Cybersecurity 14
) ePHI refers to which of the following? A) Electronic private health information B) Electronic protected health information C) Encrypted private health information D) Encrypted protected health information
B
Which of the following is an example of a HIPAA physical safeguard standard? A) Workforce Security B) Workstation Use C) Audit Controls D) Security Incident Response
B
Which of the following is not one of the three risk management activities in the security management process? A) Protections B) Analysis C) Measures D) Plan
B
Which of the following backup types backs up anything that has changed since the last backup of any type? A) Differential B) Cumulative incremental C) Incremental D) Full
C
Which of the following is an example of a HIPAA technical safeguard standard? A) Workforce Security B) Workstation Use C) Audit Controls D) Workstation Security
C
Which of the following is the goal of an Audit Controls standard? A) Implementing technical controls that protect ePHI from improper alteration or destruction B) Restricting access to ePHI only to users and processes that have been specifically authorized C) Implementing hardware, software, and procedural mechanisms that record and examine activity in information systems that contain ePHI D) Verifying that a person or process seeking to access ePHI is the one claimed
C
Which of the following statements best describes a health-care clearinghouse? A) A person or organization that provides patient or medical services B) An entity that provides payment for medical services C) An entity that processes nonstandard health information it receives from another entity D) A person or entity that creates, receives, maintains, transmits, accesses, or has the potential to access ePHI
C
Who should be notified of ePHI breaches? A) Department of Justice B) Local law enforcement C) Department of Health and Human Services D) State Attorney
C
According to HIPAA, which of the following refers to anyone who does work at or for an organization? A) Staff B) Personnel C) Employee D) Workforce
D
Covered entities (CEs) include which of the following? A) Health-care providers B) Health plans C) Health-care clearinghouses D) All of the above
D
Under the HITECH Act criminal violations can be brought against which of the following? A) Covered entities B) Employees C) Covered entities and employees D) Anyone who wrongly discloses PHI
D
Which of the following best describes HIPAA administrative safeguards? A) Retention, availability, and update requirements related to supporting documentation B) The use of technical security measures to protect ePHI data C) Standards for business associate contracts and other arrangements D) Documented policies and procedures for managing day-to-day operations and access to ePHI
D
Which of the following is a change made to HIPAA by the Omnibus Rule? A) Expanded the definition of "business associates" B) Increased penalties for violations to up to $1.5 million C) Granting authority to state Attorneys General to enforce HIPAA rules and pursue criminal and civil cases D) All of the above
D
Security awareness and training and workforce security standards are examples of which of the following? A) Administrative safeguards B) Physical safeguards C) Technical safeguards D) Organizational requirements
A
Which of the following are the two required implementation specifications of the access control standard under HIPAA? A) Unique user identification and establishing emergency access procedures B) Implementing automatic logoff procedures and encrypting/decrypting information at rest C) Unique user identification and implementing automatic logoff procedures D) Encrypting/decrypting information at rest and establishing emergency access procedures
A
Which of the following is an example of a HIPAA administrative safeguard standard? A) Workforce Security B) Workstation Use C) Audit Controls D) Workstation Security
A
Which of the following is the goal of an Integrity Controls standard? A) Implementing technical controls that protect ePHI from improper alteration or destruction B) Restricting access to ePHI only to users and processes that have been specifically authorized C) Implementing hardware, software, and procedural mechanisms that record and examine activity in information systems that contain ePHI D) Verification that a person or process seeking to access ePHI is the one claimed
A
Which of the following statements best describes a health-care provider? A) A person or organization that provides patient or medical services B) An entity that provides payment for medical services C) An entity that processes nonstandard health information it receives from another entity D) A person or entity that creates, receives, maintains, transmits, accesses, or has the potential to access ePHI
A
Which of the following was given the authority to bring criminal action against covered entities that wrongly disclose ePHI? A) Department of Justice B) Local law enforcement C) Department of Health and Human Services D) State Attorney
A