CompTIA Hit-001 (Flashcards Only)

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

QUESTION NO: 376 You are riding in an elevator with several physicians discussing the care of a patient. The patient's name is used in the conversation, which piece of legislation has been violated? A. EMTALA B. Patient Bill of Rights C. MIPPA D. HIPPA

Answer: D Explanation: HIPPA is the legislation designed to insure the privacy and security of personal health information.

QUESTION NO: 42 You are working with a contractor who is revamping three outpatient clinics that are part of Clearwater Hospitals Outpatient Services. There are a lot of department in Clearwater Hospital, including both inpatient and outpatient services. Which of the following groups is most likely to be these three outpatient clinics. A. OBGYN, OR, NICU B. ICU, PEDS, PACU C. Occupational Therapy, CCU, Behavioral Health D. Physical Therapy, ENT, Dermatology

Answer: D Explanation: Physical Therapy, ENT and Dermatology are outpatient services. Physical therapy involves therapy after injury or illness to regain the use of muscles and nerves that may have been damaged. ENT is an acronym for "ear nose and throat" or an otolargynogolgy department that deals with illness of the ears, nose, throat and upper respiratory issues. Dermatology deals with diseases of the skin, from acne to cancers. Even if they are called into an inpatient setting, these services are considered outpatient services and would likely have outpatient offices or clinics outside of the central hospital where inpatient services are centered, and might use different billing and coding practices. Answer: A is incorrect. OBGYN is an acronym for obstetrics and gynecology, which is women's health during pregnancy and the specialty of the health of female sexual organs. There are often both outpatient and inpatient departments or units for OBGYN within the hospital. The OR is the operating room, and is clearly an inpatient service as a standard OR requires intensive services and a hospital stay. Minor surgeries are often done in the ambulatory surgery on an outpatient basis, not an OR, which is for more serious surgery cases. NICU is an acronym for Neonatal Intensive Care Unit, and it is a department that specializes in the care of premature or seriously ill infants. This is an inpatient, intensive services department, not an outpatient department. Answer: B is incorrect. The ICU is the intensive care unit, also called the Critical Care Unit (CCU) or Intensive Therapy Unit (ITU) is a specialized department for inpatient services in a hospital that provides intensive-care medicine for critically ill patients, some who may need mechanically assisted ventilation or other round-the-clock care. PEDS is short for pediatric care, which is a department that may have both inpatient and outpatient services at a facility, which may or may not be located in the same place. PACU is the post-anesthesia recovery unit, and is part of an OR or ambulatory surgery department and may occur as an inpatient or outpatient service. They provide care for patients recovering from anesthesia. Answer: C is incorrect. It's true that Occupational Therapy is an outpatient service, and occupational therapists help patients with physical, mental or developmental difficulties learn or relearn the skills of daily living. However, the CCU or coronary care unit, is an inpatient department which specializes in the treatment of heart-related critical conditions, like heart attacks, unstable angina and other heart conditions that require constant monitoring. Behavioral Health is an inpatient department for treatment of mental health conditions that cannot be managed in an outpatient setting. http://physicaltherapy.about.com/od/typesofphysicaltherapy/a/whatistherapy.htm

QUESTION NO: 124 Which of the following is the default port for DNS zone transfer? A. Port 23 B. Port 80 C. Port 21 D. Port 53

Answer: D Explanation: Port 53 is the default port for DNS zone transfer. Answer: B is incorrect. Port 80 is the default port for Hypertext Transfer Protocol (HTTP). Answer: A is incorrect. Port 23 is the default port for the TELNET utility. Answer: C is incorrect. Port 21 is the default port for File Transfer Protocol (FTP).

QUESTION NO: 328 You have been tasked with finding an encryption methodology for your company's network. The solution must use public key encryption which is keyed to the users email address. Which of the following should you select? A. Blowfish B. 3DES C. AES D. PGP

Answer: D Explanation: Pretty Good Privacy (PGP) uses public-key cryptography and includes a system which binds the public keys to a user name and or e-mail address.

QUESTION NO: 140 For what period of time do all primary medical records be retained? A. 30 years B. 6 years C. 10 years D. 4 years

Answer: C Explanation: All primary medical records must be retained for a period of at least ten years from the date of the patient's last episode of care regardless of the age or status of the patient. Answer: D is incorrect. 4 years is incorrect as this is the amount of time in which all primary dental records must be kept. Answer: B is incorrect. 6 years is incorrect as this is the amount of time in which all materials containing HIPAA information must be kept. Answer: A is incorrect. 30 years is incorrect as no medical information is required to be retained for 30 years.

QUESTION NO: 264 Which of the following is the default subnet mask for the Class C IP address network? A. 255.255.255.0 B. 255.255.0.0 C. 127.0.0.1 D. 255.0.0.0

Answer: A Explanation: 255.255.255.0 is the default subnet mask for the Class C network.

QUESTION NO: 370 Your customer wants the fastest wireless possible in his home. Which of the following would you recommend? A. 802.11 wireless B. Bluetooth C. 3G Cellular D. Satellite

Answer: A Explanation: 802.11 can easily reach 10 to 15 MBPS.

QUESTION NO: 379 Which of the following devices does SCSI support?Each correct answer represents a complete solution. Choose all that apply. A. Hard disk drive B. Sound card C. CD drive D. Tape drive E. Modem

Answer: A,C,D Explanation: Small Computer System Interface (SCSI) supports CD drive, tape drive, and hard disk drive.

QUESTION NO: 248 You are configuring a wireless network for a home user. He does not want neighbors to detect his wireless network. What should you do? A. Use WEP encryption B. Disable SSID broadcast C. Use MAC filtering D. Use WPA encryption

Answer: B Explanation: By disabling the SSID broadcast, you can prevent his neighbors from detecting his wireless network.

QUESTION NO: 403 According to the USB 2.0 standard, what should be the maximum cable length between devices? A. 4.5 meters B. 10 meters C. 5 meters D. 1 meter

Answer: C Explanation: According to the USB 2.0 standard, the maximum cable length between devices should be 5 meters.

QUESTION NO: 82 Which of the following IEEE standards defines Ethernet and the use of copper cabling in a network? A. ISO/IEC 11801 B. IEEE 802.1X C. IEEE 802.3 D. IEEE 802.11i

Answer: C Explanation: The IEEE 802.3 standards define the physical layer and the media access control (MAC) sublayer of the data link layer of a wired Ethernet. These standards are made for physical connections between nodes and infrastructure devices by various types of copper or fiber cable. Infrastructure devices include hubs, switches, routers, etc. The IEEE 802.3 standard also defines the use of copper cabling in a network. Answer: D is incorrect. 802.11i, also referred to as IEEE 802.11i-2004, is a standard for wireless local area networks (WLANs). It provides improved encryption for networks that use the popular 802.11a, 802.11b (which includes Wi-Fi), and 802.11g standards. It is an amendment to the original IEEE 802.11. The 802.11i standard requires new encryption key protocols, known as Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). The 802.11i specification offers a level of security sufficient to satisfy most government agencies. However, AES requires a dedicated chip, and this may mean hardware upgrades for most existing Wi-Fi networks. Other features of 802.11i are key caching, which facilitates fast reconnection to the server for users who have temporarily gone offline, and pre-authentication, which allows fast roaming and is ideal for use with advanced applications such as Voice over Internet Protocol (VoIP). Answer: B is incorrect. IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails. IEEE 802.1X defines the encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802 which is known as "EAP over LANs" or EAPOL. EAPOL was originally designed for IEEE 802.3 Ethernet in 802.1X-2001, but was clarified to suit other IEEE 802 LAN technologies such as IEEE 802.11 wireless and Fiber Distributed Data Interface (ISO 9314-2) in 802.1X-2004. The EAPOL protocol was also modified for use with IEEE 802.1AE (MACSec) and IEEE 802.1AR (Secure Device Identity / DevID) in 802.1X-2010. Answer: A is incorrect. International standard ISO/IEC 11801 specifies general-purpose telecommunication cabling systems (structured cabling) that are suitable for a wide range of applications (analog and ISDN telephony, various data communication standards, building control systems, factory automation). This standard is defined by ISO/IEC. It covers both balanced copper cabling and optical fiber cabling. The standard was designed for use within commercial premises that may consist of either a single building or of multiple buildings on a campus. It was optimized for premises that span up to 3 km, up to 1 km2 office space, with between 50 and 50,000 persons, but can also be applied for installations outside this range. A corresponding standard for small-office/home-office (SOHO) environments is ISO/IEC 15018, which also covers 1.2 GHz links for cable and satellite TV applications.

QUESTION NO: 89 You have to undergo a surgical procedure in which will required a five day hospital stay. To which of the following types of healthcare facilities will you be admitted? A. Ambulatory Care Facility B. Nonacute Care Facililty C. Subacute Care Facility D. Acute Care Facility

Answer: D Explanation: An acute care facility is to a facility that offers a wide range of medical, surgical, pediatric and obstetric services that require a hospital stay of less than 30 days. Answer: A is incorrect. Ambulatory care facility is incorrect as this facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.

QUESTION NO: 448 You are selecting memory to put in to a laptop. Which of the following types of RAM chips would you most likely select? A. 184 PIN B. 72 PIN C. 240 PIN D. 144 PIN

Answer: D Explanation: Both MicroDIMM and SO-DIMM come in a 144 pin configuration, and are used for laptops.

QUESTION NO: 113 The HIPAA compliance act requires no restrictions on the use of which type of health information? A. Archived Health Information B. Electronic Health Information C. Paper Health Information D. De-Identified Health Information

QUESTION NO: 409 Maria works as a healthcare IT Technician for an organization. She has received an e-mail from the MN Compensation Office with the following message:Dear Sir/Madam,My name is Edgar Rena, the director of compensation here at the MN Compensation Office in Chicago. We receive so many complaints about fraudulent activities that have been taking place in your region for the past few years. Due to the high volume loss of money, the MN compensation department has had an agreement with the appropriate authority to compensate each victim witha sum of USD$500,000.00.You were selected among the list of people to be paid this sum. To avoid any imperative mood by intending scammers, your payment has been transmuted into an International bank draft which can be cashed at any local bank in your country. Please fill the below details and send it to our secretary for your compensation bank draft.Full name. ______Address. ________Tel. ____________ Fill

Send to: Dr. Michael Brown MN Compensation Office, IL Tel. +1-866-233-8434 Email. [email protected] Further instructions shall be given to you by our secretary as soon as you contact him. To avoid losing your compensation, you are requested to pay the sum of $350 for Insurance Premium to our secretary.Thanks and God bless. If Maria replies to this mail, which of the following attacks may she become vulnerable to? A. Phishing attack B. Spamming C. SYN attack D. Mail bombing &Answer: A Explanation: Phishing is a type of scam that entices a user to disclose personal information such as social security number, bank account details, or credit card number. An example of phishing attack is a fraudulent e-mail that appears to come from a user's bank asking to change his online banking password. When the user clicks the link available on the e-mail, it directs him to a phishing site which replicates the original bank site. The phishing site lures the user to provide his personal information. Answer: B is incorrect. Spamming is the technique of flooding the Internet with a number of copies of the same message. The most widely recognized form of spams are email spam, instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam. Answer: D is incorrect. Mail bombing is an attack that is used to overwhelm mail servers and clients by sending a large number of unwanted e-mails. The aim of this type of attack is to completely fill the recipient's hard disk with immense, useless files, causing at best irritation, and at worsttotal computer failure. E-mail filtering and properly configuring email relay functionality on mail servers can be helpful for protection against this type of attack. Answer: C is incorrect. A SYN attack is a form of denial-of-service (DoS) attack. In this attack, the attacker sends multiple SYN packets to the target computer. For each received SYN packet, the target computer allocates resources and sends an acknowledgement (SYN-ACK) to the source IP address. Since the target computer does not receive a response from the attacking computer, it attempts to resend the SYN-ACK. This leaves TCP ports in a half-open state. When the attacker sends TCP SYNs repeatedly, the target computer eventually runs out of resources and is unable to handle any more connections, thereby denying services to legitimate users. A SYN attack affects computers running on the TCP/IP protocol. It is a protocol-level attack that can render a computer's network services unavailable. A SYN attack is also known as SYN flooding.

QUESTION NO: 61 John works as a Sales Manager for BlueWells Inc. The company has a Windows-based network. John often travels away from the office. He wants to connect his Laptop to the office's local network. Which of the following mechanisms will he use to connect to the office's local network? A. Virtual Private Network (VPN) B. Personal Area Network (PAN) C. Intranet D. Extranet

Answer: A Explanation: A virtual private network (VPN) is a form of wide area network (WAN) that supplies network connectivity over a possibly long physical distance. A virtual private network is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a tunnel that cannot be entered by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses. Answer: C is incorrect. An intranet is a private network that is contained within an enterprise. Intranet is used to share company information and computing resources among employees. It is also used to facilitate working in groups and for teleconferencing. An intranet uses TCP/IP, HTTP, and other Internet protocols. Answer: D is incorrect. Extranet is an area of a Web site, which is available only to selected customers, suppliers, and mobile workers. It allows users limited access to a company's intranet. Extranet can also be considered as an extension of a corporate intranet using the World Wide Web technology to facilitate communication with a corporation's suppliers and customers. Answer: B is incorrect. A personal area network (PAN) is a computer network used for communication among computer devices (including telephones and personal digital assistants) close to one's person. The reach of a PAN is typically a few meters. A PAN can be used for communication among the personal devices themselves (intrapersonal communication), or for connecting to a higher level network and the Internet.

QUESTION NO: 5 Which of the following is a project management tool that is characterized by circles connected by lines to indicate the sequence of event? A. PERT Diagram B. Gantt Chart C. Venn Diagram D. Critical Path

Answer: A Explanation: A PERT Diagram is a diagram which represent the steps or component parts of a project as circles connected by lines to indicated the sequence of events. Answer: C is incorrect. Venn Diagram is incorrect as this diagram is diagram used in mathematics that are used to show all possible logical relations between a finite collection of sets. Answer: D is incorrect. Critical path is incorrect as this is not a diagram, however, it is a tool used to indicate the overall time frame a project should take to complete. Answer: B is incorrect. Gantt Chart is incorrect as this is a table that contains horizontal time lines and vertical indicators of project components,with bars indicating when and by whom tasks are to be completed.

QUESTION NO: 365 You have the responsibility of designing an entire information system. You design a chart to ensure the project gets completed on time. Your chart is based on the chart shown below. Which of the following types of project management tools have you created for your project? A. PERT Diagram B. Critical Path C. Gantt Chart D. Venn Diagram

Answer: A Explanation: A PERT Diagram is a diagram which represent the steps or component parts of a project as circles connected by lines to indicated the sequence of events. Answer: D is incorrect. Venn Diagram is incorrect as this diagram is diagram used in mathematics that are used to show all possible logical relations between a finite collection of sets. Answer: B is incorrect. Critical path is incorrect as this is not a diagram, however, it is a tool used to indicate the overall time frame a project should take to complete. Answer: C is incorrect. Gantt Chart is incorrect as this is a table that contains horizontal time lines and vertical indicators of project components,with bars indicating when and by whom tasks are to be completed.

QUESTION NO: 511 You are working as a privacy officer at a large medical clinic in a town with a population where everyone kind of knows everyone else. You have just finished reviewing the incidents that have been reported to you by the clinic's staff where it is believed that a breach of patient's privacy rights may have occurred. You have to decide which incidents require notifying the patient and HHS. Under the HITECH Act's Breach and Harm Threshold Considerations, which of the following would situations would constitute a reason for notifying the patient. A. A bill was mailed to the patient's previous address containing information about an STD test, but was returned opened. B. An email was sent to the wrong billing adjuster in the clinic's business office and contained the patient's PHI. C. A nurse hands a patient a medical report for a different patient, but quickly realizes it and asks gets it returned. D. An inter-office fax with the patient's PHI went to a different department than intended, but was promptly returned to the sending office.

Answer: A Explanation: A bill was mailed to the patient's previous address containing information about an STD test, but was returned opened. The interim final rule under the HITECH Act sets a harm threshold to determine if the impermissible use or disclosure poses a significant risk of "financial, reputational, or other harm" to the patient. In this case, both the fact that the envelope is open and that it contains information that could harm this individual's reputation meet the harm threshold. The patient may ultimately decide that it really doesn't matter that much, but the organization has the responsibility to notify. The HHS has provided examples for low-risk HIPAA violations in the breach notification interim final rule Answer: D is incorrect. This falls under HHS's definition of "Good faith, unintentional acquisition, access or use of PHI by a workforce member of a covered entity or business associate." In other words, it was not only unintended, but it has stayed within the covered entity. Answer: B is incorrect. Similar to option A, this falls under HHS's definition of "Good faith, unintentional acquisition, access or use of PHI by a workforce member of a covered entity or business associate." Answer: C is incorrect. This falls under the HHS guidelines that a "Recipient could not reasonably have retained the data." In this case, the nurse retrieves the information soon after giving it to the wrong patient and can assume that not enough time lapsed for the wrong recipient to review the report and cause harm to the patient.

QUESTION NO: 505 When the attending physician for a patient brings in another physician, such as a specialist like a cardiologist, a dermatologist or a neurologist in to look in on a patient and give their medical opinion regarding the patient's diagnosis and process, what is that process called? A. Consultation B. Dictation C. Specialization D. Referral

Answer: A Explanation: A consultation is an important part of healthcare workflow. The physician in charge of a patient in the hospital is the attending physician. Other physicians and/or specialists called in to render an opinion on the case are consultants, and generate consultation report documents. Answer: C is incorrect. Specialization is not a term used to refer to this practice. Answer: D is incorrect. Referral is a practice where in an outpatient setting, a primary care physician will send a patient to a specialist for certain health conditions and a document is generated that gives the contact information for the specialist as well as authorization for certain government or insurance programs. It is not the same as an inpatient consultation. Answer: B is incorrect. Dictation is the process by which a physician makes an audio recording of progress notes or an evaluation of a patient. This dictated record is then converted into a text document and into the medical record through the process of transcription.

QUESTION NO: 358 Which of the following refers to an electronic version of the paper record a physician may have kept on a patient for years? A. Electronic Medical Record B. Demographic Health Information C. Electronic Health Record D. Archived Health Information

Answer: A Explanation: An electronic health record (EMR) is an electronic version of the paper record that doctors have long maintained for their patients. An EMR may be simply office based or interconnected within a health system.

QUESTION NO: 285 There are millions of insurance billing claims being sent out to hundreds of difference insurance carriers everyday, and with many different formats for claim forms and the need for error checking, there's a need for a service to manage electronic claims in one accessible format for billing offices to contact if there is a problem. If you have a problem with a billing transaction program, you will likely contact one of these services during your employment. What is the name of this kind of entity? A. Medical Billing Clearinghouse B. Insurance Server C. Claims manager D. Electronic traffic controller

Answer: A Explanation: A healthcare billing clearinghouse receives from a healthcare provider's billing office an electronic claim and then scrubs it for potential errors, then the clearinghouse securely transmits the claim to the correct payer (insurer, government program, etc). Answer: D is incorrect. Although a clearinghouse may seem like an information "air traffic controller" this is not the proper name for the company. Answer: B is incorrect. This is not the correct term. Answer: C is incorrect. This is not what a claims manager does. A claims manager is a position within an insurance company.

QUESTION NO: 478 Hospitals usually have several levels of vertical management, starting with service providers, patient care managers, department administrators and chief officers. What group is ultimately at the top of management for a hospital? A. The Board of Directors B. Chief of Medical Staff C. Chief Executive Officer D. President of Operations

Answer: A Explanation: A hospital is ultimately run by a group known as the Board of Directors. Nonprofit hospitals often have boards which consist of members of the community. Religious hospitals have members of the clergy in their boards. Professors and educators are on the boards of university hospitals. Answer: C is incorrect. All though a key figure in the chain of command of a hospital, the CEO ultimately answers to the Board of Directors. Answer: B is incorrect. Although a key figure in the chain of command for providers in a hospital, the Chief of Medical Staff answers to the Board of Directors. Answer: D is incorrect. President of Operations is not a common position on a hospital staff.

QUESTION NO: 269 Which of the following servers provides streaming audio and video over a network, and uses UDP ports and buffers to achieve the effect of a real time connection? A. Media server B. Apache Web server C. FTP server D. Sun ONE server

Answer: A Explanation: A media server provides streaming audio and video over a network, and uses UDP ports and buffers to achieve the effect of a real time connection. It is well suited for intranet as well as the Internet. The examples of vendors of the media server are as follows: Microsoft NetShow Netscape Media Server The media servers are useful in providing long distance conference call securely. Answer: D is incorrect. The Sun ONE server was previously known as the Netscape/iPlanet Enterprise server. Sun ONE is an abbreviation of Sun Open Net Environment. It is widely used on the Web and includes servers with server side JavaScript interpreters. The JavaScript interpreters allow using JavaScript for connecting with databases. Answer: C is incorrect. A File Transfer Protocol (FTP) server manages the FTP client requests and responses using the FTP protocol. This protocol makes it possible to move one or more files securely between computers while providing file security and organization as well as transfer control. The latest Web browsers and file managers can connect to FTP servers, although they may lack the support for protocol extensions such as FTPS. This allows manipulation of remote files over FTP through an interface similar to that used for local files. Answer: B is incorrect. Apache is a Web server based on HTTPd, a free server developed by the National Center for Supercomputing Applications (NCSA). It is a stable, multiplatform Web server daemon. The key features of an Apache server are as follows: It is easy to configure. It supports server-side scripting as well as CGI scripts. It contains a custom API that enables external modules, such as improved authentication, caching etc., to be utilized by the server. It is the most popular server used on the Internet.

QUESTION NO: 339 Which of the following devices is used for accessing the data on Secure Digital (SD) card, MMC card, and CompactFlash (CF)? A. Memory card reader B. Smart card reader C. E-book reader D. Barcode reader

Answer: A Explanation: A memory card reader is a device, typically having a USB interface, for accessing the data on a memory card such as a CompactFlash (CF), Secure Digital (SD) or MultiMediaCard (MMC). Answer: B is incorrect. Smart card readers are used to read smart cards. It is used as a communications medium between the smart carA, D host. Answer: D is incorrect. A barcode reader (or barcode scanner) is an electronic device for reading printed barcodes. Answer: C is incorrect. There is no such device as e-book reader.

QUESTION NO: 276 A member of your family is suffering from Alzheimer's Disease and is unable to care for themselves at home. To which of the following healthcare facilities would you contact for long term care of this individual? A. Nonacute Care Facililty B. Subacute Care Facility C. Ambulatory Care Facility D. Acute Care Facility

Answer: A Explanation: A non acute care facility, often referred to as a long term care facility, is a type of facility is used for individuals who suffer from long term illnesses that required hospital stays of longer than 30 days. Answer: C is incorrect. Ambulatory care facility is incorrect as this facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.

QUESTION NO: 179 You have the responsibility of setting up an entire information system for your facility. You feel that all the PCs should be set, followed by the printers and finally the networking be installed in that particular order. Which of the following describes the division of workload you have assigned? A. Serial B. Unilateral C. Parallel D. Unit Assembly

Answer: A Explanation: A serial work division is characterized by each person performing a unique, sequential step in the final product. Answer: C is incorrect. Parallel is incorrect as this is a type of work division that is characterized by each person performing several tasks. Answer: D is incorrect. Unit assembly is incorrect as this is a type of work division in which each person performs a unique task, however, it may not be sequential. Answer: B is incorrect. Unilateral is incorrect as this is not a type of work division, thisAnswer: s meant as a distractor.

QUESTION NO: 393 You have been the victim of a house fire that has left you with burns over a significant percentage of your body. Which of the following type of medical facilities would you choose to treat your condition? A. Specialty Hospital B. Rehabilitation Hospital C. Psychiatric Hospital D. General Hospital

Answer: A Explanation: A specialty hospital is a type of hospital that is required to provide treatment for specific disorders such as cancer, burns or women's health. Answer: D is incorrect. General Hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for medical services which include Radiology, laboratory services and surgical services. Answer: B is incorrect. Rehabilitation hospitals is incorrect as this type of hospital is required to provide diagnosis, treatment, restorative and adjustment services for individuals who are disabled. Answer: C is incorrect. Psychiatric hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for individuals who are diagnosed with mental illness.

QUESTION NO: 237 You choose to have your gallbladder removed at a hospital that provides radiological services and laboratory services as well as surgical services. What type of medical facility have you chosen for your care? A. General Hospital B. Specialty Hospital C. Rehabilitation Hospital D. Psychiatric Hospital

Answer: A Explanation: According to the American Hospital Association, a general hospital is a hospital that is required to provide diagnosis and treatment for medical services which include Radiology, laboratory services and surgical services. Answer: B is incorrect. Specialty hospital is incorrect as this type of hospital is required to provide treatment for specific disorders such as cancer, burns or women's health. Answer: C is incorrect. Rehabilitation hospitals is incorrect as this type of hospital is required to provide diagnosis, treatment, restorative and adjustment services for individuals who are disabled. Answer: D is incorrect. Psychiatric hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for individuals who are diagnosed with mental illness.

QUESTION NO: 38 You are asked to reduce medical records for a dental practice, you can eliminate all records that are older than which of the following? A. 4 years B. 6 years C. 10 years D. 30 years

Answer: A Explanation: All primary dental records must be retained for a period of at least 4 years from the date of the patient's last episode of care. Answer: B is incorrect. 6 years is incorrect as this is the amount of time in which all materials containing HIPAA information must be kept. Answer: C is incorrect. 10 years is incorrect as this is the amount of time all primary medical records must be retained. Answer: D is incorrect. 30 years is incorrect as no medical information is required to be retained for 30 years.

QUESTION NO: 167 For what period of time do all primary dental records be retained? A. 4 years B. 6 years C. 30 years D. 10 years

Answer: A Explanation: All primary dental records must be retained for a period of at least 4 years from the date of the patient's last episode of care. Answer: B is incorrect. 6 years is incorrect as this is the amount of time in which all materials containing HIPAA information must be kept. Answer: D is incorrect. 10 years is incorrect as this is the amount of time all primary medical records must be retained. Answer: C is incorrect. 30 years is incorrect as no medical information is required to be retained for 30 years.

QUESTION NO: 120 James is a Service Provider. He offers packaged software for lease through the Internet. Which of the following categories of service providers does he belong to? A. ASP B. ISP C. BSP D. WSP

Answer: A Explanation: An ASP (Application Service Provider) offers packaged software for high-end applications such as databases, Enterprise Resource Planning (ERP), etc. This software can be used by small and medium organizations. Answer: B is incorrect. An Internet Service Provider (ISP) is a service provider that provides individuals and companies access to the Internet and other related services, such as Web site building and virtual hosting. It enables users to access the Internet by providing dial-up connections, DSL, cable or leased lines. An ISP has the equipment and the telecommunication line access required to have a point-of-presence on the Internet for the geographic area served. Answer: C is incorrect. BSP (Business Service Provider) is an Internet service developer who loads his proprietary applications on the WeB, Charges his customers for using the applications. This software contains some special functionality that is related to a business. A BSP can also provide a combination of Web-based software with the additional support of outsourced human administrative services. Answer: D is incorrect. WSP (Wholesale Service Provider) selects software packages of Business Service Providers and distributes them on the Web.

QUESTION NO: 404 A patient comes into the hospital with pain in her chest and the physician wants to determine if there are abnormalities in the electrical impulses of her heart that could indicate damage. What medical device measures the electrical signal of the heart and often prints it out in a waves format? A. EKG B. CT C. EEG D. Ultrasound

Answer: A Explanation: An EKG is the acronym for an electrocardiogram is the recording from electrodes connected to the skin in key places on the body, which can measure the electrical signals of the heart muscle as it pumps. Changes or abnormalities in the signal waves from the heart muscle can indicate disease or injury to the heart muscle. Answer: D is incorrect. During a diagnostic ultrasonography, an ultrasound device uses inaudible sound waves to bounce off of structures inside the body and return an image of those structures, including tendons, muscles, vessels and internal organs. An ultrasound can be done of many structures, including obstetric use to visualize a growing fetus. The heart can be looked at with a diagnostic ultrasound, but this is rare as a first assessment for chest pain and this does not measure the electrical signals of the heart. Answer: C is incorrect. EEG is the acronym for an electrocencephalograph, or a recording of measurements of the electrical impulses of the brain through the scalp, not the electrical impulses of the heart. Answer: B is incorrect. CT is an acronym for X-ray computed tomography. It's a computed three-dimensional picture of multiple two dimensional x-rays mapped together to form a three dimensional image. Cardiac CT can be very useful, but it is not the first line of treatment for initial chest pain and does not measure the electrical signals of the heart.

QUESTION NO: 337 You may see quite a few physical safeguards within the healthcare facility when dealing with areas where protected health information is handled and stored. Which of the following is NOT an example of physical safeguards for PHI in a healthcare facility? A. Policies for training employees in security protocols B. ID badges for employees and staff C. Engraving of equipment D. Private Security Patrols

Answer: A Explanation: An administrative safeguard more than a physical safeguard, it is still a requirement for organizations to have training policies regarding security measures, but it is not a physical safeguard to do so. Answer: B is incorrect. ID badges are a well-recognized and useful physical safeguard for the protection of PHI by limiting access in certain areas by certain authorized individuals. Answer: D is incorrect. Private security patrols are one option that's possible to achieve protection of PHI from tampering or theft. Answer: C is incorrect. Engraving equipment like workstations, monitors are physical property controls that can help prevent theft and the potential exposure of PHI.

QUESTION NO: 249 While working at a private physician practice, you are asked to convert a patient's paper chart to a digital format. What type of medical record have you been asked to create? A. Electronic Medical Record B. Demographic Health Information C. Archived Health Information D. Electronic Health Record

QUESTION NO: 513 You work for a large health care system that consists of eight hospitals. You are asked to install an information system which will allow all eight hospitalsto share information. Which of the following types of information systems would you install for this purpose? A. Enterprise System B. Intradepartmental System C. External System D. Departmental System

Answer: A Explanation: An enterprise system of health information is designed primarily for sharing information for all departments that encompass a large health system including hospitals, clinics and nursing homes. Answer: B is incorrect. Intradepartmental system is incorrect as this type of hospital information system is primarily used by one department but shares functions and information with other departments. Answer: D is incorrect. Departmental System is incorrect as this type of hospital system is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: C is incorrect. External system is incorrect as this type of system is shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks.

QUESTION NO: 483 Which of the following categories of information technology in the health care setting involve billing and accounting applications? A. Financial IT B. Infrastructure IT C. Clinical IT D. Administrative IT

Answer: A Explanation: Applications of financial information technology are used to improve the efficiency of billing and accounting practices. Answer: D is incorrect. Administrative IT is incorrect as these applications are used to make staff scheduling, patient registration and payroll procedures more efficient. Answer: C is incorrect. Clinical IT is incorrect as these applications are used for prescription of drugs and ordering of laboratory tests and medical procedures. Answer: B is incorrect. Infrastructure IT is incorrect as these applications support the infrastructure of the health care facility. These applications include voice recognition for medical records and medical transcription as well as bar coding applications for medical devices and drugs.

QUESTION NO: 138 A healthcare organization hires you to provide consultancy for setting up its Windows network. The company's server room will be in a highly secured environment. You are required to suggest an authentication method for it. The CFO of the company wants the server to use thumb impressions for authentication. Which of the following authentication methods will you suggest? A. Biometrics B. Two-factor C. Smart card D. Certificate

Answer: A Explanation: Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user. Nowadays, the usage of biometric devices such as hand scanners and retinal scanners is becoming more common in the business environment. Answer: C is incorrect. A smart card is a credit card-sized device used to securely store personal information such as certificates, public and private keys, passwords, etc. It is used in conjunction with a PIN number to authenticate users. In Windows, smart cards are used to enable certificate-based authentication. To use smart cards, Extensible Authentication Protocol (EAP) must be configured in Windows. Answer: D is incorrect. A certificate is a set of data that completely identifies an entity. It is a digitally signed statement that binds the value of a public key to the identity of a person. It can be issued to perform a number of functions such as Web server authentication, secure e-mail, etc. A certificate is valid only for the period of time specified within it. Moreover, a user can set the duration for a certificate's validity. After the validity period, the certificate becomes invalid. A certificate also eliminates the need for hosts to maintain a set of passwords for individuals who are required to be authenticated. Answer: B is incorrect. When two or more access methods are included as part of the authentication process, it implements a multifactor system. A system that uses smart cards and passwords is referred to as a two-factor authentication system. Though biometrics can also be a part of two-factor authentication, the question. only one method, that is thumb impression as an authentication factor.

QUESTION NO: 283 You are working at a dermatology practice and integrating the electronic medical system with the patient billing system. What term would be used to discuss a system of codes used in billing for this office to explain what procedures had been performed? A. CPT B. PACS C. CCD D. CSW

Answer: A Explanation: CPT stands for Current Procedural Terminology, a system of five digit codes and modifiers used to describe procedures performed and equipment used in an outpatient setting or for work done by physicians or other medical professionals. You would encounter programs like Encoder that would use CPT codes for billing in a dermatology practice. Answer: C is incorrect. CCD is the Continuity of Care Document, a specification which is an XML-based markup standard. It specifies the encoding, structure and semantics of a patient summary clinical document for exchange. Answer: B is incorrect. PACS is a Picture Archiving and Communication System, by which electronic images are transmitted digitally, often X-rays, ultrasound, MRIs, and a variety of other machine types. This eliminated the need to file, retrieve and transport delicate films. Answer: D is incorrect. CSW is a acronym for the Clinical Social Worker, and is not related to a numerical system or computer term.

QUESTION NO: 288 Which of the following categories of information technology in the health care setting involve ordering medical procedures? A. Clinical IT B. Administrative IT C. Financial IT D. Infrastructure IT

Answer: A Explanation: Clinical IT applications are used for prescription of drugs and ordering of laboratory tests and medical procedures. Answer: B is incorrect. Administrative IT is incorrect as these applications are used to make staff scheduling, patient registration and payroll procedures more efficient. Answer: C is incorrect. Financial IT is incorrect as these applications are used to improve the efficiency of billing and accounting practices. Answer: D is incorrect. Infrastructure IT is incorrect as these applications support the infrastructure of the health care facility. These applications include voice recognition for medical records and medical transcription as well as bar coding applications for medical devices and drugs.

QUESTION NO: 70 Your responsibility as a health care information technologist is to ensure the accuracy and efficiency of all drug prescriptions, laboratory tests and medical procedures. Which of the following types of information technology are you responsible for? A. Clinical IT B. Infrastructure IT C. Financial IT D. Administrative IT

Answer: A Explanation: Clinical IT applications are used for prescription of drugs and ordering of laboratory tests and medical procedures. Answer: D is incorrect. Administrative IT is incorrect as these applications are used to make staff scheduling, patient registration and payroll procedures more efficient. Answer: C is incorrect. Financial IT is incorrect as these applications are used to improve the efficiency of billing and accounting practices. Answer: B is incorrect. Infrastructure IT is incorrect as these applications support the infrastructure of the health care facility. These applications include voice recognition for medical records and medical transcription as well as bar coding applications for medical devices and drugs.

QUESTION NO: 63 Which of the following terms is described in the statement below? "It is a way of grouping Web servers to handle heavy traffic." A. Clustering B. Network Load Balancing C. Bottleneck D. Failover

Answer: A Explanation: Clustering is a way of grouping multiple Web servers to handle heavy traffic. A cluster is a group of two or more servers working together as a single system. All the computers in a cluster are grouped under a common name i.e., a virtual server name, which is used to access and manage the cluster. Each member server of the cluster is called a node. A cluster provides redundant operations in the event of hardware or application failure. Answer: D is incorrect. Failover is a term associated with cluster services. It refers to the ability of a server to immediately start servicing the requests if a primary server fails. If the application services in a cluster-node fail, the Cluster Service generally tries to restart them on the same node. If the services do not start, then it moves the services to another node in the cluster and restarts them on that node. Answer: B is incorrect. Network Load Balancing is a Windows Server 2003 clustering technology. It runs as a driver in Microsoft Windows and distributes incoming requests across each node included in the cluster. Its primary purpose is to load-balance by distributing TCP/IP traffic among the server nodes in a cluster. For load balancing-aware applications, such as Exchange Server 2003, when one of the nodes fails or becomes offline, the load is automatically distributed to other nodes in the cluster. A cluster using Network Load Balancing can have 2 to 32 nodes. Administrators can configure it through the Network Load Balancing Manager, which is located in the Administrative Tools program menu. Answer: C is incorrect. Bottleneck is a situation caused by excessive demand on scarce system resources. Bottlenecks occur because of the following reasons: Insufficient resources Incorrect distribution of workload amongst the resources Incorrectly configured resources Malfunctioning of resources

QUESTION NO: 279 Which of the following payment terms is based on what a reasonable fee would be for the service provided? A. Customary Charges B. Capitation C. Sliding Scale Fee D. Fee for Services

Answer: A Explanation: Customary charges is the type of payment term is based on what is normally charged or what is reasonable for the service provided. Answer: D is incorrect. Fee for Services in incorrect as this term of payment is dependent on the cost of the provider to provide services such as lab tests, x-rays etc. Hospitals or other facilities receiving fee for service are paid for each individual service that is provided. Answer: C is incorrect. Sliding Scale fee is incorrect as this type of payment term is common in low income areas and is based on the patient's ability to pay. Answer: B is incorrect. Capitation is incorrect as this payment term is a pre-paid amount based on a per-person or per-capita amount.

QUESTION NO: 435 As a healthcare IT specialist, you are asked to ensure that all images obtained from an echocardiography unit are automatically transmitted to a remote area for interpretation. Which of the following tasks are you being asked to perform? A. Device Capture B. Document Imaging C. Clinical Imaging D. Document Archiving

Answer: A Explanation: Device capture is the act of transmitting medical information directly from a medical device such as electrocardiogram. All medical information transmitted via device capture must be review and validated by a physician. Answer: B is incorrect. Document imaging is incorrect as this action involves involves prepping, scanning, indexing and performing quality control on paper documents that are entered into a computerized system. Answer: C is incorrect. Clinical imaging refers to medical information that is obtained by the use of photographs or other medical imaging devices that need to be a part of the patient's permanent medical record. Answer: D is incorrect. Document archiving is the act of ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location.

QUESTION NO: 406 Which of the following actions refer to the transmission of medical information directly from a medical device? A. Device Capture B. Clinical Imaging C. Document Imaging D. Document Archiving

Answer: A Explanation: Device capture is the act of transmitting medical information directly from a medical device such as electrocardiogram. All medical information transmitted via device capture must be review and validated by a physician. Answer: C is incorrect. Document imaging is incorrect as this action involves involves prepping, scanning, indexing and performing quality control on paper documents that are entered into a computerized system. Answer: B is incorrect. Clinical imaging refers to medical information that is obtained by the use of photographs or other medical imaging devices that need to be a part of the patient's permanent medical record. Answer: D is incorrect. Document archiving is the act of ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location.

QUESTION NO: 322 As a healthcare IT specialist, you are asked to ensure that all images obtained from an echocardiography unit are automatically transmitted to a remote area for interpretation. Which of the following tasks are you being asked to perform? A. Device Capture B. Document Archiving C. Document Imaging D. Clinical Imaging

Answer: A Explanation: Device capture is the act of transmitting medical information directly from a medical device such as electrocardiogram. All medical information transmitted via device capture must be review and validated by a physician. Answer: C is incorrect. Document imaging is incorrect as this action involves involves prepping, scanning, indexing and performing quality control on paper documents that are entered into a computerized system. Answer: D is incorrect. Clinical imaging refers to medical information that is obtained by the use of photographs or other medical imaging devices that need to be a part of the patient's permanent medical record. Answer: B is incorrect. Document archiving is the act of ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location.

QUESTION NO: 359 One key clinical process in the functioning of a private practice or a hospital is for patient encounters, progress notes and other physician reports to be recorded. Most often, physicians use audio recorders that generate either tapes or audio files to speak an account of the visit and their findings. This process is referred to as. A. Dictation B. Notation C. Patient Encounter D. Recording

Answer: A Explanation: Dictation is the process of a physician speaking their notes from a patient visit into a recording device. Answer: C is incorrect. This is not the name for the process of speaking their notes into a recording device. Answer: B is incorrect. This is not the name for the process of speaking their notes into a recording device. Answer: D is incorrect. Although the speech is recorded, this is not the conventional name for the process of speaking notes into a recording device.

QUESTION NO: 151 Which of the following statements is true about modem? A. It converts digital signals into analog signals and vice versa. B. It converts AC current to DC current and vice versa. C. It reduces the noise in analog signal. D. It amplifies the digital signals.

Answer: A Explanation: Modem converts digital signals into analog signals and vice versa. Modem is a device used by computers to communicate over long distances through Public Service Telephone Lines (PSTN). Modem stands for Modulator and Demodulator. When a computer sends data, it uses digital signals. Modem converts these digital signals into analog signals and transmits the data over PSTN. At the receiving end, modem converts the analog signals back to digital signals and delivers to the receiving computer.

QUESTION NO: 357 You are asked to convert all paper medical records to a digital format. Which of the following tasks are you being asked to perform? A. Document Imaging B. Device Capture C. Document Archiving D. Clinical Imaging

Answer: A Explanation: Document imaging involves prepping, scanning, indexing and performing quality control on paper documents that are entered into a computerized system. Answer: B is incorrect. Device capture is the act of transmitting medical information directly from a medical device such as electrocardiogram. Answer: C is incorrect. Document archiving is the act of ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. Answer: D is incorrect. Clinical imaging refers to medical information that is obtained by the use of photographs or other medical imaging devices that need to be a part of the patient's permanent medical record.

QUESTION NO: 247 You are asked to convert all paper medical records to a digital format. Which of the following tasks are you being asked to perform? A. Document Imaging B. Device Capture C. Clinical Imaging D. Document Archiving

Answer: A Explanation: Document imaging involves prepping, scanning, indexing and performing quality control on paper documents that are entered into a computerized system. Answer: B is incorrect. Device capture is the act of transmitting medical information directly from a medical device such as electrocardiogram. Answer: D is incorrect. Document archiving is the act of ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. Answer: C is incorrect. Clinical imaging refers to medical information that is obtained by the use of photographs or other medical imaging devices that need to be a part of the patient's permanent medical record.

QUESTION NO: 289 While working at a private physician practice, a new patient is coming for an initial visit. You are asked to obtain medical records from every healthcare facility this patient has ever sought care. Which of the following types of medical records have you been asked to compile? A. Electronic Health Record B. Electronic Medical Record C. Demographic Health Information D. Archived Health Information

Answer: A Explanation: Electronic Health Record is a compilation of core data from multiple sources and may be comprised of several different e-records submitted by several different providers.

QUESTION NO: 267 Your healthcare facility is developing a policy for moving some records off-site as they have moved from being "active" to "inactive" records. Of the following, which is a likely reason for a record becoming "inactive"? A. The record is a short record of an emergency department case in which a minor would was stitched up and the patient has not been seen in the facility for two years. B. The record is for a patient who is part of an assessment study of heart surgery patients over the last ten years. C. The record is for a patient with a chronic illness who is often seen for complications of their illness. D. The record is involved in a legal case where there have been several requests for release of information to parties in a lawsuit.

Answer: A Explanation: For a record that is a short, simple record where a patient has not been seen again for several years and there have been no complications of treatment, a record could be, according to facility policies, be moved to an "inactive" storage after a certain period of time (typically arranging from two to five years after treatment) and eventually destroyed after the end of a record retention life has been reached (often ten years). Answer: C is incorrect. A record for a patient that frequently returns and is added to often is an "active" record that needs to be easily accessible for patient care and should not be sent off-site. Answer: D is incorrect. A record that is part of a lawsuit and subject to frequent requests for disclosure is an "active" record and should be easily accessible for use by medical filing professionals. Answer: B is incorrect. A record that is used in quality assessments or medical studies is still an "active" record and should not be sent off-site.

QUESTION NO: 396 You have a medical condition that requires a lengthy stay at the hospital. The hospital has a legal obligation to prevent your medical records from being released to which of the following? A. Patient Employer B. The Patient C. Patient Representatives D. Department of Health and Human Services

Answer: A Explanation: HIPAA act does not allow a patient's health information to be disclosed to a patients employer.Answer: B is incorrect. The Patient is incorrect as the patient has a right to know any and all information pertinent to his/her medical care. Answer: C is incorrect. Patient representatives is incorrect as health information can be disclosed to anyone a patient designates to represent them such as a family member or attorney. Answer: D is incorrect. Department of Health and Human Services is incorrect as patient information may be disclosed to the Department of Health and Human Services when it is conducting a compliance investigation or review or enforcement action.

QUESTION NO: 57 If you are working for a contractor or business associate of a hospital and are sent in to work on part of an electronic healthcare record system containing sensitive patient information, what agreement needs to be in place between your employer and the hospital? A. A business associate agreement that outlines that your employer must follow all necessary HIPAA regulations with regards to protected health information privacy and security B. A waiver of liability C. A memorandum of understanding that you and your employer will not access or release patient information D. A business associate agreement that states you and your employer will not access or release any patient information

Answer: A Explanation: HIPAA mandates that business associates (and/or contractors and third party vendors) are subject to HIPAA regulations, and the Security Rule mandates that a business associate agreement contract exists whereby the business associate agrees to protect PHI with HIPAA privacy and security standards. Answer: C is incorrect. A memorandum of understanding is not sufficiently legally binding to fulfill HIPAA regulation and protect PHI. Answer: D is incorrect. A business associate agreement must explicitly state that various HIPAA regulations will be followed with respect to protected health information. Answer: B is incorrect. A waiver of liability is not an appropriate legal document for this kind of situation.

QUESTION NO: 135 You are responsible for applying the appropriate ICD-9 code for all services obtained for patients at your facility. Which of the following types of data are you responsible for? A. Numbers B. Text C. Images D. Signals

Answer: A Explanation: Numeric data is a type of data that may be found in a patient's electronic health record. Examples of numerical data would be ICD-9 codes, blood pressure readings, body weight and temperature readings.

QUESTION NO: 159 You are the privacy officer in charge of setting up the policies and procedures for protecting patient information within your covered entity. You have studied HIPAA's requirements and are now faced with determining what kinds of policies you need to implement. Which of the follow do you NOT need to implement? A. A policy limiting staff members from naming the covered entity for which they work outside the office. B. A policy governing the ongoing training of how to handle PHI for employees. C. A policy outlining which employees have access to electronic protected health information (EPHI). D. A policy defining what role management will play in the oversight and compliance for security controls.

Answer: A Explanation: HIPAA protects patient information, not the name of medical practices. An employee can certainly say where he works to his spouse or even to another company to which he might apply. Answer: B is incorrect. Ongoing training is an essential part of HIPAA compliance. Answer: C is incorrect. This is required, as this is the heart of EPHI concerns. Answer: D is incorrect. There must be clearly defined management roles, which become especially helpful during audits and when HIPAA concerns or complaints arise.

