ITN 267 - 6,7,8,9,10
HIPAA limits the pre-existing condition waiting period to ________ months.
12 months
A utility patent has a ________-year term.
20
California's breach notification law went into effect in ______ 2003 2010 2008
2003
A covered entity must respond to a person's request to access PHI within ________ days.
30 days
What is the trademark registration period? A. 10 years B. 14 years C. 20 years D. 70 years E. None of the above
A. 10 years
What term refers to how a covered entity shares PHI with other organizations? A. Disclosure B. Discuss C. Use D. Handle E. None of the above
A. Disclosure
Which regulation controls the export of military or defense applications and technology? A. ITAR B. EAR C. OFAC D. FDIC E. None of the above
A. ITAR International Traffic in Arms Regulations
Cybertorts are most likely which type of tort? A. Intentional torts B. Negligent torts C. Strict liability torts D. Crimes E. None of the above
A. Intentional torts
What types of companies must follow all SarbanesOxley Act provisions? A. Public B. Private C. Nonprofit D. Governmental E. None of the above
A. Public
How many steps are there in the NIST Risk Management Framework? A. Six B. Five C. Four D. Three E. None of the above
A. Six Risk Management Framework Steps Step 1: Categorize Information Systems. ... Step 2: Select Security Controls. ... Step 3: Implement Security Controls. ... Step 4: Assess Security Controls. ... Step 5: Authorize Information System. ... Step 6: Monitor Security Controls.
If the U.S. Congress creates a federal breach notification law, what happens to state laws? A. They are no longer valid. B. They are still valid as long as they are stricter than federal law. C. They are still valid in their original form. D. They are still valid as long as they are weaker than federal law. E. None of the above
A. They are no longer valid.
Which DMCA safe harbor is called the "conduit" exception? A. Transitory communications safe harbor B. System caching safe harbor C. Information storage safe harbor D. Information location tools safe harbor E. None of the above
A. Transitory communications safe harbor
A dividend is a shareholder's earnings in a company. A. True B. False
A. True
Internet service providers often have tort immunity for the actions of content providers. A. True B. False
A. True
What element(s) must a government prove to show a crime has been committed? A. Mens rea B. Mala prohibita C. Actus rea
Actus rea
A business associate is ________ .
An organization that preforms a health care activity on behalf of a covered entity.
Which of the following SOX titles establishes rules to make sure that securities analysts can give independent opinions about a public company's stock risk? Analyst Conflicts of Interest (Title V) Enhanced Financial Disclosures (Title IV) Commission Resources and Authority (Title VI) Studies and Reports (Title VII)
Analyst Conflicts of Interest (Title V)
Which framework has the U.S. Securities and Exchange Commission official approved as suitable evaluation criteria for internal controls? A. COBIT B. COSO C. GAIT D. ISO/IEC E. None of the above
B. COSO Committee of Sponsoring Organizations of the Treadway Commission
What is the legal process used to gather evidence in a lawsuit? A. Disclosure B. Discovery C. Forensics D. Trial E. None of the above
B. Discovery
A company's chief information security officer and chief financial officer must sign a Section 302 certification. A. True B. False
B. False
A covered entity must disclose PHI to a person's family and friends in an emergency. A. True B. False
B. False
A design patent can be used to protect computer software. A. True B. False
B. False
A public company must file a Form 10-K at the end of each quarter. A. True B. False
B. False
Which level of impact for a Federal Information Processing Standards (FIPS) security category best describes significant damage to organizational assets? A. Low B. Moderate C. High D. Severe E. None of the above
B. Moderate
Which assessment must be completed any time a federal agency collects personal information that can be retrieved via a personal identifier? A. PIA B. SORN C. ACORN D. OFAC E. None of the above
B. SORN System of Records Notice
What is the main difference between patents and trade secrets? A. A trade secret is public, a patent is confidential. B. A trade secret protects a process, a patent protects a machine. C. A trade secret is confidential, a patent is public. D. A trade secret protects a machine, a patent protects a process. E. None of the above
