Combo with "Law Chapter 10 Final Review" and 1 other

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

A nurse administrator who does not typically take call gets called in over the weekend to staff the emergency department. She does not have access to enter notes since this is not a part of her typical role. In order to meet the intent of the HIPAA Security Rule, the hospital policy should include

a provision to allow her emergency access to the system

If a HIPAA security rule implementation specification is addressable, this means that

an alternative may be implemented...

The capture of data by a hospital's data security system that shows multiple invalid attempts to access the patients' database is an example of what type of security control?

audit trail

One of the four general requirements a covered entity must adhere to for compliance with the HIPAA security rule is to ensure the confidentiality, integrity and ___________ of ePHI.

availability

The HIPAA security rule requires that passwords

be updated by organizational policy

Non-compliance with the HIPAA security rule can lead to

both civil penalties and criminal penalties

The workforce security administrative safeguard requires policies and procedures that

both ensure appropriate ePHI access by workforce members and prevent access to ePHI by workforce members who should not have access

The latest provisions to HIPAA include

breach notification, enforcement and modifications to the privacy and security rules

Which of the following would provide the best support of an organization's efforts toward compliance with the security rule?

build security into software and systems

Copying data onto tapes and storing the tapes at a distant location is an example of

data backup

To ensure compliance with the HIPAA security rule training requirement, the HIIM Director should do which of the following?

determine special needs of HIM staff and provide training

Helpful University Health System has a laptop sharing program which allows users to request laptop computers to use for short-term projects. Many of the projects involve the use of ePHI. When the laptops are returned to the office, they are often immediately recirculated to another user in the system. This is an example of a violation of which of the following aspects of the security rule?

device and media controls

The admissions department is getting some new computers from the surgery department. The director is so excited to get the new computers that he does not contact IT and installs the computers over the weekend in admissions. Since the computers were not checked for the presence of ePHI, the admissions director has violated which provision of the HIPAA security rule?

device and media controls

Which portion of a security program would ensure that ePHI is not stored on recycled equipment?

device and media controls

The HIPAA "Security Awareness and Training" administrative safeguard requires all of the following addressable implementation programs for an entity's workforce except

disaster recovery plan..

What term is also used to denote the HIPAA requirement of Contingency Planning?

emergency mode of operation

The security rule's five sections includes all of the following except:

encryption requirements

Which of the following statements is false about the Security Officer? The Security Officer

holds a required full-time position under HIPAA security rule..

The HIPAA security rule allows flexibility in implementation based on reasonableness and appropriateness. This means that covered entities can

implement based on organizational assessment

The purpose of the implementation specifications of the HIPAA security rule is to provide

instruction for implementation of standards

One of the four general requirements a covered entity must adhere to for compliance with the HIPAA security rule is to ensure the confidentiality, ________, and availability of ePHI.

integrity

Which of the term does the security rule use to define data or information that has not been altered or destroyed in an unauthorized manner?

integrity

Which of the following best describes the role that the HIIM professional should play in HIPAA security compliance?

moderate involvement since the rule is very operational

The HIPAA security rule applies to which of the following covered entities?

A) Hospital that bills Medicare B) Physician electronic billing company C) BlueCross health insurance plan

Assessing HIPAA training programs is important for which of the following reasons?

A) It is how the workforce knows what to do. B) It is highly visible to auditors.

All of the following are security rule physical safeguard standards except

A) facility access controls *** contingency planning*** C) workstation security D) device and media controls

With addressable standards, the covered entity may do all but which of the following?

A) implement the standard as written B) implement an alternative standard *** ignore the standard since it is addressable*** D) determine that the risk of not implementing is negligible

The HIPAA Security Rule allows flexibility in implementation based on reasonableness and appropriateness. What does the covered entity use to make these determinations?

A) size of the covered entity B) security capabilities of the covered entity's system C) costs of security measures

Home health nurses at a covered entity want to use laptop computers to record patient notes. The director of nursing asks for guidance about whether or not this is a HIPAA violation. The most appropriate response from the Security Officer is that they:

need additional training as remote workers

Which of the following is a best practice to comply with the revised security provisions of the HITECH Act?

Inventory BAs to determine which Business Associates Agreements need to be amended.

The HIPAA security rule contains what provision about encryption?

It is required based on organizational policy.

The enforcement agency for the security rule is

Office for Civil Rights

Which of the following statements about HIPAA training is false?

Privacy and security training should be separated.

Some of the best steps that workers can take to comply with the HIPAA security rule include ensuring

the security of mobile devices

A subcontractor of a business associate may

transmit ePHI on the business associate's behalf if it provides satisfactory assurances that the information will be appropriately safeguarded

According to the HIPAA Security Rule, how should a covered entity instruct a physician who needs a new smart phone and her current smart phone contains ePHI?

turn in her old smart phone

Disabling the USB drive on a computer is an example of what type of security?

workstation

What are the primary distinctions between the HIPAA Security Rule and the HIPAA Privacy Rule?

.both The security rule applies to all forms of patients' PHI, whether electronic, written, or oral, but the security rule covers only electronic PHI and the security rule provides for far more comprehensive security requirements than the security rule and includes a level of detail not provided in the security rule..

The best source for obtaining primary information on addressing the HIPAA Security Rule would be which of the following sources?

Department of HHS

The VP of Finance wants to consider sending all of the medical transcriptionists home to work. What security issues should be included in the risk analysis?

access of data by unauthorized persons

Security awareness training programs require the implementation of awareness and training of all workforce members and should include

periodic security reminders

In general, reviews for compliance with various aspects of the security rule should be conducted

periodically

When developing security procedures for remote workforce, the HIM director should reference which of the following?

privacy and security rules, state statutes and other federal statutes

Fred resigned from his position at University Hospital. According to the HIPAA security rule, his access to the electronic health record system should be terminated

promptly upon resignation

The HIPAA security rule requires that the covered entity

protect ePHI from reasonably anticipated threats

The HIPAA security rule contains the following safeguards except

reliability

Dr. Watson is known to chronically not remember his password and ask other physicians and nurses to use their passwords. This is reported by various staff, but the security officer ignores the complaints since Dr. Watson is the chief of staff. The hospital most likely has not complied with which of the following?

sanction policy

When external reviewers request access to electronic patient records, the IT professionals at Charity Clinic determine that giving the reviewers a user name and password to access all records in the database is the quickest and easiest approach. As the HIIM Director, your response to this would be to

suggest records necessary for audit be placed in a queue


Set pelajaran terkait

Ankle Stability and Movement Coordination Impairments: Ankle Ligament Sprains

View Set

ANATOMY LECTURE chapter 17 part 3

View Set

Revolutionary Ideas of Karl Marx

View Set