QUESTION NO: 509 You subscribe to a health care plan that provides health care services for a prepaid, fixed amount of reimbursement. Which of the following types of health insurance do you subscribe to? A. HMO B. Point of Service C. PPO D. Indemnity Plan

Answer: A Explanation: Health Maintenance Organization (HMO) offers healthcare services for a prepaid fixed amount of reimbursement. In an HMO, providers and subscribers voluntarily enroll and the HMO assumes responsibility and financial risks. Answer: D is incorrect. Indemnity plan is incorrect as this type of plan allows you to visit any doctor, any hospital and direct your own care. Answer: B is incorrect. . Point of Service (POS) is an agreement where a patient is permitted to choose a provider each time healthcare service is required. Answer: C is incorrect. PPO or preferred provider organization is a network of physicians or healthcare organizations who provide healthcare at a discounted rate in return for higher patient volume.

QUESTION NO: 152 Where is the Hypertext Transfer Protocol (HTTP) used? A. On the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages B. On the World Wide Web (WWW) to display SQL database statistics C. On the Internet to downloaC, Dompress graphic files D. On a peer-to-peer based Local Area Network (LAN) E. On a client/server-based Wide Area Network (WAN)

Answer: A Explanation: Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port.

QUESTION NO: 486 You are working on a problem in a system which sending insurance billing information to a remote site. The systems uses messaging with HL7 interface specifications. What is the message identifier field for insurance information? A. IN1 B. OBR C. MSA D. SCH

Answer: A Explanation: IN1 is the message identifier field for insurance information. Data fields within the insurance information segment include IN1-2, insurance ID number, IN1-8, group number, and similar data fields. Answer: C is incorrect. MSA is the message identifier field for "message acknowledgement segment" and is used to acknowledge a previously received message. Answer: B is incorrect. OBR is a message segment for a laboratory order requesting observation. Answer: D is incorrect. SCH is the schedule activity information segment that is used for messaging in scheduling programs.

QUESTION NO: 477 Mark has a computer with a CD-ROM drive. He is unable to open the CD-ROM drive tray by pushing the Eject button on the front panel of the drive. What else can he do to open the tray? A. Insert a pin into the eject hole on the drive. B. Open the CD-ROM cover. C. Open the tray by holding it through pliers. D. Push the Eject button for two minutes.

Answer: A Explanation: If Mark is unable to open the CD-ROM drive tray by pushing the Eject button on the front panel, he can open it by inserting a pin into the eject hole on the CD-ROM drive. Answer: B, C are incorrect. These are not the right ways to open the tray of a CD-ROM drive. Answer: D is incorrect. Pushing the Eject button for such a long time will not help accomplish the task.

QUESTION NO: 424 Which of the following data types encompassed in a patient's EHR would include an MRI? A. Images B. Voice C. Numbers D. Signals

Answer: A Explanation: Image data is a type of data that may be found in a patient's electronic health record. Examples of image data would include images obtained from x-rays, CT scans ,MRI exams and Nuclear Medicine exams. This data type is normally represented by x-rays or document images themselves, the interpretation of radiology images are considered voice data.

QUESTION NO: 132 Your primary care physician requires you to see a pulmonologist. Pulmonology is defined as? A. Study of the lungs B. Disease of the lungs C. Inflammation of the lungs D. Surgical Incision of the lungs

Answer: A Explanation: In medical terminology, any word that ends with the suffix -ology refers to the study of a particular process. Examples, Cardiology is the study of the heart, Oncology is the study of tumors, and Pulmonology is the study of the lungs. Answer: C is incorrect. inflammation is incorrect as any medical term referring to inflammation ends with the suffix -itis. Answer: B is incorrect. Disease is incorrect as any condition that refers to a disease process is accompanied by the suffix -osis, example diverticulosis is as disease of the diverticulum. Answer: D is incorrect. Opening is incorrect as any medical condition that refers to opening ends with the suffix -otomy, example thoracotomy means an opening was made in the thorax.

QUESTION NO: 188 You work as a healthcare IT technician for an organization. The company has a Windows 2003 domain-based network. You request your network administrator to provide him instructions regarding the installation of drivers on his computer. Your administrator wants to show the user how to perform the configuration by taking control of your desktop. Which of the following tools will he use to accomplish the task? A. Remote Assistance B. Remote Desktop C. Task Manager D. Computer Management

Answer: A Explanation: In order to accomplish the task, John will use the Remote Assistance tool. By using Remote Assistance, John can take shared control of the user's desktop, which will allow him to perform the necessary configurations on the shared desktop while the remote user is watching it straight away.

QUESTION NO: 314 You work as a Network Administrator for Net Perfect Inc. Rick, a Sales Manager, asks you to configure his tablet PC in such a way that he can copy and paste text quickly. Which of the following actions will you perform to accomplish the task? A. Configure flicks for the desired task. B. Configure an automatic script to run the desired task at the tap event. C. Configure a keyboard shortcut for the desired task. D. Configure an automatic script to run the desired task at the double tap event.

Answer: A Explanation: In order to accomplish the task, you will have to configure flicks for the desired task. Flick is a gesture made by a tablet pen by quickly dragging the pen in a straight line across the screen for approximately an inch (2.5cm). It triggers an event on which Windows Vista is configured to take action. The default actions are scroll up, scroll down, forward, and back, which are assigned to the up, down, right, and left flicks, respectively. Vista can be configured to take action on up to eight different flicks. These actions can be defined by selecting the Navigational Flicks and Editing Flicks option in the flicks tab of Pen and Input Devices. Answer: B, D are incorrect. These are the most common events in a tablet PC. Changing the default action of tap and double tap events will be a bad move, as it will hamper the productivity of the user working on the tablet PC. Answer: C is incorrect. As most of the work is performed through the pen in the tablet PC, configuring a keyboard shortcut will not help resolve the issue.

QUESTION NO: 514 Which of the following backup methods takes the maximum amount of time while restoring data? A. Incremental backup B. Shadow copy C. Full backup D. Differential backup

Answer: A Explanation: Incremental backups take the longest to restore, but they are the fastest to perform as compared to full and differential backups. Incremental backup backs up files that are created or changed since the last full or incremental backup. Incremental backup provides a faster method of backing up data than most other backup methods. Restoring data from an incremental backup requires the last full backup and all subsequent incremental backups. Incremental backups must be restored in the same order as they were created.If any incremental backup in the incremental backup set is damaged or becomes corrupt, the data backed up after corruption cannot be restored.

QUESTION NO: 469 You are about to undergo a surgical procedure, the physician explains the reasons for the procedure, the risks and rewards of the procedure and answers any Question. Which of the following pieces of legislation has the physician followed? A. Informed Consent B. Patient's Bill of Rights C. HIPPA D. Safe Medical Device Act

Answer: A Explanation: Informed consent is classically defined as the consent of patient to undergo a medical procedure or participate in a clinical trial after achieving an understanding of the medical fact and risks involved. Answer: D is incorrect. Safe Medical Device Act is as this piece of legislation requires users of medical devices to report any incidences that could in any way suggest that the incident caused death, serious injury or illness to a patient. Answer: B is incorrect. Patient's Bill of Rights is as this legislation requires health care providers inform all patients of their rights as patients receiving medical treatment. Answer: C is incorrect. HIPPA is as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 516 What is the data transfer rate of IEEE 1394 standard? A. 400Mbps B. 480Mbps C. 12Mbps D. 600Mbps

Answer: A Explanation: Institute of Electrical and Electronics Engineers (IEEE) 1394 supports a data transfer rate of 400Mbps. However, most of the devices currently available run at 200 Mbps.

QUESTION NO: 213 You are called into fix a workstation system crash on a machine which processes images from an magnetic resonance imaging facility. A patient is waiting in the MRI machine while you are trying to fix the problem so they can complete their exam. How should you interact with the patient? A. Work rapidly and thoroughly to fix the problem, and allow the imaging tech or medical assistants to interact and reassure the patient. B. Ask the patient why they are in for testing. C. Complain loudly to the imaging tech that they have been using the wrong method to call up the incorrect programs and that has caused the system problems. D. Ask how they are feeling and assure them that you will fix the problem soon.

Answer: A Explanation: It is not part of your job to interact with the patient. Being respectful if asked a direct question but your job is to fix the system and be polite, not to interact with the patient. Answer: D is incorrect. Patients require privacy and understanding. Do not ask any intrusive questions, it is not your job to interact with the patient. Let the medical assistants or imaging techs do their job to reassure the patient. Answer: B is incorrect. Do not ask the patient any questions about their health. This is not your job and it is invasive of the patient's privacy. Answer: C is incorrect. Remonstrating other employees in front of a patient while the patient is in a vulnerable position is not professional behavior. Fix the problem, and then arrange to meet with the imaging tech at a later time to explain what they may be doing wrong.

QUESTION NO: 499 You are the responsible for the medical records of a high profile, well known, adult patient. Which of the following do not require a disclosure of information form in order for medical records be released? A. News Media B. Patient's Attorney C. Physician other than Primary Care Physician D. Patient's Parents

Answer: A Explanation: It is not required, but is generally discouraged, for a disclosure of patient information form to be signed in order for a health care facility to release health information to the news media. This is true even thought the patient's privacy may be compromised with release of patient health information that is of public interest and right to know. Answer: B is incorrect. It is required by law for a disclosure of patient information to be signed in order for protected health information to be released to the patient's attorney. Answer: D is incorrect. It is required by law for a disclosure of patient information to be signed in order for protected health information to be released to the parents of an adult child. Answer: C is incorrect. It is required by law for a disclosure of patient information to be signed in order for protected health information to be released to another physician.

QUESTION NO: 104 You are working on implementing a new system for sending reimbursement claims to Medicare, Medicaid and Third Party payers. Which of this HL7 segments might you be using often in your data exchange? Each correct answer represents a part of the solution. Choose all that apply. A. BLG B. PID C. OBR D. AL1

Answer: A,B Explanation: BLG is the three byte message identifier or segment for Billing in HL7, and PID is the segment for Patient Identification numbers. Both of these are going to be used often in a billing-related transaction program. Answer: D is incorrect. AL1 is a segment that refers to patient allergies and is unlikely to be used in a billing program. Answer: C is incorrect. OBR is a message segment for a laboratory order requesting observation and unlikely to be used often in a billing transaction program.

QUESTION NO: 504 Which of the following do not require a disclosure of patient information form to be signed? A. News Media B. Parents of an adult child C. Patient's Attorney D. Physician other than Primary Care Physician

Answer: A Explanation: It is not required, but is generally discouraged, for a disclosure of patient information form to be signed in order for a health care facility to release health information to the news media. This is true even thought the patient's privacy may be compromised with release of patient health information that is of public interest and right to know. Answer: C is incorrect. It is required by law for a disclosure of patient information to be signed in order for protected health information to be released to the patient's attorney. Answer: D is incorrect. It is required by law for a disclosure of patient information to be signed in order for protected health information to be released to another physician. Answer: B is incorrect. It is required by law for a disclosure of patient information to be signed in order for protected health information to be released to the parents of an adult child.

QUESTION NO: 199 Which of the following types of communication refers to communication between PC and printer or PC and PC within a facility? A. LAN Technology B. Hierarchal Model C. WAN Technology D. Network Model

Answer: A Explanation: LAN technology, or local area network technology, refers to communication devices in a small geographic area such as PC and printer or PC and PC within a facility. Answer: B is incorrect. Hierarchal Model is incorrect as this is a database model, not a mode of communication, that uses the format of a typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces. Answer: D is incorrect. Network model is incorrect as this is a database model, not a mode of communication, that is designed to allow the child to have more than one parent. This model is often referred to as the many to many model. Answer: C is incorrect. WAN technology is incorrect as this allows for communication among a large geographic environment such as two or more LANs connected via a telephone system or satellite.

QUESTION NO: 463 Which of the following can be configured on a Wireless Access Point (WAP) to permit only certain system MAC addresses to communicate with the rest of the network? A. MAC address filtering B. Wired Equivalent Privacy C. Virtual private network D. Protocol analyzer

Answer: A Explanation: MAC address filtering is a security method that enables a device to allow only certain MAC addresses to access a network. It can be configured on a Wireless Access Point (WAP) to allow only certain system MAC addresses to communicate with the rest of the network.MAC address filtering can be performed using either of the two policies. exclude all by default, then allow only listed clients; or include all by default, then exclude listed clients. MAC filtering can also be used on a wireless network to prevent certain network devices from accessing the wireless network. MAC addresses are allocated only to hardware devices, not to persons. It is considered to be a non-802.11 security measure, i.e., it is not defined by the 802.11-2007 standard. Answer: B is incorrect. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream. It is defined by the 802.11-2007 standard. Answer: D is incorrect. A protocol analyzer is a passive device that captures 802.11 traffic and helps in detecting malicious eavesdropping attacks.It cannot be detected by a wireless intrusion detection system (WIDS). As data streams flow across the network, the protocol analyzer captures each packet and, if needed, decodes and analyzes its content. Answer: C is incorrect. A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same, secure capabilities, but at a much lower cost.

QUESTION NO: 447 You are configuring a wireless network work for a healthcare organization. You want to prevent unauthorized computers from accessing the company's wireless network. On the basis of the hardware address, which of the following will you use as the best possible method to accomplish the task? A. MAC Filtering B. SSID C. WEP D. RAS

Answer: A Explanation: MAC filtering is a security access control technique that allows specific network devices to access or prevents them from accessing the network. MAC filtering can also be used on a wireless network to prevent certain network devices from accessing the wireless network. MAC addresses are allocated only to hardware devices, not to persons.

QUESTION NO: 161 Your customer reports he just bought a new laptop and he cannot log on to his wireless router with it. You verify the wireless NIC is working, you can see the wireless routers network, and you verify the customer is using the correct username and password. What is the most likely cause of this problem? A. MAC filtering is enabled. B. His new laptop is not compatible with the router. C. The router has maximum connections now. D. The router has a virus.

Answer: A Explanation: MAC filtering is probably enabled and the MAC address for his new laptop is not entered.

QUESTION NO: 241 Your customer wants to make sure that only computers he has authorized can get on his Wi-Fi. What is the most appropriate security measure you can recommend? A. Mac filtering B. A firewall C. WPA encryption D. WEP encryption

Answer: A Explanation: Mac filtering only allows computers that have their MAC address listed with the router to connect.

QUESTION NO: 466 Your employer is a small private practice of several physicians who treat many patients who use Part B of Medicare. The physician and nursing staff would like to replace the current system of paper medical records with an electronic medical record system, but are concerned about the costs of installation and training. You know of a program with the Centers for Medicare and Medicaid that will distribute incentive payments to eligible providers who adopt electronic medical records and can show what? A. Meaningful Use B. Improving public health C. Patient demand D. Financial need

Answer: A Explanation: Meaningful use is a goal of the HITECH provision of the ARRA. Meaningful use means making sure that certified electronic health records are deployed in the useful way that improved the quality of healthcare. Meaningful use as defined in HITECH involved three main components, 1) The use of a certified Electronic health record (EHR) in a meaningful manner, such as e-prescribing. 2) The use of a certified EHR technology for electronic exchange of health information to improve quality of care. 3) The use of a certified EHR technology to submit clinical quality and other measures. Answer: D is incorrect. Financial need is not part of the requirements for a HITECH incentive payment. Meaningful use is required for the EHR incentive programs for Medicare and Medicaid providers, new EHR technology must be adopted, new EHR technology must be implemented or new EHR technology must be upgraded to quality for an incentive payment. Answer: C is incorrect. Although many patients like the convenience and easy access and portability that electronic medical records provide, it is not a stated goal of the HITECH incentive program. Answer: B is incorrect. Improving public health is one of the end objectives of the HITECH incentive plan and is included as one of the core criteria that a facility may choose to address to prove meaningful use to receive incentive payments, but it not a requirement at the same level of importance as the principle of meaningful use.

QUESTION NO: 364 You are subscribed to a health care plan that requires you to see certain physicians because they are part of a network that has agreed to provide healthcare services at a discounted rate in exchange for a higher quantity of patients? Which of the following types of health care plans do you subscribe to? A. PPO B. HMO C. Point of Service D. Indemnity Plan

Answer: A Explanation: PPO or Preferred Provider Organization is a network of physicians or healthcare organizations who provide healthcare at a discounted rate in return for higher patient volume. Answer: D is incorrect. Indemnity plan is incorrect as this type of plan allows you to visit any doctor, any hospital and direct your own care. Answer: B is incorrect. HMO is incorrect as this offers healthcare services for a prepaid fixed amount of reimbursement. In an HMO, providers and subscribers voluntarily enroll and the HMO assumes responsibility and financial risks. Answer: C is incorrect. Point of Service (POS) is an agreement where a patient is permitted to choose a provider each time healthcare service is required.

QUESTION NO: 201 While working a healthcare facility, you notice a patient's EHR does not contain any electronic signatures verifying the contents of the EHR. This EHR does not meet compliance standards set forth by which of the following titles? A. Title 21 CFR Part 11 B. Title 21 CFR Part 7 C. Title 21 CFR Part 21

Answer: A Explanation: Part 11 as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records. Part 11 requires, drug makers, medical device manufactures , biotech companies, biologics developers, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data. Answer: B is incorrect. Title 21 CFR Part 7 is incorrect as this part refers to enforcement policies regarding recalls of food, drugs or cosmetics. Answer: C is incorrect. Title 21 CFR Part 20 is incorrect as this part refers to information that may or not be shared with the general public. Answer: is incorrect. Title 21 CFR Part 21 is incorrect as this part refers to records about individuals that are maintained, collected, used, or disclosed by the Food and Drug Administration and contained in Privacy Act Record Systems.

QUESTION NO: 234 Which of the following parts of the Code of Federal Regulations refers to the FDA guidelines on electronic records and electronic signatures? A. Title 21 CFR Part 11 B. Title 21 CFR Part 21 C. Title 21 CFR Part 7

Answer: A Explanation: Part 11 as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records. Part 11 requires, drug makers, medical device manufactures , biotech companies, biologics developers, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data. Answer: C is incorrect. Title 21 CFR Part 7 is incorrect as this part refers to enforcement policies regarding recalls of food, drugs or cosmetics. Answer: B is incorrect. Title 21 CFR Part 20 is incorrect as this part refers to information that may or not be shared with the general public. Answer: is incorrect. Title 21 CFR Part 21 is incorrect as this part refers to records about individuals that are maintained, collected, used, or disclosed by the Food and Drug Administration and contained in Privacy Act Record Systems.

QUESTION NO: 88 Which of the following pieces of legislation encompasses the eight rights every individual has as a recipient of medical care? A. Patient Bill of Rights B. MIPPA C. EMTALA D. HIPPA

Answer: A Explanation: Patient Bill of Rights is correct as this legislation requires health care providers inform all patients of their rights as patients receiving medical treatment. There are eight rights every patient has as a recipient of medical care and one of those rights is the ability to file a complaint against the health plan, physician, hospitals and other health care personnel. Answer: D is incorrect. HIPPA is as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 242 An 80 year old man is dissatisfied with several aspects of his hospital stay, which of the following pieces of legislation allows him to file a formal complaint? A. Patient Bill of Rights B. MIPPA C. HIPPA D. EMTALA

Answer: A Explanation: Patient Bill of Rights requires health care providers inform all patients of their rights as patients receiving medical treatment. There are eight rights every patient has as a recipient of medical care and one of those rights is the ability to file a complaint against the health plan, physician, hospitals and other health care personnel. Answer: B is incorrect. MIPPA is as this as this legislation is designed used to adjust Medicare reimbursement to certain facilities. Answer: D is incorrect. EMTALA is as this legislation legally obligates health care facilities to provide emergent care regardless of citizenship, legal status or ability to pay Answer: C is incorrect. HIPPA is as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 464 Which of the following statements is correct about PGP? A. It authenticates an email origin. B. It encrypts a Telnet session. C. It transfers files. D. It installs new software onto a router.

Answer: A Explanation: Pretty Good Privacy (PGP) is an encryption method that uses public-key encryption to encrypt and digitally sign e-mail messages during communication between e-mail clients. Public key encryption is an asymmetric scheme that uses a pair of keys for encryption. the public key encrypts data and the corresponding secret key (private key) decrypts the data. For digital signatures, the process is reversed. the sender uses the secret key (private key) to create a unique electronic number that can be read by anyone who possesses the corresponding public key, which verifies that the message is truly from the sender. PGP is effective, easy to use, and free. Therefore, it is one of the most common ways to protect messages on the Internet.

QUESTION NO: 173 You work as a Network Administrator for Blue Well Inc. The company's network contains Windows-based clients and servers. The network is connected to the Internet through a slow dial-up connection. You decide to install a DNS server on the network. What effects will it have on the network? Each correct answer represents a complete solution. Choose two. A. The time taken for name resolution process will decrease. B. The amount of DNS traffic on the Internet connection will decrease. C. The time taken for name resolution process will increase. D. The amount of DNS traffic on the Internet connection will increase.

Answer: A,B Explanation: By installing the DNS server on the network, the following effects will be seen on the network: The time taken for name resolution process will decrease. The amount of DNS traffic on the Internet connection will decrease. This is because a greater amount of DNS server traffic will be resolved locally.

QUESTION NO: 80 You are assigned the duty of converting the data included in a patient's electronic health record from word data to number data for the purpose of statistical analysis. Which of the following duties have you been asked to perform? A. Quantitative Analysis B. Statistical Analysis C. Qualitative Analysis D. Master Patient Index

Answer: A Explanation: Quantitative analysis refers to information contained within a patient's EHR being converted from words to numbers. The numbers of interest are then quantified and statistically analyzed. Answer: C is incorrect. Qualitative Analysis is incorrect as this is used to derive an in-depth, non-numerical description of the information contained within a patient's medical record. A qualitative analysis does not contain any statistical analyses. Answer: D is incorrect. Master Patient Index (MPI) is incorrect as this is a database that contains a unique index for every patient registered at a healthcare organization. Answer: B is incorrect. Statistical analysis is incorrect as this is the method used to analyze the data obtained from a quantitative analysis of a patient's EHR.

QUESTION NO: 133 Which of the following refers to information contained within a patient's EHR being converted from words to numbers? A. Quantitative Analysis B. Master Patient Index C. Statistical Analysis D. Qualitative Analysis

Answer: A Explanation: Quantitative analysis refers to information contained within a patient's EHR being converted from words to numbers. The numbers of interest are then quantified and statistically analyzed. Answer: D is incorrect. Qualitative Analysis is incorrect as this is used to derive an in-depth, non-numerical description of the information contained within a patient's medical record. A qualitative analysis does not contain any statistical analyses. Answer: B is incorrect. Master Patient Index (MPI) is incorrect as this is a database that contains a unique index for every patient registered at a healthcare organization. Answer: C is incorrect. Statistical analysis is incorrect as this is the method used to analyze the data obtained from a quantitative analysis of a patient's EHR.

QUESTION NO: 208 Which of the following is a mechanism that allows authentication of dial-in and other network connections? A. RADIUS B. VPN C. Single Sign-On D. NTFS

Answer: A Explanation: RADIUS is a mechanism that allows authentication of dial-in and other network connections. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine. RADIUS serves three functions: To authenticate users or devices before granting them access to a network To authorize those users or devices for certain network services To account for usage of those services Answer: C is incorrect. Single Sign-On is an approach which involves a server that acts as an online certificate authority within a single sign-on system. A single sign-on server will issue digital certificates into the client system, but never stores them. Users can execute programs, etc. with the temporary certificate. It is common to find this solution variety with x.509-based certificates. Answer: D is incorrect. NTFS is a high-performance file system proprietary to Microsoft. NTFS supports file-level security, compression, and auditing. It also supports large volumes and powerful storage solution such as RAID. The latest feature of NTFS is its ability to encrypt files and folders to protect sensitive data. Answer: B is incorrect. A virtual private network (VPN) is a form of wide area network (WAN) that supplies network connectivity over a possibly long physical distance. A virtual private network is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a tunnel that cannot be entered by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

QUESTION NO: 349 Sam works as a Network Administrator for BlueTech Inc. All client computers in the company run Windows Vista operating system. He purchases a desktop computer with Windows Vista installed on it. He wants to access the yearly sales report, stored on the office computer, from his home computer. Which of the following utilities will he use to accomplish the task? A. Remote Desktop Connection B. NetMeeting C. Windows Meeting Space D. Remote Assistance

Answer: A Explanation: Remote Desktop Connection is a technology that allows a user to remotely access a desktop, its applications, data, and network resources. It is very similar to Remote Assistance but both features are used for very different purposes. If a remote user wants to access the desktop of another computer, Remote Desktop Connection must be configured on that computer. A user must be either an administrator or a member of the Remote Users group to remotely connect to a desktop, but only an administrator can locally access the computer when another user is remotely accessing the same computer. The members of the Remote Users group do not have this privilege. Answer: D is incorrect. Remote Assistance is a Windows feature to enable support personnel (helper) to provide technical support to a remote user (host). Through Remote Assistance a helper can view Windows session of a host on his computer itself.Remote Assistance works as follows. A remote user sends an invitation to an Administrator (or expert) through e-mail or Windows Messenger. The Administrator accepts the request and can then view the user's desktop.To maintain privacy and security, all communication is encrypted. Remote Assistance can be used only with the permission of the person who requires the assistance.Note. If the user has enabled the Allow this computer to be controlled remotelyoption in Remote control section of Remote Assistance Settings dialog box, an expert can even take control of the keyboard and mouse of a remote computer to guide the user. Answer: C is incorrect. Windows Meeting Space is an application that allows users to team up with others on the Internet, a local network, or a wireless ad hoc network. The team can be up to ten users, the restriction being that all participants must have computers running Windows Vista. The group can perform the following with Windows Meeting Space. Share an application. Show their desktop. Distribute documents. Collaboratively edit documents with other users.Windows Vista has replaced NetMeeting with Windows Meeting Space. Answer: B is incorrect. Windows Vista has replaced NetMeeting with Windows Meeting Space.

QUESTION NO: 468 As the Privacy Officer at the San Francisco Community Hospital, you are working to develop the policies for non-annual, situations which should trigger a risk assessment of the hospital's EPHI systems and policies. Which of the following might you suggest? A. Reorganization of the hospital's management or business structure B. New awning at the hospital's entrance C. Redevelopment of the downtown and patient base that frequents the hospital D. Reorganization of the hospital's marketing

Answer: A Explanation: Reorganization of the hospital's management or business structure. CMS strongly recommends this as a trigger for risk assessment because although it is not directly IT-related, the management set the procedures, training, and monitoring of staff in terms of EPHI and all related components. Therefore, even though this is primarily a business decision, the shift can have dramatic impacts on the security and protection of EPHI, particularly regarding personnel. Answer: B is incorrect. Should have absolutely no effect on EPHI. Answer: D is incorrect. Though marketing may in an extremely rare circumstance need to deal with a privacy violation that reaches the media, they don't in any direct way affect the confidentiality, availability or integrity of EPHI. It is only after a violation has occurred, that if it becomes public relations scandal that a Public Relations official, rather than a marketing employee, might need to meet with a privacy officer to discuss HIPAA rules; HIPAA sensitivity should usually be a standard part of any new public relations employee's training. Answer: C is incorrect. What happens outside the hospital, even if it means a new patient base, should not affect or put at risk EPHI. New types of patients will still have the same protections under HIPAA as previous population pool.

QUESTION NO: 433 There are some circumstances in which a patient's right to access their own medical record under HIPAA legislation can be denied. Which of the following is NOT a circumstance in which patient access can be denied? A. Patient requests the release of information that may be used against another person who caused the patient injury requiring medical treatment. B. Patient requests the release of their information and is a prison inmate. C. Patient requests the release of information that may be current being used in the course of medical research. D. Patient requests the release of psychotherapy notes.

Answer: A Explanation: Requesting information that is to be used in a lawsuit not involving the provider or the provider's employees or business associates is an approved request under HIPAA legislation and the covered entity should release the information if everything else is in order about the request. Answer: D is incorrect. The release of psychotherapy notes is considered by HIPAA to be potentially harmful to the patient and is never considered an acceptable request for disclosure. Answer: B is incorrect. If it is determined by the covered entity or the correctional institution that has custody of the inmate that information contained within the patient's medical record could be of harm to the patient, other inmates, or staff of the correctional facility, the covered entity can deny the request for disclosure to the patient. Answer: C is incorrect. If the covered entity or business associates of the covered entity are engaged in active medical research in which the patient's health information is involved, then the covered entity has a right to temporarily suspend a patient's access to their health record while the research is ongoing.

QUESTION NO: 508 Which of the following SCSI IDs is generally recommended for the CD-ROM drive? A. 3 B. 0 C. 1 D. 7

Answer: A Explanation: SCSI ID 3 is generally recommended for the CD-ROM drive. Small Computer System Interface (SCSI) is the second most popular drive interface in use today after the Integrated Drive Electronics (IDE) interface. SCSI is faster than IDE and supports more devices. SCSI devices, such as hard disk drive and CD-ROM drive, are better suited in a network environment in which many users access shared drives simultaneously. SCSI has three standards. SCSI-1, SCSI-2, and SCSI-3. Answer: B is incorrect. By default, SCSI ID 0 is used for the drive containing the operating system. Answer: D is incorrect. By default, SCSI ID 7 is generally assigned to the SCSI controller card.

QUESTION NO: 48 Which of the following ports is used by the Secure File Transfer Protocol (SFTP)? A. 115 B. 23 C. 80 D. 53

Answer: A Explanation: Secure File Transfer Protocol (SFTP) uses port 115. The Secure File Transfer Protocol (SFTP), also called SSH File Transfer Protocol, is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. The SFTP was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols as well. Answer: C is incorrect. Hypertext Transfer Protocol (HTTP) protocol uses port 80. Answer: D is incorrect. Domain Name System (DNS) uses port 53. Answer: B is incorrect. Telnet uses port 23. Telnet is a command-line connectivity tool that starts terminal emulation with a remote host running the Telnet server service. Telnet allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The Telnet utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software to access files. It uses TCP port 23 by default.

QUESTION NO: 411 You are helping to build a system to tag different pieces of data within an electronic health record system with XML tags for whether or not a piece of information is protected health information, whether an individual has consented to a procedure, whether an piece of information involves mental health information, and other key categories of information. As part of an access control system, these tags can help determine access to information based on clearance level. What term is used in the healthcare information field to refer to these kinds of information tags? A. Sensitivity labels B. Clearance level tags C. PHI tagging D. Health XML

Answer: A Explanation: Sensitivity labels are XML tags that indicate important classifications of a piece of data, and can be tied to clearance levels to streamline a process of role-based access control of information. Answer: C is incorrect. This is not the correct term for this kind of information tagging. Answer: D is incorrect. This is not the correct term for this kind of information tagging. Answer: B is incorrect. Although the name is close to the function, conventionally, this kind of tagging throughout information technology and security jargon is called sensitivity labeling.

QUESTION NO: 473 You are billed $150.00 for medical services received from your primary care physician. You can only afford to pay $90.00 and your physician accepts that amount. This is an example of which of the following payment terms? A. Sliding Scale Fee B. Capitation C. Customary Charges D. Fee for Services

Answer: A Explanation: Sliding scale fee is a payment term which is common in low income areas and is based on the patient's ability to pay. Answer: B is incorrect. Capitation is incorrect as this payment term is a pre-paid amount based on a per-person or per-capita amount. Answer: C is incorrect. A customary charge is incorrect as this type of payment term is based on what is normally charged or what is reasonable for the service provided. Answer: D is incorrect. Fee for Services in incorrect as this term of payment is dependent on the cost of the provider to provide services such as lab tests, x-rays etc. Hospitals or other facilities receiving fee for service are paid for each individual service that is provided.

QUESTION NO: 271 Which of the following pieces of legislation preserves the patient's wishes, rights, healthcare options and advanced directives even if the decision results in the death of the patient? A. Patient Self Determination Act B. HIPAA C. COBRA D. EMTALA

Answer: A Explanation: The Patient Self Determination Act, enacted in 1990, is the piece of of legislation preserves the patient's wishes, rights, healthcare options and advanced directives even if the decision results in the death of the patient. Answer: C is incorrect. COBRA, the Consolidated Omnibus Budget Reconciliation Act, was devised in 1985 gives workers and their families who lose their health benefits the right to choose to continue group health benefits provided by their group health plan for limited periods of time under certain circumstances such as voluntary or involuntary job loss, reduction in the hours worked, transition between jobs, death, divorce, and other life events. Answer: B is incorrect. HIPPA is incorrect as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 246 Which of the following is the technique of flooding the Internet with a number of copies of the same message? A. Spamming B. ARP spoofing C. Phishing D. MAC spoofing

Answer: A Explanation: Spamming is the technique of flooding the Internet with a number of copies of the same message. The most widely recognized form of spams are e-mail spam, instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam. Answer: C is incorrect. Phishing is a type of internet fraud attempted by hackers. Hackers try to log into system by masquerading as a trustworthy entity and acquire sensitive information, such as, username, password, bank account details, credit card details, etc. After collecting this information, hackers try to use this information for their gain. Answer: D is incorrect. MAC spoofing is a hacking technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer. MAC spoofing is the activity of altering the MAC address of a network card. Answer: B is incorrect. Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The attack can only be used on networks that actually make use of ARP and not another method of address resolution. The principle of ARP spoofing is to send fake ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it. ARP spoofing attacks can be run from a compromised host, or from an attacker's machine that is connected directly to the target Ethernet segment.

QUESTION NO: 351 What is the function of TRACERT utility? A. Trace the path taken by TCP/IP packets to a remote computer. B. Provide DNS server address. C. Provide the host name of the routing device. D. Trace the MAC address of the target host's network adapter.

Answer: A Explanation: TRACERT utility is used to trace the path taken by TCP/IP packets to a remote computer. It traces and reports each router or gateway crossed by a TCP/IP packet on its way to the remote host. The TRACERT utility can be used with the target computer's name or IP address. It is used to detect and resolve network connection problems.

QUESTION NO: 496 You are assigned the duty of ensuring the accuracy of patients' histories and physicals as well as discharge summaries within a patient's electronic health record. Which of the following types of data are you responsible for? A. Text B. Numbers C. Signals D. Images

Answer: A Explanation: Text data is a type of data that may be found in a patient's electronic health record. Examples of text data is history and physical evaluations and discharge summaries.

QUESTION NO: 298 Which of the following agencies is responsible for protecting the health of all Americans? A. Department of Health and Human Services B. Occupational Safety and Health Administration C. Food and Drug Administration D. The Joint Commission

Answer: A Explanation: The Department of Healthand Human Services (HHS) is the United States government's principal agency for protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. Answer: B is incorrect. Occupational Safety and Health Administration (OSHA) is as the purpose of this agency is to ensure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: D is incorrect. The Joint Commission is as the purpose of this agency is to continuously improve health care for the public by evaluating health care organizations and inspiring them to excel in providing safe and effective care of the highest quality and value. Answer: C is incorrect., Food and Drug Administration is as the purpose of this agency is to protect the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation, and by regulating the manufacture, marketing, and distribution of tobacco products.

QUESTION NO: 170 A 44 year old female presents to the emergency room with chest pain. She is denied care because she is uninsured. Which of the following pieces of legislation has been violated? A. EMTALA B. HIPPA C. MIPPA D. Patient Bill of Rights

Answer: A Explanation: The Emergency Medical Treatment and Active Labor Act (EMTALA) is the piece of legislation legally obligates health care facilities to provide emergent care regardless of citizenship, legal status or ability to pay. Answer: B is incorrect. HIPPA is incorrect as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 361 Which of the following agencies is responsible for protecting the public health by insuring safety of cosmetics and medical devices? A. Food and Drug Administration B. Department of Health and Human Services C. The Joint Commission D. Occupational Safety and Health Administration

Answer: A Explanation: The Food and Drug Administration is responsible for protecting the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation, and by regulating the manufacture, marketing, and distribution of tobacco products. Answer: B is incorrect. Department of Health and Human Services is as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. Answer: D is incorrect. Occupational Safety and Health Administration (OSHA) is as the purpose of this agency is to ensure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: C is incorrect. The Joint Commission is as the purpose of this agency is to continuously improve health care for the public by evaluating health care organizations and inspiring them to excel in providing safe and effective care of the highest quality and value.

QUESTION NO: 169 Which of the following methods of filing is best suited for small, low volume facilities? A. Filing Cabinets with Drawers B. Open Shelf Files C. Compressible Units with Open Files D. Motorized Revolving Files

Answer: A Explanation: The best filing method for small, low volume facilities is filing cabinets with drawers. This type of filing allows for patient records to be locked, fireproofed and protected from the environment, however, this method required significant space. Answer: B is incorrect. Open shelf files is incorrect as this method is best for high volume facilities with multiple filing staff to provide security. This option also requires significant floor space. Answer: D is incorrect. Motorized revolving files is best for limited space, low volume facilities with one file clerk. This option allows for patient records to be covered and locked but is expensive to acquire and maintain. Answer: C is incorrect. Compressible units with open files is best for limited space, medium volume facilities with two or three file clerks. This method allows for easy access and saves space.

QUESTION NO: 428 There are many times in the Healthcare Insurance Portability and Accountability Act when important privacy exceptions or regulations are made for "TPO" uses. What does TPO stand for in HIPAA and other healthcare regulations? A. Treatment, Payments and Operations B. Tax, Purchase and Oversight C. Time, Privacy and Objectives D. Treatment, Providers and Organizations

Answer: A Explanation: The HIPAA Privacy Rule establishes protection for personal health information, carefully balanced to avoid creating unnecessary barriers to the delivery of quality health care. As such, the Rule generally prohibits a covered entity from using or disclosing protected health information unless authorized by patients, except where this prohibition would result in unnecessary interference with access to quality health care. To avoid interfering with an individual's access to quality health care or the efficient payment for such health care, the Privacy Rule permits a covered entity to use and disclose protected health information, with certain limits and protections, for treatment, payment, and health care operations activities. ? "Treatment" generally means the provision, coordination, or management of health care and related services among health care providers. "Payment" encompasses the various activities of health care providers to obtain payment or be reimbursed for their services and of a health plan to obtain premiums, to fulfill their coverage responsibilities and provide benefits under the plan, and to obtain or provide reimbursement for the provision of health care. "Health care operations" are certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment. Answer: C is incorrect. There are no provisions with these terms in HIPAA regulation. Answer: D is incorrect. "Providers" would be covered by the term "Treatment" and "Organizations" is a very broad term that could apply to a wide variety of entities. Answer: B is incorrect. There are no provisions with these terms in HIPAA, although taxes, purchase orders and oversight might be included in the Payment or Operations functions of a covered entity.

QUESTION NO: 162 Which of the following titles of HIPAA is known as the Administrative Simplification (AS) provisions, and requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers? A. Title II B. Title IV C. Title III D. Title I

Answer: A Explanation: The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) Website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. This is intended to help people keep their information private, though in practice it is normal for providers and health insurance plans to require the waiver of HIPAA rights as a condition of service. The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system. Answer: B, C are incorrect. These are not the valid titles of HIPAA.

QUESTION NO: 125 Which of the following titles of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs? A. Title I B. Title II C. Title III D. Title IV

Answer: A Explanation: The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) Website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. This is intended to help people keep their information private, though in practice it is normal for providers and health insurance plans to require the waiver of HIPAA rights as a condition of service. The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system. Answer: C, D are incorrect. These are not the valid titles of HIPAA.

QUESTION NO: 69 While on the job in a healthcare facility, you notice a group of individuals touring and inspecting the facility, the group is evaluating and insuring the workplace is a safe environment for all employees. Which agency is performing this inspection? A. Occupational Safety and Health Administration B. Food and Drug Administration C. Department of Health and Human Services D. The Joint Commission

QUESTION NO: 107 While on the job in a healthcare facility, you notice a group of individuals touring and inspecting the facility, the group is evaluating and insuring the workplace is a safe environment for all employees. Which agency is performing this inspection? A. Occupational Safety and Health Administration B. Food and Drug Administration C. Department of Health and Human Services D. The Joint Commission

Answer: A Explanation: The Occupational Safety and Health Administration (OSHA) is responsible for to ensuring safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: C is incorrect. Department of Health and Human Services is as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. Answer: D is incorrect. The Joint Commission is as the purpose of this agency is to continuously improve health care for the public by evaluating health care organizations and inspiring them to excel in providing safe and effective care of the highest quality and value. Answer: B is incorrect. Food and Drug Administration is as the purpose of this agency is to protect the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation, and by regulating the manufacture, marketing, and distribution of tobacco products.

QUESTION NO: 251 Which of the following methods of filing is best suited for limited space, medium volume facilities with multiple file clerks? A. Compressible Units with Open Files B. Motorized Revolving Files C. Filing Cabinets with Drawers D. Open Shelf Files

Answer: A Explanation: The best filing option for limited space, medium volume facilities with multiple file clerks is compressible units with open files. This method allows for easy access and saves space, but access may be vulnerable to a mechanical failure. Answer: C is incorrect. Filing cabinets with drawers is incorrect as this method for small, low volume facilities is filing cabinets with drawers. This type of filing allows for patient records to be locked, fireproofed and protected from the environment, however, this method required significant space. Answer: D is incorrect. Open shelf files is incorrect as this method is best for high volume facilities with multiple filing staff to provide security. This option also requires significant floor space. Answer: B is incorrect. Motorized revolving files is best for limited space, low volume facilities with one file clerk. This option allows for patient records to be covered and locked but is expensive to acquire and maintain.

QUESTION NO: 93 Your healthcare facility receives complaints this year with regard to violations of privacy practices and is cited for noncompliance with the HIPAA Privacy Rule for 23 infractions for inadvertent compliance failure. Civil penalties are enforced, as there has been no wrongful conduct with false pretenses and patient health information has not be knowingly obtained or disclosed. What is the minimum amount that can your healthcare facility be fined for compliance failure? A. $23,000 B. $50,000 C. $230,000 D. $2300

Answer: A Explanation: The civil penalty for inadvertent PHI disclosure is $1000 per violation, as per the latest increases in amount in the American Reinvestment and Recovery Act, which increased penalties for violations and noncompliance with HIPAA privacy laws. With 23 violations for the year, your facility would be fined $23,000 in total. It is very important to prevent PHI disclosures and maintain policies for your organization that comply with HIPAA Privacy regulations to avoid disciplinary actions by the Office of Civil Rights within the Department of Health and Human Services, or actions by the state attorney general. Answer: D is incorrect. The minimum civil penalty for PHI disclosure is now $1000 per violation, not $100 per violation as it was under the original HIPAA law in 1996 before the changes made in the ARRA legislation of 2009. Answer: B is incorrect. $50,000 is the minimum penalty for uncorrected violations of HIPAA Privacy regulations when there is willful neglect on the part of an organization. Also, individuals involved in wrongful conduct can be fined up to $50,000 and incur a criminal penalty of up to one year in prison. Answer: C is incorrect. This is too high a fine for the kind of noncompliance cited in the question.

QUESTION NO: 489 Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network? A. Confidentiality B. Authentication C. Non-repudiation D. Integrity

Answer: A Explanation: The confidentiality service of a cryptographic system ensures that information will not be disclosed to ny unauthorized person on a local network.

QUESTION NO: 181 Which of the following payment terms is based on the cost of the provider to perform services? A. Fee for Services B. Customary Charges C. Capitation D. Sliding Scale Fee

Answer: A Explanation: The fee for services term of payment is dependent on the cost of the provider to provide services such as lab tests, x-rays etc. Hospitals or other facilities receiving fee for service are paid for each individual service that is provided. Answer: B is incorrect. Customary charges is incorrect as this type of payment term is based on what is normally charged or what is reasonable for the service provided. Answer: D is incorrect. Sliding Scale fee is incorrect as this type of payment term is common in low income areas and is based on the patient's ability to pay. &Answer: C is incorrect. Capitation is incorrect as this payment term is a pre-paid amount based on a per-person or per-capita amount.

QUESTION NO: 311 You are asked to design a database according to the following schematic. Which of the following database models are you designing? A. Hierarchal Model B. Object Oriented Model C. Enterprise Model D. Network Model

Answer: A Explanation: The hierarchal database model uses the format of a typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces? Answer: D is incorrect. Network model is incorrect as this model is designed to allow the child to have more than one parent. This model is often referred to as the many to many model. Answer: B is incorrect. Object oriented model is incorrect as this model is essentially a collection of objects, related by encapsulation (an object such as a patient has certain characteristics) or inheritance (an object such as a resident inherits characteristics from a physician object). There is no primary key in this model. Answer: C is incorrect. Enterprise model is meant as a distractor, the enterprise database model does not exist.

QUESTION NO: 177 You are working on installing a e-prescribing system in an outpatient clinic which has many HMO patients. One of the advantages of a e-prescribing system was the ability within the program to check against insurance coverage for the patient to see which of several possible medications for the patient's health condition is covered by the patient's insurance coverage. What is this feature called? A. Formulary checking B. Allergy interactions C. Coverage authorization D. Medication Reconciliation

Answer: A Explanation: The list of medications that an insurance carrier will cover for a patient or a list of payment levels for different preferred medications is referred to as a formulary, and checking the patient's needs against that list of medications would be formulary checking. This process may help with significant cost savings to the patient. Answer: C is incorrect. Coverage authorization is not the term used to describe this process. Answer: B is incorrect. Allergy interactions are an important check that ePrescribing software performs, checking the patient medical record for allergy alerts to a medication or closely related compounds, but that is not involved in insurance coverage issues. Answer: D is incorrect. Medication Reconciliation is an important part of ePrescribing, where past medications are checked against the current prescribing plan and it is checked to see that medications are not being omitted or duplicated in the current orders, and that the dosages are correct and the medications do not interact. This does not involve checking insurance coverage.

QUESTION NO: 494 The 1996 Healthcare Insurance Portability and Accountability Act included important regulation with regard to access and protection of healthcare information. Two "rules" are often referred to in discussions of healthcare information regulation in the industry, what are these two HIPAA "Rules"? A. Privacy and Security B. Accountability and Portability C. Protection and Integrity D. Confidentiality and Safety

Answer: A Explanation: The parts of HIPAA legislation that related to healthcare information protection and access are the "Privacy Rule" and the "Security Rule". The Privacy Rule provides federal protection for personal health information held by certain organizations (covered entities), and gives patients rights with respect to their own health information. The Security Rule is a series of specifications for administrative, physical and technical safeguards for organizations to protect the safety, confidentiality, integrity and access to protected health information. Answer: D is incorrect. Although confidentiality is a goal of the Privacy Rule it does not embody all the stated goals of the HIPAA Privacy Rule. Safety of protected health information is a goal of the Security Rule, but safety is only one aspect of what is embodied in the Security Rule. Answer: B is incorrect. Accountability and Portability of Health Insurance are aspects of the HIPAA law that are dealt with in other areas of the large HIPAA legislation, and do not refer to healthcare information regulation. Answer: A is incorrect. As in answer A, Protection of information is a goal of both the Privacy and Security Rules, but does not embody all the aspects of the regulations. Integrity is an aspect of information security, but again does not embody everything in the Security Rule.