C. A trade secret is confidential, a patent is public.
Which standard replaced Auditing Standard No. 2? A. Auditing Standard No. 3 B Auditing Standard No. 4 C. Auditing Standard No. 5 D. Auditing Standard No. 6 E. None of the above
C. Auditing Standard No. 5
The information collected in a Privacy Impact Assessment (PIA) and a System of Records Notice (SORN) is based upon what principles? A. NIST standards B. OMB standards C. Fair information privacy practices D. ITAR regulations E. None of the above
C. Fair information privacy practices
How many days after a major event must a company file Form 8K? A. Two B. Three C. Four D. Five E. None of the above
C. Four
What is not a business day? A. An official workday B. A day of the week that includes Monday through Friday C. Memorial Day D. Tuesday E. None of the above
C. Memorial Day
What technology standards are permitted under the Nevada encryption law? A. PCI DSS B. SO 1799 C. NIST D. FTC E. HIPAA
C. NIST National Institute of Standards and Technology
What must an author do to protect his or her copyrighted works? A. Mark it with a ©. B. Register it with the U.S. Copyright Office. C. Nothing, copyright protection is automatic. D. Pay a fee to the Library of Congress. E. None of the above
C. Nothing, copyright protection is automatic.
Which Sarbanes-Oxley Act provision causes the most concern for information technology professionals? A. Section 302 B. Section 309 C. Section 404 D. Section 906 E. None of the above
C. Section 404
Under the Sarbanes-Oxley Act, how many years must public companies keep audit papers? A. Five B. Six C. Seven D. Eight E. None of the above
C. Seven
What is the time period during which a plaintiff must begin a lawsuit? A. Statute of frauds B. Statute on liability C. Statute of limitations D. Pleadings statute E. None of the above
C. Statute of limitations
What was the first state to have a breach notification law? Utah Texas New York California
California
The __________________ was created after a security breach at a state-operated data facility. California Database Security Breach Notification Act Utah Database Security Breach Notification Act Texas Database Security Breach Notification Act New York Database Security Breach Notification Act
California Database Security Breach Notification Act
_______________________ covers unsolicited commercial e-mail messages and requires commercial e-mail senders to meet certain requirements. Pen Register and Trap and Trace Statute Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Anti-cybersquatting and Consumer Protection Act Computer Fraud and Abuse Act
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)
Provide a brief definition of "crime."
Crimes are wrongdoings against society.
What is the name of the FISMA data-collection tool? CyberScope US-Cert UMCA
CyberScope
What is the maximum fine for a single violation of the HIPAA Privacy or Security Rule? A. $100 B. $1,500 C. $1 million D. $1.5 million E. It's unlimited
D. $1.5 million
How many categories of security controls are designated in FIPS 200? A. 20 B. 19 C. 18 D. 17 E. None of the above
D. 17
What conditions must be met to be considered a health care provider under HIPAA? A. Provide health care services to a person. B. Conduct standard transactions electronically. C. Handle electronic transactions on a clearing-house's behalf. D. A and B only E. None of the above
D. A and B only
What are federal information security challenges? A. A culture of merely complying with reporting requirements B. Lack of an enterprise approach to information security C. Lack of coordination within the federal government D. All of the above E. None of the above
D. All of the above
Which federal laws can be used to prosecute phishing scams? A. The Computer Fraud and Abuse Act B. The Patriot Act C. The CAN-SPAM Act D. All of the above
D. All of the above
How often must the U.S. Securities and Exchange Commission review a public company's Form 10K and Form 10Q reports? A. Twice a year B. Every year C. Every other year D. Every three years E. Every five years
D. Every three years
Most states define personal information as name and which of the following elements? A. Date of birth B. Address C. Phone number D. Social Security number E. None of the above
D. Social Security number
What is a defense to a defamation case? A. Comparative negligence B. Contributory negligence C. Assumption of risk D. The truth E. None of the above
D. The truth
How many members of the Public Company Accounting Oversight Board may be certified public accountants? A. Five B. Four C. Three D. Two E. None of the above
D. Two
In 1998, Congress passed the _________________________.This law helps protect copyrights in the multimedia world. It also contains provisions that help insulate Internet service providers from the actions of their customers. Digital Millennium Copyright Act Online Copyright Infringement Liability Limitation Act Computer Maintenance Competition Assurance Act Vessel Hull Design Protection Act
Digital Millennium Copyright Act
Which of the following is not one of the guidelines in the DoD's policy on social media? DoD employees are permitted to use its non-classified Internet system to access social media sites such as Facebook and Twitter. DoD components are permitted to maintain official DoD communications on social media sites. The DoD is permitted to advertise the services that it provides to the country. DoD employees are not permitted to use social media from their personal devices for personal purposes.
