricting remote access to users
Elements to include in a security system risk analysis program include all but which of the following?
c. WEP
Of the following, which type of data encryption is primarily used in a wireless network environment?
b. Read predetermined criteria to determine if a user is who he or she claims
The purpose of entity authentication is to __________.
d. Password systems
Which is the most common method for implementing entity authentication?
c. System auto-assigns password
Which of the following is the best option for password management?
c. Firewalls are effective for preventing all types of attacks on a healthcare system.
Which of the following statements is false about a firewall?
c. Password and swipe card
Which of the following would be considered a two-factor authentication system?