QUESTION NO: 387 You are involved in administrating an IRB and need a waiver of authorization to allow for access to chart reviews for participants or potential participants who had not authorized their information to be shared. HIPAA allows for this if certain minimum requirements are met. Which of the following is not a requirement? A. The affected patient population must certify consent in advance of the waiver by B. The research could not practicably be conducted without access to the PHI C. The research could not practicably be conducted without the waiver D. The privacy risks are reasonable in relation to the anticipated benefits E. Use or disclosure involves no more than minimal risk to privacy for the individual

Answer: A Explanation: The point of a waiver of authorization is that the affected population is not given the opportunity to authorize the release of PHI prior to its occurrence. That is why it is a waiving of the authorization. Answer: E is incorrect. Use or disclosure involves no more than minimal risk to privacy for the individual. This is necessary for the waiver to occur and must include. a plan to protect patient identifiers from improper use or disclosure a plan to destroy patient identifiers at the earliest opportunity adequate written assurances that protected health information will not be reused or disclosed to others except as required by Law, for oversight of the research, or for other research that would be permitted by HIPAA . Answer: B, C are incorrect. These are necessary to even consider doing the waiver Answer: D is incorrect. Is the defining motive to allow the waiver to be considered in the first place and the benefits must be to the individuals and the importance of the knowledge gained through research.

QUESTION NO: 243 Which of the following is the principle used to design a work environment to promote safe, healthy, injury free work? A. Ergonomics B. Integration C. Biometrics D. Inclusion

Answer: A Explanation: The principle of ergonomics is used to design a work environment to promote safe, healthy, injury free work. Work space should allow for full range of motion including sufficient knee and leg room. Answer: C is incorrect. Biometrics is incorrect as this principle consists of methods for uniquely recognizing humans based upon one or more physical or behavioral traits. In computer science, in particular, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance.

QUESTION NO: 23 Your healthcare facility used to keep all healthcare records permanently, but the volume of healthcare information has become you great your facility is developing a plan to destroy certain records after a suitable period of time. There is a broad range of state regulations and suggested professional standards for record retention. Which of these record types would likely be kept the longest? A. Register of Births B. Adult patient medical records C. Diagnostic images (x-rays, etc.) D. Fetal heart monitor records

Answer: A Explanation: The professional organization AHIMA (American Health Information Management Association) list of recommendations, and several other organizations recommend that a register of births be kept permanently. The reasons for this are that individuals, including the child birthed, may be interested in that record for many years to come. Answer: C is incorrect. Federal, state and professional organizations usually recommend that diagnostic images like x-rays only be retained for 5 years. One exception to this is mammograms, which some organizations suggest retaining for up to thirty years. Answer: B is incorrect. AHIMA and accreditation organizations suggest that the medical records of adults be kept for ten years after the most recent encounter with the patient. Answer: D is incorrect. AHIMA recommends fetal heart monitor records be kept for ten years after the age of majority (i.e. 28 years).

QUESTION NO: 451 Which of the following agencies is responsible for accrediting, certifying and evaluating health care organizations to insure they are providing the highest quality of care? A. The Joint Commission B. Occupational Safety and Health Administration C. Food and Drug Administration D. Department of Health and Human Services

Answer: A Explanation: The purpose of The Joint Commission is to continuously improve health care for the public by evaluating health care organizations and inspiring them to excel in providing safe and effective care of the highest quality and value. This agency also distributes accreditation and certifications to those health care organizations who meet the requirements of The Joint Commission. Answer: D is incorrect. Department of Health and Human Services is as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. Answer: B is incorrect. Occupational Safety and Health Administration (OSHA) is as the purpose of this agency is to ensure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: C is incorrect. Food and Drug Administration is as the purpose of this agency is to protect the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation, and by regulating the manufacture, marketing, and distribution of tobacco products.

QUESTION NO: 65 While on the job in a healthcare facility, you notice a group of individuals touring and inspecting the facility, the group is evaluating and insuring the facility is providing the highest quality of care. Which agency is performing this inspection? A. The Joint Commission B. Department of Health and Human Services C. Food and Drug Administration D. Occupational Safety and Health Administration

Answer: A Explanation: The purpose of The Joint Commission is to continuously improve health care for the public by evaluating health care organizations and inspiring them to excel in providing safe and effective care of the highest quality and value. This agency also distributes accreditation and certifications to those health care organizations who meet the requirements of The Joint Commission. Answer: D is incorrect. Occupational Safety and Health Administration (OSHA) is as the purpose of this agency is to ensure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: C is incorrect. Food and Drug Administration is as the purpose of this agency is to protect the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation, and by regulating the manufacture, marketing, and distribution of tobacco products. Answer: B is incorrect. Department of Health and Human Services is as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves.

QUESTION NO: 497 A patient has had a two month extended stay in the hospital. Over that period of time, her chart has become too large and cumbersome to handle. You are asked to make this chart easier to work with. Which of the following tasks have you been asked to perform? A. Thinning B. Scanning C. Coding D. Archiving

Answer: A Explanation: The purpose of thinning is to make a patients chart easier to handle after it has become to large and cumbersome to handle. This act is normally necessary for a patient who has incurred an extended stay in the hospital. The medical records that have been thinned are not destroyed but sent to the central medical records area where they should still be readily accessible. Answer: D is incorrect. Archiving is incorrect as this act is ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. Answer: C is incorrect. Coding is incorrect as this is the act of applying the proper codes for medical services for billing purposes. Answer: B is incorrect. Scanning is incorrect as this is the act of converting paper medical records into computerized form.

QUESTION NO: 28 Two employees, the billing supervisor and the insurance verification secretary, email each other regarding a patient's billing situation. Which of the following would be the least effective way to ensure the PHI of the patient? A. Emailing using the employees email addresses that they have created for business purposes themselves. B. Emailing directly to an in-office only email address, accessible only by the involved parties with passwords that maintain encryption. C. Emailing and following with a phone call. D. Emailing on the company's intranet.

Answer: A Explanation: This is the correct answer. It is the least effective method of protection. In this scenario, since the email is created by the employees, it is most likely outside the company's intranet, and perhaps would be a yahoo or Gmail address, something that is, in other words, accessible from outside the office and available to prying eyes who may walk by the employee's computer screen in their home or elsewhere. Answer: D is incorrect. This is a very good option, but without password protection, it leaves the PHI open to others who have access to that email. Answer: B is incorrect. This is the best option. It's company intranet and it's password protected. Answer: C is incorrect. It doesn't specify where the information is emailed to and so it could be outside the company's purview. Even if the sender verifies that the receiver got the email, someone else outside the company might also see the email.

QUESTION NO: 431 Two employees, the billing supervisor and the insurance verification secretary, email each other regarding a patient's billing situation. Which of the following would be the least effective way to ensure the PHI of the patient? A. Emailing using the employees email addresses that they have created for business purposes themselves. B. Emailing and following with a phone call. C. Emailing directly to an in-office only email address, accessible only by the involved parties with passwords that maintain encryption. D. Emailing on the company's intranet.

Answer: A Explanation: This is the correct answer. It is the least effective method of protection. In this scenario, since the email is created by the employees, it is most likely outside the company's intranet, and perhaps would be a yahoo or Gmail address, something that is, in other words, accessible from outside the office and available to prying eyes who may walk by the employee's computer screen in their home or elsewhere. Answer: D is incorrect. This is a very good option, but without password protection, it leaves the PHI open to others who have access to that email. Answer: C is incorrect. This is the best option. It's company intranet and it's password protected. Answer: B is incorrect. It doesn't specify where the information is emailed to and so it could be outside the company's purview. Even if the sender verifies that the receiver got the email, someone else outside the company might also see the email.

QUESTION NO: 1 You are asked to design an information system in which the client-server platform is based on the following schematic. What type of architecture is incorporated within your information system? A. Three-Tier Architecture B. WAN Technology C. Two-Tier Architecture D. LAN Technology

Answer: A Explanation: Three tier architecture is a client-server platform that encompasses a PC, a database and an application server that contains software to process the data. Answer: D is incorrect. LAN Technology is incorrect as this is a mode of communication, not a client-server platform, that this refers to Communication devices in a small geographic area such as PC and printer or PC and PC within a facility. Answer: B is incorrect. WAN Technology is incorrect as as this is a mode of communication, not a client-server platform, that allows for communication among a large geographic environment such as two or more LANs connected via a telephone system or satellite. Answer: C is incorrect. Two-tier architecture is incorrect as this is a client-server platform that consists simply with a PC interfaced with a database.

QUESTION NO: 228 Sometimes it is necessary for patients to receive information like test results over the phone. This kind of protected health information can be very sensitive. In which of the following situations would it be acceptable to discuss protected health information over the phone. A. With the patient who has confirmed a detail of their identity, such as birth date or address. B. With a family member of the adult patient. C. With a coworker of the patient at their workplace. D. With an answering machine at the number designated if the name matches the patient's.

Answer: A Explanation: To protect PHI, it is important to try to authenticate any person on the end of a phone call is the correct individual to receive communication that may involve PHI, whether that is a provider, a patient or a patient's designated representative. Answer: D is incorrect. No PHI or sensitive information should be left on an answering machine or an answering service. Only direct contact with the patient should be considered a secure place for a conversation involving PHI. Answer: B is incorrect. Information that is sensitive and considered PHI should not be discussed with a family member for an adult patient unless previous authorization has been received. In general, such matters should only be discussed with the patient unless they have been declared incompetent. Answer: C is incorrect. Information that is sensitive and considered PHI should not be shared with anyone other than the patient, and definitely not with a coworker or employer of the patient.

QUESTION NO: 261 You have the responsibility of setting up an entire information system for your facility. You assign one member of your team to install PCs, one member to install printers and one person to perform the networking. Which of the following describes the division of workload you have assigned? A. Unit Assembly B. Serial C. Unilateral D. Parallel

Answer: A Explanation: Unit assembly is a type of work division in which each person performs a unique task, however, it may not be sequential Answer: D is incorrect. Parallel is incorrect as this is a type of work division that is characterized by each person performing several tasks. Answer: B is incorrect. Serial is incorrect as this is a type of work division that is characterized by each person performing several tasks. Answer: C is incorrect. Unilateral is incorrect as this is not a type of work division, thisAnswer: s meant as a distractor.

QUESTION NO: 60 How many IEEE 1394 devices can be connected to a single IEEE 1394 port through daisy-chaining? A. 63 B. 127 C. 53 D. 110

Answer: A Explanation: Up to 63 IEEE 1394 devices can be connected to a single IEEE 1394 port through daisy-chaining. Institute of Electrical and Electronics Engineers (IEEE) 1394 is a standard for high-speed serial bus that provides enhanced PC connectivity for a wide range of devices. These devices include consumer audiovisual components, traditional PC storage devices, and handheld devices. IEEE 1394 is also known as Firewire. The FireWire connector is used with the FireWire serial bus. FireWire can transmit data at a very high speed of 400Mbps and 800Mbps. Two types of connectors are available in this category, namely 4-pin and 6-pin.

QUESTION NO: 397 You are responsible for ensuring that every echocardiogram becomes part of a patient's electronic health record. Which of the following types of data are you responsible for? A. Video B. Images C. Voice D. Numbers

Answer: A Explanation: Video data is a type of data that may be found in a patient's electronic health record. Example of video data would be any study that would be evaluated by seeing motion such as an echocardiogram or barium swallow.

QUESTION NO: 46 Which of the following data types encompassed in a patient's EHR would include an echocardiogram? A. Video B. Images C. Numbers D. Voice

QUESTION NO: 43 You are a network administrator for a healthcare organization. A doctor needs permission on a folder that contains his patient's medical history file. He needs to view that information only. You are required to provide him appropriate permissions to enable him to view that information. Which of the following steps will you take to accomplish the task? A. Provide him the read permission on the file. B. Provide him the read permission on the folder. C. Provide him the write permission on the folder. D. Provide him the write permission on the file.

Answer: A Explanation: While providing permissions, it's important to assign only required permissions. From a permissions standpoint, all computers or applications must adhere to a principle of 'least privilege' such that authorized users will not have access beyond the permissions required to perform their authorized job functions. According to the question. only to view the patient's medical history file. In order to enable him to perform his task, you should provide him the read permission on the file. The read permission Permits viewing or accessing of the file's contents. Answer: B, C are incorrect. Providing folder permission to the doctor will give him access other files also those are in that folder. Answer: D is incorrect. Providing write permission will permit him writing to the file.

QUESTION NO: 458 Health plans and government programs may not always agree to pay for certain services. Medicare will not pay for services unless it believes them to be "reasonable and necessary". Medicare guidelines state that a patient must be notified in writing that Medicare may deny payment for a particular service, as well as the reason for the likely denial, before service is performed. What is the name of this document?Each correct answer represents a complete solution. Choose all that apply. A. Waiver of liability B. Advanced Beneficiary Notice C. Intent to Inform D. Payment Responsibility

Answer: A,B Explanation: A waiver of liability is a waiver of financial liability (Medicare may not be responsible to pay, and the patient will be responsible to pay the healthcare provider). Another name for this within the Medicare bureaucracy is an Advanced Beneficiary Notice, as the document is a notice to Medicare beneficiaries, given before service, that the service may not be paid for by Medicare. Answer: C is incorrect. This is not an accurate name for this document. Answer: D is incorrect. Although the content of the waiver does include the fact that the patient may be responsible for payment, the document is rarely referred to by this name.

QUESTION NO: 66 Which of the following statements about PGP are true? Each correct answer represents a complete solution. Choose two. A. It uses both a public key and a private key. B. It is an encryption technique. C. It is a payment gateway. D. It processes both digital cash and credit card payments.

Answer: A,B Explanation: Pretty Good Privacy (PGP) is an encryption method that uses public-key encryption to encrypt and digitally sign e-mail messages during communication between e-mail clients. Public key encryption is an asymmetric scheme that uses a pair of keys for encryption. the public key encrypts data and the corresponding secret key (private key) decrypts the data. For digital signatures, the process is reversed. the sender uses the secret key (private key) to create a unique electronic number that can be read by anyone who possesses the corresponding public key, which verifies that the message is truly from the sender. PGP is effective, easy to use, and free. Therefore, it is one of the most common ways to protect messages on the Internet.

QUESTION NO: 158 A physician maintains a series of progress notes on a patient during the patient's stay at the hospital. These notes are entered into an electronic medical record at a workstation. What does the physician need to maintain during this process? Each correct answer represents a complete solution. Choose all that apply. A. The physician needs to maintain the integrity of the record. She cannot erase any information, only add changes or corrections and she needs to electronically sign at appropriate points in the record. B. The physician needs to maintain the confidentiality of the record. They have to make sure that the workstation is logged out of when not in use, so that no unauthorized individuals can have access to patient data. C. The physician needs to maintain the security of the record. They have to check that no one else has viewed or altered the record from outside sources. D. The physician needs to maintain the accessibility of the record. They have to provide access to the patient or their designated representatives.

Answer: A,B Explanation: The physician has a responsibility to check that all of the progress notes, physician orders, history and other information about the patient that they are a part of is accurately and completely entered and that they electronically sign to acknowledge that they have checked this. They also have a responsibility to keep PHI confidential and make sure that computer systems are not left on where unauthorized individuals could have access to patient data. Answer: C is incorrect. This is not the responsibility of the physician, but the responsibility of healthcare IT and healthcare information management to see that access control for the patient recorA, D log of access is maintain and to report and fix any security breaches. Answer: D is incorrect. Release of information and access to the patient record is the responsibility of the medical records or release of information office within a healthcare facility, not the physician.

QUESTION NO: 265 The virtualization technology is used to permit the several virtual machines to run on a single hardware platform, and allows each virtual machine to run its separate operating system in the virtualized environment. Which of the following are the pros of the virtualization technology? Each correct answer represents a complete solution. Choose all that apply. A. Power reduction B. Reduced infrastructure cost C. Decreased administrative overhead D. Low initial investment

Answer: A,B Explanation: The various pros of the virtualization technology are as follows: 1.Power reduction 2.Reduced infrastructure cost 3.Centralization of computing resources 4.Centralized administration 5.Enhanced disaster recovery 6.Faster deployment 7.Maximize hardware utilization 8.Reduced power and cooling consumption The various cons of the virtualization technology are as follows: 1.Potential single point of failure 2.Increased administrative overhead 3.More complex administration 4.High initial investment 5.High training personnel costs 6.Resource contention 7.Increased network traffic within a single node

QUESTION NO: 377 You are a Network Administrator of a TCP/IP-based routed network. You want to configure a Windows 98 computer so that it can connect to the computers in the local segments as well as the other segments of the network. Which of the following parameters will you need to configure TCP/IP to a network interface card (NIC)? Each correct answer represents a complete solution. Choose three. A. IP address B. Default gateway C. Subnet mask D. MAC address

Answer: A,B,C Explanation: An IP address and a subnet mask are essential for every computer using TCP/IP. Since it is a routed network, you will have to configure a default gateway as well. However, in a single segment network, it is not required to configure a default gateway.

QUESTION NO: 171 Which of the following are removable storage devices/media? Each correct answer represents a complete solution. Choose three. A. USB Pen drive B. CD-ROM C. SD card D. Hard disk drive

Answer: A,B,C Explanation: CD-ROM, SD card, USB Pen drive, floppy disk, etc., are removable storage media. CD-ROM (Compact Disc Read-Only Memory) is a type of removable storage optical media. It can store up to 1GB of data, although most common CD-ROMs store 700MB of data. It comes in a standard size and format, so users can load any type of CD-ROM into any CD drive or CD-ROM player. Once data is written to a CD-ROM, it cannot be erased or changed. SD card is a removable storage device. Secure Digital (SD) card is a non-volatile memory card format used in portable devices such as mobile phones, digital cameras, and handheld computers. SD cards are based on the older MultiMediaCard (MMC) format, but they are a little thicker than MMC cards. Generally an SD card offers a write-protect switch on its side. SD cards generally measure 32 mm x 24 mm x 2.1 mm, but they can be as thin as 1.4 mm. The devices that have SD card slots can use the thinner MMC cards, but the standard SD cards will not fit into the thinner MMC slots. Some SD cards are also available with a USB connector. SD card readers allow SD cards to be accessed via many connectivity ports such as USB, FireWire, and the common parallel port. USB Pen drive is a removable storage device. A pen drive is also known as a USB flash drive. It is a small device used to transfer data from one computer to another through USB ports. Pen drives are available in various capacities. When a pen drive is plugged into the USB port, Windows Explorer shows it as a removable drive. Answer: D is incorrect. The hard disk drive is not a removable storage media. It is installed inside the computer case. It can store large amounts of data and provides fast read/write performance. HDD can be connected to a computer with the Integrated Device Electronics (IDE), Small Computer System Interface (SCSI), and SATA interface. It consists of inflexible platters coated with material in which data is recorded magnetically with read/write heads. Note. Only external hard disk drives are removable devices.

QUESTION NO: 488 Which of the following are the features of SSH? Each correct answer represents a complete solution. Choose all that apply. A. SSH uses the client-server model. B. SSH is used primarily on Linux and UNIX based systems. C. SSH and Telnet can be configured simultaneously. D. SSH uses public-key cryptography to authenticate the remote computer.

Answer: A,B,D Explanation: Following are the basic features of Secure Shell (SSH):SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols. SSH uses the client-server model. The standard TCP port 22 has been assigned for contacting SSH servers. An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, Linux, FreeBSD, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist. SSH is used primarily on Linux and UNIX based systems. Answer: C is incorrect. Telnet and SSH cannot be configured simultaneously.

QUESTION NO: 461 What are the three primary rules for role-based access control for a user on a network? Each correct answer represents a part of the solution. Choose three. A. Authorization of role. B. Authorization of permission. C. Assignment of roles to the user. D. Assignment of permissions to the user.

Answer: A,B,C Explanation: Role-based access control (or role-based security) is an approach to restricting system access to authorized users within an organization. In role-based access control, roles are created for various job functions. To perform certain operations, permissions are assigned to specific roles rather than individuals. Since users are not assigned permission directly, management of individual user rights becomes a matter of simply assigning appropriate roles to the user. There are three primary rules defined for RBAC. Assignment of Roles. A subject can exercise a permission only if the subject has selected or been assigned a role.Authorization of Role. A subject's active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized. Authorization of Permission. A subject can exercise a permission only if the permission is authorized for the subject's active role. With rules 1 and 2, this rule ensures that users can exercise only permissions for which they are authorized.According to the requirements of an organization, additional constraints may be applied as well, and roles can be combined in a hierarchy where higher-level roles subsume permissions owned by sub-roles. Answer: D is incorrect. In role-based access control, no permission is assigned to a user directly. Instead, permissions are assigned to a role and that role is assigned to the user.

QUESTION NO: 231 Federal Health Care Reform mandates the beginning of movement to electronic medical records for all hospitals and clinics starting in 2015, and this impacts rural hospital especially hard. As a healthcare IT professional, if you are hired at a rural hospital to help convert a paper based system to an electronic health record system you may be working with limited resources and higher levels of responsibility, but make a big impact. Which of the following is true about healthcare IT opportunities at rural hospitals? A. Rural hospitals band together to make best use of healthcare IT professionals and resources and share across distances. B. The federal government awards grants to help with implementation of electronic records and some of this is focused on rural clinics and hospitals. C. There is a real shortage of Healthcare IT professionals in rural settings. D. There is an exception for rural hospitals in the electronic medical record requirements.

Answer: A,B,C Explanation: There is a real need for healthcare IT professionals in rural settings, there is grant money available for EHR implementation, and often hospitals band together to share resources in IT. The situation is critical at these important healthcare facilities and there are big opportunities for healthcare IT professionals to make a needed impact. Answer: D is incorrect. There is no exception to federal healthcare reform requirements for electronic medical records system updates starting in 2015.

QUESTION NO: 78 Digital signatures from physicians are an important part of many electronic health information systems. Which of the following applications do use digital signatures? Each correct answer represents a complete solution. Choose all that apply. A. Medicare certifications B. Remote site visit patient records C. Referrals D. Computerized Physician Order Entry

Answer: A,B,C,D Explanation: All of these applications can use digital signatures. Digital signatures are more secure than electronic signatures. An electronic signature is a scanned copy of a paper signature. A digital signature has an encryption key and signing algorithm incorporated in the message contents and cannot be copied, altered or corrupted. Digital signatures are used in physician orders, to authenticate physician updates from remote site visits, in Medicare certifications, for referrals to specialists, medical record authentication.

QUESTION NO: 470 Which of the following statements about the UPS are true?Each correct answer represents a complete solution. Choose all that apply. A. The UPS protects the readers against unexpected power spikes. B. The UPS helps in keeping data. C. The UPS keeps the readers running in case of a power failure. D. The UPS are susceptible to power spikes. E. The UPS is built into the system between the reader and the external power source.

Answer: A,B,C,E Explanation: UPS (Uninterruptible Power Supply) devices employ a large battery to provide power to a system in the event of a power outage. The amount of time it can continue to supply power to the system depends upon the size of the battery, and the power consumption.UPS is built into the system between the reader and the external power source. The reader is susceptible to power spikes (caused due to lightning strikes or generator variations). UPS keeps the readers running in case of a power failure and also protects them against unexpected power spikes. The UPS helps in keeping data, which may be in the random access memory (RAM) and not yet pushed up to the application, from being lost and the configuration is not wiped out.

QUESTION NO: 331 Which of the following are the countermeasures against WEP cracking?Each correct answer represents a part of the solution. Choose all that apply. A. Using the longest key supported by hardware B. Using a non-obvious key C. Using a 16 bit SSID D. Changing keys often

Answer: A,B,D Explanation: A user can use some countermeasures to prevent WEP cracking. Although WEP is least secure, it should not be used. However, a user can use the following methods to mitigate WEP cracking. Use a non-obvious key. Use the longest key supported by hardware. Change keys often.Use WEP in combination with other security features, such as rapid WEP key rotation and dynamic keying using 802.1x. Consider WEP a deterrent, not a guarantee. Answer: C is incorrect. SSID stands for Service Set Identifier. It is used to identify a wireless network. SSIDs are case sensitive text strings and have a maximum length of 32 characters. All wireless devices on a wireless network must have the same SSID in order to communicate with each other. The SSID on computers and the devices in WLAN can be set manually and automatically. Configuring the same SSID as that of the other Wireless Access Points (WAPs) of other networks will create a conflict. A network administrator often uses a public SSID that is set on the access point. The access point broadcasts SSID to all wireless devices within its range. Some newer wireless access points have the ability to disable the automatic SSID broadcast feature in order to improve network security.

QUESTION NO: 293 A nursing station in one area of a hospital wishes to set up a chat program to discuss patient details with the pharmacy whenever there is a problem with the computerized physician order entry program. While you are working on a separate issue, a nurse asks you to install such a program. Is this possible? Each correct answer represents a complete solution. Choose all that apply. A. No. The computerized physician order entry program should already have a system in place to deal with potential problems. B. No, no unauthorized software should not be installed on a workstation without the approval of IT staff, the security administration, network administrator, and the Chief Security Officer. C. Only approved secure chat programs that are internal to the organization and to not go outside the firewall, and are HIPAA-complaint could be used to communicate PHI between departments. D. No, internet messaging systems are highly insecure, and information is in the hands of the IM providers who control user messages, logs and connection information. IM programs should not be installed on workstations.

Answer: A,B,D Explanation: Internet messaging programs are highly insecure and can be easily hacked into and provide a security risk. They should not be installed on any facility computer. And any secure chat program option should not be installed until it is evaluated in detail by the system administrator, security administrator and other IT managers to see if it fits in with the healthcare organizations' needs and risk profile. Also, most computerized physician order entry programs used in healthcare have the ability to discuss problems with messages back and forth, and additional messaging service is not necessary. Answer: C is incorrect. There are secure chat programs available, but you should not install one without prior approval of the IT department, system administrator, and other management, but ant chat or IM program could be a security risk.

QUESTION NO: 282 Nursing facilities and nursing homes are increasingly using electronic medical records and computerized order systems to care for complex patients. As an Healthcare IT professional, what kind of professionals will you be working with to implement these kinds of systems within a nursing home? are often run by a Director of Nursing, who is a registered nurse, and staffed by licensed nurses (LPN) and non-licensed nursing assistants. Each correct answer represents a complete solution. Choose all that apply. A. Licensed Practical Nurses (LPNs) B. Nursing assistant staff C. Physicians D. Registered Nurses (RNs)

Answer: A,B,D Explanation: Nursing homes and skilled nursing facilities are required to have registered nurses, licensed practical nurses, and nursing assistants on staff at levels high enough to maintain patient health and quality of life.

QUESTION NO: 139 Healthcare facilities need to have strict policies about mobile devices and remote access to the organization's network when access to protected health information is involved. You are asked by a healthcare provider to help her set up a way to access her account while she is at a conference in Denver. What are some policies that your organization might have to this kind of arrangement? Each correct answer represents a complete solution. Choose all that apply. A. No remote access is allowed for any reason due to the possibility of protected health information becoming vulnerable. B. It is necessary to install a VPM or virtual private network on the provider's laptop, one that is approved by the IT staff and has been demonstrated to be secure. C. As long as the desktop is locked for access with a password, network access to the providers personal computer shouldn't be a problem. D. No PHI may be stored on a home or personal computer for any reason, and a home or personal computer should never be considered a secure location.

Answer: A,B,D Explanation: Option A, option B and option D may sound contradictory, but any of these could be part of the remote access policy of the healthcare facility a healthcare IT technician could work for. Remote access and mobile devices may be important for the smooth functioning of the organization, but security of PHI is very important, and different IT departments will maintain different policies regarding access depending upon the needs of the organization and the employees. It may be that if the management does not see a benefit in remote access and the risk is too great, that no remote access is allowed into the network. Some organizations may allow access through a secure Virtual Private Network, and may allow no PHI to be transferred or stored on a home or personal computer or device. Answer: C is incorrect. A home or personal computer cannot be considered a secure device, even with password protection. If the laptop or computer is stolen, it is all too easy for passwords to be decrypted and information stored on the device to be access and PHI confidentiality to be breeched.

QUESTION NO: 360 Which of the following sentences are correct about physical security? Each correct answer represents a complete solution. Choose all that apply. A. Physical security is generally provided by the general and technical services managers. B. Physical security is older than information security. C. Physical security is in no way connected to information security. D. Physical security is a part of information security.

Answer: A,B,D Explanation: Physical security is a part of information security, though physical security is older than information security. All business assets must be physically protected; hence the need for physical security arises. Physical security is generally provided by the general and technical services managers. The coordination between those people who are in charge of physical security and information security is important for the overall security.

QUESTION NO: 323 Sam works as a System Administrator for uCertify Inc. The company has Windows-based network. Sam wants to remove the files from the system, permanently. For this purpose, he uses the shredding process. Which of the following statements are related to the shredding? Each correct answer represents a complete solution. Choose all that apply. A. The content of the file can be overwritten in the process of shredding. B. It is a program that is used for the purpose of rewriting the files with random series of binary data several times. C. It is used for the combustion of organic substances that are contained in waste material. D. The process of recovering such a shredded file is usually theoretical.

Answer: A,B,D Explanation: Shredding can be defined as the program that is used for the purpose of rewriting the files several times with the random series of binary data. It is capable of removing the files from the system, permanently. In the process of shredding, the content of the file can be overwritten. The process of recovering such a shredded file is usually theoretical. Answer: C is incorrect. Incinerating is used for the combustion of organic substances that are contained in waste material.

QUESTION NO: 219 Which of the following is true about the TELNET utility? Each correct answer represents a complete solution. Choose all that apply. A. It uses TCP port 23. B. It uses the RDP protocol to connect to a remote computer. C. It allows users to communicate with a remote computer. D. It transmits data in clear text.

Answer: A,C,D Explanation: Telnet is a command-line connectivity tool that starts terminal emulation with a remote host running the Telnet server service. Telnet allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The Telnet utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software to access files. It uses TCP port 23 by default. Answer: B is incorrect. The TELNET utility uses the Telnet protocol for connecting to a remote computer.

QUESTION NO: 518 Which of the following statements are true regarding the security advantages of cloud computing?Each correct answer represents a complete solution. Choose all that apply. A. It has advanced honeypot capabilities. B. It provides a greater resiliency. C. It can be implemented without any organizational changes. D. It provides fault tolerance and reliability.

Answer: A,B,D Explanation: The security advantages for cloud computing are as follows: It provides data fragmentation and dispersal. It builds a dedicated security team. It has a greater investment in security infrastructure. It provides fault tolerance and reliability. It provides a greater resiliency. It provides hypervisor protection against network attacks. It offers possible reduction of Certification and Accreditation activities. It provides simplification of compliance analysis. An unbiased party holds the data. It has low-cost disaster recovery and data storage solutions. It provides on-demand security controls. It provides real-time detection of system tampering. It provides rapid reconstitution of services. It has advanced honeypot capabilities. Answer: C is incorrect. Organizational changes are needed to implement cloud computing.

QUESTION NO: 240 Which of the following are default ports for the FTP service? Each correct answer represents a complete solution. Choose two. A. 20 B. 443 C. 21 D. 80

Answer: A,C Explanation: By default, the FTP service uses TCP port 21 for session control and TCP port 20 for data transfer. Answer: B is incorrect. Secure Sockets Layer (SSL) uses TCP port 443 as the default port. Answer: D is incorrect. Hypertext Transfer Protocol (HTTP) uses TCP port 80 as the default port.

QUESTION NO: 344 You are working on the information systems of a nursing facility that works with elderly patients over the age of sixty five. You have specific questions about the Health Insurance Portability and Accountability Act rules with regards to a new information system you are installing. What agency can you contact for help? Each correct answer represents a complete solution. Choose all that apply. A. CMS B. NIST C. HHS D. OSHA

Answer: A,C Explanation: CMS is the Centers for Medicare and Medicaid, which administers the Medicare program (health insurance for people over 65 years of age) and helps oversee states implementation of Medicaid programs (for low income people). The CMS helps develop technology for health information management and their standards are often applied across the board throughout all healthcare facilities. They are heavily involved in implementation of the Health Insurance Portability and Accountability Act (HIPAA). HHS is the US Department of Health and Human Services, and is the government department that oversees CMS. They enforce HIPAA standards and can point you in the right direction to get the information you need about HIPAA at your facility. Answer: B is incorrect. NIST is the National Institute of Standards and Technology. Although they develop publications intended to help developers build better electronic health record systems, they will likely not be able to give you specific information on HIPAA implementation at your facility. Answer: D is incorrect. OSHA is the Occupational Safety and Health Administration, which deals with rules and regulations regarding health and safety in the workplace. They are not directly responsible in the implementation of HIPAA guidelines.

QUESTION NO: 163 Your roommate is recovering from a cold, and you are feeling under the weather yourself. You are scheduled to update software on a workstation in the critical care center of a hospital. What should you do? Each correct answer represents a complete solution. Choose all that apply. A. Wash hands thoroughly throughout the day, cover your mouth when you cough or sneeze and wash hands after any contact with bodily fluids. B. Where a surgical mask while working. C. Call in to your supervisor and explain that you may be ill and may need to work on an alternate project today. D. Take cold medicine.

Answer: A,C Explanation: Depending on hospital policy, you may be asked to stay home or the day or be assigned to work in a department that does not have at-risk individuals nearby. Nosocomial infections, or infections acquired while in the hospital are a common and deadly problem, and what may seem like a simply cold to you could be deadly to a patient with a compromise immune system. At all times, maintain proper hand washing technique, washing your hands after any contact with bodily fluids, coughing, sneezing, shaking hands, or dealing with equipment that may be frequently touched. Precautions like this could save lives. Answer: D is incorrect. Taking cold medicine will not prevent you from passing an infection on to a patient who may have a weakened immune system. Hand washing and isolating yourself from patients if you suspect you may be ill are the best policy. Answer: B is incorrect. A surgical mask might prevent some kinds of infections, but most infections are relayed through hand contact with bodily fluids. Hand washing and isolation if you are coughing, sneezing and sick are the best policies.

QUESTION NO: 50 Mark purchases a new printer. He wants to determine whether the new printer is supported by the Windows operating system installed on his computer. What are the most appropriate ways to accomplish this task? Each correct answer represents a complete solution. Choose two. A. Read the Hardware Compatibility List (HCL) for the operating system. B. Read printer reviews on the Internet. C. Read the printer's manual provided by the manufacturer. D. Use the Add New Hardware wizard in Control Panel.

Answer: A,C Explanation: In order to determine whether the new printer is supported by the Windows operating system, Mark will have to take either of the following steps. 1.Read the printer's manual provided by the manufacturer. The printer manual will have information about the operating systems on which this printer works properly. 2.Read Hardware Compatibility List (HCL) for the operating system. The HCL is a list of hardware devices that have passed the compatibility test conducted by Microsoft. This test confirms compatibility of a device with the operating system. Microsoft strongly recommends using only those devices that are in HCL. Answer: B is incorrect. Although using this method, a user can find out the information about device compatibility with the operating system, this will not be the best way to accomplish this task, as this method will take more time. Answer: D is incorrect. The Add New Hardware wizard in Control Panel is used to install drivers for the devices. It does not provide information about device compatibility with the operating system.

QUESTION NO: 382 When a patient is first seen in a private practice or in a hospital in a non-emergency situation, a clerk asks the patient to fill out a variety of paperwork including information on name, address, contact information, next of kin, insurance billing, allergies, medications and prior health conditions among other information. The start of a healthcare workflow process, what is this procedure called?Each correct answer represents a complete solution. Choose all that apply. A. Registration B. Intake C. Admitting D. Information Gathering

Answer: A,C Explanation: Most often referred to as Patient Registration, some hospitals also refer to this process as Admitting or Admission (although this term is more often used when a patient is "admitted" for an inpatient stay from the emergency department or another clinic). Registration is an important process, and information from the registration process must be integrated into any health information system for distribution throughout the entire health care organization so the patient does not need to fill out this information again and again. Answer: D is incorrect. Information gathering is not a term used to refer to this process. Answer: B is incorrect. Intake is not used in this situation in a healthcare environment.

QUESTION NO: 143 Which of the following branches of medical science is included in OBGYN? Each correct answer represents a part of the solution. Choose two. A. Obstetrics B. Ophthalmology C. Gynecology D. Genealogy

Answer: A,C Explanation: OBGYN is an acronym used for the combination of the obstetrics and gynecology departments. These are the two surgical branches of medicine dealing with the female reproductive organs in their pregnant and non-pregnant states, respectively. The clinical pathology provides care for both pregnant and non-pregnant patients. Answer: B, D are incorrect. Genealogy is the study of families and the tracing of their lineages and history whereas Ophthalmology deals with the anatomy, physiology and diseases of the eye.

QUESTION NO: 211 Which of the following output voltages are used by CD/DVD drives?Each correct answer represents a complete solution. Choose two. A. +12 V B. -12 V C. +5 V D. +3.3 V

Answer: A,C Explanation: The CD/DVD drives use +12 and +5 Volts. The hard disk drive also uses the same output voltage. Answer: D is incorrect. The AGP card uses + 3.3 Volts. Answer: B is incorrect. Some older network cards and serial ports use -12 Volts.

QUESTION NO: 131 Which of the following operations does an access point perform in the wireless network? Each correct answer represents a part of the solution. Choose all that apply. A. It provides real-time quality information to the controller. B. It re-associates the roaming clients. C. It transmits beacon frames. D. It monitors all the channels for noise and interference.

Answer: A,C,D Explanation: An AP performs the following operations: It exchanges the frames and implements handshake between the clients. It transmits beacon frames. It buffers and transmits the frames for clients who are working in the power-save mode. It sends responses to probe requests from different clients on the network. It forwards notifications of received probe requests to the controller. It provides real-time quality information to the controller. It monitors all the channels for noise and interference. Answer: B is incorrect. An access point cannot re-associate the roaming clients.

QUESTION NO: 336 Data Encryption Standard (DES) is a 64 bit block cipher. Which of the following statements are true about Data Encryption Standard? Each correct answer represents a complete solution. Choose all that apply. A. All DES modes function on 64 bits of plaintext at a time in order to generate 64-bit blocks of cipher text. B. DES is a secure hash function for 8 bit processors. C. DES includes four modes of operation. Electronic Codebook mode, Cipher Block Chaining mode, Cipher Feedback mode, and Output Feedback mode. D. DES uses the 56 bit long key.

Answer: A,C,D Explanation: Data Encryption Standard (DES) is a 64 bit block cipher. It includes four modes of operation. Electronic Codebook mode, Cipher Block Chaining mode, Cipher Feedback mode, and Output Feedback mode. All the DES modes function on 64 bits of plaintext at a time, in order to generate 64-bit blocks of cipher text. DES uses the 56 bit long key. Answer: B is incorrect. MD2 is a secure hash function for 8 bit processors.

QUESTION NO: 195 Which of the following are removable storage devices? Each correct answer represents a complete solution. Choose all that apply. A. Floppy disk B. Hard disk C. USB flash drive D. Zip disk

Answer: A,C,D Explanation: Floppy disks, Zip disks, USB flash drives, memory cards, CDs, and DVDs are removable storage devices. Disks and cards that can be inserted into a computer's drives or USB ports are called removable storage devices. Answer: B is incorrect. A hard disk drive (HDD) is a non-volatile storage device that stores digitally encoded data on rapidly rotating rigid (i.e. hard) platters with magnetic surfaces. Early HDDs had removable media; however, an HDD today is typically a sealed unit (except for a filtered vent hole to equalize air pressure) with fixed media.

QUESTION NO: 39 Which of the following tools are used for an indoor site survey? Each correct answer represents a complete solution. Choose all that apply. A. Access point B. Topography map C. Spectrum analyzer D. Antenna

Answer: A,C,D Explanation: Following are the tools that are used for an indoor site survey: Antenna. A wide variety of both omni-directional and indoor semi-directional antennas are used in every indoor site survey. Accesspoint. An access point is a wireless LAN device. It provides a means for wireless clients to send data to one another and to a wired network. AP connects to both wireless LAN and wired Ethernet LAN. Spectrum analyzer. A spectrum analyzer, or spectral analyzer, is a device that is used to examine the spectral composition of some electrical, acoustic, or optical waveform. It may also measure the power spectrum. The analog and digital spectrum analyzers are as follows: 1.An analog spectrum analyzer uses either a variable band-pass filter whose mid-frequency is automatically tuned (shifted, swept) through the range of frequencies of which the spectrum is to be measured. 2.A digital spectrum analyzer computes the discrete Fourier transform (DFT), a mathematical process that transforms a waveform into the components of its frequency spectrum. Answer: B is incorrect. A topography map is a tool used for an outdoor site survey. It is a detaileA, Dccurate graphic representation of cultural and natural features on the ground. These maps are based on topographical surveys performed at large scales.

QUESTION NO: 381 Which of the following statements are true about WPA?Each correct answer represents a complete solution. Choose all that apply. A. It is a certification program developed by the Wi-Fi Alliance. B. It specifies the use of a static encryption key that must be changed regularly. C. It specifies the use of dynamic encryption keys. D. It includes authentication by PSK.

Answer: A,C,D Explanation: Wi-Fi Protected Access (WPA and WPA2) is a certification program developed by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined the protocol in response to several serious weaknesses that researchers had found in the previous system, WEP. The WPA protocol implements the majority of the IEEE 802.11i standard. The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the preparation of 802.11i. Specifically, the Temporal Key Integrity Protocol was brought into WPA. Pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. Such systems almost always use symmetric key cryptographic algorithms.The characteristics of this secret or key are determined by the system which uses it; some system designs require that such keys be in a particular format. It can be a password like 'bret13i', a passphrase like 'Idaho hung gear id gene', or a hexadecimal string like '65E4 E556 8622 EEE1′. The secret is used by all systems involved in the cryptographic processes used to secure the traffic between the systems. The term is used in WiFi encryption such as WEP or WPA, where both the wireless access points (AP) and all clients share the same key.Answer: B is incorrect. This statement is not true about WPA.

QUESTION NO: 410 Wired Equivalent Privacy (WEP) is a deprecated algorithm to secure IEEE 802.11 wireless networks. What are the goals of WEP? Each correct answer represents a complete solution. Choose all that apply. A. Data Integrity B. Accessibility C. Adaptability D. Confidentiality E. Access Control

Answer: A,C,D,E Explanation: The main goals of Wired Equivalent Privacy (WEP) are as follows:Confidentiality. It prevents link layer eavesdropping.Access Control. It allows the entrance of only authorized persons to a building, room, etc. Data Integrity. It protects data from unauthorized third party.Adaptability. It is used on existing hardware. Answer: B is incorrect. It is an invalid goal.

QUESTION NO: 380 Which of the following should a user avoid while creating strong passwords for users? A. Inclusion of words found in a dictionary B. Inclusion of special characters C. Use of upper and lower-case letters D. Inclusion of the user's personal information E. Inclusion of one or more numerical digits

Answer: A,D Explanation: A strong password should not include words found in a dictionary or the user's personal information. These information make a password week and vulnerable for attack. Answer: C, E, and B are incorrect. These are parts of a strong password policy. A strong password is a password that is difficult for hackers to guess or crack. It contains a mix of upper and lower case characters, a mix of numbers, letters, and symbols, and is a minimum of six characters long. A strong password policy can be designed to enhance computer security of an organization by enforcing users to employ strong passwords and use them properly.

QUESTION NO: 436 Which of the following protocols can be used for establishing a secure connection over the Internet? Each correct answer represents a complete solution. Choose two. A. HTTPS B. TCP C. HTTP D. PPTP

Answer: A,D Explanation: Both PPTP and HTTPS protocols use some security features such as authentication or encryption that can be used for establishing a secure channel over the Internet. Hence, these answer options Point-to-Point Tunneling Protocol (PPTP) is a remote access protocol. It is an extension of the Point-to-Point Protocol (PPP). PPTP is used to securely connect to a private network by a remote client using a public data network such as the Internet. Virtual private networks (VPNs) use the tunneling protocol to enable remote users to access corporate networks securely across the Internet. PPTP supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection. The Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL), then the HTTPS instead of the HTTP protocol should be used as a protocol type in the URL. Answer: C is incorrect. HTTP is not a secure protocol. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Hence, this answer option is incorrect. Answer: B is incorrect. TCP is not a secure protocol. Transmission Control Protocol (TCP) is a reliable, connection-oriented protocol operating at the transport layer of the OSI model. It provides a reliable packet delivery service encapsulated within the Internet Protocol (IP). TCP guarantees the delivery of packets, ensures proper sequencing of data, and provides a checksum feature that validates both the packet header and its data for accuracy. If the network corrupts or loses a TCP packet during transmission, TCP is responsible for retransmitting the faulty packet. It can transmit large amounts of data. Application layer protocols, such as HTTP and FTP, utilize the services of TCP to transfer files between clients and servers. Hence, this answer option is incorrect.

QUESTION NO: 480 Which of the following cables support transmission speed of 1000Mbps?Each correct answer represents a complete solution. Choose all that apply. A. Cat 5e B. Cat 5 C. Cat 3 D. Cat 6

Answer: A,D Explanation: Cat 5e and Cat 6 cables support transmission speed of 1000Mbps.

QUESTION NO: 18 This group can apply for incentive payments for the adaption, implementation, upgrading and/or meaningful use of certified electronic health record technology, due to provisions of the Health Information Technology for Economic and Clinical Health Act of 2009. Each correct answer represents a complete solution. Choose all that apply. A. Hospitals B. Patients C. Healthcare Clearinghouse D. Eligible providers

Answer: A,D Explanation: Eligible providers including healthcare professionals like physicians, dentists, and therapists as well as hospitals, clinics and other care facilities can apply for incentive payments under the HITECH Act providing that they can demonstrate that they have adopted certified electronic health record technology (EHR), are upgrading their technology, have recently implemented new technology or are engaged in the meaningful use of EHR technology in a manner to improve the quality of healthcare. Answer: B is incorrect. Patients are not considered eligible providers of health care and would not be eligible to recent incentive payments for the adoption of electronic health record technology. Answer: C is incorrect. A healthcare clearinghouse is a business that processes healthcare claims between healthcare providers and group health insurance plans. They are not a provider of healthcare and therefore would not be eligible to receive healthcare benefits for the adoption or use of electronic health records.

QUESTION NO: 422 A user calls and tells you that his computer hangs during the boot process. Which of the following question. him in order to identify the problem?Each correct answer represents a complete solution. Choose two. A. Has any other changes been made to the computer? B. Is the mouse pointer visible on the monitor? C. What is the model of the computer processor? D. Has any hardware been installed in the computer recently?

Answer: A,D Explanation: In order to identify the problem, you should ask him the following question. Has any hardware been installed in the computer recently? This question. to identify the problem because the newly installed hardware can have the compatibility issue with existing devices. It is a possibility that any existing device may be using the same resource that is used by the newly installed hardware.Has any other changes been made to the computer? This question. to identify the problem if any removal or re-installation of devices has taken place. It is a possibility that hardware has been incorrectly re-installed. Answer: B, C are incorrect. Asking about the visibility of a mouse pointer or computer processor model will not help identify the problem.

QUESTION NO: 340 Your organization receives a wide variety of email as communication both within the organization and from outside. Some email may need to be retained as part of the legal health record according to HIPAA regulations. Which of the following may need to be archived for at least six years in accordance with HIPAA regulation? Each correct answer represents a complete solution. Choose all that apply. A. Email from a patient complaining that her husband could hear two doctors loudly discussing her medical condition in a hallway. B. Email from an outside vendor requesting a meeting to discuss a proposal for physical improvements to an x-ray facility. C. Email between two employees about a management meeting after lunch on 12/3/2009. D. Email discussing implementation of changes to workforce training procedures on workstation use.