DoD employees are not permitted to use social media from their personal devices for personal purposes.
What two intellectual property methods can be used to protect computer software? A. Patents B. Trademarks C. Copyrights D. A and B E. A and C
E. A and C
Which type of intellectual property protection is mentioned in the U.S. Constitution? A. Patents B. Trademarks C. Copyrights D. A and B only E. A and C only
E. A and C only
What must a person show to prove trademark infringement? A. Ownership of a trademark B. That the defendant used a similar trademark in commerce C. That the defendant's use of a similar trademark is likely to confuse consumers D. A and B only E. A, B, and C only
E. A, B, and C only
Which corporate scandals lead to the creation of the SarbanesOxley Act? A. Enron B. WorldCom C. Adelphia D. Tyco E. All of the above
E. All of the above
Which states allow data breach notification to be given by telephone? A. California B. Colorado C. North Carolina D. A and B only E. B and C only
E. B and C only
What type of document must a plaintiff file to begin a civil lawsuit? A. Answer B. Discovery C. Motion for Summary Judgment D. Counter-claim E. Complaint
E. Complaint
Which rule is similar to the information security concept of need to know? A. Use rule B. Clearinghouse rule C. Operations rule D. Absolute rule E. Minimum necessary rule
E. Minimum necessary rule
Which agency has primary oversight responsibilities under the Federal Information Security Management Act of 2002 (FISMA)? A. DoD B. CIA C. NIST D. CNSS E. None of the above
E. None of the above The Office of Management and budget (OMB)
How quickly must a federal agency report an unauthorized access incident? A. Monthly B. Weekly C. Daily D. Within two hours of discovery E. Within one hour of discovery
E. Within one hour of discovery
__________________ restrict the transmission of certain types of information to non-U.S. citizens or non-permanent residents who are located in the United States. Import control regulations Export control regulations Social media sites Office of International Information Transference
Export control regulations
Congress created the _____________ in response to the September 11, 2001, terrorist attacks. Computer Security Act (CSA) Office of Management and Budget (OMB) Federal Information Security Management Act (FISMA) National Security Agency (NSA)
Federal Information Security Management Act (FISMA)
Before ____________________, many workers experienced "job lock" and were afraid that they would lose health care benefits if they changed jobs. HITECH HIPAA COBRA the creation of the Department of Health and Human Services (HHS)
HIPAA
Which of the following is true about COBRA and HIPAA? They provide the same functions but are governed by different branches of the federal government. HIPAA regulates discrimination based on health history while COBRA ensures health coverage continues. COBRA was enacted to fight Medicare fraud. COBRA and HIPAA are overseen directly by the executive branch.
HIPAA regulates discrimination based on health history while COBRA ensures health coverage continues.
The _______________ makes identify theft a federal crime. Patriot Act Internet Information and Identity Act Identity Theft and Assumption Deterrence Act Wiretap Act
Identity Theft and Assumption Deterrence Act
_____________________ is the area of law that protects a person's creative ideas, inventions, and innovations. Intellectual property law Civil law Criminal law Property interest law
Intellectual property law
What are internal controls over financial reporting (ICFR)?
Internal controls are the processes and procedures that a company uses to provide reasonable assurance that its financial reports are reliable.
