Chapter 12

The security rule applies to all PHI.

False

User name and password is an example of a two-factor authentication.

False

Critique this statement: A security incident must have been successful in order to meet the definition.

False statement as a security incident is a successful or unsuccessful attempt.

Types of security threats are: human error, intentional activity and natural disasters.

True

Which of the following is an example of a security incident?

Virus attack that destroyed files

Which of the following is a strong password?

Xerh54=

Which of the following damages a computer and/or the data?

malware

A letter was sent to patients telling them their PHI had been accessed by a hacker and that the healthcare facility would provide monitoring of their credit for one year. This is an example of what?

mitigation

Which of the following is an example of a technical safeguard?

person or entity authentication

The Chief Security Officer is responsible for:

advising administration on information security

The manager reviews a tool that identifies when an user logs in and out, what they do, and more. What is being reviewed?

audit trail

Which of the following is an example of data security?

automatic logoff after inactivity

Which of the following is an example of a business associate?

contract coder

Data have been lost in our EHR. To correct this problem, the facility needs to take what step?

data recovery

During a risk analysis, the facility documents potential threats to:

data security

Symmetric and asymmetric are examples of what?

encryption

The workforce clearance procedure:

ensures that the access to ePHI is appropriate

Which of the following is a type of network security?

firewall

Unfortunately the facility had a hacker invade the EHR. What is the process that should be used to gather evidence?

forensics

What is the term that is used to mean ensuring that data are not altered during transmission across a network or during storage?

integrity

The duplication of data, hardware, and other components is called:

redundancy

A user had trouble remembering his password so he decided to write it down. No one obtained access to it and used it so this is a:

security event

The computer notified me that a user accessed the PHI of a patient with the same last name. This is the example of a(n):

trigger

To access PHI, the user enters a user name and places their thumb in a reader. This is an example of what?

two-factor authentication