Answer: A,D Explanation: Not all email is subject to HIPAA regulation (although there are other regulations, like Sarbanes Oxley to consider with email records of an organization), but emails that discuss privacy and security policy, contain electronic protected health information (which should be encrypted), involved patient requests for information, involves patient complaints about their information, or discusses workforce training on privacy or security issues should be retaineA, Drchived as part of the legal health record. Both option C - a discussion of training methods, and option D - a patient complaint, need to be marked for email archiving and retained. Answer: C is incorrect. This email does not involve patient information or training in privacy or security and does not require archiving to stay in compliance with HIPAA regulation. Answer: B is incorrect. This email does not involve patient information or training in privacy or security and does not require archiving to stay in compliance with HIPAA regulation.

QUESTION NO: 41 Which of the following items are configured on a user workstation for wireless networking? Each correct answer represents a complete solution. Choose two. A. Service Set Identifier (SSID) B. Security Set Identifier (SSID) C. MAC Address Filtering D. Encryption

Answer: A,D Explanation: SSID (Service Set Identifier) and encryption are part of the end user configuration. Keep in mind, encryption is not essential, but is a common requirement in today's networking world.

QUESTION NO: 119 Which of the following statements about SRAM are true? Each correct answer represents a complete solution. Choose two. A. SRAM is faster than DRAM. B. SRAM is used for permanent storage of information and is also known as ROM. C. SRAM is used for main memory. D. SRAM is used for cache memory.

Answer: A,D Explanation: Static Random Access Memory (SRAM) is used for a computer's cache memory and as part of the random access memory digital-to-analog converter on a video card. Unlike DRAM, SRAM does not have to be periodically refreshed. SRAM retains data bits in its memory as long as power is being supplied. SRAM is significantly faster and more expensive than DRAM.

QUESTION NO: 183 Which of the following actions can a user perform that has Write permission on a file? A. Access the file's content B. Moving the file to another folder C. Delete the file D. View the file

Answer: A,D Explanation: The Write permission on a file permits a user for viewing or accessing the file's contents.

QUESTION NO: 236 Which of the following statements are true about Universal Serial Bus (USB) ? Each correct answer represents a complete solution. Choose two. A. You can connect up to 127 peripheral devices to a single USB port. B. You can connect up to 16 peripheral devices to a single USB port. C. USB does not support Plug n Play installation. D. USB supports hot plugging.

Answer: A,D Explanation: Universal Serial Bus (USB) is a standard-based, external bus for a computer that brings the Plug and Play capability of hardware devices. You can use a single USB port to connect up to 127 peripheral devices, including speakers, CD-ROM drives, tape drives, keyboards, scanners, and cameras. USB supports hot plugging, which means that you can install or remove a USB device while the computer is running and the operating system automatically reconfigures itself accordingly. USB eliminates the need to install internal cards into dedicated computer slots and reconfigure the system.

QUESTION NO: 503 Which of the following is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for computers to connect and use a network service? A. IPSec B. RADIUS C. SSL D. HTTP

Answer: B Explanation: Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, Web servers, etc.RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine. RADIUS serves three functions:To authenticate users or devices before granting them access to a networkTo authorize those users or devices for certain network servicesTo account for usage of those services Answer: A is incorrect. Internet Protocol Security (IPSec) is a method of securing data. It secures traffic by using encryption and digital signing. It enhances the security of data as if an IPSec packet is captured. Its contents cannot be read. IPSec also provides sender verification that ensures the certainty of the datagram's origin to the receiver. Answer: D is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer: C is incorrect. The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. URLs that require an SSL connection start with https. instead of http:

QUESTION NO: 210 Which of the following types of connectors is used by 1000BASE-TX gigabit ethernet? A. LC B. RJ-45 C. RJ-59 D. BNC

Answer: B Explanation: 1000BASE-TX is an IEEE specification for Ethernet. This is commonly known as Gigabit Ethernet. It supports the maximum speed of 1000Mbps and the maximum cable length of 100 meters. 1000BASE-TX uses Category 5 UTP cables and RJ-45 connectors. RJ-45 is a type of connector similar to an RJ-11 telephone connector, but it is larger in size because it has eight conductors. Answer: D is incorrect. BNC stands for British Naval Connector. It is a connector used to connect 10Base2 cable network to Network Interface Card (NIC). Answer: A is incorrect. The LC connector was developed to meet the need for small and easier-to-use fiber optic connectors. The LC connector reduces space required on panels by 50%. Answer: C is incorrect. RJ-59 connector is used in cable TV's coaxial cable.

QUESTION NO: 146 Which of the following project management tools consists of a table that contains horizontal time lines and vertical indicators of project components, with bars indicating when and by whom tasks are to be completed? A. Critical Path B. Gantt Chart C. Venn Diagram D. PERT Diagram

Answer: B Explanation: A Gantt Chart is a table that contains horizontal time lines and vertical indicators of project components, with bars indicating when and by whom tasks are to be completed. Answer: C is incorrect. Venn Diagram is incorrect as this diagram is diagram used in mathematics that are used to show all possible logical relations between a finite collection of sets. Answer: D is incorrect. PERT diagram is incorrect as this is a diagram which represent the steps or component parts of a project as circles connected by lines to indicated the sequence of events. Answer: A is incorrect. Critical path is incorrect as this is not a diagram, however, it is a tool used to indicate the overall time frame a project should take to complete.

QUESTION NO: 36 You are asked to install an entirely new information system for your facility. Your superiors inquire about your plan action for this project. You construct a table illustrating your timeline and division of duties for the project based on the table shown below. What type of project management tool have you created for your project? A. Critical Path B. Gantt Chart C. Venn Diagram D. PERT Diagram

QUESTION NO: 98 Which of the following devices is useful where there are multiple computers but no need for a dedicated keyboard, monitor, and mouse for each one? A. Inverter B. KVM switch C. Switch D. USB hub

Answer: B Explanation: A KVM switch is useful where there are multiple computers but no need for a dedicated keyboard, monitor, and mouse for each one. A KVM switch is a hardware device that allows a user to control multiple computers from a single keyboard, video monitor and mouse. Although multiple computers are connected to the KVM, typically a smaller number of computers can be controlled at any given time. A user connects a monitor, keyboard, and mouse to the KVM switch, then uses special cables (generally USB and VGA ) to connect the KVM device to the computers. Control is switched from one computer to another by the use of a switch or buttons on the KVM device, with the KVM passing the signals between the computers and the keyboard, mouse and monitor depending on which computer is currently selected. Answer: D is incorrect. A USB hub is a device that allows many USB devices to be connected to a single USB port on a host computer or another hub. USB hubs are sometimes built into equipment, such as keyboards, monitors, printers, or computers. When a computer has several USB ports they all usually stem from one or two internal USB hubs rather than each port having independent USB hardware. Answer: A is incorrect. An inverter is an electrical device that converts direct current (DC) to alternating current (AC). The resulting AC can be at any required voltage and frequency with the use of appropriate transformers, switching, and control circuits. Static inverters have no moving parts and are used in a wide range of applications, from small switching power supplies in computers, to large electric utility high-voltage direct current applications that transport bulk power. Inverters are commonly used to supply AC power from DC sources such as solar panels or batteries. Answer: C is incorrect. A switch is a network connectivity device that brings media segments together in a central location. It reads the destination's MAC address or hardware address from each incoming data packet and forwards the data packet to its destination. This reduces the network traffic. Switches operate at the data-link layer of the OSI model.

QUESTION NO: 467 You are helping set up the software for a research study of patients with diabetes. One of the devices that needs data downloaded on a regular basis to check blood sugar measurements for these patients is the following. A. MRI B. Glucose monitor C. Vitals cuff D. PET

Answer: B Explanation: A blood glucose monitor measures the amount of glucose, a type of sugar, in the blood. It people with diabetes mellitus or other conditions affected by blood sugar levels, these measurements can help detect the effectiveness of medications at controlling blood sugar levels, maintaining them in a safe range, or if they need treatment for blood sugar which is too low or too high. Answer: C is incorrect. A vitals cuff is used to measure blood pressure, and some models also measure pulse. This does not help in a study of blood sugar levels. Answer: D is incorrect. PET is an acronym for a Positron Emission Tomography, a diagnostic tool that uses nuclear medicine to produce a three dimensional picture of functional processes in the body. It's often used to image tumors and in diagnosing certain brain diseases. It is not used to study diabetes. Answer: A is incorrect. An MRI is a magnetic resonance imaging, where a three dimensional image is taken using magnetic pulses to construct an image of soft tissues in the body. It often has higher contrast in soft tissues than other imaging techniques. It is not used to study blood sugar levels.

QUESTION NO: 327 You are working out a problem with file transmission to an insurance company that handles workers compensation claims. You have concerns with some of the security they have, but they tell you that since they are not a covered entity, that they do not have to follow HIPAA regulations. A. This is TRUE. Group health plans and insurance plans are not covered entities, and the insured sign away rights to have their health information protected when they are covered by the insurance. B. This is FALSE. Group plans and insurance plans that pay for medical care are covered entities and do have to follow HIPAA regulations. C. This is TRUE. Group plans and insurance plans that pay for medical care do not have to follow HIPAA regulations. D. This is FALSE. Although group plans and insurance plans that pay for medical care are not covered entities, there are special HIPAA regulations for them.

Answer: B Explanation: A covered entity is either a health care provider, a health plan, or a healthcare clearinghouse. Providers include doctors, clinics, dentists, pharmacies, nursing homes, hospitals, etc. A healthcare clearinghouse is a business that processes healthcare claims by converting nonstandard information to standardized formats. And health plan is an insurance company, an HMO, a company health plan or a government program that pays for healthcare. All of these covered entities must obey the HIPAA privacy and security rules. If you encounter a situation where someone who is a covered entity claims that they are not covered by HIPAA, you may need to report them to a government authority like the state attorney general or the Department of Health and Human Services. Answer: C is incorrect. Group health plans and insurance plans that have access to medical information and pay medical bills are covered entities and subject to HIPAA privacy and security regulations. Answer: D is incorrect. There are no "special" HIPAA regulations for health plans. Health insurance plans are covered entities and subject to all relevant privacy and security rules outlined in the HIPAA law. Answer: A is incorrect. This is absolutely false. Purchasing and insurance plan or being involved with a group health plan through a corporation or government program does not require a patient to sign away their right to the privacy and security of their health information! Group health plans are definitely subject to HIPAA regulations and cannot ask for a blanket authorization to not have to follow privacy and security regulations.

QUESTION NO: 197 You are asked to install an information system in the Nuclear Medicine department in order to record the use of radioisotopes. Which type of information system would you install for this purpose? A. Enterprise System B. Departmental System C. Intradepartmental System D. External System

Answer: B Explanation: A departmental information system is a system that is that is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: A is incorrect. Enterprise system is incorrect as this type of system is designed for use for all departments that encompass a large health system including hospitals, clinics and nursing homes. Answer: D is incorrect. External system is incorrect as this type of system is shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks. Answer: C is incorrect. Intradepartmental system is incorrect as this type of system is primarily used by one department but shares functions and information with other departments.

QUESTION NO: 318 You are the privacy officer for a mid-size ophthalmology practice that does its own in-house billing and insurance verification. You are reviewing the Physical Safeguards in the office and notice that the computer monitors at the patient check-in counter are completely visible to patients who stand at the check-out window. What is the minimum you are required to do? A. Remove the monitors completely to a different office. B. Implement filtering screens over the monitors so that only the operators using them can read the information. C. Have patients sign a second Non-Disclosure agreement in their check-out forms. D. Do in-house reconstruction so that the check-in counter is not in sight view of the check-out counter.

Answer: B Explanation: A filtering screen that only allows the practice's check-in staff to see the information can ameliorate the situation because HIPAA requires that monitors not be "in direct view of the public." Answer: A, D are incorrect. These are great options, but not the "minimum." And neither option may be practical. Answer: C is incorrect. Patients are never to have access to other patients' information even if they "agree" not to disclose it.

QUESTION NO: 487 Which of the following devices enables you to input letters, numbers, and other characters into the computer for storage or manipulation? A. Mouse B. Keyboard C. Monitor D. Printer

Answer: B Explanation: A keyboard enables you to input letters, numbers, and other characters into the computer for storage or manipulation.

QUESTION NO: 117 You are a minor, under the age of eighteen, that requires medical care. For which of the following conditions are you able to seek medical care without consent of your parents? A. Pregnancy B. Drug and Alcohol Abuse C. Eating Disorders D. Obesity

Answer: B Explanation: A minor child can request and receive medical treatment for drug and alcohol abuse and for treatment of sexually transmitted disease without the consent of a parent. Answer: C is incorrect. Parental consent is required for treatment of eating disorders. Answer: D is incorrect. Parental consent is required for treatment of obesity. Answer: A is incorrect. Parental consent is required for treatment of pregnancy.

QUESTION NO: 72 A member of your family is suffering from Alzheimer's Disease and is unable to care for themselves at home. To which of the following healthcare facilities would you contact for long term care of this individual? A. Subacute Care Facility B. Nonacute Care Facililty C. Ambulatory Care Facility D. Acute Care Facility

Answer: B Explanation: A non acute care facility, often referred to as a long term care facility, is a type of facility is used for individuals who suffer from long term illnesses that required hospital stays of longer than 30 days. Answer: C is incorrect. Ambulatory care facility is incorrect as this facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.

QUESTION NO: 495 Which of the following best describes the term protocol? A. The combination of cable type and access method used on a network. B. A set of rules. C. The ability to move data through layers of the OSI model. D. The permissible amount of data contained in a packet.

Answer: B Explanation: A protocol is a set of predefined rules that govern how two or more processes communicate and interact to exchange data. Protocols are considered as the building blocks of network communication. Computer protocols are used by communicating devices and software services to format data in a way that all participants understand. It provides a context in which to interpret communicated information.

QUESTION NO: 232 According to the American Hospital Association, which of the following types of hospitals are required to provide diagnosis and treatment for individuals who are disabled? A. Specialty Hospital B. Rehabilitation Hospital C. Psychiatric Hospital D. General Hospital

Answer: B Explanation: A rehabilitation hospital is hospital is required to provide diagnosis, treatment, restorative and adjustment services for individuals who are disabled. Answer: D is incorrect. General Hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for medical services which include Radiology, laboratory services and surgical services. Answer: A is incorrect. Specialty hospital is incorrect as this type of hospital is required to provide treatment for specific disorders such as cancer, burns or women's health. Answer: C is incorrect. Psychiatric hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for individuals who are diagnosed with mental illness.

QUESTION NO: 342 According to the American Hospital Association, which of the following types of hospitals are required to provide diagnosis and treatment for specific disorders? A. Rehabilitation Hospital B. Specialty Hospital C. Psychiatric Hospital D. General Hospital.

Answer: B Explanation: A specialty hospital is a type of hospital that is required to provide treatment for specific disorders such as cancer, burns or women's health. Answer: D is incorrect. General Hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for medical services which include Radiology, laboratory services and surgical services. Answer: A is incorrect. Rehabilitation hospital is incorrect as this type of hospital is required to provide diagnosis, treatment, restorative and adjustment services for individuals who are disabled. Answer: C is incorrect. Psychiatric hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for individuals who are diagnosed with mental illness.

QUESTION NO: 164 Which of the following services accepts documents from the client computers, stores it, and then sends it to a printer when the printer is ready? A. DNS B. Spooler C. DHCP D. Print Forwarder

Answer: B Explanation: A spooler service accepts documents from client computers, stores it, and then sends it to a printer when the printer is ready. Answer: C is incorrect. Dynamic Host Configuration Protocol (DHCP) is a service used to dynamically assign IP addresses to computers, so that they can communicate with other network services. Answer: A is incorrect. DNS service provides a service for mapping DNS domain names to IP addresses and vice versa. Answer: D is incorrect. There is no such service as Print Forwarder.

QUESTION NO: 126 Which of the following is NOT a part of secure password practices? A. Never use the same password for more than one account. B. Write down a password and keep in safe place. C. Never share or reveal passwords with or to anyone. D. Use alpha-numeric password.

Answer: B Explanation: A strong password practice prohibits you from writing down password in any condition. No place is safe for keeping a password. Answer: A, D, and C are incorrect. All these are part of secure password practices.

QUESTION NO: 338 You have a family member with terminal cancer who suddenly develops pneumonia. Which of the following types of healthcare facilities is best equipped to handle this scenario? A. Ambulatory Care Facility B. Subacute Care Facility C. Acute Care Facility D. Nonacute Care Facililty

Answer: B Explanation: A subacute care facility is a type of facility is required to treat individuals who have an acute illness or injury on top of a chronic illness. These facilities are used to treat the acute disease process that cannot be treated by the long term care facility. Answer: A is incorrect. Ambulatory care facility is incorrect as this facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.

QUESTION NO: 202 You have a family member with terminal cancer who suddenly develops pneumonia. Which of the following types of healthcare facilities is best equipped to handle this scenario? A. Nonacute Care Facililty B. Subacute Care Facility C. Acute Care Facility D. Ambulatory Care Facility

Answer: B Explanation: A subacute care facility is a type of facility is required to treat individuals who have an acute illness or injury on top of a chronic illness. These facilities are used to treat the acute disease process that cannot be treated by the long term care facility. Answer: D is incorrect. Ambulatory care facility is incorrect as this facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.

QUESTION NO: 253 You work as a Network Administrator for Tech Perfect Inc. The company has a Windows-based network. All the computers on the network are connected to a switch device. Users complain that they are unable to connect to a file server. You try to ping the client computers from the server, but the pinging fails. You try to ping the server's own loopback address, but it fails to ping. You restart the server, but the problem persists. What is the most likely cause? A. The cable that connects the server to the switch is broken. B. The server's NIC is not working. C. The switch device is not working. D. Automatic IP addressing is not working.

Answer: B Explanation: According to the question. ping the loopback address of the server failed. If pinging the server's own loopback address fails, it shows that the server's NIC is not working. Loopback addresses are IP addresses with 127 in their first octet. These addresses are used to test TCP/IP configuration. It uses a loopback driver to reroute the outgoing packets back to the source computer. Answer: D is incorrect. Automatic IP addressing is out of context for this scenario. Answer: A is incorrect. The cable connection is not the likely issue, as you are unable to ping the server's own loopback address. If the cable connection between the server and the switch was broken, you would have had to at least ping the server's loopback address. Answer: C is incorrect. The failure of the pinging of the loopback address indicates that the problem is with the NIC.

QUESTION NO: 221 For what period of time do all records containing HIPPA information be retained? A. 4 years B. 6 years C. 30 years D. 10 years

Answer: B Explanation: All material containing HIPAA information must be retained for a period of 6 years after the materials were last in effect. This rule also pertains to any authorizations or business associated materials that may contain protected information.

QUESTION NO: 128 Which of the following refers to a facility that offers a wide range of medical, surgical, pediatric and obstetric services that require a hospital stay of less than 30 days? A. Subacute Care Facility B. Acute Care Facility C. Nonacute Care Facililty D. Ambulatory Care Facility

Answer: B Explanation: An acute care facility is to a facility that offers a wide range of medical, surgical, pediatric and obstetric services that require a hospital stay of less than 30 days. Answer: D is incorrect. Ambulatory care facility is incorrect as this facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.

QUESTION NO: 187 Which of the following types of hospital information systems are designed to share information among all departments included in a large health system? A. Departmental System B. Enterprise System C. Intradepartmental System D. External System

Answer: B Explanation: An enterprise system of health information is designed primarily for sharing information for all departments that encompass a large health system including hospitals, clinics and nursing homes. Answer: C is incorrect. Intradepartmental system is incorrect as this type of hospital information system is primarily used by one department but shares functions and information with other departments. Answer: A is incorrect. Departmental System is incorrect as this type of hospital system is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: D is incorrect. External system is incorrect as this type of system is shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks.

QUESTION NO: 401 Which of the following types of health information systems is designed to be shared by many health organizations to report information required by regulatory agencies? A. Departmental System B. External System C. Hospital Wide System D. Enterprise System

Answer: B Explanation: An external hospital information system is designed to be shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks. Answer: C is incorrect. Hospital Wide System is incorrect as this is a health information system that is designed for the integration of various departmental systems or one that provides the primary services for a hospital or clinical area. Answer: A is incorrect. Departmental System is incorrect as this type of hospital system is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: D is incorrect. Enterprise system is incorrect as this type of system is designed for use for all departments that encompass a large health system including hospitals, clinics and nursing homes.

QUESTION NO: 244 Your primary duty as a healthcare information technologist is to design and implement an information system to be shared by many health organizations to report information required by regulatory agencies. Which of the following types of information systems are you responsible for implementing? A. Departmental System B. External System C. Enterprise System D. Hospital Wide System

Answer: B Explanation: An external hospital information system is designed to be shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks. Answer: D is incorrect. Hospital Wide System is incorrect as this is a health information system that is designed for the integration of various departmental systems or one that provides the primary services for a hospital or clinical area. Answer: A is incorrect. Departmental System is incorrect as this type of hospital system is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: C is incorrect. Enterprise system is incorrect as this type of system is designed for use for all departments that encompass a large health system including hospitals, clinics and nursing homes.

QUESTION NO: 19 Which of the following types of health insurance allows the patient to direct his/her own care? A. HMO B. Indemnity Plan C. Point of Service D. PPO

Answer: B Explanation: An indemnity plan allows you to visit any doctor, any hospital and direct your own care. Answer: A is incorrect. HMO is incorrect as this offers healthcare services for a prepaid fixed amount of reimbursement. In an HMO, providers and subscribers voluntarily enroll and the HMO assumes responsibility and financial risks. Answer: D is incorrect. PPO is incorrect as this is a network of physicians or healthcare organizations that provide healthcare at a discounted rate in return for higher patient volume. Answer: C is incorrect. Point of Service (POS) is an agreement where a patient is permitted to choose a provider each time healthcare service is required.

QUESTION NO: 482 A helpdesk technician received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account on UNIX servers and asked for it. Although the technician didn't know any administrator at the branch office, the guy sounded really friendly and since he knew the root password himself, he supplied the caller with the password. What type of attack has just occurred? A. War dialing attack B. Social Engineering attack C. Replay attack D. Brute Force attack

Answer: B Explanation: Any process whereby the attacker attempts to get a person to divulge security information is called social engineering attack. This is a very common tactic.

QUESTION NO: 524 Which of the following categories of information technology in the health care setting involves bar coding applications? A. Clinical IT B. Infrastructure IT C. Administrative IT D. Financial IT

Answer: B Explanation: Applications of infrastructure information technology support the infrastructure of the health care facility. These applications include voice recognition for medical records and medical transcription as well as bar coding applications for medical devices and drugs. Answer: C is incorrect. Administrative IT is incorrect as these applications are used to make staff scheduling, patient registration and payroll procedures more efficient. Answer: A is incorrect. Clinical IT is incorrect as these applications are used for prescription of drugs and ordering of laboratory tests and medical procedures Answer: D is incorrect. Financial IT is incorrect as these applications are used to improve the efficiency of billing and accounting practices.

QUESTION NO: 278 What precautions should you take before removing a computer case? A. Turn off the monitor. B. Shut down the computer and turn off the power connection. C. Disconnect the monitor from the computer. D. Remove the SMPS.

Answer: B Explanation: Before removing a computer case, you should first shut down the computer and turn off the power connection. Otherwise, you could get a lethal shock and the components inside the computer could be damaged. Answer: D is incorrect. You cannot remove the Switch Mode Power Supply (SMPS) before removing the computer case. Answer: A, C are incorrect. There is no need to turn off or disconnect the monitor to remove the computer case.

QUESTION NO: 434 You are the privacy officer for a medical practice and the senior practice partner is auditing your Physical Safeguards to see if you have complied with HIPA A . He's concerned with the access controls you have in place for the practice to protect PHI. Under HIPAA, which of the following is not a required Physical Safeguard for PHI? A. Visitor sign-in B. Business Associate Agreement C. Visitor escorts D. Security plans for the facility

Answer: B Explanation: Business Associate Agreement is not a physical safeguard. It is required under HIPAA, but it falls more under an administrative compliance, not a physical safeguard. One can think of physical safeguards as literally the physical barriers to PHI, not the legalistic, contractual, or operational protections. Answer: A is incorrect. Visitor sign-in is a good physical safeguard and provides a record of who has had access to PHI, in the event a violation occurs. It also signals to visitors the importance the practice places on PHI protection. Answer: D is incorrect. Security plans for the facility is essential as a physical safeguarC, Dan include items like the burglar systems, locking of areas that contain PHI, and any entrance or exit policy to PHI areas. Answer: C is incorrect. Visitor escorts is also particularly important and required if you have outside agencies PPO's, PSO (Patient Safety Organizations), and even more mundane visitors (interior decorators, drug reps, etc. who may need to go into or through an area of PHI.

QUESTION NO: 299 You are furloughed from your position as a healthcare IT specialist. Your employer failed to offer you the option to continue your medical insurance for at least ninety days. Which piece of legislation has been ignored by your employer? A. EMTALA B. COBRA C. HIPAA D. Patients Bill of Rights

Answer: B Explanation: COBRA, the Consolidated Omnibus Budget Reconciliation Act, was devised in 1985 gives workers and their families who lose their health benefits the right to choose to continue group health benefits provided by their group health plan for limited periods of time under certain circumstances such as voluntary or involuntary job loss, reduction in the hours worked, transition between jobs, death, divorce, and other life events. Answer: C is incorrect. HIPPA is incorrect as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 304 Which of the following is referred to as a network in which network nodes request and receive services and data from another networked node? A. CAN B. Client-server C. LAN D. PAN

Answer: B Explanation: Client-server networking is also known as client-server computing. It is a distributed application architecture that partitions tasks or work loads between service providers (servers) and service requesters, called clients. Often clients and servers operate over a computer network on separate hardware. A server machine is a high-performance host that is running one or more server programs which share its resources with clients. A client does not share any of its resources, but requests a server's content or service function. Clients therefore initiate communication sessions with servers which await (listen to) incoming requests. Answer: C is incorrect. Local Area Network (LAN) represents a network that covers a very close geographic area, such as a floor of a building, a building itself, or a campus environment. LAN is a high-speed network that connects computers, printers, and other network devices together. The media types used in LANs include Ethernet, Fast Ethernet (FE), Gigabit Ethernet (GE), Token Ring, and FDDI. A LAN may include servers, workstations, hubs, bridges, switches, routers, gateways, firewalls, etc. Answer: A is incorrect. A campus area network (CAN) is a computer network that interconnects local area networks throughout a limited geographical area, such as a university campus, a corporate campus, or a military base. It could be considered a metropolitan area network that is specific to a campus setting. A campus area network is, therefore, larger than a local area network but smaller than a wide area network. The term is sometimes used to refer to university campuses, while the term corporate area network is used to refer to corporate campuses instead. Although not considered a wide area network, a CAN extends the reach of each local area network within the campus area of an organization. In a CAN, the buildings of a university or corporate campus are interconnected using the same types of hardware and networking technologies that one would use in a LAN. In addition, all of the components, including switches, routers, and cabling, as well as wireless connection points, are owned and maintained by the organization. Answer: D is incorrect. A personal area network (PAN) is a computer network used for communication among computer devices (including telephones and personal digital assistants) close to one's person. The reach of a PAN is typically a few meters. A PAN can be used for communication among the personal devices themselves (intrapersonal communication), or for connecting to a higher level network and the Internet.

QUESTION NO: 105 Which of the following refers to the process of applying proper numerical values to medical services obtained in order to achieve proper billing practices? A. Archiving B. Coding C. Thinning D. Scanning

Answer: B Explanation: Coding is the act of applying the proper codes for medical services rendered in order to properly bill the patient or patient's insurance carrier. Answer: A is incorrect. Archiving is incorrect as this act is ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. Answer: C is incorrect. Thinning is incorrect as this is to make a patients chart easier to handle after it has become to large and cumbersome to handle. This act is normally necessary for a patient who has incurred an extended stay in the hospital. The medical records that have been thinned are not destroyed but sent to the central medical records area where they should still be readily accessible. Answer: D is incorrect. Scanning is incorrect as this is the act of converting paper medical records into computerized form.

QUESTION NO: 460 You have been asked to analyze a patient's medical record And design a numerical value to all services this patient has received. Which of the following tasks have you been asked to perform? A. Archiving B. Coding C. Scanning D. Thinning

Answer: B Explanation: Coding is the act of applying the proper codes for medical services rendered in order to properly bill the patient or patient's insurance carrier. Answer: A is incorrect. Archiving is incorrect as this act is ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. Answer: D is incorrect. Thinning is incorrect as this is to make a patients chart easier to handle after it has become to large and cumbersome to handle. This act is normally necessary for a patient who has incurred an extended stay in the hospital. The medical records that have been thinned are not destroyed but sent to the central medical records area where they should still be readily accessible. Answer: C is incorrect. Scanning is incorrect as this is the act of converting paper medical records into computerized form.

QUESTION NO: 309 Which of the following is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service? A. PEAP B. Kerberos C. RADIUS D. MS-CHAP v2

Answer: C Explanation: Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, Web servers, etc. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine. RADIUS serves three functions: To authenticate users or devices before granting them access to a network To authorize those users or devices for certain network services To account for usage of those services Answer: D is incorrect. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is the new version of MS-CHAP. MS-CHAP v2 provides the highest level of security and encryption for dial-up connection in the environment consisting of both Windows NT and Windows 2000/XP dial-up clients. It provides mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving data. Answer: A is incorrect. PEAP (Protected Extensible Authentication Protocol) is a method to securely transmit authentication information over wired or wireless networks. It was jointly developed by Cisco Systems, Microsoft, and RSA Security. PEAP is not an encryption protocol; as with other EAP protocols, it only authenticates a client into a network. PEAP uses server-side public key certificates to authenticate the server. It creates an encrypted SSL/TLS (Secure sockets layer/Transport layer security) tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key. The resultant exchange of authentication information inside the tunnel to authenticate the client is then encrypted and the user credentials are thus safe and secure. Answer: B is incorrect. Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos builds on symmetric key cryptography and requires a trusted third party. Kerberos uses as its basis the Needham-Schroeder protocol. It makes use of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts. Authentication Server (AS) Ticket Granting Server (TGS) Kerberos works on the basis of tickets, which serve to prove the identity of users. The KDC maintains a database of secret keys; each entity on the network, whether a client or a server, shares a secret key known only to itself and to the KDC. Knowledge of this key serves to prove an entity's identity. For communication between two entities, the KDC generates a session key, which they can use to secure their interactions.

QUESTION NO: 136 You have been asked to analyze a patient's medical recorA, Dssign a numerical value to all services this patient has received. Which of the following tasks have you been asked to perform?' A. Scanning B. Coding C. Archiving D. Thinning

Answer: B Explanation: Coding is the act of applying the proper codes for medical services rendered in order to properly bill the patient or patient's insurance carrier. Answer: C is incorrect. Archiving is incorrect as this act is ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. Answer: D is incorrect. Thinning is incorrect as this is to make a patients chart easier to handle after it has become to large and cumbersome to handle. This act is normally necessary for a patient who has incurred an extended stay in the hospital. The medical records that have been thinned are not destroyed but sent to the central medical records area where they should still be readily accessible. Answer: A is incorrect. Scanning is incorrect as this is the act of converting paper medical records into computerized form.

QUESTION NO: 521 As a member of the healthcare IT team, you are asked to send a patient's MRI exam from the MRI department to a PACS system for permanent archival. Which of the following would you depend on for transmission of these images? A. HIPPA B. DICOM C. EMTALA D. Health Level 7

Answer: B Explanation: DICOM, short for Digital Imaging and Communications in Medicine, refers to the standard of handling, storing, printing and transmitting information in medical imaging. Answer: D is incorrect. Health Level 7 is incorrect as this is a is an international community of healthcare subject matter experts and information scientists collaborating to create standards for the exchange, management and integration of electronic healthcare information. HL7 promotes the use of such informatics standards within and among healthcare organizations to increase the effectiveness and efficiency of healthcare information delivery for the benefit of all.

QUESTION NO: 122 You are a healthcare IT technician. Your manager provides you a storage media having PHI data and wants you to perform low level format on it. Which form of secure disposal of PHI are you performing? A. Sanitizing B. Degaussing C. Piercing D. Shredding

Answer: B Explanation: Degaussing is a process in which the magnetic field of a disk or drive is removed. When degaussing occurs on a magnetic media, it removes an entire media element quickly and effectively. A device has been designed for this process, called the degausser. Degaussing makes the disk or drive inoperable by performing low-level formatting. It is only done at the factory during manufacturing. To make the drive or disk functional, return it to the manufacturer for servicing. A degaussed disk can generally be reformatted and reused with standard consumer hardware. Answer: D is incorrect. Shredding can be defined as the program that is used for the purpose of rewriting the files several times with the random series of binary data. It is capable of removing the files from the system, permanently. In the process of shredding, the content of the file can be overwritten. The process of recovering such a shredded file is usually theoretical. Answer: A is incorrect. Sanitization refers to the general process of removing data from storage media, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed. Answer: C is incorrect. Piercing of media is not a secure way of disposal of PHI data.

QUESTION NO: 350 Which of the following refers to medical information that is protected, but contains nothing regarding the patient's illness or treatment? A. Individually Identifiable Health Information B. Demographic Health Information C. Archived Health Information D. De-Indentified Health Information

Answer: B Explanation: Demographic Health Information is a part of individually identifiable health information, it contains no information regarding and individual's illness or treatment. Demographic information is the patient's name, date of birth, address, social security number, insurance information and contact information. Answer: A is incorrect. Individually Identifiable Health Information is incorrect as this is information, including demographic information that relates to the individual's past, present or future physical or mental health or condition, the provision of health care to an individual or the past, present or future payment of health care provisions. Answer: D is incorrect. De-identified health information is incorrect as this information requires removal of all data in which a patient can be identified such as name, date of birth, social security number and address. Answer: C is incorrect. Archived Health Information is incorrect as this is health information that has been stored on some sort of media such as a compact disc, dvd or videotape.

QUESTION NO: 332 The HIPAA Privacy Rule provide a list of exceptions where protected health information can be disclosed without the authorization of the patient, and several of these exceptions involve legal matters. Which of the following is NOT one of those exceptions to authorized disclosure? A. Disclosure to report abuse, neglect or domestic violence. B. Disclosure to family members during a custody case. C. Disclosure to law enforcement officials to locate a fugitive, suspect or missing person. D. Disclosure for judicial proceedings

Answer: B Explanation: Disclosure to a family member is not an exception to authorized disclosure unless the patient is no longer competent, and then other laws go into effect regarding next of kin authorization. Previous authorization is required if this kind of release of information is to occur. Unless an authorization has been clearly made, there should be no release to family members in this kind of legal matter. Answer: C is incorrect. Disclosure to law enforcement officials is an exception and no authorization document is required. Answer: A is incorrect. Disclosure to report abuse, neglect or domestic violence is a HIPAA exception and no authorization document is required for disclosure to proper authorities. Answer: D is incorrect. Disclosure for judicial proceedings in which the patient or covered entity is involved is an exception and no authorization document is required.

QUESTION NO: 484 Which of the following refers to an electronic version of patient data that is compiled from several different facilities and healthcare providers? A. Archived Health Information B. Electronic Health Record C. Electronic Medical Record D. Demographic Health Information

Answer: B Explanation: Electronic Health Record is a compilation of core data from multiple sources and may be comprised of several different e-records submitted by several different providers.

QUESTION NO: 81 Which of the following is the primary TCP/IP protocol used to transfer text and binary files over the Internet? A. SNMP B. FTP C. PPTP D. SMTP

Answer: B Explanation: File Transfer Protocol (FTP) is a primary protocol of the TCP/IP protocol suite, which is used to transfer text and binary files between a host computer and a server computer over the Internet. Answer: A is incorrect. Simple Network Management Protocol (SNMP) is a part of the TCP/IP protocol suite, which allows users to manage the network. SNMP is used to keep track of what is being used on the network and how the object is behaving. Answer: C is incorrect. Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP does not provide confidentiality or encryption. It relies on the protocol being tunneled to provide privacy. It is used to provide secure, low-cost remote access to corporate networks through public networks such as the Internet. Using PPTP, remote users can use PPP-enabled client computers to dial a local ISP and connect securely to the corporate network through the Internet. PPTP has been made obsolete by Layer 2 Tunneling Protocol (L2TP) and IPSec. Answer: D is incorrect. Simple Mail Transfer Protocol (SMTP) is a common protocol for sending e-mails between servers over the Internet.

QUESTION NO: 95 Your hospital's equipment vendor provides many life-saving devices, from heart-monitors to EKG's, that store and sort PHI data for retrieval by the hospital's EMR system. In your Service Level Agreements (SLA), you want to make sure that equipment vendors have agreed to the essentials that HIPAA and NIST recommend are in place for a contingency situation for covered entities. Which of the following would not be a NIST recommendation? A. Allowable outage times for the piece of equipment B. Financial penalties for the vendor failing to meet the recovery deadlines C. Deadlines for providing restoration of data D. A list of recovery strategies to restore IT operations quickly between equipment and the EMR system

Answer: B Explanation: Financial penalties are often included in SLA's to ensure vendor compliance; however, NIST does not concern itself with punitive measures but rather preventative policies and plans. Answer: D is incorrect. NIST recommends that all covered entities have a list of IT recovery strategies as part of their contingency plans to meet HIPAA's guidelines. A vendor's SLA should indicate its role in fulfilling these strategies regarding its equipment. Answer: C is incorrect. This is an essential part of any NIST recommendation for SLA's and any SLA in general. The whole point of a service level agreement is to define the level of service, that is how quickly issues will be resolved when they occur. In a medical setting, such IT issues can have life-changing consequences and time is of the essence. Answer: A is incorrect. Similar to option C, the allowable outage time also impacts level of service in the hospital or medical setting. It may be that the restoration of data may be more complex and take longer than the simple functioning of the equipment. The service a vendor provides around such a situation how quickly they respond to and fix or replace a device is an essential part of an SLA.

QUESTION NO: 334 There are a number of computers containing Electronic PHI (EPHR) in your covered entity that have become really sluggish and chock full of stuff that slows them down. You are trying to decide how to replace them or fix them so that they can run faster because staff morale is really starting to sink over frustrations with the machines. You have several options, except. A. Lease better machines, expose the old machines to a destructive magnetic field, and take them to the recycler. B. Buy new machines and throw these dinosaurs in the dumpster out back. C. Completely erase and reformat the drives so that they run faster. D. Melt, shred, incinerate or pulverize the hard drives and replace them with new, faster hard drives.

Answer: B Explanation: HIPAA prohibits dumping machines that contain PHI without first destroying the information or the ability to get the information. The ways that the information can be destroyed are listed in the other three answers. Answer: A is incorrect. A magnetic field can reduce the data on the machines to an unrecoverable state and then allow for the machines to be recycled or dumped. Recycling an old computer may be legally required in some states, but if the drive information is still accessible, this is a violation of HIPAA. Before it is put into the recycling process, the drives that contain its information must be destroyed, written over, magnetically disrupted or erased in such a way that there is no possibility for further PHI access. Some recycling centers offer these services. Answer: D is incorrect. This option lists ways that HIPAA prescribes for eliminating the risk of accessing the EPHI. Answer: C is incorrect. HIPAA also allows for the drives to be written over or erased in such a way that ensures that the original EPHI cannot be retrieved or recovered.

QUESTION NO: 255 It is time for your medical practice's annual spring cleaning. Your employer has instructed you that all medical records belonging to patients who haven't been a part of the practice for at least five years need to be destroyed. Many of those patients were charted using paper medical records, before the practice adopted its current EMR system. Under the privacy laws, what can you do? A. Dump them in the dumpster behind the practice. B. Both B, C. C. Securing the records until an outside vendor who has a BAA with you can pick them up to destroy them. D. Shredding them yourself.

Answer: B Explanation: HIPAA's main concern is that the public or those unauthorized to review PHI will access disposed records and both these options achieve that. Answer: A is incorrect. Simply putting them in the outdoors dumpster is not enough because the public and unauthorized people may be able to access the records. HIPAA requires that if you do place them in dumpster, all PHI must be rendered completely unreadable or indecipherable first. Answer: D is incorrect. You could shred them yourself, since you work for the entity and are charge of this work; this prevents the public from accessing the records. This is one correct option Answer: C is incorrect. HIPAA allows the record destruction to take place off-premises as long as the records are secured from any possible violation or theft until the shredding vendor picks them up. The practice should also have a BAA with the vendor since they are now a 3rd party with access to the PHI. But patients do not need to know about this process as long as they received a Privacy Notice initially when they came into the practice explaining that access to their PHI would be occur as part of the normal operations of the business.

QUESTION NO: 207 Which of the following pieces of legislation insures the privacy and security of personal health information? A. Patient Bill of Rights B. HIPPA C. EMTALA D. MIPPA

Answer: B Explanation: HIPPA is the legislation designed to insure the privacy and security of personal health information.

QUESTION NO: 198 Which of the following refers to the group of health care subject matter experts and information scientists who create the standards for exchange, management and integration of electronic health records? A. DICOM B. Health Level 7 C. EMTALA D. HIPPA

Answer: B Explanation: Health Level 7 (HL7) is an international community of healthcare subject matter experts and information scientists collaborating to create standards for the exchange, management and integration of electronic healthcare information. HL7 promotes the use of such informatics standards within and among healthcare organizations to increase the effectiveness and efficiency of healthcare information delivery for the benefit of all. Answer: D is incorrect. HIPPA is incorrect as this is the legislation designed to insure the privacy and security of personal health information.

QUESTION NO: 222 Which of the following is the default port for Hypertext Transfer Protocol (HTTP)? A. 21 B. 80 C. 23 D. 25

Answer: B Explanation: Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer: D is incorrect. Port 25 is the default port for Simple Mail Transfer Protocol (SMTP). Answer: C is incorrect. Port 23 is the default port for the TELNET utility. Answer: A is incorrect. Port 21 is the default port for File Transfer Protocol (FTP).

QUESTION NO: 62 Your computer is not connected to the UPS. What can happen in an event of power failure? A. CMOS battery failure. B. Damage of components. C. Distorted display. D. BIOS configuration is reset.

Answer: B Explanation: If your computer is not connected to the UPS, power failure may cause damage to peripheral components. You can avoid such problems by using UPS and surge protector.

QUESTION NO: 305 In medical terminology, the suffix -itis is used to describe which of the following conditions? A. Study of B. Inflammation C. Opening D. Disease

Answer: B Explanation: In medical terminology, any word that ends with the suffix -itis refers to an inflammatory condition. Examples are arthritis means inflammation of a joint, laryngitis means inflammation of the larynx, and gastritis means inflammation of the stomach or stomach lining. Answer: D is incorrect. Disease is incorrect as any condition that refers to a disease process is accompanied by the suffix -osis, example diverticulosis is as disease of the diverticulum. Answer: C is incorrect. Opening is incorrect as any medical condition that refers to opening ends with the suffix -otomy, example thoracotomy means an opening was made in the thorax. Answer: A is incorrect. Study of is incorrect as any term referring to the stdy of anything end with the suffix -ology, example Radiology is the study of radiation, cardiology is the study of the heart.

QUESTION NO: 459 In medical terminology, the suffix -otomy is used to describe which of the following? A. Study of B. To cut into C. Inflammation D. Disease

Answer: B Explanation: In medical terminology, any word that ends with the suffix -otomy means to cut into a particular area. Examples are thoracotomy which means an opening was made in the thorax or chest areA, Craniotomy which means an opening was created in the head. Answer: C is incorrect. inflammation is incorrect as any medical term referring to inflammation ends with the suffix -itis. Answer: D is incorrect. Disease is incorrect as any condition that refers to a disease process is accompanied by the suffix -osis, example diverticulosis is as disease of the diverticulum. Answer: A is incorrect. Study of is incorrect as any term referring to the study of anything end with the suffix -ology, example Radiology is the study of radiation, cardiology is the study of the heart.

QUESTION NO: 506 You work as a healthcare technician for an organization. To enhance security, the company wants users to provide a third key (apart from ID and password) for authentication to access the company's Web site. Which of the following technologies provide a cost effective way to accomplish the task? A. Smart cards B. Key fobs C. VPN D. Biometrics

Answer: B Explanation: In order to accomplish the task, you should use key fobs. The company will provide key fobs to all its users. This will provide users secure access to the company's Web site. The numbers generated in the key fobs will be used by users as the third key.

QUESTION NO: 326 You work as a Network Administrator for NetTech Inc. You are developing a backup policy for the company and want to accomplish the following goals. The number of tapes required to back up data should be minimized. The number of tapes required to restore data should be minimized. Which of the following backup policies will you choose? A. A full backup once a month and an incremental backup daily B. A full backup every Friday and differential backups from Monday to Thursday C. A differential backup every night D. A full backup every Friday and incremental backups from Monday to Thursday

QUESTION NO: 335 You work as a Network Administrator for NetTech Inc. You are developing a backup policy for the company and want to accomplish the following goals. The number of tapes required to back up data should be minimized.The number of tapes required to restore data should be minimized.Which of the following backup policies will you choose? A. A differential backup every night B. A full backup every Friday and differential backups from Monday to Thursday C. A full backup once a month and an incremental backup daily D. A full backup every Friday and incremental backups from Monday to Thursday

Answer: B Explanation: In order to minimize the number of tapes required to back up data, you should perform a full backup every Friday. Performing differential backups from Monday to Thursday will reduce the number of tapes required to restore data. This is because in the event of data loss, you will have to restore only the last full backup and the last differential backup. Differential backup backs up files that are created or changed since the last full backup. It requires minimum space to backup data. Differential backup requires only the last full backup tape and the last differential backup tape to restore data. It is faster as compared to full backup. Full backup backs up entire data. Taking a full backup daily is impractical, as it is time consuming. Instead, a well-defined backup strategy should be implemented as a weekly full backup and a daily differential backup. Answer: A is incorrect. Performing a full backup is necessary to restore data. Taking only a differential backup will not work. Answer: C, D are incorrect. An incremental backup requires restoring the last full backup tape and all incremental backup tapes since the last full backup. This will increase the number of tapes to be restored. Incremental backup backs up files that are created or changed since the last full or incremental backup. Incremental backup provides a faster method of backing up data than most other backup methods. Restoring data from an incremental backup requires the last full backup and all subsequent incremental backups. Incremental backups must be restored in the same order as they were created.If any incremental backup in the incremental backup set is damaged or becomes corrupt, the data backed up after corruption cannot be restored.

QUESTION NO: 118 Which of the following protocols is used to securely transfer files from one host to another over the network? A. TFTP B. SFTP C. Telnet D. FTP

Answer: B Explanation: Secure File Transfer Protocol (SFTP) is used for secure, encrypted file transfers. SFTP is FTP over SSH and uses Secure Shell (SSH) for encryption and authentication. Answer: D is incorrect. FTP supports unencrypted authentication and file transfers between similar or dissimilar systems. Answer: A is incorrect. Trivial FTP (TFTP) is faster and less reliable than FTP for transferring files. It uses UDP to reduce overheads. It is less secure than FTP. Answer: C is incorrect. Telnet enables a host to connect and run a session on another host through remote terminal emulation. It is not a secure communication method.