The two types of defamation cases are ________
Libel and slander
The ______________________ was created by Congress to protect data collected by the government. Computer Security Act (CSA) Privacy Act of 1974 E-Government Act of 2002 Federal Information and Security Management Act (FISMA)
Privacy Act of 1974
What does an internal control over financial reporting (ICFR) do?
Provides management with reasonable assurance that: 1) financial reports, records, and data are accurately maintained; 2) transactions are prepared according to GAAP rules and are properly recorded; and 3) unauthorized acquisition or use of data or assets that could affect financial statements will be prevented or detected in a timely manner.
The Enron scandal and similar corporate scandals led to the creation of which of the following? Securities and Exchange Commission Gramm-Leach-Bliley Act Sarbanes-Oxley Act Public Company Accounting Oversight Board
Sarbanes-Oxley Act
SOX ______________ requires CEOs and CFOs to certify a company's SEC reports. Section 906 Section 404 Section 302 Section 708
Section 302
The HIPAA ______________________ states how covered entities must protect the confidentiality, integrity, and availability of electronic personal health information. Privacy Rule Security Rule Red Flag Rule Administrative Simplification Rule
Security Rule
Which amendment to the U.S. Constitution guarantees defendants a speedy trial? Second Fourth Sixth Eighth
Sixth
_______________________ criminal law defines the conduct that constitutes a crime and establishes penalties. Felony First degree Substantive Tort
Substantive
What is the first piece of federal legislation that identified computer crimes as distinct offenses? Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Identity Theft and Assumption Deterrence Act (1998) The Computer Fraud and Abuse Act of 1984D . The Electronic Communications Privacy Act (1986)
The Computer Fraud and Abuse Act of 1984D . The Electronic Communications Privacy Act (1986)
The ________ guarantees a defendant the right to a speedy trial
The Sixth Amendment to the U.S. Constitution
________________ law uses the reasonable person standard to determine whether a person acted appropriately. Criminal Contract Tort Business
Tort
Patents, trademarks, and copyrights are all types of _________________. real property personal property intellectual property property interest
intellectual property
PHI refers to: protected health information public health information private health insurance public health insurance
protected health information
The power of a court to decide certain types of cases is ______________________ jurisdiction. personal subject matter supreme federal
subject matter
Which of the following conditions is not taken under consideration by Congress when determining if an area is ripe for federal legislation? whether differing state laws affect activities that it traditionally regulates how many states have created laws addressing the specific topic what the greatest economic advantage will be to the national market as it relates to the area under consideration whether there's state confusion or complexity that might affect relationships between the states
what the greatest economic advantage will be to the national market as it relates to the area under consideration
FedCIRC is the federal information security incident center. A. True B. False
B. False
Which type of NIST guidance follows a formal creation process? A. Special Publications B. Federal Information Processing Standards C. Guidelines for Information Security D. Fair information practice principles E. None of the above
B. Federal Information Processing Standards
Which states have required businesses to follow all, or part, of the PCI DSS? A. Minnesota B. Nevada C. California D. A and B only E. A and C only
D. A and B only
A HIPAA breach is a beach of ________ PHI.
Unsecured
Which of the following parties is not among those who would share an individual's health information? treatment providers government agencies like Medicaid or Medicare insurance companies potential employers
potential employers
Covered entities must notify affected individuals of a breach within ________ days.
60 Days
What information must a federal agency include in a privacy impact assessment?
A government agency must state what information is to be collected; why the information is being collected; the intended use of the information; how the agency will share the information; whether people have the opportunity to consent to specific uses of the information; how the information will be secured; and whether the information collected will be a system of records as defined by the Privacy Act of 1974.
A private cause of action is ________.
A legal concept that describes a person's right to sue another for harm that the latter caused
What is strict liability
A legal concept that means that people can be held responsible for their actions even if they didn't intend to cause harm to another person.
An encryption safe harbor is ________.
A legal concept that protects an entity from liability if it follows the law
"Clear and conspicuous" notice means that ________.
A person must be able to easily understand it
What are the two basic requirements to register a trademark with the U.S. Patent and Trademark Office?