QUESTION NO: 481 Your past medical records including hospitalizations, physician visits and medication prescription are all examples of which of the following? A. Archived Health Information B. Individually Identifiable Health Information C. Demographic Health Information D. De-Indentified Health Information

Answer: B Explanation: Individually Identifiable Health Information is information, including demographic information that relates to the individual's past, present or future physical or mental health or condition, the provision of health care to an individual or the past, present or future payment of health care provisions. Answer: A is incorrect. Archived Health Information is incorrect as this is health information that has been stored on some sort of media such as a compact disc, dvd or videotape. Answer: D is incorrect. De-identified health information is incorrect as this information requires removal of all data in which a patient can be identified such as name, date of birth, social security number and address. Answer: C is incorrect. Demographic Health Information is incorrect although, this is a part of individually identifiable health information, it contains no information regarding and individual's illness or treatment. Demographic information is the patient's name, date of birth, address, social security number, insurance information and contact information.

QUESTION NO: 272 How many devices can be connected to an IEEE 1394 port? A. 1 B. 63 C. 8 D. 127

Answer: B Explanation: Institute of Electrical and Electronics Engineers (IEEE) 1394, also known as Firewire, is a standard for a high-speed (up to 400 Mbps) communication serial bus that provides enhanced PC connectivity for a wide range of devices. These devices include consumer audiovisual components, traditional PC storage devices, and handheld devices. An IEEE 1394 port provides a Plug and Play-compatible expansion interface for PCs and allows up to 63 devices to be connected. Answer: D is incorrect. A single USB port allows up to 127 devices to be connected.

QUESTION NO: 295 In the above example #11, what is the best practice the nurse could say to maintain HIPAA compliance? A. "Yes, sure just let me ask the front office what time your mother's appointment finishes." B. "I don't know if we have a patient here by that name; however, if you have a family code I can try to find out." C. "Can you tell me the patient's date of birth and mother's maiden name?" D. "Can you tell me your date of birth and your relationship to the patient?"

Answer: B Explanation: It is the best practice because it does not confirm in any way that a patient by that name is in the practice and it also ensures that it is a family members or caretaker who has a code provided by the practice to individuals the patient has authorized to receive PHI. Answer: A is incorrect. While polite, it confirms that patient is there and does nothing to verify the caller's identity. Answer: C is incorrect. While this may verify the patient's identity, it still confirms that the patient is there, which doesn't protect the patient from controlling who receives her information. Furthermore, it releases PHI to a caller who is not corroborated at all. Answer: D is incorrect. This confirms that the patient is there, before the caller is validated. It also still leaves room for information to be forged. Codes on the other hand are controlled by the practice itself.

QUESTION NO: 238 Which of the following terms describes a central room for servers, hubs, routers, DSLs etc? A. HVAC B. MDF C. Keyfobs D. IDF

Answer: B Explanation: Main Distribution Frame (MDF) is the main computer room for servers, hubs, routers, DSL's, etc. to reside. Cables entering a building run through a centralized MDF, then each individual IDF and then on to specific workstations. Answer: D is incorrect. The Independent Distribution Frame (IDF) is a remote room or closet connected to the MDF by fiber optic cable. IDF contains hubs and patch panels. Answer: A is incorrect. HVAC stands for the closely related functions of "Heating, Ventilating, and Air Conditioning". It is the technology of indoor or automotive environmental comfort. HVAC system design is a major sub-discipline of mechanical engineering, based on the principles of thermodynamics, fluid mechanics, and heat transfer. Answer: C is incorrect. Key fobs are security devices used by telecommuters to provide one part of a three way match for a user to log on to a secured network.

QUESTION NO: 53 Part of the medical workflow process is when dictated voice-recorded reports about patient encounters are converted into text. This process is called. A. Billing B. Transcription C. Auditing D. Coding

Answer: B Explanation: Medical transcription, done by transcriptionists, is the process of physician-dictated voice reports being converted into text files and incorporated into the medical record. Transcriptionist need to correctly format this text files and understand medical terminology to correctly transcribe the physician's words. Answer: D is incorrect. Coding is a process used to convert the stated diagnoses and procedures performed upon the patient into a system of numerical codes using the ICD9, ICD10, CPT and MSDRG systems. Coding is used in analysis and insurance billing. Answer: A is incorrect. Billing is the process of sending an invoice for services rendered to an insurance company, patient or third party payer for the health care organization to receive reimbursement for services rendered. Answer: C is incorrect. Auditing can mean several things in a healthcare environment, from a medical audit involving a quality improvement process regarding a review of care in the facility, and security audits involving the effectiveness of security measures and release of information guidelines. Neither of these involved the conversion of dictation into text files.

QUESTION NO: 141 Which of the following network topologies is the most fault tolerant? A. Bus B. Mesh C. Star D. Ring

Answer: B Explanation: Mesh is the most fault tolerant network topology.

QUESTION NO: 419 Which of the following is software that gathers information about a user and violates the user's personal security? A. Spamware B. Spyware C. Adware D. Malware

Answer: B Explanation: Spyware is software that gathers information about a user without his knowledge. Spyware can get into a computer when the user downloads software from the Internet. Spyware can search the contents of a hard disk, address book of an e-mail, or any information about the computer, and transmits the information to the advertisers or other interested parties. Answer: C is incorrect. Adware is software that automatically downloads and display advertisements in the Web browser without user permission. When a user visits a site or downloads software, sometimes a hidden adware software is also downloaded to display advertisement automatically. This can be quite irritating to user. Some adware can also be spyware. Answer: A is incorrect. Spamware is software designed by or for spammers to send out automated spam e-mail. Spamware is used to search for e-mail addresses to build lists of e-mail addresses to be used either for spamming directly or to be sold to spammers. The spamware package also includes an e-mail harvesting tool. Answer: D is incorrect. Malware is a software that is designed to damage or corrupt a system such as a Trojan horse, virus or worm.

QUESTION NO: 15 You work in a healthcare clinic that has many patients that receive benefits from a state program that helps low-income families with the costs of healthcare. You have to work with the state office to check on the design and deployment of healthcare information systems that can help check eligibility policies and deploy electronic health records in treatment and billing. What is one of the names of this kind of program? A. Medicare B. Medicaid C. Tricare D. FEHB

Answer: B Explanation: Monitored on the federal level but implemented by individual states, the Medicaid program pays for healthcare for low-income individuals and families that fit into an eligibility group (often based on age, pregnancy, disabilities, income, etc.). The federal Centers of Medicare and Medicaid Services is working with states to implement best practices in technology design and deployment, promote innovation and diffuse promising new technology solutions across the nation, reduce long cycle times for systems implementation, and improve system reliability and performance. Answer: A is incorrect. Medicare is a federal insurance program administered nationwide by the Centers for Medicare and Medicaid Services, a part of the Department of Health and Human Services. Medicare is for people over the age of 65, or who have certain disabilities. Answer: C is incorrect. Tricare is a medical insurance program for active duty members of the US military. Answer: D is incorrect. FEHB is the Federal Employee Health Benefits Program for federal employees, retirees and their families.

QUESTION NO: 366 This federal organization helps with testing healthcare information technology initiatives, certification of Electronic Health Record technology, conformance testing, and provides tools and resources for Health IT testing and support, as well as white papers on healthcare IT issues. A. CMS B. NIST C. HHS D. ONC

Answer: B Explanation: NIST is the National Institute Standards and Technology. As defined in the Health Information Technology for Economic and Clinical Health (HITECH) Act, NIST is collaborating with industry to ensure that a health IT standards testing infrastructure is created. The testing infrastructure is modular by design and implementation. Therefore, as future standards are needed, appropriate testing tools can be developed, using the same infrastructure. Answer: C is incorrect. HHS is the acronym for the US Department of Health and Human Services. Although HHS is often the lead department working on advancing the adoption of health care technology and enforcement of HIPAA and HITECH provisions, this aspect of HITECH legislation is managed by NIST, under the Department of Commerce. Answer: D is incorrect. The ONC is the Office of the National Coordinator of Health Information Technology, and is the division within the Department of Health and Human Services that promotes the adoption of healthcare technology and the promotion of nationwide health information exchange. However, the development of standards and IT testing is left to the National Institution of Standards and Technology (NIST) Answer: A is incorrect. CMS is the acronym for the Centers of Medicare and Medicaid Services. CMS administers Medicare and monitors state Medicaid programs. CMS is under the Department of HHS and CMS is involved in the development of healthcare standards and are very interested in the development of healthcare IT standards, but they are not charged with the development and testing of those standards. That is the task of the NIST.

QUESTION NO: 294 Which of the following methods of filing is best suited for high volume facilities with multiple file clerks? A. Filing Cabinets with Drawers B. Open Shelf Files C. Motorized Revolving Files D. Compressible Units with Open Files

Answer: B Explanation: Open shelf files is best for high volume facilities with multiple filing staff to provide security. This method allows for easy access albeit less secure and requires significant space. Answer: A is incorrect. Filing cabinets with drawers is incorrect as this method for small, low volume facilities is filing cabinets with drawers. This type of filing allows for patient records to be locked, fireproofed and protected from the environment, however, this method required significant space. Answer: C is incorrect. Motorized revolving files is best for limited space, low volume facilities with one file clerk. This option allows for patient records to be covered and locked but is expensive to acquire and maintain. Answer: D is incorrect. Compressible units with open files is best for limited space, medium volume facilities with two or three file clerks. This method allows for easy access and saves space.

QUESTION NO: 180 A electronic patient database has reached end-of-life according to the policies of your healthcare facility, and it has been tagged for destruction to keep patient data confidential. Which method of destruction is NOT appropriate for this data? A. Physically destroying storage media like CDs and DVDs with a shredder. B. Deleting all files and programs that used those files on the server. C. Using Department of Defense-accepted software to overwrite hard drives and replace previously stored information with a meaningless pattern. D. Magnetically erasing or degaussing hard drives

Answer: B Explanation: Option B is NOT an appropriate method of destroying records. It is not sufficient to delete a file, as often the file can still be accessed from the hard drive or reconstituted from storage media. True disposal of electronic records must be permanent and be written over, shredded or magnetically erased. Answer: A is incorrect. Physical destroying storage media like CDs and DVDs with a special shredder is a viable option for destroying electronic records. Answer: C is incorrect. Using specialized software to overwrite files with a meaningless pattern so that the original file cannot be accessed is a viable means of record disposal. Answer: D is incorrect. Magnetically erasing hard drives or magnetic tapes is another viable method of deleting files and destroying records so that the protected health information cannot be accessed by unauthorized persons.

QUESTION NO: 214 While working a healthcare facility, you notice a patient's EHR does not contain any electronic signatures verifying the contents of the EHR. This EHR does not meet compliance standards set forth by which of the following titles? A. Title 21 CFR Part 7 B. Title 21 CFR Part 11 C. Title 21 CFR Part 21

Answer: B Explanation: Part 11 as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records. Part 11 requires, drug makers, medical device manufactures , biotech companies, biologics developers, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data. Answer: A is incorrect. Title 21 CFR Part 7 is incorrect as this part refers to enforcement policies regarding recalls of food, drugs or cosmetics. Answer: C is incorrect. Title 21 CFR Part 20 is incorrect as this part refers to information that may or not be shared with the general public. Answer: is incorrect. Title 21 CFR Part 21 is incorrect as this part refers to records about individuals that are maintained, collected, used, or disclosed by the Food and Drug Administration and contained in Privacy Act Record Systems.

QUESTION NO: 485 Which of the following types of security will be the cause of concern if the server has been stolen from the organization's premises? A. User authentication B. Physical security C. Operational security D. Information security

Answer: B Explanation: Physical security describes both measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media and guidance on how to design structures to resist various hostile acts. It can be as simple as a locked door or as elaborate as multiple layers of armed Security guards and Guardhouse placement.Physical security is not a modern phenomenon. Physical security exists in order to deter persons from entering a physical facility. Historical examples of physical security include city walls, moats, etc. Answer: C is incorrect. Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information. Answer: D is incorrect. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. The terms information security, computer security and information assurance are frequently incorrectly used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take. electronic, print, or other forms. Answer: A is incorrect. User authentication is the act of verification of a user who wants to access the system, authorized or not. With the help of this process, the administrator can identify a person and ensure that the user is trusted or not. The Siebel system supports multiple approaches to authenticate users. The Administrator can choose either security adapter authentication or Web SSO authentication for Siebel application users.

QUESTION NO: 292 You subscribe to a health care plan that entitles you to choose a different healthcare provider each and every time you need health care services. Which of the following types of healthcare plans do you subscribe to? A. HMO B. Point of Service C. Indemnity Plan D. PPO

Answer: B Explanation: Point of Service (POS) is an agreement where a patient is permitted to choose a provider each time healthcare service is required. Answer: C is incorrect. Indemnity plan is incorrect as this type of plan allows you to visit any doctor, any hospital and direct your own care. Answer: A is incorrect. HMO is incorrect as this offers healthcare services for a prepaid fixed amount of reimbursement. In an HMO, providers and subscribers voluntarily enroll and the HMO assumes responsibility and financial risks. Answer: D is incorrect. PPO is incorrect as this is a network of physicians or healthcare organizations who provide healthcare at a discounted rate in return for higher patient volume.

QUESTION NO: 371 Which of the following attacks can be mitigated by providing proper training to the employees in an organization? A. Smurf B. Social engineering C. Denial-of-Service D. Man-in-the-middle

Answer: B Explanation: Proper user training is an effective way of mitigating social engineering attacks. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name, password, computer name, IP address, employee ID, or other information that can be misused. Answer: D is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host. The receiving host responds to the software, presuming it to be the legitimate client. Answer: C is incorrect. A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network. It is also known as network saturation attack or bandwidth consumption attack. Attackers make DoS attacks by sending a large number of protocol packets to a network. Answer: A is incorrect. In a smurf attack, the attacker sends a large number of ICMP echo requests at IP broadcast addresses using a fake source address. These requests appear to be coming from the victim's network address. Therefore, every computer within the broadcast domain starts sending responses to the victim. As a result, the victim's computer is flooded with responses.

QUESTION NO: 123 Which of the following is used to query a relational database management system (RDBMS)? A. ASP B. SQL C. HTML D. CGI

Answer: B Explanation: SQL stands for Structured Query Language. It is used for requesting information from a database. It also contains statements for inserting, updating, and administering data and objects in a database. SQL is a non-procedural language. In non-procedural languages, a user instructs a computer to compute the desired result and the language compiler itself decides the best sequence of operations to compute it. Whereas in procedural languages, such as C, a user is required to instruct a computer to perform a sequence of operations on a database for computing the desired result. In 1986, ANSI approved a rudimentary version of SQL as the official standard, but most versions of SQL since then have included many extensions to the ANSI standard. The SQL standard was revised in 1991 by ANSI. Most of the relational database management systems support SQL. Answer: A is incorrect. Active Server Pages (ASP) is Microsoft's open application environment in which HTML pages, scripts, and ActiveX components are combined to create Web-based applications. ASP is used as a server-side scripting language. Answer: C is incorrect. HTML stands for Hypertext Markup Language. It is a set of markup symbols or codes used to create Web pages and define formatting specifications. The markup tells the Web browser how to display the content of the Web page. Answer: D is incorrect. The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web server. CGI defines the communication link between a Web server and Web applications. It gives a network or Internet resource access to specific programs. For example, when users submit an HTML form on a Web site, CGI is used to pass this information to a remote application for processing, and retrieve the results from the application. It then returns these results to the user by means of an HTML page.

QUESTION NO: 316 Which access point (AP) configuration is used to stop AP sending Beacon frames and to enhance security of a Wireless LAN (WLAN)? A. Active scanning B. SSID cloaking C. Rogue AP D. Mobility anchor

Answer: B Explanation: SSID cloaking is access point (AP) configuration to stop AP sending Beacon frames. This is used to enhance security of a Wireless LAN (WLAN). It makes difficult for attackers to find the AP. It is also used by enterprises to prevent curious people from trying to access the WLAN. Answer: C is incorrect. A Rogue access point (AP) is set up by the attackers in an Enterprise's network. The attacker captures packets in the existing wireless LAN (WLAN) and finds the SSID and security keys (by cracking). Then the attacker sets up his own AP using the same SSID and security keys. The network clients unknowingly use this AP and the attacker captures their usernames and passwords. This can help the attacker to intrude the security and have access to the Enterprise data. Answer: D is incorrect. Mobility anchor is a feature in which all the client traffic that belongs to a wireless LAN (especially the guest wireless LAN) is tunneled to a pre-defined wireless LAN controller. In other words, mobility anchor is a set of controllers that are configured as an anchor for a specific wireless LAN. It is also called guest tunneling or auto-anchor mobility. This feature can be used to restrict a WLAN to a single subnet, regardless of the client's entry point into the network. In this way, users can access a public or guest WLAN throughout an enterprise but still be restricted to a specific subnet. Guest WLAN can also be used to provide geographic load balancing because WLANs can represent a particular section of a building. Answer: A is incorrect. In active scanning, if the wireless host wants to connect to the access point, it sends a management frame known as probe request frame to the access point. The probe request frame either contains the SSID of the specific access point that the wireless host is looking for or can be any SSID. If the wireless host receives probe responses from multiple access points, it chooses the best access point, i.e., the access point that has the best signal strength. The wireless host can now associate itself with the access point.

QUESTION NO: 479 Which of the following options of the IPCONFIG command is used to flush the leased IP address from Network Interface Card (NIC)? A. /registerdns B. /release C. /showclassid D. /renew

Answer: B Explanation: The /release option of the IPCONFIG command is used to flush the leased IP address from Network Interface Card (NIC). Answer: D is incorrect. The /renew option is used to renew DHCP configuration for adapters or an specific adapter if the Adapter parameter is included. Answer: A is incorrect. The /registerdns option is used to initiate manual dynamic registration for the DNS names and IP addresses that are configured at a computer. Answer: C is incorrect. The /showclassid option of the IPCONFIG command is used to display the DHCP class ID for a specified adapter.

QUESTION NO: 121 A 44 year old female presents to the emergency room with chest pain. She is denied care because she is uninsured. Which of the following pieces of legislation has been violated? A. Patient Bill of Rights B. EMTALA C. HIPPA D. MIPPA

Answer: B Explanation: The Emergency Medical Treatment and Active Labor Act (EMTALA) is the piece of legislation legally obligates health care facilities to provide emergent care regardless of citizenship, legal status or ability to pay. Answer: C is incorrect. HIPPA is incorrect as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 142 Which of the following pieces of legislation requires health care facilities to provide emergency care regardless of ability to pay? A. MIPPA B. EMTALA C. Patient Bill of Rights D. HIPPA

Answer: B Explanation: The Emergency Medical Treatment and Active Labor Act (EMTALA) is the piece of legislation legally obligates health care facilities to provide emergent care regardless of citizenship, legal status or ability to pay. Answer: D is incorrect. HIPPA is incorrect as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 86 Covered entities and business associates may soon be required to make a log of all disclosures of protected health information, both for treatment, payment and operations as well as any other purposes. Previously, there was an exception for TPO purposes. What part of healthcare regulation first required logging methodology of electronic protected health information disclosures? A. HIPAA Privacy Rule B. HIPAA Security Rule C. PSQIA D. HITECH

Answer: B Explanation: The HIPAA Security Rule contains a mandate for "technical safeguards" which includes audit controls, where a covered entity or business associate needs to implement hardware, software or procedural mechanisms that record and examine any activity in the use and disclosure of electronic protected health information. However, there used to be an exception to the Security Rule for use and disclosure of PHI involved in treatment, payment and operations purposes. That exception is currently being evaluated and may soon be eliminated, requiring many healthcare facilities to reevaluate their current logging capability for PHI use and disclosure accounting. Answer: A is incorrect. The HIPAA Privacy Rule in 45 C.F.R. 164.528 does require an accounting of disclosures to be kept for all PHI, but did not specify that the method had to be a computer logging tool. The security rule in HIPAA Security Rule, 164.312 is more precise in requiring the use of a logging system as a technical safeguard to prevent unauthorized disclosure. Answer: D is incorrect. The HITECH law does add additional regulation to disclosure accounting but they are not yet in effect (this will eliminate the TPO exception). HITECH currently does increase penalties for noncompliance. Answer: C is incorrect. PSQIA is the Patient Safety and Quality Improvement Act of 2005 and does not include regulations of accounting of disclosures.

QUESTION NO: 306 You need a patient's medical information for a research project. Which type of medical information can you obtain without consent from the patient? A. Paper Health Information B. De-Identified Health Information C. Archived Health Information D. Electronic Health Information

Answer: B Explanation: The HIPAA act requires no restrictions on de-identified health information. De-identified health information refers to health records, x-rays, lab results or any part of the patients permanent health record in which pertinent information has been removed so the patient cannot be identified. Pertinent identifiers include patient's name, social security number, date of birth or address. De-identified health information is usually used for research and training purposes. Answer: C is incorrect. Archived Health Information is incorrect as any patient information stored on any media, compact disc, dvd, or video tape is protected by the HIPAA act. Answer: A is incorrect. Paper Health Information is incorrect as any patient information written on paper is covered by the HIPAA act. Paper health information includes the patient's chart, prescriptions and consent forms. Answer: D is incorrect. Electronic Health Information is incorrect as all patient records stored in any hospital computer is regulated by the HIPPA Act.

QUESTION NO: 415 Which of the following transfer protocols is used to access a secure Web server on the Internet? A. TCP B. HTTPS C. PPTP D. HTTP

Answer: B Explanation: The Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL), then the HTTPS instead of the HTTP protocol should be used as a protocol type in the URL. Answer: C is incorrect. Point-to-Point Tunneling Protocol (PPTP) is a remote access protocol. It is an extension of the Point-to-Point Protocol (PPP). PPTP is used to securely connect to a private network by a remote client using a public data network such as the Internet. Virtual private networks (VPNs) use the tunneling protocol to enable remote users to access corporate networks securely across the Internet. PPTP supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection. Answer: D is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer: A is incorrect. Transmission Control Protocol (TCP) is a reliable, connection-oriented protocol operating at the transport layer of the OSI model. It provides a reliable packet delivery service encapsulated within the Internet Protocol (IP). TCP guarantees the delivery of packets, ensures proper sequencing of data, and provides a checksum feature that validates both the packet header and its data for accuracy. If the network corrupts or loses a TCP packet during transmission, TCP is responsible for retransmitting the faulty packet. It can transmit large amounts of data. Application layer protocols, such as HTTP and FTP, utilize the services of TCP to transfer files between clients and servers.

QUESTION NO: 281 Which of the following pieces of legislation was devised to assist workers who lose their health care benefits? A. EMTALA B. HIPAA C. Patients Bill of Rights D. COBRA

Answer: D Explanation: COBRA, the Consolidated Omnibus Budget Reconciliation Act, was devised in 1985 gives workers and their families who lose their health benefits the right to choose to continue group health benefits provided by their group health plan for limited periods of time under certain circumstances such as voluntary or involuntary job loss, reduction in the hours worked, transition between jobs, death, divorce, and other life events. Answer: B is incorrect. HIPPA is incorrect as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 83 Which of the following radio frequencies is used by the IEEE 802.11a wireless network? A. 2.4 GHz B. 5.0 GHz C. 7.0 GHz D. 3.7 GHz

Answer: B Explanation: The IEEE 802.11a wireless network operates at 5.0 GHz radio frequency. It uses Orthogonal Frequency Division Multiplexing (OFDM) encoding class. The maximum speed supported by 802.11a standard is 54Mbps. Answer: A is incorrect. Wireless network standards 802.11b and 802.11g use 2.4 GHz radio frequency to operate. The 802.11b standard, defined by IEEE, is an extension of the 802.11 standard of wireless network. It is also referred to as 802.11 High Rate or Wi-Fi. It provides data transfer rates up to 11Mbps. The 802.11g standard, defined by IEEE, is an extension to the 802.11b standard of wireless network. It provides data transfer rates up to 54Mbps using Orthogonal Frequency-Division Multiplexing (OFDM) technology. Answer: D is incorrect. Wireless network standard 802.11y uses 3.7 GHz radio frequency to operate. Answer: C is incorrect. There is no such wireless standard that uses 7.0 GHz radio frequency.

QUESTION NO: 54 Part of your job duties includes making sure all patient's history and physicals are dictated and transcribed in the appropriate time frame. You are regulated by the Joint Commission for the Accreditation of Healthcare Organizations to have history and physicals transcribed and dictated within which of the following time frames? A. 48 hours B. 24 hours C. 6 hours D. 12 hours

Answer: B Explanation: The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 24 hours for acute care patients. Answer: C is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 24 hours for acute care patients. Answer: D is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 24 hours for acute care patients. Answer: A is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 24 hours for acute care patients.

QUESTION NO: 204 You are an information technologist at a long term care facility that cares form chronically ill patients. One of your job duties is to ensure the history and physicals for these patients are dictated and transcribed in the appropriate time frame. You are required by The Joint Commission for the Accreditation of Healthcare Organizations to have the history and physicals to be dictated and transcribed within which of the following time frames? A. 7 days B. 30 days C. 14 days D. 24 hours

Answer: B Explanation: The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 30 days for chronic care patients. Answer: D is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 30 days for chronic care patients. Answer: A is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 30 days for chronic care patients. Answer: C is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 30 days for chronic care patients.

QUESTION NO: 157 A user is complaining that their Window's XP computer is running very slow. When you check out the PC you find there are a number of unnecessary programs running at startup. How would you best prevent those programs from running at startup? A. Use the registry to remove them from the startup. B. Use MSCONFIG to remove them from the startup. C. Uninstall the programs. D. Disable those programs.

Answer: B Explanation: The MSCONFIG utility allows you to edit the startup menu. MSCONFIG is a command-line tool that opens the System Configuration Utility dialog box, which can be used to troubleshoot and resolve startup errors, resolve unwanted prompts by third party users, find and resolve problems with running services, and resolve the errors regarding boot paths configured on multi-boot computers. MSCONFIG.EXE helps a user to detect a specific file that is causing startup problems. Answers C, D are incorrect. The programs may still be needed by the user; they just don't need them in the startup. Answer: A is incorrect. You should never use the registry to uninstall programs.

QUESTION NO: 389 You work as a Network Administrator for uCertify Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommend for providing security? A. HTTP B. SSL C. VPN D. S/MIME

Answer: B Explanation: The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. SSL is included as part of both the Microsoft and Netscape browsers and most Web server products. URLs that require an SSL connection start with https. instead of http:. Answer: D is incorrect. S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of e-mail encapsulated in MIME. S/MIME provides the following cryptographic security services for electronic messaging applications. authentication, message integrity, non-repudiation of origin (using digital signatures), privacy, and data security (using encryption). Answer: A is incorrect. Hypertext Transfer Protocol (HTTP) is a client/server TCP/IP protocol used on the World Wide Web (WWW) to display Hypertext Markup Language (HTML) pages. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when a client application or browser sends a request to the server using HTTP commands, the server responds with a message containing the protocol version, success or failure code, server information, and body content, depending on the request. HTTP uses TCP port 80 as the default port. Answer: C is incorrect. A Virtual Private Network (VPN) is a computer network that is implemented in an additional software layer (overlay) on top of an existing larger network for the purpose of creating a private scope of computer communications or providing a secure extension of a private network into an insecure network such as the Internet.The links between nodes of a Virtual Private Network are formed over logical connections or virtual circuits between hosts of the larger network. The Link Layer protocols of the virtual network are said to be tunneled through the underlying transport network.

QUESTION NO: 112 Which of the following database models supports the many-many model by allowing each child to have more than one parent? A. Object Oriented Model B. Network Model C. Enterprise Model D. Hierarchal Model

Answer: B Explanation: The network model is designed to allow the child to have more than one parent. This model is often referred to as the many to many model. Answer: D is incorrect. Hierarchal model is incorrect as this database model uses the format of a typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces. Answer: A is incorrect. Object oriented model is incorrect as this model is essentially a collection of objects, related by encapsulation (an object such as a patient has certain characteristics) or inheritance (an object such as a resident inherits characteristics from a physician object). There is no primary key in this model. Answer: C is incorrect. Enterprise model is meant as a distractor, the enterprise database model does not exist.

QUESTION NO: 182 HIPAA requires detailed organization and efforts by healthcare organizations to remain in compliance with healthcare regulation. To promote this organization, the HIPAA Security Rule states clearly the need for which of the following? A. Following exact methodology laid out in Security Rule for each security standard. B. Policy and Procedures and Documentation C. The use of outside consultants to set up organizational framework D. The use of organizational enterprise software

Answer: B Explanation: The Security Rule species that covered entities, "Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements." Basically, that policies and procedures for implementing privacy and security standards need to be developed within the organization, and the documentation standard refers to the fact that these policies or procedures be written (or in electronic) form. Answer: D is incorrect. The Security Rule allows for a good deal of flexibility in how security standards are implementeA, Dllows organizations to develop their own solutions. Organizational enterprise software may be used, but it is not required by the HIPAA law. Answer: C is incorrect. The Security Rule allows for a good deal of flexibility in how security standards are implementeA, Dllows organizations to develop their own solutions. Outside consultants may be used, but business associate agreements to maintain privacy and security concerns are required to be formed with those organizations and the use of consultants is not required by the HIPAA law. Answer: A is incorrect. The Security Rule allows for a good deal of flexibility in how security standards are implementeA, Dllows organizations to develop their own solutions.

QUESTION NO: 145 Which of the following terms refers to manual assignment of IP addresses to computers and devices? A. APIPA B. Static IP addressing C. Dynamic IP addressing D. Spoofing

Answer: B Explanation: The Static IP addressing is the term used for manual assignment of IP addresses to computers and devices. Answer: A is incorrect. Automatic Private IP Addressing (APIPA) is a Windows feature, which allows household users and small business users to create a functional single subnet TCP/IP network without manually configuring the TCP/IP protocol or setting up a DHCP server. Answer: C is incorrect. Dynamic IP addressing is used when IP addresses are assigned to computers and devices automatically by the DHCP service or APIPA. Answer: D is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected.

QUESTION NO: 408 You are employed in a physician practice that consist of one physician, two office workers and sees only a few patients on a daily basis. Which of the following file systems would be appropriate for your facility? A. Open Shelf Files B. Filing Cabinets with Drawers C. Compressible Units with Open Files D. Motorized Revolving Files

Answer: B Explanation: The best filing method for small, low volume facilities is filing cabinets with drawers. This type of filing allows for patient records to be locked, fireproofed and protected from the environment, however, this method required significant space. Answer: C is incorrect. Compressible units with open files are best for limited space, medium volume facilities with two or three file clerks. This method allows for easy access and saves space. Answer: D is incorrect. Motorized revolving files are best for limited space, low volume facilities with one file clerk. This option allows for patient records to be covered and locked but is expensive to acquire and maintain. Answer: A is incorrect. Open shelf files are incorrect as this method is best for high volume facilities with multiple filing staff to provide security. This option also requires significant floor space.

QUESTION NO: 391 You are working on a system to maintain the completeness and accessibility of the legal health record for Facility X. Which of the following types of information would NOT be included in this legal health record of Facility X? A. Physician notes B. Discharge summary C. Report to an accreditation agency D. X-rays, either digital or on film

Answer: B Explanation: The legal health record of an organization is the legal business record of an organization, serving as the record of care in lawsuits or legal actions. It is the documentation of services provided and decisions made about patient care and contains information on individual patients stored in a wide variety of media, such as paper, film and electronic media. Information that contains "derived data" or data that combines a wide variety of information about a wide variety of patients is not part of the record of patient care, and there a report to an accreditation agency, which contains "derived data", it is not included in the legal health record for Facility X. Answer: D is incorrect. X-rays and other patient data is definitely an integral part of the legal health record. Anything involved directly in patient assessment and care, whether it is on paper, an electronic record, or other medium, is important to the legal record. If multiple copies exist, an organization needs to establish which copy or format is the legal record of note. Answer: A is incorrect. Physician notes are crucial in the legal health record to establish standards of care. Again, these must be included in any legal health recorC, Dannot be removed or edited without extensive notation as to why the modification was made, and a record of the original version. Answer: B is incorrect. Discharge summary is relevant to patient care and condition and important to the legal health record.

QUESTION NO: 206 Mark prints a document by using a dot matrix printer. He notices the printer's noise, but the paper remains blank. What is the most likely cause of the issue? A. The printer cable is not properly connected to the printer. B. The ribbon cartridge is missing or not installed. C. The toner cartridge is blank. D. The print head pin is stuck inside the print head.

Answer: B Explanation: The most likely cause of the issue is that the ribbon cartridge is missing or not installed. The ribbon has ink that prints characters on the paper. Answer: D is incorrect. If the print head pin gets stuck inside the print head, the place on the paper where it hits will be blank. It will be like a white line (no ink). Answer: C is incorrect. Dot matrix printers do not use a toner cartridge. Answer: A is incorrect. If the printer cable is not properly connected to the printer, the printer will print junk characters.

QUESTION NO: 291 Which of the following is a certification program developed by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks? A. Basic service set identifier B. Wi-Fi Protected Access C. General packet radio service D. IEEE 802.1X

Answer: B Explanation: Wi-Fi Protected Access (WPA and WPA2) is a certification program developed by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined the protocol in response to several serious weaknesses that researchers had found in the previous system, WEP. The WPA protocol implements the majority of the IEEE 802.11i standard. The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the preparation of 802.11i. Specifically, the Temporal Key Integrity Protocol was brought into WPA. Answer: D is incorrect. IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN, either establishing a point-to-point connection or preventing it if authentication fails. IEEE 802.1X defines the encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802 which is known as "EAP over LANs" or EAPOL. EAPOL was originally designed for IEEE 802.3 Ethernet in 802.1X-2001, but was clarified to suit other IEEE 802 LAN technologies such as IEEE 802.11 wireless and Fiber Distributed Data Interface (ISO 9314-2) in 802.1X-2004. The EAPOL protocol was also modified for use with IEEE 802.1AE (MACSec) and IEEE 802.1AR (Secure Device Identity / DevID) in 802.1X-2010. Answer: A is incorrect. The Basic Service Set Identifier (BSSID) uniquely identifies each BSS. In an infrastructure BSS, the BSSID is the MAC address of the wireless access point (WAP). In an IBSS, the BSSID is a locally administered MAC address generated from a 48-bit random number. The individual/group bit of the address is set to 0. The universal/local bit of the address is set to 1. A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A broadcast BSSID may only be used during probe requests. Answer: C is incorrect. General packet radio service (GPRS) is a packet oriented mobile data service available to all users of the 2G cellular communication systems global system for mobile communications (GSM), as well as in the 3G systems. In 2G systems, GPRS provides data rates of 56-114 kbit/second. GPRS data transfer is typically charged per megabyte of traffic transferred, while data communication via traditional circuit switching is billed per minute of connection time, independent of whether the user actually is using the capacity or is in an idle state. GPRS is a best-effort packet switched service, as opposed to circuit switching, where a certain quality of service (QoS) is guaranteed during the connection for non-mobile users.

QUESTION NO: 472 You are asked to create a database according to the following schematic. Which of the following types of database models are you creating? A. Hierarchical Model B. Network Model C. Enterprise Model D. Object Oriented Model

Answer: B Explanation: The network model is designed to allow the child to have more than one parent. This model is often referred to as the many-to-many model. Answer: A is incorrect. Hierarchical model is incorrect as this database model uses the format of a typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces. Answer: D is incorrect. Object oriented model is incorrect as this model is essentially a collection of objects, related by encapsulation (an object such as a patient has certain characteristics) or inheritance (an object such as a resident inherits characteristics from a physician object). There is no primary key in this model. Answer: C is incorrect. Enterprise model is meant as a distractor, the enterprise database model does not exist.

QUESTION NO: 414 You are asked to design a database according to the following schematic. Which of the following types of database models are you creating? A. Network Model B. Object Oriented Model C. Hierarchal Model D. Enterprise Model

Answer: B Explanation: The object oriented model is essentially a collection of objects, related by encapsulation (an object such as a patient has certain characteristics) or inheritance (an object such as a resident inherits characteristics from a physician object). There is no primary key in this model. Answer: C is incorrect. Hierarchal model is incorrect as this database model uses the format of a typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces. Answer: A is incorrect. Network model is incorrect as this model is designed to allow the child to have more than one parent. This model is often referred to as the many-to-many model. Answer: D is incorrect. Enterprise model is meant as a distractor, the enterprise database model does not exist.

QUESTION NO: 465 While on the job in a healthcare facility, you notice a group of individuals touring and inspecting the facility, the group is evaluating and insuring the facility is providing the highest quality of care. Which agency is performing this inspection? A. Food and Drug Administration B. The Joint Commission C. Occupational Safety and Health Administration D. Department of Health and Human Services

Answer: B Explanation: The purpose of The Joint Commission is to continuously improve health care for the public by evaluating health care organizations and inspiring them to excel in providing safe and effective care of the highest quality and value. This agency also distributes accreditation and certifications to those health care organizations who meet the requirements of The Joint Commission. Answer: C is incorrect. Occupational Safety and Health Administration (OSHA) is as the purpose of this agency is to ensure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: A is incorrect. Food and Drug Administration is as the purpose of this agency is to protect the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation, and by regulating the manufacture, marketing, and distribution of tobacco products. Answer: D is incorrect. Department of Health and Human Services is as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves.

QUESTION NO: 430 Andrew adds a hard disk drive to a computer. When he powers on the computer, a blank screen is displayed. What is the most likely cause? A. BIOS configuration error. B. HDD cable is not inserted properly in the hard disk drive. C. Incompatible hard disk drive. D. Floppy drive cable is not inserted properly in the floppy drive.

Answer: B Explanation: The question when Andrew powers on the computer after adding the hard disk drive, a blank screen is displayed. The most likely cause for this is that the HDD cable is not inserted properly in the hard disk drive. While adding a hard disk drive to a computer, make sure that the HDD cable is inserted properly at both ends, i.e., the HDD and IDE controller ends. Answer: A, C, D are incorrect. An improperly inserted floppy drive cable, BIOS configuration error, and an incompatible hard disk drive have nothing to do with this problem.

QUESTION NO: 3 One of the data fields within the HL7 specifications is for Provider Type. What does this mean? A. It's the type of healthcare facility the patient is being seen in. B. Specifies the major grouping of the service or occupation of the practitioner C. It's the type of insurer providing insurance coverage for the patient. D. Specifies the seniority level of the physician

Answer: B Explanation: The specialty of the provider or practitioner is what is contained in the Provider Type data field, for example Behavioral and Social Services, or Neurology or Dermatology. Answer: A is incorrect. Provider in this case refers to the physician or health care professional, not the facility. Answer: C is incorrect. Provider does not refer to the insurance entity. Answer: D is incorrect. "type" does not refer to the seniority level of the physician, but their specialty field.

QUESTION NO: 110 The secretary at your company reports a problem in printing. She has sent a document to the printer and it does not print. She had just printed other documents successfully, minutes before. What is the most likely cause of this problem? A. The printer is unplugged. B. The windows print spooler is hung. C. The computer is offline. D. Her computer has a bad printer driver.

Answer: B Explanation: This does occur from time to time. The fact that the printer was just working moments before helps rule out a problem with the printer itself. You will need to stop the print spooler service and clear that print spooler. A spooler accepts documents from client, stores it, and then sends it to a printer when the printer is ready. Answer: A is incorrect. It is very unlikely that the printer is unplugged since she reports having been printing recently. Answer: D is incorrect. A bad printer driver would not have allowed her to have printed earlier. Answer: C is incorrect. While the printer may be offline, the computer obviously is not.

QUESTION NO: 284 As a healthcare IT technician, you report to a project manager in charge of a development of an IT improvement project at a hospital. How will a project manager impact your workday? Each correct answer represents a complete solution. Choose all that apply. A. They will set your rate of pay. B. They will review your performance. C. They will set your schedule. D. They will help allocate resources like hardware and software.

Answer: B,C,D Explanation: A project manager will work very closely with you on a set project, including developing a work schedule and performance goals, helping to allocate resources and site licenses, and reviewing your performance to your superiors. Answer: A is incorrect. It is unlikely that a project manager will be directly responsible for your salary or benefit package.

QUESTION NO: 233 Which type of client-server platform consists of an application server that contains software to process the data? A. Two-Tier Architecture B. Three-Tier Architecture C. WAN Technology D. LAN Technology

Answer: B Explanation: Three tier architecture is a client-server platform that encompasses a PC, a database and an application server that contains software to process the data. Answer: D is incorrect. LAN Technology is incorrect as this is a mode of communication, not a client-server platform, that this refers to communication devices in a small geographic area such as PC and printer or PC and PC within a facility. Answer: C is incorrect. WAN Technology is incorrect as as this is a mode of communication, not a client-server platform, that allows for communication among a large geographic environment such as two or more LANs connected via a telephone system or satellite. Answer: A is incorrect. Two-tier architecture is incorrect as this is a client-server platform that consists simply with a PC interfaced with a database.

QUESTION NO: 374 What word is used in HIPAA regulation to describe all of these documents. insurance claims, encounter information, enrollment and disenrollment from insurance plans, eligibility documents, payment and remittance devices, coordination of benefits and first report of injury? A. Health Plan Procedures B. Transactions C. Explanation of Benefits D. Patient Medical Record

Answer: B Explanation: Transactions like those listed in the question are a variety of HIPAA regulation for the protection of PHI, and standards are being developed through HL7 and other efforts for standardization of transaction processes.

QUESTION NO: 341 You work as a Network Administrator for McRobert Inc. You plan to configure your Windows Vista computer for Internet access. To achieve this, which of the following communication protocols needs to be bound to the dial-up adapter? A. AppleTalk B. TCP/IP C. NetBEUI D. DLC

Answer: B Explanation: Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of standard protocols that govern how data passes between networks. It can be used to provide communication between the basic operating systems, on local and wide-area networks (WANs). It is considered the primary protocol of the Internet and the World Wide Web. Answer: C is incorrect. NetBIOS Extended User Interface (NetBEUI) is a Microsoft proprietary protocol. NetBEUI is usually used in single LANs comprising one to two hundred clients. It is a non-routable protocol. NetBEUI was developed by IBM for its LAN Manager product and has been adopted by Microsoft for its Windows NT, LAN Manager, and Windows for Workgroups products. Answer: D is incorrect. Data link control (DLC) is a non-routable protocol. It provides connection and communication between computers using Microsoft operating systems and mainframe computers. Multiple connections to different IBM hosts and AS/400 computers can be established using the DLC protocol. Answer: A is incorrect. AppleTalk is Apple's proprietary protocol suite for Macintosh network communications. It uses services built into the operating system to provide a multilayer, peer-to-peer architecture. It has very limited support on other platforms.

QUESTION NO: 372 Which of the following work divisions is characterized by every member of the team performing a unique function, however, it is not performed in any particular sequence? A. Unilateral B. Unit Assembly C. Serial D. Parallel

Answer: B Explanation: Unit assembly is a type of work division in which each person performs a unique task, however, it may not be sequential Answer: C is incorrect. Serial is incorrect as this is a type of work division that is characterized by each person performing several tasks. Answer: D is incorrect. Parallel is incorrect as this is a type of work division that is characterized by each person performing several tasks. Answer: A is incorrect. Unilateral is incorrect as this is not a type of work division, This is meant as a distractor.

QUESTION NO: 227 Which of the following is the default resolution for a VGA monitor? A. 320×200-pixels B. 640×480-pixels C. 800×600-pixels D. 1024×768-pixels

Answer: B Explanation: Video Graphic Array (VGA) monitors have a default resolution of 640×480-pixels. This is known as standard VGA resolution. Although computers typically use this resolution by default, you can get better resolution using a specifically designed video driver for the installed adapter. Answer: A, C, D are incorrect. Super VGA monitors have a default resolution of 800×600-pixels. A VGA or SVGA connector is a 15-pin, three rows, female connector, on the back of a PC used for connecting monitors.

QUESTION NO: 400 Which of the following data types encompassed in a patient's EHR would include the dictation of a chest x-ray from an interpreting radiologist? A. Signals B. Voice C. Images D. Numbers

QUESTION NO: 256 You are responsible for ensuring that all dictations made by physicians become part of the patient's permanent electronic health record. Which of the following types of data are you responsible for? A. Numbers B. Voice C. Signals D. Images

Answer: B Explanation: Voice data is a type of data that may be found in a patient's electronic health record. Examples of voice data include stored dictations of radiology images from interpreting radiologist, or any other dictated evaluation. Answer: D is incorrect. Images is incorrect as this data type is normally represented by x-rays or document images themselves, the interpretation of radiology images are considered voice data. Answer: A is incorrect. Numbers is incorrect as this data types usually is represented by ICD-9 codes, blood pressure readings and temperature readings. Answer: C is incorrect. Signals is incorrect as this data type is normally represented by EEG tracings or EKG tracings.

QUESTION NO: 437 You are asked to make sure all computers within the facility are able to connect to the internet. This type of communication is an example of which of the following? A. Hierarchal Model B. WAN Technology C. Network Model D. LAN Technology

Answer: B Explanation: WAN, or wide area network, technology this allows for communication among a large geographic environment such as two or more LANs connected via a telephone system or satellite. Answer: D is incorrect. LAN technology is incorrect as this refers to communication devices in a small geographic area such as PC and printer or PC and PC within a facility. Answer: A is incorrect. Hierarchal Model is incorrect as this is a database model, not a mode of communication, that uses the format of a typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces. Answer: C is incorrect. Network model is incorrect as this is a database model, not a mode of communication, that is designed to allow the child to have more than one parent. This model is often referred to as the many to many model.

QUESTION NO: 354 Which of the following is a deprecated algorithm to secure IEEE 802.11 wireless networks? A. Extensible Authentication Protocol (EAP) B. Wired Equivalent Privacy (WEP) C. TKIP (Temporal Key Integrity Protocol) D. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)

Answer: B Explanation: Wired Equivalent Privacy (WEP) is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks. WEP was intended to provide confidentiality comparable to that of a traditional wired network. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream. Answer: D is incorrect. CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an IEEE 802.11i encryption protocol created to replace both TKIP, the mandatory protocol in WPA, and WEP, the earlier, insecure protocol. CCMP is a mandatory part of the WPA2 standard, an optional part of the WPA standard, and a required option for Robust Security Network (RSN) Compliant networks. CCMP is also used in the ITU-T home and business networking standard. CCMP, part of the 802.11i standard, uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key, a 128-bit block, and 10 rounds of encoding per the FIPS 197 standard. Answer: A is incorrect. Extensible Authentication Protocol (EAP) is an authentication protocol that provides support for a wide range of authentication methods, such as smart cards, certificates, one-time passwords, public keys, etc. It is an extension to Point-to-Point Protocol (PPP), which allows the application of arbitrary authentication mechanisms for the validation of a PPP connection. Answer: C is incorrect. TKIP (Temporal Key Integrity Protocol) is an encryption protocol defined in the IEEE 802.11i standard for wireless LANs (WLANs). It is designed to provide more secure encryption than the disreputably weak Wired Equivalent Privacy (WEP). TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products. TKIP is a suite of algorithms to replace WEP without requiring the replacement of legacy WLAN equipment. TKIP uses the original WEP programming but wraps additional code at the beginning and end to encapsulate and modify it. Like WEP, TKIP uses the RC4 stream encryption algorithm as its basis.

QUESTION NO: 388 How will you designate a hard disk drive as a Master or a Slave drive in an IDE system? A. By changing the CMOS setting B. By setting a jumper on the hard disk drive C. By setting a jumper on the motherboard D. By adding an add-on card

Answer: B Explanation: You can set the Master/Slave designations by setting a jumper on the hard disk drive.

QUESTION NO: 352 While installing a workstation in a nursing station in an obstetrics ward, a frantic father comes into the ward and demands to know where his wife is. What do you do? A. Look up the name of the wife in the patient registry and direct him to the correct room. B. Tell the man that you are unable to answer his questions and to wait for a nurse who should be back shortly. C. Congratulate the man and offer him a cigar. D. Escort the man down the hallway so he can look in each room until he finds his wife.

Answer: B Explanation: You should not answer a healthcare or health information question, direct patients to the correct healthcare professional in a calm and professional manner. Answer: A is incorrect. You are not sure of the circumstances of the patient (the wife) and if there are any problems that prevent the husband from being shown to his wife. It is important that you wait for a healthcare professional to deal with the man. Answer: C is incorrect. This is not professional behavior. Answer: D is incorrect. You are not sure of the circumstances of the patient (the wife) and if there are any problems that prevent the husband from being shown to his wife. It is important that you wait for a healthcare professional to deal with the man rather than acting on your own. Poking your head in every room to search for the man's wife is intrusive and unprofessional. Wait for a healthcare professional to aid the man.

QUESTION NO: 130 You have been hired to design a TCP/IP-based network that will contain both Unix and Windows computers. You are planning a name resolution strategy. Which of the following services will best suit the requirements of the network? A. WINS B. DNS C. APIPA D. LMHOSTS E. DHCP

Answer: B Explanation: You should plan to install DNS to fulfill the requirements of the network.

QUESTION NO: 302 You are responsible for the wireless network of your company. You have been asked to create SSID's for wireless routers. What are the limits on an SSID? Each correct answer represents a complete solution. Choose two. A. It must be 64 or fewer characters long. B. It must be 32 or fewer characters long. C. It is case sensitive. D. It is not case sensitive. E. It can only contain letters, not numbers.

Answer: B,C Explanation: An SSID can be a maximum of 32 characters long and is case sensitive.

QUESTION NO: 519 A user named Rick wants to configure a TCP/IP network at his residence. He has three computers. He chooses star topology to connect his computers. He wants to configure his computers with static IP addressing. Which of the following are the required parameters that he will configure for each computer on the network?Each correct answer represents a complete solution. Choose all that apply. A. MAC Address B. Subnet mask C. IP address D. Default gateway

Answer: B,C Explanation: IP address and subnet mask are the required parameters to configure manual addressing for a computer on a TCP/IP network.

QUESTION NO: 417 Which of the following can happen in an event of processor fan failure?Each correct answer represents a complete solution. Choose all that apply. A. Hard drive failure B. Computer hangs C. Processor damage D. Floppy drive failure

Answer: B,C Explanation: In an event of processor fan failure, the heat generated by the processor will cause computer hang up and processor damage. Answer: A, D are incorrect. Processor fan failure does not affect the hard disk drive or the floppy disk drive.

QUESTION NO: 196 Which of the following statements about incremental backup are true? Each correct answer represents a complete solution. Choose two. A. It backs up the entire database, including the transaction log. B. It backs up only the files changed since the most recent backup and clears the archive bit. C. It is the fastest method of backing up data. D. It is the slowest method for taking a data backup.

Answer: B,C Explanation: Incremental backup is the fastest method of backing up data. It backs up only the files changed since the most recent backup and clears the archive bit. In an incremental backup, data restoration is slower than the other backup methods. Restoring data from an incremental backup requires the last full backup and all subsequent incremental backups. Incremental backups must be restored in the same order as they are created.

QUESTION NO: 312 You are setting up a wireless network for a series of small coffee shops. All the shops are part of a chain. The customer wants a very specific SSID for each location. What are the limits on an SSID? Each correct answer represents a complete solution. Choose two. A. It must be 16 or fewer characters long. B. It is case sensitive. C. It can only contain letters, not numbers. D. It must be 32 or fewer characters long.

Answer: B,D Explanation: SSIDs can be a maximum of 32 characters long and are case sensitive.

QUESTION NO: 412 A private medical record or health record is a complex file that can include information from a wide variety of sources within an organization. Which of the following documents would be part of a patient health record?Each correct answer represents a complete solution. Choose all that apply. A. Accreditation report status of hospital B. Consultation reports from providers other than patient's primary physician C. Discharge summary D. Explanation of benefits

Answer: B,C Explanation: Information that is personal to the patient's health status, past, present and future is included in a medical record. The discharge summary is a clinical report prepared by a health professional at the conclusion of a hospital stay. It outlines the chief complaint, diagnostic findings, therapy administered and the patient's response to therapy and recommendations after discharge. Consultation reports are important information about the patient's health status and treatment decisions made. Answer: D is incorrect. An explanation of benefits is an insurance plan document that details what payments and copayments or coinsurance needs to be made by the patient or on behalf of the patient after treatment. This is a payment document, not a medical documents and would not be included in a medical record. Answer: A is incorrect. The patient medical record is a patient-centric document and accreditation reports or other information about the healthcare facility that is not specific to the patient would not be included in the private medical record of a patient.

QUESTION NO: 9 You are responsible for securing the network at a law firm. You are concerned about printer security. What steps should you take to prevent printer security breaches? Each correct answer represents a complete solution. Choose two. A. Remove the printer's driver from user computers. B. Scan printer hard drives for spyware and viruses. C. Secure any administrative connections (SSH, Telnet, etc.) to printers. D. Limit print jobs.

Answer: B,C Explanation: Many high-end printers have hard drives that can be infected with viruses and spyware. You must ensure they are regularly scanned and protected. Also, many high-end printers allow remote administration, and those services (SSH, TELNET, etc.) must be secured.

QUESTION NO: 386 Which of the following are vulnerable to social engineering attacks?Each correct answer represents a complete solution. Choose two. A. An office with a biometrics authentication system B. Minimal trained company employees C. A public building that has shared office space D. Encrypted data on the hard disk drive

Answer: B,C Explanation: Minimal trained company employees and a public building that has shared office space are vulnerable to social engineering attacks. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name, password, computer name, IP address, employee ID, or other information that can be misused. Answer: A, D are incorrect. An office with a biometrics authentication system and encrypted data on the hard disk drive are not vulnerable to social engineering attacks.

QUESTION NO: 20 You are hired by an Office Manager at a branch of a home health care service company to help install software for client scheduling, billing and insurance coding and payroll preparation. The office manager is impressed with your work and recommends your work to the next level of administration within the organization. What position might that be? Each correct answer represents a complete solution. Choose all that apply. A. Board of Directors B. Billing Coordinator C. Staffing Coordinator D. President

Answer: B,C Explanation: Most likely, a home health care organization would have a layer of middle management such as a Billing and/or a staffing coordinator that might take a system like you installed with your Office Manager and expand that across the company to other offices. Answer: D is incorrect. Unless it is a very small home health care company (which can happen), it is unlikely that the Office Manager would speak directly to the president of the organization. Answer: A is incorrect. It is unlikely that a home health care company would have a Board of Directors active in the day-to-day administration of the company.

QUESTION NO: 429 Which of the following items are configured on a user workstation for wireless networking? Each correct answer represents a complete solution. Choose two. A. MAC Address Filtering B. Encryption C. Service Set Identifier (SSID) D. Security Set Identifier (SSID)

Answer: B,C Explanation: SSID (Service Set Identifier) and encryption are part of the end user configuration. Keep in mind, encryption is not required but is a common requirement in today's networking world.

QUESTION NO: 355 You are helping an outside contractor to convert most phone lines in a healthcare facility from landlines to VoIP. Which of the following are best practices to use for VoIP implementation to maintain HIPAA regulations for privacy and security?Each correct answer represents a complete solution. Choose all that apply. A. Encryption methods like Wired Equivalent Privacy (WEP) B. Strong authentication including complex passwords, password expiration policies and good identity management C. The use of VoIP-aware firewalls D. An integrated VoIP and data network

Answer: B,C Explanation: Strong authentication is consistent with the goals of HIPAA to protect information security and the mandates of the Security Rule. Firewalls are an important aspect of maintaining the security of the network, and need to account for the special demands of VoIP service. Answer: A is incorrect. Using a Wired Equivalent Privacy encryption is not as strong an encryption method as a method like Wi-Fi Protected Access (WPA). Strong encryption is necessary when protected health information security may be at stake. Answer: D is incorrect. Best practices indicate that for security it is best to separate data and VoIP networks, with VoIP isolated to a dedicated VLAN to minimize security threats.

QUESTION NO: 96 This recent part of major legislation helped fund investment in health information technology throughout the nation. This act was designed to increase the use of electronic health records and information technology in healthcare, and grants are available for training and implementation. Each correct answer represents a complete solution. Choose all that apply. A. UHCIA B. HITECH C. ARRA D. HIPAA

Answer: B,C Explanation: The HITECH Act is the Health Information Technology for Clinical Health Act of 2009 is part of the larger ARRA, American Recovery and Reinvestment Act of 2009. HITECH develop a properly trained and equipped workforce to use electronic health records. It also seeks to allow states to coordinate on health information standards and establish emergency communications for the public health community. The goal is to have an electronic health record as part of a modernized healthcare delivery system. Grants are available across a wide variety of areas to achieve that goal. Answer: D is incorrect. HIPAA is the Health Insurance Portability and Accountability Act of 1996. Although there is a lot of language in there about promoting the use of electronic health record technology, there was not a lot of funding for the training and implementation of information technology in healthcare. HITECH fills this gap. Answer: A is incorrect. The UHCIA, Uniform Health Care Information Act was a piece of state legislation in Washington State that was passed in 1991, prior to the federal enactment of HIPAA. Many states made efforts to protect patient information before federal law was enacted, and many states continue to have legislation that adds additional protections above and beyond HIPAA.

QUESTION NO: 502 Which of the following methods/applications can be used to send invitations for remote assistance in Windows XP Professional? Each correct answer represents a complete solution. Choose two. A. Yahoo Messenger B. E-mail C. Windows Messenger D. Internet Explorer

Answer: B,C Explanation: The following two methods can be used to send invitation for remote assistance in Windows XP Professional. E-mail. An e-mail client, configured on the computer, can be used to send invitations for remote assistance. Windows Messenger:Alternatively, if an e-mail client is not configured, Windows Messenger can also be used for sending invitations for remote assistance.

QUESTION NO: 425 Which of the following tools are used to determine the hop counts of an IP packet? Each correct answer represents a complete solution. Choose two. A. Netstat B. TRACERT C. ping D. IPCONFIG

Answer: B,C Explanation: The ping and TRACERT tools are used to determine the hop counts of an IP packet. The ping command-line utility is used to test connectivity with a host on a TCP/IP-based network. This is achieved by sending out a series of packets to a specified destination host. On receiving the packets, the destination host responds with a series of replies. These replies can be used to determine whether or not the network is working properly. TRACERT utility is used to trace the path taken by TCP/IP packets to a remote computer. It traces and reports each router or gateway crossed by a TCP/IP packet on its way to the remote host. The TRACERT utility can be used with the target computer's name or IP address. It is used to detect and resolve network connection problems. Answer: A is incorrect. The netstat command displays protocol-related statistics and the state of current TCP/IP connections. It is used to get information about the open connections on a computer, incoming and outgoing data, as well as the ports of remote computers to which the computer is connected. The netstat command gets all this networking information by reading the kernel routing tables in the memory. Answer: D is incorrect. IPCONFIG is a command-line utility that displays the current TCP/IP configuration, such as the IP address, subnet mask, default gateway, etc. of a networked computer. It refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Users can run IPCONFIG from the command prompt whenever they need to know the status of a computer's TCP/IP configuration.

QUESTION NO: 440 You are working to put in place a role-based access control system for a healthcare facility that will allow certain employees holding certain job functions to have different levels of access to different types of patient information. Name a reason why this type of information access control helps an organization stay in compliance with HIPA A .Each correct answer represents a complete solution. Choose all that apply. A. Release of Information regulations B. Minimum necessary standard C. Termination policy requirements in the Security Rule D. TPO exceptions

Answer: B,C Explanation: The use of information access control is required in HIPAA's security rule for information authorization, establishment, modification and termination policies and procedures. A role-based access control system allows the automation of these tasks, and would help fulfill having a termination procedure in place, because when an individual is terminated, their account access to the system could be promptly terminated as part of policy. Access control systems also fulfill the minimum necessary standard, because with a role-based access control system, only certain people in certain roles have access to key information. A billing clerk will only have access to billing information, while a physician will have full access to the patient's medical history and treatment records. Answer: A is incorrect. Release of Information regulations do not apply to access control systems and are not relevant in this situation. Answer: D is incorrect. TPO exceptions are not relevant to discussions of access control other than disclosures within an organization for purposes of TPO do not currently need to be logged (but may be required to be logged in the future, for which an access control system can help).

QUESTION NO: 109 Which of the following ports support hot swapping? Each correct answer represents a complete solution. Choose two. A. Serial B. USB C. IEEE 1394 D. Parallel

Answer: B,C Explanation: USB and IEEE 1394 ports support hot swapping.

QUESTION NO: 144 Which of the following are the examples of a database server? Each correct answer represents a complete solution. Choose all that apply. A. Apache B. Microsoft SQL Server C. Oracle D. IBM DB2

Answer: B,C,D Explanation: A database server is a computer program that provides database services to other computer programs or computers, as defined by the client-server model. The term may also refer to a computer dedicated to running such a program. Database management systems frequently provide database server functionality, and some DBMSs (e.g., MySQL) rely exclusively on the client-server model for database access. Some examples of a database server are as follows: Oracle IBM DB2 Microsoft SQL Server Answer: A is incorrect. Apache is a Web server.

QUESTION NO: 190 During your work at a nursing facility, you need to send and receive faxes to communicate with your superior at your contracting employer. You observe that to send a fax, it is necessary to implement several procedures before a fax can be received, such as which of the following. Each correct answer represents a complete solution. Choose all that apply. A. Faxes should be used in place of other communication methods such as phone or email. B. Faxes should not be located in areas easily accessible to the general public. C. Incoming faxes should be removed immediately and filed appropriately D. Receipt of fax should be confirmed by telephone.

Answer: B,C,D Explanation: Fax protocol should mean that incoming faxes that may contain PHI are not easily accessible to the public, and that fax machines me monitored often and incoming faxes removes and filed promptly. When sending a fax, a phone call should be made to authenticate the recipient and to confirm receipt of the fax. Answer: A is incorrect. Fax, email and phone all have security issues, and all require effort to comply with HIPAA regulations to ensure confidentiality and security of information.

QUESTION NO: 102 Secure Shell (SSH) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Which of the following features are supported by Secure Shell? Each correct answer represents a complete solution. Choose all that apply. A. SSH can transfer files using the associated HTTP or FTP protocols. B. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. C. SSH uses the client-server model. D. SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections.

Answer: B,C,D Explanation: Following are the basic features of Secure Shell (SSH): SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols. SSH uses the client-server model. The standard TCP port 22 has been assigned for contacting SSH servers. An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, Linux, FreeBSD, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist. Answer: A is incorrect. SSH transfers files using the associated SFTP or SCP protocols.

QUESTION NO: 68 Which of the following statements are true about a phishing attack? Each correct answer represents a complete solution. Choose all that apply. A. In a phishing attack, an attacker sends multiple SYN packets to the target computer. B. It is a way of attempting to obtain sensitive information, such as usernames, passwords, and credit card details. C. It is usually carried out by e-mail spoofing or instant messaging. D. It frequently directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Answer: B,C,D Explanation: Phishing is a way of attempting to obtain sensitive information, such as usernames, passwords, and credit card details by masquerading as a reliable entity in an electronic communication. Communications claiming to be from popular social Web sites, auction sites, online payment processors, or IT administrators are commonly used to lure the unsuspecting public. Phishing is usually carried out by e-mail spoofing or instant messaging and it frequently directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to mislead users, and exploits the poor usability of current Web security technologies. Following are the attempts to deal with the growing number of reported phishing incidents: legislation user training public awareness technical security measures Answer: A is incorrect. A SYN attack is a form of denial-of-service (DoS) attack. In this attack, the attacker sends multiple SYN packets to the target computer. For each received SYN packet, the target computer allocates resources and sends an acknowledgement (SYN-ACK) to the source IP address. Since the target computer does not receive a response from the attacking computer, it attempts to resend the SYN-ACK. This leaves TCP ports in a half-open state. When the attacker sends TCP SYNs repeatedly, the target computer eventually runs out of resources and is unable to handle any more connections, thereby denying services to legitimate users. A SYN attack affects computers running on the TCP/IP protocol. It is a protocol-level attack that can render a computer's network services unavailable. A SYN attack is also known as SYN flooding.

QUESTION NO: 345 Which of the following methods can be helpful to eliminate social engineering threat?Each correct answer represents a complete solution. Choose three. A. Data encryption B. Vulnerability assessments C. Data classification D. Password policies

Answer: B,C,D Explanation: The following methods can be helpful to eliminate social engineering threat:Password policiesVulnerability assessmentsData classificationPassword policy should specify that how the password can be shared.Company should implement periodic penetration and vulnerability assessments. These assessments usually consist of using known hacker tools and common hacker techniques to breach a network security. Social engineering should also be used for an accurate assessment. Since social engineers use the knowledge of others to attain information, it is essential to have a data classification model in place that all employees know and follow. Data classification assigns level of sensitivity of company information. Each classification level specifies that who can view and edit data, and how it can be shared.

QUESTION NO: 21 As part of your new job at a hospital, you are asked to obtain a copy of the form that would allow requests for patient health information so that it can be added to a database of scanned legal forms. What department would you go to in order to obtain this form? Each correct answer represents a complete solution. Choose all that apply. A. Accounts payable B. Release of Information Office C. Health Information Management Services D. Medical Records

Answer: B,C,D Explanation: There are many names for a department in a hospital that manages access to patient information. The use, disclosure and requests for protected health information are an important part of hospital functions, and the information management department may be split into several different departments or have different names at different facilities. In some small hospitals, the release of information is done within the medical records department. Some hospitals name the medical records department the Health Information Management Department, and some hospitals are so large they maintain a separate office solely to deal with release of information requests, often within the larger Health Information Management Services department. Answer: A is incorrect. It is unlikely that an accounting, billing or accounts payable department would have control over medical records or the release of patient information.

QUESTION NO: 263 Workflow management, interview software and electronic medical records can streamline the process of a physician exam by giving the physician access to a lot of information about the patient before they even walk in the exam room. What parts of a typical exam can be made more efficient by use of an electronic health record technology? Each correct answer represents a part of the solution. Choose all that apply. A. Transcription of dictation and filed in medical record B. Asking question. the diagnosis C. Asking why the patient has sought care D. Dictating recollection of history as told by patient, data from chart, exam details

Answer: B,C,D Explanation: With an electronic medical record, most history data and initial chart data is available to the doctor before they even enter the exam room. The physician can direct their question. a diagnosis, and how that diagnosis will affect the individual patient. Dictation of large parts of data is not necessary, as most of that data is already found in the electronic health record, and can be limited to the physical exam details, diagnosis, prognosis and treatment plan. Answer: A is incorrect. Transcription still needs to be performed in many cases, and there is a delay in signing off on the medical record until this is completely, but even this can be drastically shortened with the addition of other clinical management software.

QUESTION NO: 493 Which of the following statements are true about a virtual private network (VPN)?Each correct answer represents a complete solution. Choose all that apply. A. It operates at the Physical layer of the OSl model. B. It works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). C. It is a network that uses a public telecommunication infrastructure, such as the Internet. D. It provides remote offices or individual users with secure access to their organization's network. E. It is a form of wide area network (WAN) that supplies network connectivity over a possibly long physical distance.

Answer: B,C,D,E Explanation: A virtual private network (VPN) is a form of wide area network (WAN) that supplies network connectivity over a possibly long physical distance. A virtual private network is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a tunnel that cannot be entered by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses. Answer: A is incorrect. VPN operates at the Network layer of the OSl model.

QUESTION NO: 347 You work as a Network Administrator for Net World International. The company has a Windows-based network. For security, you want to implement a strong password policy. Which of the following are the characteristics of a strong password?Each correct answer represents a complete solution. Choose all that apply. A. The password must contain the real name of the user. B. The password must be at least seven characters long. C. The password must not contain a complete dictionary word. D. The password must contain keyboard symbols. E. The password must contain numerals.

Answer: B,C,D,E Explanation: The following are the characteristics of a strong password: The password must be at least seven characters long. The password must contain upper case letters, lowercase letters, numerals, and keyboard symbols such as !, @, #, $, %, ^. The password must not contain a user name, real name, or company name. The password must not contain a complete dictionary word. The password must be significantly different from previous passwords. A strong password provides an effective defense against unauthorized access to a resource.

QUESTION NO: 330 You notice repeated attempts for attempted remote login into the system bypassing the firewall of the nursing facility you are working at while examining access logs. To whom do you bring up this problem? Each correct answer represents a complete solution. Choose all that apply. A. The network administrator B. The security administrator C. The database administrator D. The system administrator

Answer: B,D Explanation: Any attempt by unauthorized individuals to access the healthcare organizations servers is the purview of the security administrator who maintains security systems and the firewall for the system. If your organization is a small one however, there may not be a designated security administrator, and it is the system administrator who is also responsible for the security of the system as well the installation, support and maintenance of servers and other computer systems. Answer: A is incorrect. The network administrator, if the organization is large enough to have a dedicated network administrator, maintains network infrastructure such as switches and routers, and would not be the right person to contact about a security threat. Answer: C is incorrect. A database administrator would maintain a patient database of EHR records and other key databases for the healthcare organization, and although responsible for the integrity of the information and performance of the database system, they would not be the contact person for problems with security threats.

QUESTION NO: 252 The emergency department has just had a patient brought in who is unconscious, but their identification indicates that they are the family member of a staff member at the hospital and their medical file is restricted access for that reason. The individual in human resources with access codes to access this file is on maternity leave, and the patient needs care now. What protocol built into access control systems would allow access to the patient file? Each correct answer represents a complete solution. Choose all that apply. A. Staff Exception Handling B. Break the Glass C. Code Red Access D. Emergency Chart Access

Answer: B,D Explanation: Most often referred to as a "break the glass" one time emergency chart access can be granted when access to a file is required for treatment but when access to specific users or groups has been previously restricted, due to unique conditions, such as the chart is a famous individual, a staff member, or family of a staff member. Any access control system should have this kind of emergency handling for dire need, and any access should be accounted for in disclosure logs. Answer: C is incorrect. This is not a protocol for access control. Answer: A is incorrect. This is not a protocol for access control

QUESTION NO: 290 Which of the following statements about SD cards are true? Each correct answer represents a complete solution. Choose two. A. It is used as RAM on client computers and servers. B. It is a type of non-volatile memory card. C. It is a 184-pin memory module. D. It is used with mobile phones and digital cameras.

Answer: B,D Explanation: Secure Digital (SD) card is a non-volatile memory card format used in portable devices such as mobile phones, digital cameras, and handheld computers. SD cards are based on the older MultiMediaCard (MMC) format, but they are a little thicker than MMC cards. Generally an SD card offers a write-protect switch on its side. SD cards generally measure 32 mm x 24 mm x 2.1 mm, but they can be as thin as 1.4 mm. The devices that have SD card slots can use the thinner MMC cards, but the standard SD cards will not fit into the thinner MMC slots. Some SD cards are also available with a USB connector. SD card readers allow SD cards to be accessed via many connectivity ports such as USB, FireWire, and the common parallel port. Answer: A is incorrect. SD cards cannot be used as RAM. Answer: C is incorrect. Rambus Inline Memory Module (RIMM) is a type of memory that has 184 pins. It was developed by Rambus, Intel, and Kingston. This module only supports Rambus memory and fits on its own slot.

QUESTION NO: 16 Which of the following commands can verify connectivity between two computers? Each correct answer represents a complete solution. Choose two. A. NSLOOKUP B. PING C. IPCONFIG D. TRACERT

Answer: B,D Explanation: TRACERT and PING commands can verify connectivity between two computers. TRACERT utility is used to trace the path taken by TCP/IP packets to a remote computer. It traces and reports each router or gateway crossed by a TCP/IP packet on its way to the remote host. The TRACERT utility can be used with the target computer's name or IP address. It is used to detect and resolve network connection problems. The ping command-line utility is used to test connectivity with a host on a TCP/IP-based network. This is achieved by sending out a series of packets to a specified destination host. On receiving the packets, the destination host responds with a series of replies. These replies can be used to determine whether or not the network is working properly. Answer: C is incorrect. IPCONFIG is a command-line utility that displays the current TCP/IP configuration, such as the IP address, subnet mask, default gateway, etc. of a networked computer. It refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Users can run IPCONFIG from the command prompt whenever they need to know the status of a computer's TCP/IP configuration. Answer: A is incorrect. NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) problems. It performs its function by sending queries to the DNS server and obtaining detailed responses at the command prompt. This information can be useful for diagnosing and resolving name resolution issues, verifying whether or not the resource records are added or updated correctly in a zone, and debugging other server-related problems. This tool is installed along with the TCP/IP protocol through the Control Panel.

QUESTION NO: 160 You are assigned the duty of creating a database that contains a unique index for every patient registered at your health care organization. Which of the following have you been asked to create? A. Statistical Analysis B. Quantitative Analysis C. Master Patient Index D. Qualitative Analysis

Answer: C Explanation: A Master Patient Index (MPI) is a database that contains a unique index for every patient registered at a healthcare organization. Answer: D is incorrect. Qualitative Analysis is incorrect as this is used to derive an in-depth, non-numerical description of the information contained within a patient's medical record. A qualitative analysis does not contain any statistical analyses. Answer: B is incorrect. Quantitative analysis is incorrect as this refers to information contained within a patient's EHR being converted from words to numbers. The numbers of interest are then quantified and statistically analyzed. Answer: A is incorrect. Statistical analysis is incorrect as this is the method used to analyze the data obtained from a quantitative analysis of a patient's EHR.

QUESTION NO: 115 While working on installing a new database program in an outpatient dermatology clinic, you see one datafield includes the term "PCP". What does this term most likely mean in this setting? A. Prior ceiling protocol B. Pneumocystis pneumonia C. Primary Care Physician D. The drug, Phencyclidine

Answer: C Explanation: A Primary Care Physician is a doctor who provides the first contact for a person with a health condition. They are the primary physician responsible for the overall health of the patient's case and their continuing care. Often in managed health care insurance plans, a PCP must be the one to give referrals for specialists, and most specialists office will keep track of a patient's Primary Care Physician within their records. Answer: D is incorrect. Although PCP can refer to the illegal drug phencyclidine, it is unlikely that this would be a data field in a dermatologist's database. Answer: B is incorrect. Pneumocystis pneumonia is a type of severe respiratory infection caused by a fungus. This is unlikely to be a data field in a dermatologist's database. Answer: A is incorrect. Prior ceiling protocol is a computer science concept involving shared resources protocol, and is not related to a health care situation.

QUESTION NO: 418 You are an IT specialist working for a transcription company that does the transcription of medical notes into electronic charts for medical practices. HIPAA applies to you because you are. A. A covered entity B. A healthcare provider C. A business associate D. A healthcare manager

Answer: C Explanation: A business associate is a person, company, or organization that facilitates services on behalf of a covered entity (like a medical practice) in which its activities involve the use of protected health information (PHI). Answer: A is incorrect. A covered entity is health care provider (e.g. doctors), health plan (e.g. an HMO) or a health care clearinghouse. Answer: B is incorrect. A healthcare provider is a doctor's office, hospital, clinic, etc. Answer: D is incorrect. A healthcare manager is a made-up term.

QUESTION NO: 45 A user reports that when they are typing on their keyboard, incorrect keys are appearing on the screen. This seems to happen no matter what software they are using. What should you check first? A. Check to see if the keyboard is compatible with that computer. B. Try a different keyboard. C. Check the keyboard property settings. D. Check if the keyboard is plugged in.

Answer: C Explanation: A keyboard could be set to 'DVORAK', which has a different keyboard layout than the typical 'QWERTY' keyboards. This would cause this error. The DVORAK is a keyboard layout. It has also been called the Simplified Keyboard or American Simplified Keyboard. Answer: D is incorrect. If the keyboard were not plugged in, then no characters at all would display. Answer: A is incorrect. As long as a keyboard fits the connection slot (PS2, USB, etc.) then it is compatible. Answer: B is incorrect. This is clearly a settings issue, not a hardware issue.

QUESTION NO: 215 Minor children can receive medical care without parental consent in which of the following circumstances? A. Eating Disorders B. Pregnancy C. Drug and Alcohol Abuse D. Obesity

Answer: C Explanation: A minor child can request and receive medical treatment for drug and alcohol abuse and for treatment of sexually transmitted disease without the consent of a parent. Answer: A is incorrect. Parental consent is required for treatment of eating disorders. Answer: D is incorrect. Parental consent is required for treatment of obesity. Answer: B is incorrect. Parental consent is required for treatment of pregnancy.

QUESTION NO: 438 Which of the following work divisions is characterized by each member of the team performing several different tasks? A. Unit Assembly B. Unilateral C. Parallel D. Serial

Answer: C Explanation: A parallel work division is characterized by each person performing several tasks. Answer: D is incorrect. Serial is incorrect as this is a type of work division that is characterized by each person performing several tasks. Answer: A is incorrect. Unit assembly is incorrect as this is a type of work division in which each person performs a unique task, however, it may not be sequential. Answer: B is incorrect. Unilateral is incorrect as this is not a type of work division, this is meant as a distractor.

QUESTION NO: 297 You have the responsibility of setting up an entire information system for your facility. Any member of the team can perform any task as long as the project gets completed in an efficient manner. Which of the following describes the division of workload you have assigned? A. Unilateral B. Unit Assembly C. Parallel D. Serial

Answer: C Explanation: A parallel work division is characterized by each person performing several tasks. Answer: D is incorrect. Serial is incorrect as this is a type of work division that is characterized by each person performing several tasks. Answer: B is incorrect. Unit assembly is incorrect as this is a type of work division in which each person performs a unique task, however, it may not be sequential. Answer: A is incorrect. Unilateral is incorrect as this is not a type of work division, thisAnswer: s meant as a distractor.

QUESTION NO: 218 Which of the following categories of information technology in the health care setting involve staff scheduling and patient registration? A. Financial IT B. Clinical IT C. Administrative IT D. Infrastructure IT

Answer: C Explanation: Administrative IT applications are used to make staff scheduling, patient registration and payroll procedures more efficient? Answer: B is incorrect. Clinical IT is incorrect as these applications are used for prescription of drugs and ordering of laboratory tests and medical procedures. Answer: A is incorrect. Financial IT is incorrect as these applications are used to improve the efficiency of billing and accounting practices. Answer: D is incorrect. Infrastructure IT is incorrect as these applications support the infrastructure of the health care facility. These applications include voice recognition for medical records and medical transcription as well as bar coding applications for medical devices and drugs.

QUESTION NO: 308 Which of the following is a temporary dip in the voltage on the supply line that usually lasts only a fraction of a second? A. Power Spike B. EMI C. Power Sag D. Power Surge

Answer: C Explanation: A power sag is a temporary dip in the voltage on the supply line that usually lasts only a fraction of a second. It is the opposite of power surge and it indicates a sudden demand for power on the power grid that creates a wave of low voltage on the electrical system. The PC's power supply has some power in reserve to pull up short power sags but a series of power sags in a short time can effect the power supply's ability to provide the correct voltage to internal components of a PC, and can weaken, damage, or destroy them. Answer: A is incorrect. A power spike is a sudden isolated extremely high over voltage event on an electrical line. The primary cause of the power spike is lightning strikes. Lightning carries millions of volts, and if a home or office takes a direct hit, a PC along with other devices are likely to be heavily damaged. Direct striking is a rare event but a strike within a mile can create a sudden spike in the electrical current near the strike. Answer: D is incorrect. Power surge is a sharp increase in the voltage or an over voltage event. It is a short and temporary increase in voltage on the power grid and it is like a rough wave. Different types of electrical disturbance such as lightning storm, distant lightning strikes, or problems on the electrical power supply grid can cause the voltage to suddenly increase. Answer: B is incorrect. EMI stands for electromagnetic interference, which is also known as radio frequency interference or RFI. It is a disturbance that affects an electrical circuit due to either electromagnetic conduction or electromagnetic radiation emitted from an external source.

QUESTION NO: 501 Which of the following servers acts as an intermediary between a network host and other hosts outside the network? A. File server B. Database server C. Proxy server D. Web server

Answer: C Explanation: A proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. Answer: B is incorrect. A database server is a computer program that provides database services to other computer programs or computers, as defined by the client-server model. The term may also refer to a computer dedicated to running such a program. Database management systems frequently provide database server functionality, and some DBMSs (e.g., MySQL) rely exclusively on the client-server model for database access. Answer: A is incorrect. A file server on a network is a computer configured to provide a central network location for users to store files and share them with other users on the network. A file server is helpful in implementing centralized administration, backup and restoration, and implementation of shadow copies for user data. A Windows Server 2008 computer can be configured as a file server by adding the File Server role through Server Manager. Answer: D is incorrect. A Web server is a type of server that makes a Web site available on the Internet and manages the interaction and HTTP exchanges at the background. It supplies static content to a Web browser by loading a file from a disk and providing it through out the network to a user's Web browser. As the Web site is on the Internet, the management is done by a Web server. The browser and server interact with each other using HTTP.

QUESTION NO: 296 You have been the victim of a terrible auto accident that has left you paralyzed from the waist down. Which of the following types of medical facilities would you choose for your medical care? A. Specialty Hospital B. General Hospital. C. Rehabilitation Hospital D. Psychiatric Hospital

Answer: C Explanation: A rehabilitation hospital is hospital is required to provide diagnosis, treatment, restorative and adjustment services for individuals who are disabled. Answer: B is incorrect. General Hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for medical services which include Radiology, laboratory services and surgical services. Answer: A is incorrect. Specialty hospital is incorrect as this type of hospital is required to provide treatment for specific disorders such as cancer, burns or women's health. Answer: D is incorrect. Psychiatric hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for individuals who are diagnosed with mental illness.

QUESTION NO: 363 Which of the following tools is used for an outdoor site survey? A. Spectrum analyzer B. Antenna C. Topography map D. Access point

Answer: C Explanation: A topography map is a tool used for an outdoor site survey. It is a detaileA, Dccurate graphic representation of cultural and natural features on the ground. These maps are based on topographical surveys performed at large scales. Answer: B, D, and A are incorrect. Following are the tools that are used for an indoor site survey:Antenna. A wide variety of both omni-directional and indoor semi-directional antennas are used in every indoor site survey. Access point. An access point is a wireless LAN device. It provides a means for wireless clients to send data to one another and to a wired network. AP connects to both wireless LAN and wired Ethernet LAN. Spectrum analyzer. A spectrum analyzer, or spectral analyzer, is a device that is used to examine the spectral composition of some electrical, acoustic, or optical waveform. It may also measure the power spectrum.The analog and digital spectrum analyzers are as follows: 1.An analog spectrum analyzer uses either a variable band-pass filter whose mid-frequency is automatically tuned (shifted, swept) through the range of frequencies of which the spectrum is to be measured. 2.A digital spectrum analyzer computes the discrete Fourier transform (DFT), a mathematical process that transforms a waveform into the components of its frequency spectrum.

QUESTION NO: 17 Which of the following is the most secure among the following encryption algorithms? A. 3DES B. RC4 C. AES D. DES

Answer: C Explanation: AES encryption is the most secure among DES, 3DES, and RC4 encryptions. The Advanced Encryption Standard (AES) is an encryption standard that comprises three block ciphers, AES-128, AES-192, and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192, and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES). AES is one of the most popular algorithms used in symmetric key cryptography. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information. Answer: A, B, D are incorrect. DES, 3DES, and RC4 encryptions are weaker than the AES encryption.

QUESTION NO: 258 You are a healthcare IT technician. You have made a procedure of backup according to the backup policy of the company. Which of the following actions will prove that the backup is reliable and useable? A. Storing backups onsite B. Storing backups offsite C. Testing of backup D. Storing backups in lock and key

Answer: C Explanation: Backups are the only means of insurance available to your data resources in the event of a loss, disruption, corruptions, intrusion, destruction, infection, or disaster. Backups must be tested in order to prove reliable and useable. Testing a backup includes restoring data from the backup media to verify that restoration can be done. For successful backup restoration, this backup testing is must. Answer: A, B, D are incorrect. These are the ways of securing backups.

QUESTION NO: 137 You work for a large health care system that consists of eight hospitals. You are asked to install an information system which will allow all eight hospitals to share information. Which of the following types of information systems would you install for this purpose? A. Departmental System B. Intradepartmental System C. Enterprise System D. External System

Answer: C Explanation: An enterprise system of health information is designed primarily for sharing information for all departments that encompass a large health system including hospitals, clinics and nursing homes. Answer: B is incorrect. Intradepartmental system is incorrect as this type of hospital information system is primarily used by one department but shares functions and information with other departments. Answer: A is incorrect. Departmental System is incorrect as this type of hospital system is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: D is incorrect. External system is incorrect as this type of system is shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks.

QUESTION NO: 398 Your responsibility as healthcare information technologist is to ensure the billing and accounting practices of the facility are performed in the most efficient manner. Which of the following types of information technology are you responsible for? A. Clinical IT B. Infrastructure IT C. Financial IT D. Administrative IT

Answer: C Explanation: Applications of financial information technology are used to improve the efficiency of billing and accounting practices. Answer: D is incorrect. Administrative IT is incorrect as these applications are used to make staff scheduling, patient registration and payroll procedures more efficient. Answer: A is incorrect. Clinical IT is incorrect as these applications are used for prescription of drugs and ordering of laboratory tests and medical procedures. Answer: B is incorrect. Infrastructure IT is incorrect as these applications support the infrastructure of the health care facility. These applications include voice recognition for medical records and medical transcription as well as bar coding applications for medical devices and drugs.

QUESTION NO: 91 Which of the following refer to the act of sending physical files to a permanent location that is kept under lock and key and can be physically accessed? A. Coding B. Scanning C. Archiving D. Thinning

Answer: C Explanation: Archiving is the act of sending physical files to a permanent location that is kept under lock and key and can be physically accessed. Answer: A is incorrect. Coding is incorrect as this is the act of applying the proper codes for medical services for billing purposes. Answer: D is incorrect. Thinning is incorrect as this is to make a patients chart easier to handle after it has become to large and cumbersome to handle. This act is normally necessary for a patient who has incurred an extended stay in the hospital. The medical records that have been thinned are not destroyed but sent to the central medical records area where they should still be readily accessible. Answer: B is incorrect. Scanning is incorrect as this is the act of converting paper medical records.

QUESTION NO: 315 You are the newly hired privacy officer for a dermatology practice. Your first step in fulfilling HIPAA is also the first thing you will need to do to acclimatize yourself to your job. familiarize yourself with the environment under your auspices. You know that you have to perform a "risk assessment" under HIPAA . What would you be looking for? A. Assess the risks to the practice's finances in maintaining an EPHI system B. Assess the risks to patients and the practice if EPHI were violated or exposed C. Assess the risks to the confidentiality, integrity and availability of the EPHI there D. Assess the risks to the physical safeguards that protect EPHI

Answer: C Explanation: Assess the risks to the confidentiality, integrity and availability of the EPHI there. HIPAA requires that every covered entity performs a "risk assessment" to identify in detail all potential weak points or points of vulnerability within the practice as it relates to EPHI. This forms the basis for developing policies and procedures to manage these risks in such ways as to reduce the likelihood of privacy rule violations. Answer: B is incorrect. While it is important to understand the risks that a particular practice's EPHI leaks can pose compare the risks at an HIV testing clinic versus an optical shop in an ophthalmology practice this does not count as a HIPAA-defined "risk assessment." Answer: A is incorrect. While this may be important for the financial leg of the practice to know, and may even require input on the part of a Privacy Officer, it is not a HIPAA "risk assessment." Answer: D is incorrect. This is only part of a risk assessment, but it doesn't address all the other aspects, such as administrative, staff training, placement of screens, policies, etc. that could affect the "confidentiality, integrity and availability" of EPHI. In fact, it is usually the physical safeguards that help ameliorate risk, but only in as much as they can. A physical safeguard for example doesn't protect a covered entity from a violation at business associate's office.

QUESTION NO: 25 Which of the following is the process of verifying and allowing a user on a network? A. Encryption B. Authorization C. Authentication D. Communication

Answer: C Explanation: Authentication is the process of verifying and allowing a user on a network. Answer: B is incorrect. Authorization involves verifying that an authenticated user has permission to perform certain operations or access specific resources. Authentication, therefore, must precede authorization. Answer: A is incorrect. Encryption is the process of conversion of data into a form that cannot be easily understood by unauthorized persons. The encrypted data is known as cipher text. The cipher text can be converted back into its original form by a process known as decryption. Decryption is the reverse process of encryption. Answer: D is incorrect. Communication is the activity of conveying meaningful information.

QUESTION NO: 154 Which of the following terms is used for keeping records of backup tapes? A. Onsite storage B. Backup repository C. Backup inventory D. Offsite storage

Answer: C Explanation: Backup inventory is a keeping record or indexing of backup tapes. A lots of backup tapes with no index or inventory is only slightly more useful than no backups at all. The inventory is critical to being able to perform restores in a timely manner. You can choose automate backup systems in which inventory is maintained on-line by the backup system itself. Remember, automated or manual, maintaining backup inventory should be the plan of disaster recovery. Answer: A, D are incorrect. These are types of backup storages. Answer: B is incorrect. Backup repository is a process of storing backup tapes.

QUESTION NO: 287 Which of the following is important for the security of users a hospital information system due to the fact the identity of the user cannot be forged? A. Inclusion B. Ergonomics C. Biometrics D. Integration

Answer: C Explanation: Biometrics is a physical trait that is unique to humans such as fingerprints, retinal patterns and speech patterns. Biometrics is often used for security of information systems because the identity of the users cannot be forged.

QUESTION NO: 260 You are furloughed from your position as a healthcare IT specialist. Your employer failed to offer you the option to continue your medical insurance for at least ninety days. Which piece of legislation has been ignored by your employer? A. HIPAA B. EMTALA C. COBRA D. Patients Bill of Rights

Answer: C Explanation: COBRA, the Consolidated Omnibus Budget Reconciliation Act, was devised in 1985 gives workers and their families who lose their health benefits the right to choose to continue group health benefits provided by their group health plan for limited periods of time under certain circumstances such as voluntary or involuntary job loss, reduction in the hours worked, transition between jobs, death, divorce, and other life events. Answer: A is incorrect. HIPPA is incorrect as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 427 You are helping to work out integration problems with a health information system module that allows physicians to send out instructions for patient care to the pharmacy, laboratory, radiology department or other departments in the hospital. What is this module called? A. Encoder B. R-ADT C. CPOE D. CDS

Answer: C Explanation: CPOE is a Computerized Physician Order Entry System, where physicians can send out instructions for patient care via computer. This decreases delay, and with training can reduce the error rate due to handwriting or transcription, and allows entry at point of care or off site and includes error checking. Answer: D is incorrect. CDS is a Clinical Decision Support System. These systems are designed to support patient care by providing healthcare providers with timely, complete and relevant clinical information to aid in the diagnosis, treamtne and management of patient care. This is not the system used to distribute orders to other departments and providers within the hospital system. Answer: B is incorrect. R-ADT is a Registration, Admission, Discharge and Transfer system that is used for patient registration and tracking a patient's encounters throughout the hospital. This is not a system used to distribute orders to other departments or providers. Answer: A is incorrect. Encoders are programs used in medical coding and billing to allow coder to generate the correct numerical codes to describe diagnoses and procedures. This is not a system used to distribute orders to other departments or providers.

QUESTION NO: 492 Which of the following payment terms is a pre-paid amount that is offered regardless of the service provided? A. Customary Charges B. Fee for Services C. Capitation D. Sliding Scale Fee

Answer: C Explanation: Capitation is a payment term is a pre-paid amount based on a per-person or per-capita amount. Answer: B is incorrect. Fee for Services in incorrect as this term of payment is dependent on the cost of the provider to provide services such as lab tests, x-rays etc. Hospitals or other facilities receiving fee for service are paid for each individual service that is provided. Answer: A is incorrect. Customary charges is incorrect as this type of payment term is based on what is normally charged or what is reasonable for the service provided. Answer: D is incorrect. Sliding Scale fee is incorrect as this type of payment term is common in low income areas and is based on the patient's ability to pay.

QUESTION NO: 147 As a healthcare information technologist, one of your primary duties is to ensure that all X-rays and CT scan are incorporated into all patient's electronic health records. Which of the following duties are you responsible for? A. Device Capture B. Document Archiving C. Clinical Imaging D. Document Imaging

Answer: C Explanation: Clinical imaging refers to medical information that is obtained by the use of photographs or other medical imaging devices that need to be a part of the patient's permanent medical record. Answer: A is incorrect. Device capture is incorrect as this is the act of transmitting medical information directly from a medical device such as electrocardiogram. Answer: B is incorrect. Document archiving is the act of ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. Answer: D is incorrect. Document imaging is incorrect as this action involves involves prepping, scanning, indexing and performing quality control on paper documents that are entered into a computerized system.

QUESTION NO: 420 You are a healthcare IT technician. You are afraid of data on your screen being seen by passersby. Which of the following will you install on your computer to protect your data? A. A keyfob B. A smart card C. A computer privacy screen D. A biometrics device

Answer: C Explanation: Computer privacy screens are screens to enhance data security. They add security by ensuring that the data on the computer screen (monitor) is visible only to the computer user who is sitting directly in front of the computer. Other angles that are not in direct view of the screen are distorted or blacked out completely. Computer privacy screens are also called computer privacy filters. Answer: A, B, and D are incorrect. These devices are used for authentication.

QUESTION NO: 111 Which of the following defines the amount of time a project should take to complete? A. PERT Diagram B. Gantt Chart C. Critical Path C. Venn Diagram

Answer: C Explanation: Critical path is a tool used to indicate the overall time frame a project should take to complete. Answer: D is incorrect. Venn Diagram is incorrect as this diagram is diagram used in mathematics that are used to show all possible logical relations between a finite collection of sets. Answer: A is incorrect. PERT diagram is incorrect as this is a diagram which represent the steps or component parts of a project as circles connected by lines to indicated the sequence of events. Answer: B is incorrect. Gantt Chart is incorrect as this is a table that contains horizontal time lines and vertical indicators of project components, with bars indicating when and by whom tasks are to be completed.