A person or business must use the trademark in interstate commerce, and the trademark must be distinctive
What is mala in se? A. Conduct that a society declares is inherently wrong B. Conduct that society prohibits C. A person's criminal intent D. A criminal act E. None of the above
A. Conduct that a society declares is inherently wrong
The ChoicePoint data breach was the triggering event that caused many states to create data protection laws. A. True B. False
A. True
The U.S. Patent and Trademark Office publishes the "Official Gazette" to give public notice about patents and trademarks. A. True B. False
A. True
What is a state breach notification law? A. A law that requires that residents be notified if a dam breaks B. A law that requires that residents be notified if a business has a security breach that compromises their personal data C. A law that requires that residents be notified if a business has a security breach that compromises the business's confidential data D. A law that requires that businesses be notified if a government has a security breach that compromises the business's confidential data E. None of the above
B. A law that requires that residents be notified if a business has a security breach that compromises their personal data
Federal agencies must test their information security controls every six months. A. True B. False
B. False
Only the federal government prosecutes felonies. A. True B. False
B. False
The Computer Fraud and Abuse Act applies to any unauthorized access of a computer. A. True B. False
B. False
What is cybersquatting? A. When a person owns a patent but doesn't make, use, or sell their invention. B. When a person registers a domain name that is a registered trademark or trade name of another entity. C. When a person uses the copyrighted materials of another without appropriate acknowledgment. D. When a person publicly advertises the sensitive confidential information of a business or other entity on the Internet. E. None of the above
B. When a person registers a domain name that is a registered trademark or trade name of another entity.
What is one of the biggest differences between civil and criminal law? A. The amount of fines B. Whether a person can be sentenced to prison C. How long the offense stays on your criminal record D. The type of judge that hears the case E. The color of the prison jumpsuits
B. Whether a person can be sentenced to prison
Which entity enforces the HIPAA Privacy Rule? A. FDIC B. FTC C. OCR D. CDC E. None of the above
C. Office for Civil Rights (OCR)
What type of jurisdictional issue is a concern in a cybercrime case? A. Original jurisdiction B. Subject matter jurisdiction C. Personal jurisdiction D. Appellate jurisdiction E. None of the above
C. Personal jurisdiction
Which type of intellectual property protection is governed by federal and state law? A. Patents B. Copyrights C. Trademarks D. A and B only E. None of the above
C. Trademarks
What term refers to how a covered entity shares Protected health information (PHI) within the organization? A. Disclosure B. Discuss C. Use D. Handle E. None of the above
C. Use
In a situation where phishing attackers attempt to steal personal information, which of the following federal acts can be used to prosecute such a crime? CAN-SPAM Anti-Cybersquatting Consumer Protection Act Identity Theft and Assumption Deterrence Act Computer Fraud and Abuse Act
Computer Fraud and Abuse Act
What was the first federal law to address federal computer security? Federal Information Security Management Act (FISMA) Computer Security Act (CSA) Sarbanes-Oxley Act (SOX) The E-Privacy Act
Computer Security Act (CSA)
Which types of entities are sometimes excluded from breach notification laws? A. GLBA financial institutions B. HIPAA covered entities C. Out-of-state businesses D. A and B only E. A, B, and C
D. A and B only
Which uses and disclosures of PHI are allowed without a person's consent? A. Made for a person about their own PHI B. Made for treatment, payment, and health care operations C. Made for public safety and health activities D. All of the above E. None of the above
D. All of the above
What is the purpose of legislative history? A. To help determine which laws to abolish B. To help decide how to create new laws C. To help determine how old a law is D. To help determine what a legislature intended when it created a law E. None of the above
D. To help determine what a legislature intended when it created a law
_______________ patents protect the visual appearance of a product. Utility Plant Design Artistic
Design
To prove an intentional infliction of emotional distress tort, a plaintiff must show that the defendant's conduct is ________.