QUESTION NO: 449 Which of the following serial bus specifications is also known as Firewire? A. DIN B. IEEE 1284 C. IEEE 1394 D. RS-232

Answer: C Explanation: IEEE 1394 is a high-speed serial bus that provides enhanced PC connectivity for a wide range of devices. These devices include consumer audiovisual components, traditional PC storage devices, and handheld devices. IEEE 1394 is also known as Firewire. Answer: A is incorrect. DIN is a type of connector that is used in standard 101-key IBM-style keyboards. Answer: D is incorrect. RS-232 standard is a specification for serial communication ports, also known as COM ports, serial ports, or RS-232 ports, and is used to connect RS-232 compatible serial devices, such as modems and pointing devices to a computer. Answer: B is incorrect. Institute of Electrical and Electronics Engineers (IEEE) 1284 is a specification of a printer cable used to take advantage of bi-directional printing. Typically, bi-directional cables have the number 1284 printed on them.

QUESTION NO: 273 Jane works as a Consumer Support Technician. She is assisting Bob, a small business owner, to set up a network with five Windows Vista-based computers. She wants to easily add new computers to the network and dynamically assign IP addresses. Jane assists Bob to use a network router in his office. Which of the following network features will help Jane accomplish the task? A. DNS B. PING C. DHCP D. IPCONFIG

Answer: C Explanation: DHCP Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard used to dynamically assign IP addresses to computers, so that they can communicate with other network services. It reduces the complexity of managing network client IP address configuration. A DHCP server configures DHCP-enabled client computers on the network. It runs on servers only. It also provides integration with the Active Directory directory service. Answer: A is incorrect. Domain Name System (DNS) is a hierarchical naming system used for locating domain names on private TCP/IP networks and the Internet. It provides a service for mapping DNS domain names to IP addresses and vice versa. Answer: B is incorrect. PING is a command-line utility used to test connectivity with a host on a TCP/IP-based network. This is achieved by sending out a series of packets to a specified destination host. On receiving the packets, the destination host responds with a series of replies. These replies can be used to determine whether or not the network is working properly. Answer: D is incorrect. IPCONFIG is a command-line utility that displays the current TCP/IP configuration, such as IP address, subnet mask, default gateway etc., of a networked computer. It refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Users can run IPCONFIG from the command prompt whenever they need to know the status of a computer's TCP/IP configuration.

QUESTION NO: 26 Which of the following would refer to the handling and storage of a patients CT scan? A. EMTALA B. Health Level 7 C. DICOM D. HIPPA

QUESTION NO: 368 As a member of the healthcare IT team, you are asked to send a patient's MRI exam from the MRI department to a PACS system for permanent archival. Which of the following would you depend on for transmission of these images? A. EMTALA B. HIPPA C. DICOM D. Health Level 7

Answer: C Explanation: DICOM, short for Digital Imaging and Communications in Medicine, refers to the standard of handling, storing, printing and transmitting information in medical imaging. Answer: D is incorrect. Health Level 7 is incorrect as this is a is an international community of healthcare subject matter experts and information scientists collaborating to create standards for the exchange, management and integration of electronic healthcare information. HL7 promotes the use of such informatics standards within and among healthcare organizations to increase the effectiveness and efficiency of healthcare information delivery for the benefit of all.

QUESTION NO: 44 Which of the following techniques includes grinding and shredding of documents by physically breaking CD-ROMs? A. Degaussing B. Data Loss Prevention C. Destruction D. Record retention

Answer: C Explanation: Destruction of data storage medium is considered as the most convinced way for responding the data remanence. However, this process is time-consuming and difficult to manage. Some specific destruction techniques are as follows: Grinding and shredding Incinerating Phase transition Application of corrosive chemicals Raising the temperature of media above the Curie point Application of extremely high voltage for electric volatile and non-volatile storage mediums Answer: A is incorrect. Degaussing is a process in which the magnetic field of a disk or drive is removed. When degaussing occurs on a magnetic media, it removes an entire media element quickly and effectively. A device has been designed for this process, called the degausser. Degaussing makes the disk or drive inoperable by performing low-level formatting. It is only done at the factory during manufacturing. To make the drive or disk functional, return it to the manufacturer for servicing. A degaussed disk can generally be reformatted and reused with standard consumer hardware. Answer: D is incorrect. Record retention refers to a time period that is required for maintaining a record in order to meet the goals and fulfill legal and administrative requirements of the university and external agencies. Answer: B is incorrect. Data Loss Prevention (DLP) is a technology that reduces the risk of data loss even when the data is in use, in motion, or at rest. It identifies, monitors, and protects data through deep content inspection, contextual security analysis of transaction, and with a centralized management framework. DLP detects and prevents the unauthorized use and transmission of confidential information.

QUESTION NO: 55 Which of the following methods backs up all changes made since the last full or normal backup? A. Incremental backup B. Full backup C. Differential backup D. Half backup

Answer: C Explanation: Differential backup backs up files that are created or changed since the last full backup. It requires minimum space to backup data. Differential backup requires only the last full backup tape and the last differential backup tape to restore data. It is faster as compared to full backup. Differential backup contains all files that were changed since the last Full backup. The advantage of a differential backup over an incremental backup is that it shortens the restore time. Answer: B is incorrect. Full backup backs up the entire database including the transaction log. Taking a full backup daily is impractical, as it is time consuming. Instead, a well-defined backup strategy should be implemented as a weekly full backup and a daily differential backup. Answer: A is incorrect. Incremental backup backs up files that are created or changed since the last full or incremental backup. Incremental backup provides a faster method of backing up data than most other backup methods. Restoring data from an incremental backup requires the last full backup and all subsequent incremental backups. Incremental backups must be restored in the same order as they were created. If any incremental backup in the incremental backup set is damaged or becomes corrupt, the data backed up after corruption cannot be restored. Answer: D is incorrect. There is no such backup method as half backup.

QUESTION NO: 220 Which of the following refers to a conversation between patient and physician that encompasses the medical procedure being performed, the reason the procedure is being performed, the benefits of the procedure being performed and the risks of the procedure being performed? A. Patient's Bill of Rights B. Safe Medical Device Act C. Informed Consent D. HIPPA

Answer: C Explanation: Informed consent is classically defined as the consent of patient to undergo a medical procedure or participate in a clinical trial after achieving an understanding of the medical fact and risks involved. Answer: D is incorrect. HIPPA is as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 266 Which of the following methods ONLY backs up all changes made since the last full or normal backup? A. Half backup B. Incremental backup C. Differential backup D. Full backup

Answer: C Explanation: Differential backup only backs up files that are created or changed since the last full backup. It requires minimum space to backup data. Differential backup requires only the last full backup tape and the last differential backup tape to restore data. It is faster as compared to full backup. Differential backup contains all files that were changed since the last Full backup. The advantage of a differential backup over an incremental backup is that it shortens the restore time. Answer: A is incorrect. Full backup backs up the entire database including the transaction log. Taking a full backup daily is impractical, as it is time consuming. Instead, a well-defined backup strategy should be implemented as a weekly full backup and a daily differential backup. Answer: B is incorrect. Incremental backup backs up files that are created or changed since the last full or incremental backup. Incremental backup provides a faster method of backing up data than most other backup methods. Restoring data from an incremental backup requires the last full backup and all subsequent incremental backups. Incremental backups must be restored in the same order as they were created. If any incremental backup in the incremental backup set is damaged or becomes corrupt, the data backed up after corruption cannot be restored. Answer: D is incorrect. There is no such backup method as half backup.

QUESTION NO: 101 You work as a Network Administrator for McNeil Inc. The company has a TCP-based network. You want to connect a new client computer to the network. You have configured the computer for receiving IP address automatically. Which of the following services is required to be running on the network? A. DNS B. WINS C. DHCP D. DHCP Relay Agent

Answer: C Explanation: Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard used to dynamically assign IP addresses to computers, so that they can communicate with other network services. It reduces the complexity of managing network client IP address configuration. A DHCP server configures DHCP-enabled client computers on the network. It runs on servers only. It also provides integration with the Active Directory directory service. Answer: A is incorrect. Domain Name System (DNS) is a hierarchical naming system used for locating domain names on private TCP/IP networks and the Internet. It provides a service for mapping DNS domain names to IP addresses and vice versa. DNS enables users to use friendly names to locate computers and other resources on an IP network. TCP/IP uses IP addresses to locate and connect to hosts, but for users, it is easier to use names instead of IP address to locate or connect to a site. For example, users will be more comfortable in using the host name www.company.com rather than using its IP address 66.111.64.227. Answer: B is incorrect. Windows Internet Name Service (WINS) is a name resolution service that registers and resolves NetBIOS names to IP addresses used on the network. WINS is a Microsoft standard and is used only on networks comprising Windows hosts. Answer: D is incorrect. DHCP Relay Agent is used in a routed network to communicate with the DHCP server on the other segment. The relay agent relays Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) message traffic between the DHCP-enabled clients on a local physical network and a remote DHCP server located on another physical network. The DHCP Relay Agent takes DHCP messages from DHCP clients and forwards them to the IP address of DHCP servers. The responses from the DHCP servers are sent to the IP address of the DHCP Relay Agent, which then forwards them to the DHCP client.

QUESTION NO: 356 As a healthcare information technologist, there are standards in which you must abide by for managing and integrating electronic healthcare information. Which of the following is responsible for instituting those standards? A. HIPPA B. EMTALA C. Health Level 7 D. DICOM

Answer: C Explanation: Health Level 7 (HL7) is an international community of healthcare subject matter experts and information scientists collaborating to create standards for the exchange, management and integration of electronic healthcare information. HL7 promotes the use of such informatics standards within and among healthcare organizations to increase the effectiveness and efficiency of healthcare information delivery for the benefit of all. Answer: D is incorrect. DICOM is incorrect as this term, short for Digital Imaging and Communications in Medicine, refers to the standard of handling, storing, printing and transmitting information in medical imaging. Answer: B is incorrect. EMTALA is incorrect as this legislation legally obligates health care facilities to provide emergent care regardless of citizenship, legal status or ability to pay. Answer: A is incorrect. HIPPA is incorrect as this is the legislation designed to insure the privacy and security of personal health information.

QUESTION NO: 476 Which of the following types of health insurance offers healthcare services for a prepaid, fixed amount of reimbursement? A. Point of Service B. Indemnity Plan C. HMO D. PPO

Answer: C Explanation: Health Maintenance Organization (HMO) offers healthcare services for a prepaid fixed amount of reimbursement. In an HMO, providers and subscribers voluntarily enroll and the HMO assumes responsibility and financial risks. Answer: B is incorrect. Indemnity plan is incorrect as this type of plan allows you to visit any doctor, any hospital and direct your own care. Answer: D is incorrect. PPO or preferred provider organization is a network of physicians or healthcare organizations that provide healthcare at a discounted rate in return for higher patient volume. Answer: A is incorrect. Point of Service (POS) is an agreement where a patient is permitted to choose a provider each time healthcare service is required.

QUESTION NO: 325 As part of a privacy and security training program, the hospital staff are given a series of documents to look over and become familiar with. These documents are important for HIPAA regulation and for preventing unauthorized use and disclosure of PHI. Many patients are given one or more of these documents to sign or look over when they are first treated at a healthcare facility. Which of these is a HIPAA required document to be given to all patients? A. Subpoena ducus tecum B. Release of Information C. Notice of Privacy Practices D. Notice of Billing Practices

Answer: C Explanation: Healthcare providers must, unless in an emergency treatment situation, distribute a Notice of Privacy Practices. The notice must describe the ways in which the covered entity may use and disclose PHI. The notice must state the covered entity's duties to protect privacy, and. describe individuals' rights, including the right to complain to HHS and to the covered entity if they believe their privacy rights have been violated. The notice must include a point of contact for further information and for making complaints to the covered entity. Also, the facility must obtain an acknowledgement from the patient that they received the notice of privacy practices, and have that acknowledgement on record. Answer: D is incorrect. Although many facilities do give notices of billing practices or insurance responsibility practices to their patients, this is not a required document according to HIPAA Privacy or Security Rules. Answer: A is incorrect. A subpoena ducus tecum is a notice to appear in court with certain specified documents to provide evidence during a lawsuit. It is not a required document in HIPAA regulation and would not be a document given to a patient. Answer: B is incorrect. A request for Release of Information is an important document for controlling access to PHI, but it is not a document that is required to be given to patients by HIPAA. Having a clear Release of information (ROI) policy and documentation is very important, but an ROI document is often not given to patients, but to other entities request access to information that requires patient and facility authorization.

QUESTION NO: 457 While installing a printer in a newly remodeled office at a large physician's practice, you consider what the best placement for the printer might be in order to protect patient's health information. Which of the following is a good guideline for printer/fax/copier policy? A. PHI should never be printed on a shared or networked printer. B. PHI in hardcopy form should be disposed of as soon as possible. C. Printers and copiers used for printing of PHI should be in a secure, non-public location. If the equipment is in a public location, the information being printed or copied is required to be strictly monitored. D. Physical access to the printer should be restricted only to providers.

Answer: C Explanation: Ideally, printers, faxes and copiers in a healthcare facility should only be placed in secure, non-public locations. However, there are some high traffic areas where healthcare personnel interact with the publiA, C printer may be required for receipts, patient instructions and other documentation. A printer in this location should be strictly monitored, any hardcopies should be picked up promptly and given to the correct recipient, filed or disposed of as needed. Answer: D is incorrect. Many employees require access to printers, faxes and copiers, and access cannot be limited to one type of employee. There are many employees that will need access to PHI to carry out the functions of a healthcare facility, not just for treatment, but for the business operations of the facility. Printing access must be managed wisely and monitored closely to protect PHI, but this kind of extreme restriction would not allow the facility to function properly. Answer: A is incorrect. Many facilities have multiple workstations and mobile devices connected to a shared printer. Although extra care needs to be exercised both in the network security of the printer as well as the physical security of hardcopy documents printed out, it is possible to protect PHI and still use a shared printer. Often, one individual in physical proximity to the shared printer is assigned responsibility for the security of the hardcopy printouts and that they are promptly picked up so that no PHI exposure is risked. Answer: B is incorrect. Destroying hardcopies as a means of protecting PHI may actually cause some information to be lost. It is important to always observe the policies of record retention and disposal that the healthcare organization has set up in order to make sure that key information is properly filed and eventually disposed of in an approved manner.

QUESTION NO: 300 You are responsible for ensuring that all X-rays, CT scans and MRI exams become part of a patient's permanent electronic health record. Which of the following types of data are you responsible for? A. Voice B. Numbers C. Images D. Signals

Answer: C Explanation: Image data is a type of data that may be found in a patient's electronic health record. Examples of image data would include images obtained from x-rays, CT scans ,MRI exams and Nuclear Medicine exams. This data type is normally represented by x-rays or document images themselves, the interpretation of radiology images are considered voice data. Answer: B is incorrect. Numbers is incorrect as this data types usually is represented by ICD-9 codes, blood pressure readings and temperature readings Answer: D is incorrect. Signals is incorrect as this data type is normally represented by EEG tracings or EKG tracings. Answer: A is incorrect. Voice is incorrect as this type of data would include stored dictations of radiology images from interpreting radiologist, or any other dictated evaluation. Topic 4, Volume D

QUESTION NO: 40 In medical terminology, the suffix -osis is used to describe which of the following? A. Opening B. Study of C. Disease D. Inflammation

Answer: C Explanation: In medical terminology, any word that end in the suffix -osis refers to a disease process of a particular area. Examples, diverticulosis is disease of the diverticulum, tuberculosis is a disease process of the tubercles of the lungs and leukocytosis is a disease process of the white blood cells. Answer: D is incorrect. inflammation is incorrect as any medical term referring to inflammation ends with the suffix -itis. Answer: A is incorrect. Opening is incorrect as any medical condition that refers to opening ends with the suffix -otomy, example thoracotomy means an opening was made in the thorax. Answer: B is incorrect. Study of is incorrect as any term referring to the study of anything end with the suffix -ology, example Radiology is the study of radiation, cardiology is the study of the heart.

QUESTION NO: 32 Throughout your medical history you were diagnosed with arthritis in your lumbar spine. The term arthritis is defined as? A. Study of joints B. Surgical Incision of a joint C. Inflammation of a joint D. Disease of a joint

Answer: C Explanation: In medical terminology, any word that ends with the suffix -itis refers to an inflammatory condition. Examples are arthritis means inflammation of a joint, laryngitis means inflammation of the larynx, and gastritis means inflammation of the stomach or stomach lining. Answer: D is incorrect. Disease is incorrect as any condition that refers to a disease process is accompanied by the suffix -osis, example diverticulosis is as disease of the diverticulum. Answer: A is incorrect. Study of is incorrect as any term referring to the study of anything end with the suffix -ology, example Radiology is the study of radiation, cardiology is the study of the heart. Answer: B is incorrect. Surgical Opening is incorrect as any medical condition that refers to opening ends with the suffix -otomy, example thoracotomy means an opening was made in the thorax.

QUESTION NO: 523 In medical terminology, the suffix -ology is used to describe which of the following? A. Disease B. Inflammation C. Study of D. Opening

Answer: C Explanation: In medical terminology, any word that ends with the suffix -ology refers to the study of a particular process. Examples, Cardiology is the study of the heart, Oncology is the study of tumors, and Pulmonology is the study of the lungs. Answer: B is incorrect. inflammation is incorrect as any medical term referring to inflammation ends with the suffix -itis. Answer: A is incorrect. Disease is incorrect as any condition that refers to a disease process is accompanied by the suffix -osis, example diverticulosis is as disease of the diverticulum. Answer: D is incorrect. Opening is incorrect as any medical condition that refers to opening ends with the suffix -otomy, example thoracotomy means an opening was made in the thorax.

QUESTION NO: 156 You are suffering from an abdominal disorder in which your physician feels requires a colostomy. A colostomy is defined as? A. Study of the colon B. Disease of the colon C. To cut into the colon D. Inflammation of the colon

Answer: C Explanation: In medical terminology, any word that ends with the suffix -otomy means to cut into a particular area. Examples are thoracotomy which means an opening was made in the thorax or chest area, Craniotomy which means an opening was created in the head. Answer: B is incorrect. Disease is incorrect as any condition that refers to a disease process is accompanied by the suffix -osis, example diverticulosis is as disease of the diverticulum. Answer: D is incorrect. inflammation is incorrect as any medical term referring to inflammation ends with the suffix -itis. Answer: A is incorrect. Study of is incorrect as any term referring to the study of anything end with the suffix -ology, example Radiology is the study of radiation, cardiology is the study of the heart.

QUESTION NO: 375 You are asked to make sure all computers and printers within your facility communicate properly. This type of communication is an example of which of the following? A. Hierarchal Model B. WAN Technology C. LAN Technology D. Network Model

Answer: C Explanation: LAN technology, or local area network technology, refers to communication devices in a small geographic area such as PC and printer or PC and PC within a facility. Answer: A is incorrect. Hierarchal Model is incorrect as this is a database model, not a mode of communication, that uses the format of a typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces. Answer: D is incorrect. Network model is incorrect as this is a database model, not a mode of communication, that is designed to allow the child to have more than one parent. This model is often referred to as the many to many model. Answer: B is incorrect. WAN technology is incorrect as this allows for communication among a large geographic environment such as two or more LANs connected via a telephone system or satellite.

QUESTION NO: 274 Which of the following protocols implements VPN using IPSec? A. SLIP B. PPTP C. L2TP D. PPP

QUESTION NO: 421 Which of the following protocols provides certificate-based authentication for virtual private networks (VPNs)? A. HTTPS B. SMTP C. L2TP D. PPTP

Answer: C Explanation: Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication. It allows the transfer of Point-to-Point Protocol (PPP) traffic between different networks. L2TP combines with IPSec to provide tunneling and security for Internet Protocol (IP), Internetwork Packet Exchange (IPX), and other protocol packets across IP networks. It provides certificate-based authentication for virtual private networks (VPNs). Answer: D is incorrect. Point-to-Point Tunneling Protocol (PPTP) is a remote access protocol. It is an extension of the Point-to-Point Protocol (PPP). PPTP is used to securely connect to a private network by a remote client using a public data network such as the Internet. Virtual private networks (VPNs) use the tunneling protocol to enable remote users to access corporate networks securely across the Internet. PPTP supports encapsulation of encrypted packets in secure wrappers that can be transmitted over a TCP/IP connection. Answer: A, B are incorrect. The HTTPS and SMTP protocols are not used in virtual private networks (VPNs).

QUESTION NO: 134 Which of the following can be implemented to help prevent unauthorized users from connecting their computers to the company's wireless access point? A. Enable SSID broadcast B. Use DHCP for assigning an IP address on the network C. MAC addresses filtering D. Configure IP v6 on the network

Answer: C Explanation: MAC address filtering can be implemented to help prevent unauthorized users from connecting their computers to the company's wireless access point. MAC address filtering is a security method that enables a device to allow only certain MAC addresses to access a network. It can be configured on a Wireless Access Point (WAP) to allow only certain system MAC addresses to communicate with the rest of the network. MAC address filtering can be performed using either of the two policies. exclude all by default, then allow only listed clients; or include all by default, then exclude listed clients. MAC filtering can also be used on a wireless network to prevent certain network devices from accessing the wireless network. MAC addresses are allocated only to hardware devices, not to persons. Answer: B is incorrect. Using DHCP for assigning an IP address will not help prevent unauthorized users from connecting their computers to the company's wireless access point. Answer: D is incorrect. Configuring IP v6 on the network will not help prevent unauthorized users from connecting their computers to the company's wireless access point. Answer: A is incorrect. Enabling SSID broadcast will increase security risk.

QUESTION NO: 239 You are a healthcare IT technician. Your have bought a new laptop but you cannot log on to your wireless router. You verify the wireless NIC is working,you can see the wireless routers network, and you verify that you are using the correct username and password. What is the most likely cause of this problem? A. The router has a virus. B. The router has maximum connections now. C. MAC filtering is enabled. D. Your new laptop is not compatible with the router.

Answer: C Explanation: MAC filtering is probably enabled and the MAC address for your new laptop is not entered.

QUESTION NO: 103 You are employed at a facility with extremely tight quarters, employs one file clerk and sees very few patients on a daily basis. Which of the following type of file systems would be appropriate for your facility? A. Compressible Units with Open Files B. Open Shelf Files C. Motorized Revolving Files D. Filing Cabinets with Drawers

Answer: C Explanation: Motorized revolving files is best for limited space, low volume facilities with one file clerk. This option allows for patient records to be covered and locked but is expensive to acquire and maintain. Answer: A is incorrect. Compressible units with open files is best for limited space, medium volume facilities with two or three file clerks. This method allows for easy access and saves space. Answer: D is incorrect. Filing cabinets with drawers is incorrect as this method for small, low volume facilities is filing cabinets with drawers. This type of filing allows for patient records to be locked, fireproofed and protected from the environment, however, this method required significant space. Answer: B is incorrect. Open shelf files is incorrect as this method is best for high volume facilities with multiple filing staff to provide security. This option also requires significant floor space.

QUESTION NO: 108 Which of the following types of health insurance allows the patient to choose a provider each time healthcare service is required? A. PPO B. HMO C. Point of Service D. Indemnity Plan

Answer: C Explanation: Point of Service (POS) is an agreement where a patient is permitted to choose a provider each time healthcare service is required. Answer: D is incorrect. Indemnity plan is incorrect as this type of plan allows you to visit any doctor, any hospital and direct your own care. Answer: B is incorrect. HMO is incorrect as this offers healthcare services for a prepaid fixed amount of reimbursement. In an HMO, providers and subscribers voluntarily enroll and the HMO assumes responsibility and financial risks. Answer: A is incorrect. PPO is incorrect as this is a network of physicians or healthcare organizations that provide healthcare at a discounted rate in return for higher patient volume.

QUESTION NO: 268 You are installing a new workstation within the hospital. What initial software setup needs to be implemented and double-checked to make sure that non-authorized users do not have access into the system? Other than initial login access, what other software safeguards could be put in place to prevent unauthorized access? A. Antispam software B. Antivirus Software C. Password protected Screensaver D. Firewalls

Answer: C Explanation: One of the technical safeguards mandated by the HIPAA Security Rule is the requirement for an "automatic log-off". There are several ways that this can be accomplished, including a time-out after a period of inactivity, or a password-protected screensaver which engages after a brief idle-time on a workstation. Answer: B is incorrect. Although recommended to maintain the integrity of the facilities network security, antivirus software is not mandated to prevent unauthorized access to a workstation. Answer: D is incorrect. Firewalls are a key part of network security when a system is connected to the internet, but they do not directly help prevent unauthorized access to a given workstation. Answer: A is incorrect. Antispam software is useful, but is usually part of the email server rather than access control.

QUESTION NO: 37 You are employed at a large facility that employs several file clerks and sees numerous patients on a daily basis. Which of the following types of file systems would be appropriate for this type of facility? A. Motorized Revolving Files B. Filing Cabinets with Drawers C. Open Shelf Files D. Compressible Units with Open Files

Answer: C Explanation: Open shelf files is best for high volume facilities with multiple filing staff to provide security. This method allows for easy access albeit less secure and requires significant space. Answer: D is incorrect. Compressible units with open files is best for limited space, medium volume facilities with two or three file clerks. This method allows for easy access and saves space. Answer: B is incorrect. Filing cabinets with drawers is incorrect as this method for small, low volume facilities is filing cabinets with drawers. This type of filing allows for patient records to be locked, fireproofed and protected from the environment, however, this method required significant space. Answer: A is incorrect. Motorized revolving files is best for limited space, low volume facilities with one file clerk. This option allows for patient records to be covered and locked but is expensive to acquire and maintain.

QUESTION NO: 209 Which of the following types of health insurance refers to a network of physicians and healthcare organizations who provide medical services at a discounted rate in return for higher patient volume? A. Point of Service B. HMO C. PPO D. Indemnity Plan

Answer: C Explanation: PPO or Preferred Provider Organization is a network of physicians or healthcare organizations that provide healthcare at a discounted rate in return for higher patient volume. Answer: D is incorrect. Indemnity plan is incorrect as this type of plan allows you to visit any doctor, any hospital and direct your own care. Answer: B is incorrect. HMO is incorrect as this offers healthcare services for a prepaid fixed amount of reimbursement. In an HMO, providers and subscribers voluntarily enroll and the HMO assumes responsibility and financial risks. Answer: A is incorrect. Point of Service (POS) is an agreement where a patient is permitted to choose a provider each time healthcare service is required.

QUESTION NO: 348 An 80 year old man is dissatisfied with several aspects of his hospital stay, which of the following pieces of legislation allows him to file a formal complaint? A. EMTALA B. MIPPA C. Patient Bill of Rights D. HIPPA

Answer: C Explanation: Patient Bill of Rights is correct as this legislation requires health care providers inform all patients of their rights as patients receiving medical treatment. There are eight rights every patient has as a recipient of medical care and one of those rights is the ability to file a complaint against the health plan, physician, hospitals and other health care personnel. Answer: B is incorrect. MIPPA is as this as this legislation is designed used to adjust Medicare reimbursement to certain facilities. Answer: A is incorrect. EMTALA is as this legislation legally obligates health care facilities to provide emergent care regardless of citizenship, legal status or ability to pay Answer: D is incorrect. HIPPA is as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 194 Which of the following is the branch of medicine dealing with the medical care of infants, children, and adolescents? A. Gynecology B. Pedology C. Pediatrics D. Dermatology

Answer: C Explanation: Pediatrics is the branch of medicine dealing with the medical care of infants, children, and adolescents. The word "pediatrics" has been derived from the Greek word "pais" meaning child. A medical professional who specializes in this area is called a pediatrician. Answer: B is incorrect. Pedology is the study of soils in their natural environment Answer: A is incorrect. Gynecology deals with the health of the female reproductive system. Answer: D is incorrect. Dermatology deals with diseases related to the skin, or epidermal cells for both medical and surgical aspects. Some cosmetic problems of the skin, scalp, hair, and nails are included in the field of dermatology.

QUESTION NO: 193 Which of the following types of attacks entices a user to disclose personal information such as social security number, bank account details, or credit card number? A. Replay attack B. Password guessing attack C. Phishing D. Spoofing

Answer: C Explanation: Phishing is a type of scam that entices a user to disclose personal information such as social security number, bank account details, or credit card number. An example of phishing attack is a fraudulent e-mail that appears to come from a user's bank asking to change his online banking password. When the user clicks the link available on the e-mail, it directs him to a phishing site which replicates the original bank site. The phishing site lures the user to provide his personal information. Answer: D is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, etc. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected. Answer: A is incorrect. A replay attack is a type of attack in which attackers capture packets containing passwords or digital signatures whenever packets pass between two hosts on a network. In an attempt to obtain an authenticated connection, the attackers then resend the captured packet to the system. In this type of attack, the attacker does not know the actual password, but can simply replay the captured packet. Answer: B is incorrect. A password guessing attack occurs when an unauthorized user tries to log on repeatedly to a computer or network by guessing usernames and passwords. Many password guessing programs that attempt to break passwords are available on the Internet. Following are the types of password guessing attacks: Brute force attack Dictionary attack

QUESTION NO: 59 Which of the following is NOT a secure way of disposal of media having PHI data? A. Degaussing B. Shredding C. Piercing D. Sanitizing

Answer: C Explanation: Piercing media is not a secure way of disposal of media having PHI. When storage media are transferred, become obsolete, or are no longer usable or required by an information system, it is important to ensure that residual magnetic, optical, electrical, or other representation of data that has been deleted is not easily recoverable. Answer: A, B, D are incorrect. Shredding, degaussing, and sanitizing are secure way of disposal of media having PHI data.

QUESTION NO: 56 You have the right choose not to have your medical information disclosed to your parents or other family members. Which of the following defines this right? A. Confidentiality B. Data Security C. Privacy D. Conformity

Answer: C Explanation: Privacy is defined as the individual's right to control disclosure of his or her personal information. Answer: A is incorrect. Confidentiality is incorrect as this is defined as the legal and ethical obligation of health care professionals to meet the expectation of privacy from patients. Answer: D is incorrect. Conformity is defined as an individual adapting their behaviors, thoughts and attitudes to match what is perceived as normal by society. This answer choice is simply meant as a distractor. Answer: B is incorrect. Data security is incorrect as this is defined as technical and procedural methods to control and manage confidential information.

QUESTION NO: 452 Which of the following is defined as the patient's right to control disclosure of his or her personal information? A. Confidentiality B. Conformity C. Privacy D. Data Security

Answer: C Explanation: Privacy is defined as the individual's right to control disclosure of his or her personal information. Answer: A is incorrect. Confidentiality is incorrect as this is defined as the legal and ethical obligation of health care professionals to meet the expectation of privacy from patients. Answer: D is incorrect. Data security is incorrect as this is defined as technical and procedural methods to control and manage confidential information. Answer: B is incorrect. Conformity is defined as an individual adapting their behaviors, thoughts and attitudes to match what are perceived as normal by society. This answer choice is simply meant as a distractor.

QUESTION NO: 31 Which of the following refers to an in depth, non-numerical description of the information contained in a patient's medical record? A. Master Patient Index B. Quantitative Analysis C. Qualitative Analysis D. Statistical Analysis

Answer: C Explanation: Qualitative Analysis of healthcare information is used to derive an in-depth, nonnumerical description of the information contained within a patient's medical record. A qualitative analysis does not contain any statistical analyses. Answer: B is incorrect. Quantitative analysis is incorrect as this refers to information contained within a patient's EHR being converted from words to numbers. The numbers of interest are then quantified and statistically analyzed. Answer: A is incorrect. Master Patient Index (MPI) is incorrect as this is a database that contains a unique index for every patient registered at a healthcare organization. Answer: D is incorrect. Statistical analysis is incorrect as this is the method used to analyze the data obtained from a quantitative analysis of a patient's EHR.

QUESTION NO: 114 When you are configuring a wireless access point, which of the following is broadcasted by default and should be disabled from the security point of view? A. Wireless Access Protocol (WAP) B. Multicast address C. Service Set Identifier (SSID) D. MAC address

Answer: C Explanation: Service Set Identifier (SSID) is broadcasted by default and should be disabled from the security point of view. SSID stands for Service Set Identifier. It is used to identify a wireless network. SSIDs are case sensitive text strings and have a maximum length of 32 characters. All wireless devices on a wireless network must have the same SSID in order to communicate with each other. A network administrator often uses a public SSID that is set on the access point. The access point broadcasts SSID to all wireless devices within its range. Some newer wireless access points have the ability to disable the automatic SSID broadcast feature in order to improve network security. Answer: D is incorrect. A Media Access Control (MAC) address is a numerical identifier that is unique for each network interface card (NIC). MAC addresses are 48-bit values expressed as twelve hexadecimal digits, usually divided into hyphen-separated pairs, for example, FF-00-F8-32-13-19. The MAC address consists of two parts. The first three pairs are collectively known as the Organizationally Unique Identifier (OUI). The remaining part is known as the device ID. The OUI is administered by IEEE. MAC addresses are also referred to as hardware addresses, Ethernet addresses, and universally administered addresses (UAAs). Answer: A is incorrect. The Wireless Access Protocol (WAP) is a technology used with wireless devices. The functionality of WAP is equivalent to that of TCP/IP. WAP uses a smaller version of HTML called Wireless Markup Language (WML) to display Internet sites. Answer: B is incorrect. A multicast address is a single address that refers to multiple network devices. It represents a group of devices on a segment. Membership of a group is dynamic, i.e., devices can join or leave the group as and when required. The Mac address format used by IP for multicasts is 0100.5exx.xxxx, where x is a valid value.

QUESTION NO: 230 Which of the following payment terms is based on the patient's ability to pay? A. Capitation B. Fee for Services C. Sliding Scale Fee D. Customary Charges

Answer: C Explanation: Sliding scale fee is a payment term which is common in low income areas and is based on the patient's ability to pay. Answer: B is incorrect. Fee for Services in incorrect as this term of payment is dependent on the cost of the provider to provide services such as lab tests, x-rays etc. Hospitals or other facilities receiving fee for service are paid for each individual service that is provided. Answer: D is incorrect. Customary charges is incorrect as this type of payment term is based on what is normally charged or what is reasonable for the service provided. Answer: A is incorrect. Capitation is incorrect as this payment term is a pre-paid amount based on a per-person or per-capita amount.

QUESTION NO: 51 Which of the following payment terms is based on the patient's ability to pay? A. Customary Charges B. Capitation C. Sliding Scale Fee D. Fee for Services

Answer: C Explanation: Sliding scale fee is a payment term which is common in low income areas and is based on the patient's ability to pay. Answer: D is incorrect. Fee for Services in incorrect as this term of payment is dependent on the cost of the provider to provide services such as lab tests, x-rays etc. Hospitals or other facilities receiving fee for service are paid for each individual service that is provided. Answer: A is incorrect. Customary charges is incorrect as this type of payment term is based on what is normally charged or what is reasonable for the service provided. Answer: B is incorrect. Capitation is incorrect as this payment term is a pre-paid amount based on a per-person or per-capita amount.

QUESTION NO: 74 You have the responsibility of insuring all patients medical records have the appropriate components and content. You must insure this by adhering to the guidelines set forth by which of the following publications? A. E1368 B. E1392 C. E1384 D. E1357

Answer: C Explanation: The E1384 publication of the American Society of Testing and Materials (ASTM) lists the components and content of the patient's medical record and includes definitions that conform to standard nomenclature. Answer: D is incorrect. The E1384 publication of the American Society of Testing and Materials (ASTM) lists the components and content of the patient's medical record and includes definitions that conform to standard nomenclature. Answer: A is incorrect. The E1384 publication of the American Society of Testing and Materials (ASTM) lists the components and content of the patient's medical record and includes definitions that conform to standard nomenclature. Answer: B is incorrect. The E1384 publication of the American Society of Testing and Materials (ASTM) lists the components and content of the patient's medical record and includes definitions that conform to standard nomenclature.

QUESTION NO: 85 Which of the following programs can collect various types of personal information, such as Internet surfing habits, and Web sites that the user has visited? A. Honeypot B. Malware C. Spyware D. Worm

Answer: C Explanation: Spyware is a program that takes partial control over a user's computer without user's permission. Spyware programs can collect various types of personal information, such as Internet surfing habits, and Web sites that the user has visited. Spyware programs can also interfere with the control of a user's computer, such as installing additional software, redirecting Web browser activities, accessing Web sites blindly, etc. Answer: A is incorrect. A honeypot is a term in computer terminology used for a trap that is set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, and monitored, and which seems to contain information or a resource of value to attackers. Answer: B is incorrect. The term malware refers to malicious software, which is a broad class of malicious viruses, including spyware. Malware is designed to infiltrate or damage a computer without the consent of the owner. Answer: D is incorrect. A worm is a software program that uses computer networks and security holes to replicate itself from one computer to another. It usually performs malicious actions, such as using the resources of computers as well as shutting down computers.

QUESTION NO: 498 David, the Network Administrator for Portal Software Inc., is configuring his network for Internet connectivity. Which protocol should he use? A. IPX/SPX B. NWLink C. TCP/IP D. NetBEUI

Answer: C Explanation: TCP/IP is a very clean and efficient suite of standard protocols that governs how data passes between networks. It can be used on, both, local and wide-area networks (WANs), to provide communication between all the basic operating systems on the network. It is considered the primary protocol of the Internet and the World Wide Web. NetBEUI is a non-routed, broadcast-based protocol. The master browser on TCP/IP networks cannot see, or display, computers that use NetBEUI to communicate with the network in the network browser list. NetBEUI was used as a legacy protocol for networking between Windows 3.1 and MS-DOS clients.IPX/SPX is Novell's primary network protocol, used for the interchange of files between NetWare and other networking clients. Although it has many positive features to its credit, such as that it is easy to install and is dynamic in that it requires no configuration changes for either mobile or relocated network nodes; it is not considered a good protocol for use on WANs. This is because it relies on network-wide broadcasts, which makes overhead unreasonably high for effective WAN implementations. Hence it is not considered an Internet protocol.Microsoft developed NWLink, it is an IPX/SPX-compatible protocol, and again is not the choice for Internet. Reference. TechNet, Contents. Chapter 5 -Network Services. Enterprise Level

QUESTION NO: 12 Which of the following traces and reports each router or gateway crossed by a TCP/IP packet on its way to the remote host? A. Helix B. PATHPING C. TRACERT D. Netstat

Answer: C Explanation: TRACERT utility is used to trace the path taken by TCP/IP packets to a remote computer. It traces and reports each router or gateway crossed by a TCP/IP packet on its way to the remote host. The TRACERT utility can be used with the target computer's name or IP address. It is used to detect and resolve network connection problems. Answer: B is incorrect. PATHPING is a command-line utility that pings each hop along the route for a set period of time and shows the delay and packet loss along with the tracing functionality of TRACERT, which helps determine a weak link in the path.

QUESTION NO: 58 Which of the following is used as a default port by the TELNET utility? A. 21 B. 20 C. 23 D. 80

Answer: C Explanation: Telnet is a command-line connectivity tool that starts terminal emulation with a remote host running the Telnet server service. Telnet allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The Telnet utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software to access files. It uses TCP port 23 by default. Answer: A, B are incorrect. By default, FTP server uses TCP port 20 for data transfer and TCP port 21 for session control. Answer: D is incorrect. Hypertext Transfer Protocol (HTTP) uses TCP port 80 as a default port.

QUESTION NO: 97 Which of the following data types encompassed in a patient's EHR would include discharge summaries? A. Images B. Numbers C. Text D. Signals

Answer: C Explanation: Text data is a type of data that may be found in a patient's electronic health record. Examples of text data is history and physical evaluations and discharge summaries. Answer: B is incorrect. Numbers is incorrect as this data types usually is represented by ICD-9 codes, blood pressure readings and temperature readings. Answer: A is incorrect. Images is incorrect as this data type is normally represented by x-rays or document images. Answer: D is incorrect. signals is incorrect as this data type is normally represented by EEG tracings or EKG tracings.

QUESTION NO: 394 Which of the following services resolves host name to IP Address? A. Computer Browser B. DHCP C. DNS D. WINS

Answer: C Explanation: The DNS service resolves host name to IP Address.A DNS server is a computer that runs the Domain Name System (DNS) service. It contains host name-to-IP address mappings, IP address-to-host name mappings, information about the domain tree structure, etc. A DNS server is also used to resolve DNS client queries. Answer: B is incorrect. Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard used to dynamically assign IP addresses to computers, so that they can communicate with other network services. It reduces the complexity of managing network client IP address configuration. A DHCP server configures DHCP-enabled client computers on the network. It runs on servers only. It also provides integration with the Active Directory directory service. Answer: D is incorrect. Windows Internet Name Service (WINS) is a name resolution service that registers and resolves NetBIOS names to IP addresses used on the network. WINS is a Microsoft standard and is used only on networks comprising Windows hosts. Answer: A is incorrect. The Computer Browser service is used by Windows-based computers on the network. Computers designated as browsers maintain an up-to-date list of computers and provide the list to applications when requested. When a user attempts to connect to a resource in the network, the Browser service is contacted to provide a list of available resources.

QUESTION NO: 310 You have a routine chest x-ray performed at your physician's office. Which of the following governing bodies is responsible for approving the x-ray unit to be used on humans? A. Occupational Safety and Health Administration B. The Joint Commission C. Food and Drug Administration D. Department of Health and Human Services

Answer: C Explanation: The Food and Drug Administration is responsible for protecting the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation, and by regulating the manufacture, marketing, and distribution of tobacco products. Answer: D is incorrect. Department of Health and Human Services is as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. Answer: A is incorrect. Occupational Safety and Health Administration (OSHA) is as the purpose of this agency is to ensure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: B is incorrect. The Joint Commission is as the purpose of this agency is to continuously improve health care for the public by evaluating health care organizations and inspiring them to excel in providing safe and effective care of the highest quality and value.

QUESTION NO: 184 You need a patient's medical information for a research project. Which type of medical information can you obtain without consent from the patient? A. Electronic Health Information B. Archived Health Information C. De-Identified Health Information D. Paper Health Information

Answer: C Explanation: The HIPAA act requires no restrictions on de-identified health information. De-identified health information refers to health records, x-rays, lab results or any part of the patients permanent health record in which pertinent information has been removed so the patient cannot be identified. Pertinent identifiers include patient's name, social security number, date of birth or address. De-identified health information is usually used for research and training purposes. Answer: B is incorrect. Archived Health Information is incorrect as any patient information stored on any media, compact disc, dvd, or video tape is protected by the HIPAA act. Answer: D is incorrect. Paper Health Information is incorrect as any patient information written on paper is covered by the HIPAA act. Paper health information includes the patient's chart, prescriptions and consent forms. Answer: A is incorrect. Electronic Health Information is incorrect as all patient records stored in any hospital computer is regulated by the HIPPA Act.

QUESTION NO: 192 John, a trainee, wants to know in detail about the IPCONFIG command on a Windows XP Professional computer. Which of the following commands should he use to display the help message of the IPCONFIG command? A. HELP /ipconfig B. IPCONFIG? /ip C. IPCONFIG /? D. HELP /configip

Answer: C Explanation: The IPCONFIG /? command is used to display the help information and other related commands and switches that can be used with the IPCONFIG command.

QUESTION NO: 405 The Joint Commission for the Accreditation of Healthcare Organizations requires a hospital medical record to be completed with what time frame after discharge? A. 14 days B. 7 days C. 30 days D. 24 hours

Answer: C Explanation: The Joint Commission for the Accreditation of Health Organizations requires a patient's medical record to be complete within a time period not to exceed 30 days. Answer: D is incorrect. The regulation stipulated by the Joint Commission for the Accreditation of Health Organizations requires a patient's medical record to be complete within a time period not to exceed 30 days. Answer: B is incorrect. The regulation stipulated by the Joint Commission for the Accreditation of Health Organizations requires a patient's medical record to be complete within a time period not to exceed 30 days. Answer: A is incorrect. The regulation stipulated by the Joint Commission for the Accreditation of Health Organizations requires a patient's medical record to be complete within a time period not to exceed 30 days.

QUESTION NO: 454 One of your job duties is to review all delinquent medical records. You are required by the Joint Commission for the Accreditation of Health Organizations to perform this task at least once per which of the following time frames? A. 30 days B. 60 days C. 90 days D. 120 days

Answer: C Explanation: The Joint Commission for the Accreditation of Health Organizations requires any health care facility to institute a review of all delinquent medical records to be performed at least once per 90 days. Answer: A is incorrect. The Joint Commission for the Accreditation of Health Organizations requires any health care facility to institute a review of all delinquent medical records to be performed at least once per 90 days. Answer: B is incorrect. The Joint Commission for the Accreditation of Health Organizations requires any health care facility to institute a review of all delinquent medical records to be performed at least once per 90 days. Answer: D is incorrect. The Joint Commission for the Accreditation of Health Organizations requires any health care facility to institute a review of all delinquent medical records to be performed at least once per 90 days.

QUESTION NO: 75 The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within what period of time for chronic care patients? A. 14 days B. 7 days C. 30 days D. 24 hours

Answer: C Explanation: The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 30 days for chronic care patients. Answer: D is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 30 days for chronic care patients. Answer: B is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 30 days for chronic care patients. Answer: A is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 30 days for chronic care patients.

QUESTION NO: 100 Your company is in charge of computer repairs in the billing office of an out-patient surgical facility. While on-site, you are asked by the billing staff, who you've known for five years, if you would like to help them sell some of the PHI to marketers for $10,000, but without telling the boss. They need your help to get the information out of the systems to sell to a marketing company owned by their friends. If you do the maximum penalty you could end up is A. 10 years in prison B. A $20,000 fine. C. 10 years in prison and $250,000 fine D. With a civil penalty of $100,000

Answer: C Explanation: You can receive both prison and a fine. Answer: D is incorrect.. This is a criminal offense. Most likely, since you have been there for five years, you would knowingly be violating HIPAA. Answer: A is incorrect. This is only part of what could happen. Answer: B is incorrect. The punishment is much more severe. Topic 2, Volume B

QUESTION NO: 49 Which of the following governing bodies uses the Health Plan Employer Data and Information Set (HEDIS) to measure and publish information about managed care plans for consumers and employers? A. Occupational Safety and Health Administration B. Department of Health and Human Services C. National Committee on Quality Assurance D. National Committee on Vital and Health Statistics

Answer: C Explanation: The National Committee on Quality Assurance (NCQA) is the governing body that uses the Health Plan Employer Data and Information Set (HEDIS) to measure and publish information about managed care plans for consumers and employers. Answer: B is incorrect. Department of Health and Human Services is incorrect as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. Answer: A is incorrect. Occupational Safety and Health Administration (OSHA) is incorrect as the purpose of this agency is to ensure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: D is incorrect. The National Committee on Vital and Health Statistics is incorrect as this is the governing body that standardized the transmission of protected health information.

QUESTION NO: 73 Your primary duty is to transmit protected health information electronically from your facility to a central database. You are performing this duty based on the regulation set forth by which of the following governing bodies? A. The Joint Commission B. Department of Health and Human Services C. National Committee on Vital and Health Statistics D. Occupational Safety and Health Administration

Answer: C Explanation: The National Committee on Vital and Health Statistics is the governing body that standardized the transmission of protected health information. Answer: B is incorrect. Department of Health and Human Services is incorrect as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves.