Extreme and outrageous
____________________ forbids a new employer's health plan from denying health coverage for some reasons and prohibits discrimination against workers based on certain conditions such as pregnancy. HITECH COBRA Department of Health and Human Services (HHS) HIPAA
HIPAA
____________________was created by Congress to make health insurance portable. HITECH Act FERPA HIPAA CIPA
HIPAA
_________________are the processes and procedures that a company uses to provide reasonable assurance that its financial reports are reliable. Disclosure controls Internal controls External Risk assessment
Internal controls
Massachusett's "Standards for the Protection of Personal Information of Residents of the Commonwealth" was released in September 2008 and is known for being "unique" in terms of its data protection standard. Which of the following statements best captures that uniqueness? It attempts to regulate businesses outside of Massachusetts by requiring businesses to encrypt the personal data of Massachusetts residents. It states that an entity's information security program must be a good fit for its size and scope. It also must fit the entity's type of business. Under the data protection standard, personal information is a person's first and last name, or first initial and last name, and any of the following: Social Security number or driver's license number or state identification card number. The standard states that an information security program must include specific security requirements.
It attempts to regulate businesses outside of Massachusetts by requiring businesses to encrypt the personal data of Massachusetts residents.
Why is it important to know who is the owner of a copyrighted work?
It's important to know the ownership of a copyrighted work in order to determine the length of copyright protection.
FISMA requires the Department of Commerce to create information security standards and guidelines. To which of the following organizations did the Department of Commerce delegate this responsibility? Office of Management and Budget (OMB) National Institute of Standards and Technology (NIST) Institute of Electrical and Electronics Engineers (IEEE) U.S. Government Accountability Office (GAO)
National Institute of Standards and Technology (NIST)
The ________________ enforces trade sanctions and embargoes and prohibits trade with certain people in other countries. Department of Commerce Department of Defense (DoD) Office of Management and Budget (OMB) Office of Foreign Assets Control (OFAC)
Office of Foreign Assets Control (OFAC)
The __________________________enforces trade sanctions and embargoes. U.S. Government Accountability Office (GAO) Federal Information Security Management Act (FISMA) Computer Security Act (CSA) Office of Foreign Assets Control (OFAC)
Office of Foreign Assets Control (OFAC)
The HIPAA _________________ dictates how covered entities must protect the privacy of personal health information. Information Security Rule Health Information Protection Rule Privacy Rule Red Flag Rule
Privacy Rule
Which of the following was not one of the outcomes of the Enron scandal? The SEC began to require more information to be reported on its financial statements. Public companies are required to file one comprehensive financial disclosure statement with the SEC. The SEC began to require that the accuracy of financial statements be certified in a number of different ways. Investors started to significantly lose confidence in large public companies.
Public companies are required to file one comprehensive financial disclosure statement with the SEC.
An addressable implementation specification must be used if it is ________ .
Reasonable and appropriate
Which of the following reports, which generally are shared only between the organizations that are doing business with one another, are used by auditors to assess the ICFR at one entity that does business with another entity? SOC-1 SOC-2 SOC-3 SOC-4
SOC-1
The main goal of ______________ is to protect shareholders and investors from financial fraud. Sarbanes-Oxley Act (SOX) Gramm-Leach-Bliley Act Securities and Exchange Commission Public Company Accounting Oversight Board
Sarbanes-Oxley Act (SOX)
Which of the following statements summarizes why a breach notification is hard for entities? States have different laws about what constitutes a breach. Not all states have the same penalty structures. People also may be confused if they get notices that don't look similar. Notices might look different depending upon the law that the entity followed in creating the notice.
States have different laws about what constitutes a breach.
___________________________ must be in place for securing networks, facilities, and systems or groups of IT systems. They are intended for technologies or system components that are a part of the larger information security program. Policies and procedures Subordinate plans Security awareness training Testing and evaluation
Subordinate plans
Which statement is true about the burden of proof in a criminal case? The victim must prove that he or she suffered loss and was damaged as a result of the crime. The defendant must prove that he or she did not violate the law. The government bears the burden of proving that the defendant violated the law. The defendant intended to commit the tort.
The government bears the burden of proving that the defendant violated the law.
What is the main goal of the Sarbanes-Oxley Act?
To protect shareholders and investors from financial fraud. SOX also was designed to restore investor faith in American stock markets.
_____________ are used to protect words, logos, and symbols that identify a product or services. Trademarks Patents Copyrights Trade secrets
Trademarks
Federal agencies must report information security incidents to ________. OMB US-CERT OCR
US-CERT United States Computer Emergency Readiness Team
A company's _______________________ provides a summary of the company's financial condition at a certain period. balance sheet profit and loss statement prospectus futures contract
balance sheet
What is considered to be personal information by most states? social security numbers account numbers both A and B neither A nor B
both A and B
Which of the following are types of export control regulations? International Traffic in Arms Regulations (ITAR) Export Administration Regulations (EAR) both A and B neither A nor B
both A and B
Which of the following may be exempt from state breach notification laws because they are already subject to other laws with specific data security requirements? GLBA financial institutions entities covered by HIPAA both A and B neither A nor B
both A and B
Intentional torts most often occur when the defendant intended to commit the tort. Most torts involving ____________________ are intentional torts. computers and cyberspace people keeping wild animals as pets people in learned occupations like doctors and lawyers a professional duty to provide competent service
computers and cyberspace
The bad faith registration of a domain name that's a registered trademark or trade name of another entity is referred to as: patent infringement strict liability in tort copyright infringement cybersquatting
cybersquatting
A covered entity doesn't have to account for every PHI disclosure that it makes. The Privacy Rule states that some kinds of disclosures don't have to be included in an accounting. Any disclosure not specifically excluded must be included and tracked. Which of the following disclosures does not need to be tracked? disclosures to HHS for its compliance functions disclosures required by law disclosures made to carry out treatment, payment, and health care activities disclosures required for public health activities
disclosures made to carry out treatment, payment, and health care activities
SOX requires the SEC to review a public company's Form 10-K and Form 10-Q reports at least once every three years. It must do this to try to detect fraud and inaccurate financial statements that could harm the investing public. SOX states the factors that the SEC should consider when deciding to conduct a review. Which of the following is not one of the factors that SEC must consider? whether a company has amended its financial reports how long the company has been in existence how much stock the company has issued the difference between a company's stock price and its earnings
how long the company has been in existence
A trademark has two criteria: 1) it must be used in interstate commerce and 2) _____________________. it must be useful it must be distinctive it must be novel it must be innovative
it must be distinctive
After the ChoicePoint breach, 46 states, including the District of Columbia, have created breach notification laws. Although, most states used the California law as a model, there are some differences. Which of the following is not one of the differences? entities covered by the law the time for notifying residents requirements that a notification contains certain types of information maximum requirements for encryption
maximum requirements for encryption
Unlike ______________, trade secrets aren't registered. A person or business doesn't have to meet any registration or procedural formalities for protection. patents prior art intellectual property servicemarks
patents
Which of the following has the longest period of protection? trademarks patents trade secrets copyrights
patents
Which of the following is not true about the Consolidated Omnibus Budget Reconciliation Act of 1986? covers employer-provided health plans that have 20 or more employees applies to health coverage offered by federal, state, and local governments applies to both employees that leave voluntarily or are terminated requires former employers to continue paying health insurance premiums for a minimum of one year
requires former employers to continue paying health insurance premiums for a minimum of one year
What is a legal concept that protects an entity from legal liability and is written into the law? Entities that encrypt the personal information that they own or maintain do not have to follow the notification requirements of this concept if they have a data breach. safety net caveat emptor safe harbor the Malpractice Act of 1998
safe harbor
Which of the follow does not count as personal information, as designated by California's Database Security Breach Notification Act? social Security number driver's license number or California Identification Card number medical information student ID
student ID
The U.S. Securities and Exchange Commission reviews a public company's Form 10-K at least once every ____________ years. five three four two
three
A ______________ protects the formulas, processes, methods, and information that give a business a competitive edge. copyright utility patent trade secret strict liability
trade secret