QUESTION NO: 6 Which of the following agencies is responsible for protecting the well being of all health care workers? A. The Joint Commission B. Food and Drug Administration C. Occupational Safety and Health Administration D. Department of Health and Human Services

Answer: C Explanation: The Occupational Safety and Health Administration (OSHA) is responsible for to ensuring safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: D is incorrect. Department of Health and Human Services is as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. Answer: A is incorrect. The Joint Commission is as the purpose of this agency is to continuously improve health care for the public by evaluating health care organizations and inspiring them to excel in providing safe and effective care of the highest quality and value. Answer: B is incorrect. Food and Drug Administration is as the purpose of this agency is to protect the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation, and by regulating the manufacture, marketing, and distribution of tobacco products.

QUESTION NO: 346 Which of the following application protocols provides terminal emulation to a remote host by creating a virtual terminal? A. FTP B. NNTP C. Telnet D. VTP

Answer: C Explanation: The Telnet application protocol provides terminal emulation to a remote host by creating a virtual terminal. Telnet starts terminal emulation with a remote host running the telnet server service. Telnet allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. Answer: D is incorrect. VTP stands for VLAN Trunking Protocol. It is a Cisco's proprietary layer 2 messaging protocol that switches use to exchange VLAN configuration information. When a VLAN is added, changed, or deleted, VTP servers advertise information to all switches in a domain to update their VLAN configuration. It reduces the administrative burden on the switched network. Answer: A is incorrect. Transmission Control Protocol (TCP) is a reliable, connection-oriented protocol operating at the transport layer of the OSI model. It provides a reliable packet delivery service encapsulated within the Internet Protocol (IP). TCP guarantees the delivery of packets, ensures proper sequencing of data, and provides a checksum feature that validates both the packet header and its data for accuracy. If the network corrupts or loses a TCP packet during transmission, TCP is responsible for retransmitting the faulty packet. It can transmit large amounts of data. Application layer protocols, such as HTTP and FTP, utilize the services of TCP to transfer files between clients and servers. Answer: B is incorrect. NNTP stands for Network News Transfer Protocol. It is a simple ASCII text-based protocol used to post, distribute, and retrieve network news messages from NNTP servers and NNTP clients on the Internet.

QUESTION NO: 257 Billing systems in healthcare use numerical medical codes from several different systems in order to specific diagnosis information and procedures performed in treatment. Which of the following is NOT a coding system used in medical billing? A. ICD10 B. MSDRG C. PET D. CPT

Answer: C Explanation: The acronym PET in healthcare refers to a diagnostic tool called Positron Emission Tomography used in nuclear medicine for making three dimensional representations of tissues like tumors. PET is not a coding system for medical billing. Answer: D is incorrect. CPT is a system of coding for billing. CPT stands for Current Procedural Terminology, and lists numerical codes for procedures performed in an outpatient setting or my physicians that bill separately from the inpatient hospital. Answer: A is incorrect. ICD10 is a system for coding for billing. ICD stands for International Classification of Disease. ICD10-CM is a system of codes representing different diagnosis and ICD10-PCS is a system of codes representing inpatient procedures. Answer: B is incorrect. MSDRG is a system of Medicare diagnosis groupings that are medical codes used to determine the level of compensation Medicare will give for certain health conditions.

QUESTION NO: 369 Your manager tells another employee that they have to change the security level on certain files to fit with the HIPAA standard of "minimum necessary". What does this mean? A. Unless a covered entity has a written policy which states explicitly that a piece of information is necessary for a particular purpose and has a justification for that purpose, the information cannot be released. B. Covered entities should limit the access to all protected health information unless a person has the minimum necessary security clearance for access. C. The HIPAA Privacy Rule generally requires covered entities to take reasonable steps to limit the use or disclosure of, and requests for, protected health information to the minimum necessary persons to accomplish the intended purpose. D. Where protected health information is disclosed to, or requested by, health care providers for treatment purposes, the minimum necessary standard applies to provider access.

Answer: C Explanation: The minimum necessary standard is quite flexible, and it asks covered entities to take steps to minimize the number of people with access to protected health information, even within the healthcare organization to the minimum necessary number of people to accomplish a purpose. But for treatment purposes, the minimum necessary standard currently does not apply (although that may change in upcoming legislation). Answer: B is incorrect. "Minimum necessary" refers to the idea that the minimum number of people possible have access to a piece of protected information, not the level of security clearance a person has. Answer: A is incorrect. Although privacy and security concerns are very important, "minimum necessary" makes allowances for a high level of access to healthcare information when treatment is involved. If access to information needed this kind of clearance, written policy and justification, it is possible that a patient could come to harm while these access procedures were carried out. Access for other purposes not covered by treatment, payment or operations must have written policies for use, disclosure and release of information in accordance with HIPAA and organizational rules, but treatment purposes are usually an exception. Answer: D is incorrect. As for Option C, this level of restriction to information during treatment could result in delay in care for the patient. Treatment purposes are considered an exception to the "minimum necessary" rule.

QUESTION NO: 149 In establishing the IT logistics between two universities engaged in joint medical research, you are most likely going to be governed by an MOU (Memorandum of Understanding) rather than an SLA. In addition to protecting the EPHI, what is the ultimate goal of the MOU? A. Engenders a mutual commitment to maintaining the highest level of medical care. B. Provides NIST with annual review method. C. Enables rapid transfer of data. D. Fulfills governing auspices need for institutional contractual language.

Answer: C Explanation: The point of the MOU is to create a state of high trust between the signatories so that the research can occur unencumbered by concerns of EPHI leaks. An MOU is usually reserved for use between governmental agencies or educational institutions whereas an SLA governs business or individual entities. Answer: A is incorrect. MOU's don't discuss the level of medical care, though the ability to protect and communicate sensitive EPHI can aid that goal. Answer: D is incorrect. While an MOU does fit more the style of non-business entities like governmental agencies or educational organizations, it's "ultimate goal" is not it's language but its result. the ability to transfer data unencumbered by concerns about privacy leaks. Answer: B is incorrect. Though an MOU may fulfill certain recommendations provided by NIST, especially regarding security and contingency provisos, there is no such thing as a NIST annual review method. NIST recommends standards and guidelines in its publications based on HIPAA but is a non-regulatory agency that does not typically review individual organizations.

QUESTION NO: 35 Which of the following is the process of making a patient's chart easier to handle after it has become too cumbersome during an extended hospital stay? A. Scanning B. Archiving C. Thinning D. Coding

Answer: C Explanation: The purpose of thinning is to make a patients chart easier to handle after it has become to large and cumbersome to handle. This act is normally necessary for a patient who has incurred an extended stay in the hospital. The medical records that have been thinned are not destroyed but sent to the central medical records area where they should still be readily accessible. Answer: B is incorrect. Archiving is incorrect as this act is ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. Answer: D is incorrect. Coding is incorrect as this is the act of applying the proper codes for medical services for billing purposes. Answer: A is incorrect. Scanning is incorrect as this is the act of converting paper medical records into computerized form.

QUESTION NO: 29 A medical practice knows that its billing office is open to public viewing because it is attached to the front welcome-desk as a time-saving device for communication between billing staff and front office staff. The practice knows that other patients' PHI billing information could easily be viewed by patients standing at the front desk, but chooses not to change the scenario. What kind of penalty could the practice face? A. Minimum of $1,000 B. This is not a civil violation, only a criminal violation. C. Minimum of $10,000 D. Minimum of $100

Answer: C Explanation: This is a civil penalty due to "willful neglect." Answer: D is incorrect. It is only for an individual who did not know and by exercising reasonable diligence would not have known that this was a HIPAA violation. Answer: A is incorrect. It is for a violation due to reasonable cause and not neglect. Answer: B is incorrect. Criminal penalties are only when covered entities actively disclose or obtain PHI in violation of HIPAA.

QUESTION NO: 416 What is a best way to minimize curiosity about patient's information when mailing correspondence to the patient? A. Create a code to address the mail rather than using the patient's name. B. Use certified mail with a return receipt request. C. Use a P.O. Box for the practice's return address and omit the practice name. D. Use a manila colored envelope.

Answer: C Explanation: This is the correct answer. If the practice's name is not on the envelope, it reduces the likelihood that those who have access to the mail (carriers, others at the recipient's address) will suspect that it contains medical and therefore protected information. Answer: D is incorrect. The color of envelope means nothing to a curious eye. Answer: A is incorrect. Unfeasible; the entire USPS would need to know who the code refers to and that in itself would violate HIPAA. Answer: B is incorrect. If the practice's name is still on the envelope, it will invite curiosity from whomever signs for the letter. Bad idea.

QUESTION NO: 441 Which of the following commands can you use to manually force a client to re-register itself with a dynamic DNS server? A. IPCONFIG /renew B. IPCONFIG /release C. IPCONFIG /registerdns D. NBTSTAT -rr E. DNS /rr

Answer: C Explanation: To ensure that all names are correctly registered when you restart the DHCP client service, you should type the ipconfig command with the registerdns switch. IPCONFIG /renew refreshes the DHCP lease. IPCONFIG /release releases the DHCP option. When you run the NBTSTAT -rr command at a command prompt, the names of the WINS client can be re-registered in the WINS database.

QUESTION NO: 329 Which type of client-server platform consists simply of a PA, C database server? A. LAN Technology B. WAN Technology C. Two-Tier Architecture D. Three-Tier Architecture

Answer: C Explanation: Two-tier architecture is the client-server platform that consists simply with a PC interfaced with a database. Answer: A is incorrect. LAN Technology is incorrect as this is a mode of communication, not a client-server platform that this refers to communication devices in a small geographic area such as PC and printer or PC and PC within a facility. Answer: B is incorrect. WAN Technology is incorrect as as this is a mode of communication, not a client-server platform, that allows for communication among a large geographic environment such as two or more LANs connected via a telephone system or satellite. Answer: D is incorrect. Three tier architecture is incorrect as this client server platform consists of a PC, database server and an application server that contains software to process the data.

QUESTION NO: 71 Your Privacy Officer has asked you as the IT administrator for the practice to help her fulfill the requirements under HIPAA regarding physical safeguards in the workplace. You could suggest a variety of different proposals that fulfill the requirements. Which of the following however might lead rather than prevent violations under HIPAA? A. All equipment containing PHI, such as testing machines, must require users to swipe their employee ID through the equipment to access it. B. All computers must have a lock latch over their power buttons, only available to authorized individuals. C. All computers must be secured to locations viewable by all staff members to prevent individual staff members from misusing authorized PHI access. All old computers and their components (hard drives, etc.) must be recycled. D. All computers must be securely locked to their workplaces.

Answer: C Explanation: Under HIPAA the privacy notice informs patients that their PHI may be used in the healthcare operations of the business; but there are limits. For example, in this scenario, if all staff members can view a computer, there may be unauthorized members of the staff such as janitorial, marketing staff, untrained employees, drivers with the ability to view PHI who have no need to. Safeguards should focus on limiting rather than exposing data. Answer: D is incorrect. This is one way to protect against computers that contain PHI on their hard drives from theft which contributes to fulfilling the HIPAA requirement that access to hardware and software must be limited to properly authorized individuals. Answer: B is incorrect. It is a deterrent against unauthorized individuals accessing computers that contain PHI. You might suggest this as HIPAA requires Physical Safeguards to govern software and hardware introduction or removal on a network. Answer: A is incorrect. It is a good suggestion to fulfill the HIPAA requirement that access to equipment containing PHI should be carefully controlled and monitored.

QUESTION NO: 462 A hospital wants to set up an EMR (electronic medical records) system that allows specialists to have equal access to the PHI regarding a patient who has multiple injuries. The hospital can allow more than one type of physician to obtain the information without additional authorization, if it involves. A. A physician who is not treating the patient but would like to market his services B. There are no situations where information can be exchanged without additional authorization. C. Consults between the patient's care providers (i.e. heart surgeon and general surgeon) D. A visiting a nurse from another facility would like to see how the EMR system works.

Answer: C Explanation: Under HIPAA, an entity may disclose PHI for the purpose of consultation between treating health care providers. Answer: A is incorrect. Any PHI must be authorized by the patient to be used for marketing purposes Answer: B is incorrect. Not true. HIPAA allows disclosure for Treatment, Payment and Healthcare Operations with proper notification. Answer: D is incorrect. The visiting nurse is not involved in the treatment, payment or healthcare operations pertinent to this patient.

QUESTION NO: 7 A visiting IT professional is at an OBGYN practice and has been granted access to the computer system, but not the practice's paper records it's previous system of charting for patients. It's after standard work hours the IT professional is working late. He knows an ex-girlfriend used to be a patient at the practice and decides he wants to see her charts, since he can't find her in the computer. What simple Physical Safeguard would help fulfill HIPAA by protecting against the IT professional from accessing the practice's PHI? A. The paper records are in locked the mobile charting cabinets in the check-in area. B. The paper records are color coded. C. The paper records are locked in storage room. D. The paper records are kept in a series of drawers only known to the Privacy Officer.

Answer: C Explanation: Under HIPAA, records must be in secure, locked storage when not in use. Option A is incorrect, because although the charts are locked, they are not secure. The cabinets could be moved out of the practice potentially, allowing for criminal break-in's off the premises. They must be secure and locked under HIPAA's rule. Option D is not a requirement of HIPAA and the records in this situation are neither locked nor secure. A determined person could find these drawers. Option B is incorrect. Color-coding usually has much more to do with the types of patients, but provides no protection against PHI theft.

QUESTION NO: 205 Which of the following people do NOT have access to medical records of foster children? A. The foster parents B. The foster child's nurse C. The birth parents D. The foster child's physician

Answer: C Explanation: Unless otherwise stipulated. The birth parents of a minor child in foster care do not have access to the medical records of a minor foster child. Answer: D is incorrect. The foster child's physician is granted access to the minor foster child's medical records. Answer: B is incorrect. The nurse of a foster child is all granted access to the minor foster child's medical records. Answer: A is incorrect. The foster parents of a minor child are all granted access to the minor foster child's medical records.

QUESTION NO: 47 You are the parent of a foster child that requires medical care. The facility providing care for the child is legally obligated not to disclose the child's medical information to which of the following? A. The foster parents B. The foster child's physician C. The birth parents D. The foster child's nurse

Answer: C Explanation: Unless otherwise stipulated. The birth parents of a minor child in foster care do not have access to the medical records of a minor foster child. Answer: D is incorrect. The nurse of a foster child is all granted access to the minor foster child's medical records. Answer: A is incorrect. The foster parents of a minor child are all granted access to the minor foster child's medical records. Answer: B is incorrect. The foster child's physician is granted access to the minor foster child's medical records.

QUESTION NO: 453 You are the privacy officer for a medical practice and are making sure that you have created and secured written business associate agreements with your business associates. With which of the following would you not have to create a BAA (Business Associate Agreement)? A. The data shredding company that destroys all PHI from patients no longer with the practice. B. The accreditation board for your local hospital who decides which of your physicians goes on their panel of emergency providers and may need to review PHI during this process. C. Your postal carrier who carries protected health information in the mail. D. Your practice's malpractice lawyer who reviews PHI during case reviews.

Answer: C Explanation: Your postal carrier. HIPAA does not require business associate agreements with conduits of PHI. A conduit is defined as an individual or organization that transports but does not access PHI other than as the law requires or for random or infrequent process required to carry out its functions. Answer: D is incorrect. HIPAA requires BAA's with any entity that provides legal services to the practice, particularly when it involves direct exposure to PHI. Answer: A is incorrect. Again, the data thredding company has open access to the PHI unlike the postal worker and engagement with the PHI (in this case, destroying it) is primary to its work. Answer: B is incorrect. Accreditation is a common example of a business associate under HIPAA and like the legal and data shredding services, it involves direct engagement with PHI to provide its services to the practice. HIPAA defines the "disclosure of individually identifiable health information" during the course of the activities provided to a covered entity as the standard for determining the need of a BAA. It lists legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services as categories of possible Business Associates.

QUESTION NO: 166 You dial-in to your Internet Service Provider (ISP) but do not connect successfully. You try to dial-in from another computer and have the same problem. What is the most likely cause? Each correct answer represents a complete solution. Choose all that apply. A. Defective parallel port B. Defective serial port C. Noise on the phone line D. Bad phone line

Answer: C,D Explanation: A bad phone line or a noisy phone line can cause the problem. A noisy phone line can create problems in establishing a connection with your ISP computer.

QUESTION NO: 399 Which of the following encryptions is used with flash drives?Each correct answer represents a complete solution. Choose two. A. Full disk encryption B. Virtual disk encryption C. Volume encryption D. File/folder encryption

Answer: C,D Explanation: Both volume encryption and file/folder encryption can be used with flash drives.Volume encryption works on Desktop and laptop computers, volume-based removable media, e.g., USB flash drives. It provides the same protection as virtual disk encryption, but for a volume instead of a container. It works for all data in the volume including data files, system files, residual data, and metadata.File/folder encryption works on all types of end user devices. It protects individual files/folders (data files only). Answer: A is incorrect. The full disk encryption (FDE) is good for laptop and desktop computers. It protects all data on the media such as data files, system files, residual data, and metadata. All the information encrypted by full disk encryption is protected, assuming that pre-boot authentication is required.

QUESTION NO: 116 While working on upgrading software on a workstation in the emergency department of a hospital, a multi-car pileup occurs and the injured are brought into the ER as trauma cases. There's noise, confusion and a lot of chaos. What is the best etiquette for dealing with this situation? Each correct answer represents a complete solution. Choose all that apply. A. Evacuate the area during high traffic. B. Try to find out the patient's condition and see if there is anything you can do to help. C. Don't stare into patient's rooms or at patient's as they go by on gurneys or in wheelchairs. D. Continue your project, while moving if anyone needs access to systems or files near your position.

Answer: C,D Explanation: Continue your job. The system upgrade is necessary and needs to be finished quickly and thoroughly. Move if necessary to allow access to the phone or needed files or equipment. Do not stare at patients, to not pry into the details of what is going on. Don't' repeat what you may hear or see. Answer: A is incorrect. Your job is important to the flow of work in the emergency room. If you stop every time something happens, the work may never be done and the system would be unusable for a long period. Unless you are specifically told to clear the area, remain and see the job through with a professional attitude. Answer: B is incorrect. It is not your job to care for patients or their families. It's your job to make the technology in the emergency room function at peak performance so that others can do their jobs effectively and efficiently.

QUESTION NO: 383 You configure a wireless router at your home. To secure your home Wireless LAN (WLAN), you implement WEP. Now you want to connect your client computer to the WLAN. Which of the following is the required information that you will need to configure the client computer? Each correct answer represents a part of the solution. Choose two. A. IP address of the router B. MAC address of the router C. WEP key D. SSID of the WLAN

Answer: C,D Explanation: In order to connect a client computer to a secured Wireless LAN (WLAN), you are required to provide the following information:SSID of the WLANWEP key

QUESTION NO: 254 Which of the following types of displays occupy less space on a desk? Each correct answer represents a complete solution. Choose two. A. CRT B. Mercury C. LED D. LCD

Answer: C,D Explanation: LED and LCD displays occupy less space on a desk. The Liquid Crystal Display (LCD) is an electronically modulated optical amplification shaped into a thin, flat display device made up of any number of color or monochrome pixels arrayed in front of a light source (backlight) or reflector. It is often utilized in battery-powered electronic devices because it uses very small amounts of electric power. Answer: A, B are incorrect. CRT and Mercury displays take lots of space as compared to LCD and LED displays.

QUESTION NO: 33 Which of the following ports on a computer are used to connect a keyboard? Each correct answer represents a complete solution. Choose two. A. DB-25 B. DB-9 C. PS/2 D. USB

Answer: C,D Explanation: The PS/2 and USB ports on a computer are used to connect a keyboard.

QUESTION NO: 522 On which of the following factors does the capacity of an access point depend?Each correct answer represents a complete solution. Choose all that apply. A. Channel reuse B. Co-location C. Number of users D. Software applications

Answer: C,D Explanation: The capacity of an access point is the maximum number of users the access point can service effectively, offering the best performance. The capacity depends on several factors including the following. Software applications in use. Applications that are more bandwidth-intensive reduces the capacity of the access point. Desired throughput or performance and number of users. A large number of bandwidth-intensive application users connected to an access point will cause poor performance. Therefore, limiting the capacity of an access point to a certain number of users will give the connected users the best performance. Answer: A, B are incorrect. The capacity of an access point does not depend on channel reuse or co-location. Channel reuse and co-location is a method of using non-overlapping channels in such a way that the overlapping cells are on different RF channels. Channel reuse is done by mapping out the access points on a floor plan and verifying that the RF cells propagated by the access points do not overlap on the same RF channels. This type of channel plan can be done manually or with site survey software applications. The figure given below shows the co-location of access points with proper channel reuse. In the figure, overlapping areas use different channels to prevent interference.

QUESTION NO: 313 Which of the following types of hospital systems is used integrated various departmental systems for a health care facility? A. Departmental System B. Enterprise System C. External System D. Hospital Wide System

Answer: D Explanation: A Hospital Wide System is a health information system that is designed for the integration of various departmental systems or one that provides the primary services for a hospital or clinical area. Answer: A is incorrect. Departmental System is incorrect as this type of hospital system is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: B is incorrect. Enterprise system is incorrect as this type of system is designed for use for all departments that encompass a large health system including hospitals, clinics and nursing homes. Answer: C is incorrect. External system is incorrect as this type of system is shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks.

QUESTION NO: 515 As a member of the hospital information technology team, you are asked to install an information system in which the nurses on the units can share information with emergency room staff. Which of the following types of information systems would you implement for this purpose? A. Enterprise System B. Departmental System C. External System D. Hospital Wide System

Answer: D Explanation: A Hospital Wide System is a health information system that is designed for the integration of various departmental systems or one that provides the primary services for a hospital or clinical area. Answer: B is incorrect. Departmental System is incorrect as this type of hospital system is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: A is incorrect. Enterprise system is incorrect as this type of system is designed for use for all departments that encompass a large health system including hospitals, clinics and nursing homes. Answer: C is incorrect. External system is incorrect as this type of system is shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks.

QUESTION NO: 191 As a member of the hospital information technology team, you are asked to install an information system in which the nurses on the units can share information with emergency room staff. Which of the following types of information systems would you implement for this purpose? A. External System B. Departmental System C. Enterprise System D. Hospital Wide System

Answer: D Explanation: A Hospital Wide System is a health information system that is designed for the integration of various departmental systems or one that provides the primary services for a hospital or clinical area. Answer: B is incorrect. Departmental System is incorrect as this type of hospital system is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: C is incorrect. Enterprise system is incorrect as this type of system is designed for use for all departments that encompass a large health system including hospitals, clinics and nursing homes. Answer: A is incorrect. External system is incorrect as this type of system is shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks.

QUESTION NO: 217 Which of the following types of hospital systems is used integrated various departmental systems for a health care facility? A. External System B. Departmental System C. Enterprise System D. Hospital Wide System

Answer: D Explanation: A Hospital Wide System is a health information system that is designed for the integration of various departmental systems or one that provides the primary services for a hospital or clinical area. Answer: B is incorrect. Departmental System is incorrect as this type of hospital system is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: C is incorrect. Enterprise system is incorrect as this type of system is designed for use for all departments that encompass a large health system including hospitals, clinics and nursing homes. Answer: A is incorrect. External system is incorrect as this type of system is shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks.

QUESTION NO: 148 Which of the following refers to a database that contains a unique index for every patient registered at a health care organization? A. Qualitative Analysis B. Quantitative Analysis C. Statistical Analysis D. Master Patient Index

Answer: D Explanation: A Master Patient Index (MPI) is a database that contains a unique index for every patient registered at a healthcare organization. Answer: A is incorrect. Qualitative Analysis is incorrect as this is used to derive an in-depth, non-numerical description of the information contained within a patient's medical record. A qualitative analysis does not contain any statistical analyses. Answer: B is incorrect. Quantitative analysis is incorrect as this refers to information contained within a patient's EHR being converted from words to numbers. The numbers of interest are then quantified and statistically analyzed. Answer: C is incorrect. Statistical analysis is incorrect as this is the method used to analyze the data obtained from a quantitative analysis of a patient's EHR.

QUESTION NO: 439 How many pins are available on a PS/2 Mini-DIN connector? A. 3 B. 4 C. 5 D. 6

Answer: D Explanation: A PS/2 Mini-DIN connector has 6-pins , while only four are used. Pin 1 is used for keyboard data signal, pin 3 is ground, pin 4 has +5 Volt DC, pin 5 is used for keyboard clock, and pins 2 and 6 are not used. The PS/2 6-pin Mini-DIN connector is used for both keyboard and mouse. Older keyboard connectors use 5-pin DIN connector.

QUESTION NO: 426 You are asked to reduce medical records for a dental practice, you can eliminate all records that are older than which of the following? A. 10 years B. 6 years C. 30 years D. 4 years

Answer: D Explanation: All primary dental records must be retained for a period of at least 4 years from the date of the patient's last episode of care. Answer: B is incorrect. 6 years is incorrect as this is the amount of time in which all materials containing HIPAA information must be kept. Answer: A is incorrect. 10 years is incorrect as this is the amount of time all primary medical records must be retained. Answer: C is incorrect. 30 years is incorrect as no medical information is required to be retained for 30 years.

QUESTION NO: 64 Your facility is purchasing a healthcare IT software package to help with archiving of protected health information through document management. Your facility wants to guarantee certain levels of service and support standards like time to receive technical help, the frequency of software updates and performance metrics for the system. What time of legal document can help guarantee those standards are met by the document management vendor? A. Memorandum of Understanding (MOU) B. Business Associate Agreement (BAA) C. Waiver of Liability D. Service Level Agreement (SLA)

Answer: D Explanation: A Service Level Agreement with a vendor like a software provider can be used to specific vendor obligations like technical support levels, performance metrics and maximum downtime for the system. Answer: A is incorrect. A Memorandum of Understanding is a document forming an agreement between two entities with mutual goals to help accomplish something. It is not a tool to keep a vendor to live up to sales promises and service standards. Often MOUs are not legally binding. Answer: B is incorrect. Business Associate Agreements are used when protected health information is going to be shared between business associates and healthcare regulations must be followed by all parties. This document is not appropriate for purchasing software and guaranteeing service levels.

QUESTION NO: 225 Which of the following devices controls the power supply of various devices and components installed in a computer system? A. CPU B. Motherboard C. Jumper D. SMPS

Answer: D Explanation: A Switched-mode power supply (also Switching-mode power supply, SMPS, or simply Switcher) is an electronic Power Supply Unit (PSU) that incorporates a switching regulator in order to provide the required output voltage. An SMPS is actually a power converter that transmits power from a source (e.g., a battery or the electrical power grid) to a load (e.g., a personal computer) with ideally no loss. The function of the converter is to provide a reliable output voltage often at a different level than the input voltage. Answer: B is incorrect. A motherboard is the physical arrangement in a computer that contains the computer's basic circuitry and components. On the typical motherboard, the circuitry is imprinted or affixed to the surface of a firm planar surface and usually manufactured in a single step. The most common motherboard design in desktop computers today is the AT, based on the IBM AT motherboard. A more recent motherboard specification, ATX, improves on the AT design. In both the AT and ATX designs, the computer components included in the motherboard are as follows. The microprocessor Memory Basic Input/Output System (BIOS) Expansion slot Interconnecting circuitry The structure of a motherboard is shown in the figure below: Answer: A is incorrect. The Central Processing Unit (CPU) or the processor is the portion of a computer system that carries out the instructions of a computer program. It is a multifunctional integrated circuit that is essential for a computer system. It is the primary element carrying out the computer's functions. CPU is made up of several parts that work together to carry out the instructions and actions. The CPU has following components. Answer: C is incorrect. A jumper is a short length of conductor used to close a break in or bypass part of an electrical circuit. Jumpers are typically used to set up or adjust printed circuit boards, such as the motherboards of computers. Jumper pins (points to be connected by the jumper) are arranged in groups called jumper blocks, each group having at least one pair of contact points and often more. When a jumper is placed over two or more jumper pins, an electrical connection is made between them, and the equipment is thus instructed to activate certain settings accordingly. Jumper blocks and jumpers are also often used on motherboards to clear the CMOS information, resetting the BIOS configuration settings.

QUESTION NO: 24 You are asked to install an information system in the Nuclear Medicine department in order to record the use of radioisotopes. Which type of information system would you install for this purpose? A. Enterprise System B. Intradepartmental System C. External System D. Departmental System

Answer: D Explanation: A departmental information system is a system that is that is limited and serves the purposes of one department or domain. Examples are dose management systems that are used by pharmacies. Answer: A is incorrect. Enterprise system is incorrect as this type of system is designed for use for all departments that encompass a large health system including hospitals, clinics and nursing homes. Answer: C is incorrect. External system is incorrect as this type of system is shared by many health organizations to report information required by regulatory agencies or as an information exchange for regional health information networks. Answer: B is incorrect. Intradepartmental system is incorrect as this type of system is primarily used by one department but shares functions and information with other departments.

QUESTION NO: 510 Which of the following servers is helpful in implementing centralized administration, backup and restoration, and implementation of shadow copies for user data? A. Proxy server B. Mail server C. Web server D. File server

Answer: D Explanation: A file server on a network is a computer configured to provide a central network location for users to store files and share them with other users on the network. A file server is helpful in implementing centralized administration, backup and restoration, and implementation of shadow copies for user data. A Windows Server 2008 computer can be configured as a file server by adding the File Server role through Server Manager. Answer: C is incorrect. A Web server is a type of server that makes a Web site available on the Internet and manages the interaction and HTTP exchanges at the background. It supplies static content to a Web browser by loading a file from a disk and providing it through out the network to a user's Web browser. As the Web site is on the Internet, the management is done by a Web server. The browser and server interact with each other using HTTP. Answer: B is incorrect. A mail server is a program used to store and forward e-mail messages using several protocols, including SMTP, POP3, and IMAP. A mail server is also recognized by the names, such as a mail transfer agent or MTA, a mail transport agent, a mail router, and an Internet mailer. It works with other programs to build a messaging system. The examples of mail servers are Netscape Messaging Server and Microsoft Exchange Server. Answer: A is incorrect. A proxy server acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, Web page, or other resources, available from a different server. The proxy server evaluates the request according to its filtering rules.

QUESTION NO: 455 While working in a private physician practice, you are asked to eliminate all unnecessary medical records. You can eliminate all medical records that are older that which of the following? A. 4 years B. 6 years C. 30 years D. 10 years

Answer: D Explanation: All primary medical records must be retained for a period of at least ten years from the date of the patient's last episode of care regardless of the age or status of the patient. Answer: A is incorrect. 4 years is incorrect as this is the amount of time in which all primary dental records must be kept. Answer: B is incorrect. 6 years is incorrect as this is the amount of time in which all materials containing HIPAA information must be kept. Answer: C is incorrect. 30 years is incorrect as no medical information is required to be retained for 30 years.

QUESTION NO: 407 One important aspect of access security for both workstations and portable devices to protect PHI is the implementation of lockouts. What is a lockout? A. Once an employee is terminated, resigns or ends his or her affiliation with the organization, their access is locked out promptly B. A stop point in a database where information cannot be added until an audit is performed of previous entries. C. A physical lock on the access device or keyboard prevents unauthorized users for using the device or workstation D. Workers are logged off or locked out of a clinical application automatically after a predetermined period of inactivity, such as ten minutes.

Answer: D Explanation: A lockout refers to a screen saver or other software device where a period of inactivity, perhaps 5 or 10 minutes in a highly trafficked area, and slightly longer for less busy areas, results in the screen being "locked" until a password or PIN is re-entered to unlock the screen. This is an important Access Control tool. Answer: C is incorrect. Such locks may be installed at certain facilities but are uncommon, and are not referred to as "lockouts". This kind of physical safeguard may be somewhat cumbersome to use in highly trafficked areas in a healthcare facility. Answer: B is incorrect. Although audits and audit logs are important tools to authenticate users and identify breeches of confidentiality, there is typically not a practice of holding a database frozen to additional information until an audit has been performed. This is not a lockout. Answer: A is incorrect. Prompt removal of access for individuals no longer on staff with an organization is an important part of security for PHI, but this process is not referred to as a lockout, but usually is part of the termination process.

QUESTION NO: 373 According to the American Hospital Association, which of the following types of hospitals are required to provide diagnosis and treatment for behavioral health disorders? A. Specialty Hospital B. General Hospital C. Rehabilitation Hospital D. Psychiatric Hospital

Answer: D Explanation: A psychiatric hospital is required to provide diagnosis and treatment for individuals who are diagnosed with mental illness. Answer: B is incorrect. General Hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for medical services which include Radiology, laboratory services and surgical services. Answer: A is incorrect. Specialty hospital is incorrect as this type of hospital is required to provide treatment for specific disorders such as cancer, burns or women's health. Answer: C is incorrect. Rehabilitation hospital is incorrect as this type of hospital is required to provide diagnosis, treatment, restorative and adjustment services for individuals who are disabled.

QUESTION NO: 445 You have been diagnosed with bipolar disorder. Which of the following types of medical facilities would you choose to treat your condition? A. Specialty Hospital B. Rehabilitation Hospital C. General Hospital D. Psychiatric Hospital

Answer: D Explanation: A psychiatric hospital is required to provide diagnosis and treatment for individuals who are diagnosed with mental illness. Answer: C is incorrect. General Hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for medical services which include Radiology, laboratory services and surgical services. Answer: A is incorrect. Specialty hospital is incorrect as this type of hospital is required to provide treatment for specific disorders such as cancer, burns or women's health. Answer: B is incorrect. Rehabilitation hospitals is incorrect as this type of hospital is required to provide diagnosis, treatment, restorative and adjustment services for individuals who are disabled.

QUESTION NO: 444 Which of the following work divisions is characterized by each person having a sequential step in the final product? A. Parallel B. Unilateral C. Unit Assembly D. Serial

Answer: D Explanation: A serial work division is characterized by each person performing a unique, sequential step in the final product. Answer: A is incorrect. Parallel is incorrect as this is a type of work division that is characterized by each person performing several tasks. Answer: C is incorrect. Unit assembly is incorrect as this is a type of work division in which each person performs a unique task, however, it may not be sequential. Answer: B is incorrect. Unilateral is incorrect as this is not a type of work division, this is meant as a distractor.

QUESTION NO: 456 Which of the following devices is used to read smart cards for user authentication? A. PunchCard reader B. Key fob C. Biometric reader D. Smart card reader

Answer: D Explanation: A smart card reader is an interface device, which is used to read information from or write information to a smart card. Answer: B is incorrect. Key fobs are security devices used by telecommuters to provide one part of a three way match for a user to log on to a secured network. These are display-only devices that algorithmically generate security codes as part of a challenge/response authentication system. This code usually changes very quickly and is used with the PIN for authentication. Answer: C is incorrect. Biometric devices are used for reading physical appearances. Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user. Nowadays, the usage of biometric devices such as hand scanners and retinal scanners is becoming more common in the business environment. Answer: A is incorrect. PunchCard readers are used for reading punch cards.

QUESTION NO: 353 Which of the following types of budget predicts future volume by analyzing historical data? A. Operating Budget B. Master Budget C. Organizational Budget D. Statistical Budget

Answer: D Explanation: A statistical budget predicts future volume based primarily on historical data. Answer: C is incorrect. Organizational budget is incorrect as this answer choice is meant simply for a distractor. Organizational budgets are not Opused in a healthcare setting. Answer: A is incorrect. Operating budget is incorrect as this type of budget predicts labor, supplies and other expenses based on predicted work volume. Answer: B is incorrect. Master Budget is incorrect as this type of budget is this type of budget incorporates the budget of each department or business unit into one budget for the entire facility.

QUESTION NO: 245 You are a network administrator of a large TCP/IP network. You are training network users on secure access methods. Which of the following is the MOST secure access method? A. SNMPv1 B. TELNET C. RCP D. SFTP E. RSH

Answer: D Explanation: Among the given choices, SFTP is the most secure access method. The Secure File Transfer Protocol (SFTP), also called SSH File Transfer Protocol, is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. The SFTP was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols as well. Answer: B, E, A, and C are incorrect. These are unsecure access methods.

QUESTION NO: 99 Which of the following works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP)? A. SSH B. SMTP C. IPsec D. VPN

Answer: D Explanation: A virtual private network (VPN) is a form of wide area network (WAN) that supplies network connectivity over a possibly long physical distance. A virtual private network is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a tunnel that cannot be entered by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses. Answer: C is incorrect. Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. Answer: A is incorrect. Secure Shell (SSH) is a program that is used for logging into a remote computer over a network. Secure Shell can be used to execute commands on a remote machine and to move files from one machine to another. SSH uses strong authentication and secure communications over insecure channels. Answer: B is incorrect. Simple Mail Transfer Protocol (SMTP) is a protocol for sending e-mail messages between servers. E-mailing systems use this protocol to send mails over the Internet. SMTP works on the application layer of the TCP/IP or OSI reference model. The SMTP client typically initiates a Transmission Control Protocol (TCP) connection to the SMTP server on the well-known port designated for SMTP, port number 25. However, e-mail clients require POP or IMAP to retrieve mails from e-mail servers.

QUESTION NO: 384 Your healthcare organization had a hacker break into the patient registry and the information of 547 patients may have been compromised during the attack. What piece of healthcare legislation mandates that your organization inform those patients whose information may have been seen of a breach in your security? A. ONC B. HIPAA C. NIST D. ARRA

Answer: D Explanation: ARRA is the American Recovery and Reinvestment Act of 2009. Part of the ARRA is the HITECH Act (Health Information Technology for Economic and Clinical Health) Within the HITECH section of the ARRA, are regulations that require covered entities (healthcare organizations or their business associates) to quickly notify affected individuals of a security breach, as well as the HHS secretary and the media if there is a breach of more than 500 individuals. Answer: B is incorrect. HIPAA does not include regulations for breach notification, and it was one of the important parts of the HITECH act within ARRA that this oversight in the 1996 HIPAA was changed so that patients were notified if their information could have been released. Answer: A is incorrect. The ONC is not a piece of legislation, but is an acronym for the Office of the National Coordinator for Healthcare Information Technology, part of the US Department of Health and Human Services (HHS). They help implement the HITECH Act to ensure that the exchange of healthcare information remains private and secure. Answer: C is incorrect. NIST is the National Institute for Standards and Technology, not a piece of legislation. NIST develops publications on many topics about state of the art standards in technology, and within the HITECH Act the NIST has an assigned role to advance healthcare integration through standards and testing, consult on health IT implementation, and to provide pilot testing of new standards and specifications.

QUESTION NO: 507 According to the American Hospital Association, which of the following types of hospitals are required to provide diagnosis and treatment for medical services which include Radiology, laboratory services and surgical services? A. Rehabilitation Hospital B. Specialty Hospital C. Psychiatric Hospital D. General Hospital

Answer: D Explanation: According to the American Hospital Association, a general hospital is a hospital that is required to provide diagnosis and treatment for medical services which include Radiology, laboratory services and surgical services. Answer: B is incorrect. Specialty hospital is incorrect as this type of hospital is required to provide treatment for specific disorders such as cancer, burns or women's health. Answer: A is incorrect. Rehabilitation hospital is incorrect as this type of hospital is required to provide diagnosis, treatment, restorative and adjustment services for individuals who are disabled. Answer: C is incorrect. Psychiatric hospital is incorrect as this type of hospital is required to provide diagnosis and treatment for individuals who are diagnosed with mental illness.

QUESTION NO: 450 Your responsibilities as a healthcare information technologist is to ensure that all scheduling, patient registration and payroll procedures can be performed in the most efficient manner. Which of the following types of information technology are you responsible for? A. Financial IT B. Infrastructure IT C. Clinical IT D. Administrative IT

Answer: D Explanation: Administrative IT applications are used to make staff scheduling, patient registration and payroll procedures more efficient? Answer: C is incorrect. Clinical IT is incorrect as these applications are used for prescription of drugs and ordering of laboratory tests and medical procedures. Answer: A is incorrect. Financial IT is incorrect as these applications are used to improve the efficiency of billing and accounting practices. Answer: B is incorrect. Infrastructure IT is incorrect as these applications support the infrastructure of the health care facility. These applications include voice recognition for medical records and medical transcription as well as bar coding applications for medical devices and drugs.

QUESTION NO: 395 In addition to conducting a risk assessment, HIPAA requires that you put together policies about your risk assessment procedures. As the privacy officer in the dermatology practice, what types of issues might you address in your risk assessment policies? A. What procedures to follow once a risk has been identified B. What areas a risk assessment would review C. How frequently a risk assessment should occur D. All of the above

Answer: D Explanation: All of the above. CMS in a publication designed to help CE's (covered entities) comply with HIPAA's Security rule strongly suggests that a best practice is to develop policies that address all three of these areas. a)the frequency of assessments (annually, quarterly, etc.) b)the areas that such assessments need to review (e.g. computer systems, staff trainings, administrative management, etc.) c)procedures to follow once a risk has been identified (e.g. documentation, recommendations, fixing the issue, creating a policy or procedure to prevent risk in the future) Answer: C, B, and A are incorrect. Correct, but not enough.

QUESTION NO: 52 You know that HIPAA requires you to have a contingency plan in the event of an emergency or failure of your in-house system that contains electronic protected health information (EPHI). You have an information technology company that will host your electronic medical records both for backup and for cloud access. A best practice to safeguard against your medical office losing its EPHI for a damaging amount of time is. A. Ensure 24-hour access for the Privacy Officer to the IT company's servers. B. Establish a contractual clause in the BAA that includes monthly backups of EPHI and monthly reports to the Privacy Officer. C. Create a contingency policy that lists the IT Company's backup. D. Establish a Service Level Agreement which defines the rate, scope, and minimum standards to be expected of the IT company for EPHI recovery to the in-house system servers if they crash.

Answer: D Explanation: An SLA is standard practice under HIPAA, and is suggested by NIST as part of the covered entity's recovery plan. Answer: A is incorrect. While this may be possible, it's not feasible, and doesn't ensure the recovery of data. Answer: C is incorrect. Creating the contingency plan is a requirement under HIPAA and should be done; but even more essential, that is, the "best practice" is to make sure that the data will be recovered in a timely manner and that can only be contractually done with an SLA, often listing severe financial penalties to the IT company if it fails to meet its Service Level Agreement. Answer: B is incorrect. This is a fair idea, but monthly backups are too infrequent and don't ensure the issue of how quickly the data can be recovered to the in-house servers.

QUESTION NO: 186 You need to undergo a surgical procedure to have your gallbladder removed. This surgical procedure will not require a hospital stay. To which type of healthcare facilities would you go for this type of service? A. Subacute Care Facility B. Nonacute Care Facililty C. Acute Care Facility D. Ambulatory Care Facility

Answer: D Explanation: An ambulatory care center is a facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.

QUESTION NO: 27 You need to undergo a surgical procedure to have your gallbladder removed. This surgical procedure will not require a hospital stay. To which type of healthcare facilities would you go for this type of service? A. Nonacute Care Facililty B. Subacute Care Facility C. Acute Care Facility D. Ambulatory Care Facility

Answer: D Explanation: An ambulatory care center is a facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.

QUESTION NO: 224 You are fortunate to have a health care plan that allows you to seek care from whichever facility or health care provider you choose. Which of the following types of healthcare plans do you subscribe to? A. Point of Service B. HMO C. PPO D. Indemnity Plan

Answer: D Explanation: An indemnity plan allows you to visit any doctor, any hospital and direct your own care. Answer: B is incorrect. HMO is incorrect as this offers healthcare services for a prepaid fixed amount of reimbursement. In an HMO, providers and subscribers voluntarily enroll and the HMO assumes responsibility and financial risks. Answer: A is incorrect. Point of Service (POS) is an agreement where a patient is permitted to choose a provider each time healthcare service is required. Answer: C is incorrect. PPO is incorrect as this is a network of physicians or healthcare organizations who provide healthcare at a discounted rate in return for higher patient volume.

QUESTION NO: 286 Your responsibility as a healthcare information technologist is to ensure the proper functioning of voice recognition for medical transcription and proper functioning of bar coding applications for medical devices. Which of the following types of information technology are you responsible for? A. Clinical IT B. Financial IT C. Administrative IT D. Infrastructure IT

Answer: D Explanation: Applications of infrastructure information technology support the infrastructure of the health care facility. These applications include voice recognition for medical records and medical transcription as well as bar coding applications for medical devices and drugs. Answer: C is incorrect. Administrative IT is incorrect as these applications are used to make staff scheduling, patient registration and payroll procedures more efficient. Answer: A is incorrect. Clinical IT is incorrect as these applications are used for prescription of drugs and ordering of laboratory tests and medical procedures Answer: B is incorrect. Financial IT is incorrect as these applications are used to improve the efficiency of billing and accounting practices.

QUESTION NO: 471 One of your job duties is to send patient's medical records to a permanent location that is kept under lock and key but can also be physically accessed. Which of the following is part of your job requirements? A. Coding B. Thinning C. Scanning D. Archiving

Answer: D Explanation: Archiving is the act of sending physical files to a permanent location that is kept under lock and key and can be physically accessed. Answer: A is incorrect. Coding is incorrect as this is the act of applying the proper codes for medical services for billing purposes. Answer: C is incorrect. Scanning is incorrect as this is the act of converting paper medical records. Answer: B is incorrect. Thinning is incorrect as this is to make a patients chart easier to handle after it has become to large and cumbersome to handle. This act is normally necessary for a patient who has incurred an extended stay in the hospital. The medical records that have been thinned are not destroyed but sent to the central medical records area where they should still be readily accessible.

QUESTION NO: 413 Which of the following authentication methods is based on physical appearance of a user? A. Smart card B. ID/password combination C. Key fob D. Biometrics

Answer: D Explanation: Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user. Nowadays, the usage of biometric devices such as hand scanners and retinal scanners is becoming more common in the business environment. Answer: C is incorrect. Key fobs are security devices used by telecommuters to provide one part of a three way match for a user to log on to a secured network. These are display-only devices that algorithmically generate security codes as part of a challenge/response authentication system. This code usually changes very quickly and is used with the PIN for authentication. Answer: A is incorrect. A smart card is a credit card-sized device used to securely store personal information such as certificates, public and private keys, passwords, etc. It is used in conjunction with a PIN number to authenticate users. In Windows, smart cards are used to enable certificate-based authentication. To use smart cards, Extensible Authentication Protocol (EAP) must be configured in Windows. Answer: B is incorrect. ID/password combination does not use physical appearance of a user for authentication.

QUESTION NO: 423 Which of the following acts refers to medical information that is obtained by the use of photographs or other medical imaging device? A. Device Capture B. Document Archiving C. Document Imaging D. Clinical Imaging

Answer: D Explanation: Clinical imaging refers to medical information that is obtained by the use of photographs or other medical imaging devices that need to be a part of the patient's permanent medical record. Answer: C is incorrect. Document imaging is incorrect as this action involves involves prepping, scanning, indexing and performing quality control on paper documents that are entered into a computerized system. Answer: A is incorrect. Device capture is incorrect as this is the act of transmitting medical information directly from a medical device such as electrocardiogram. Answer: B is incorrect. Document archiving is the act of ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location.

QUESTION NO: 200 Which of the following typically involves the provision of dynamically scalable and often virtualized resources as a service over the Internet? A. Terminal services B. Application Virtualization C. Thin client D. Cloud computing

Answer: D Explanation: Cloud computing typically involves the provision of dynamically scalable and often virtualized resources as a service over the Internet. It provides common business applications online that are accessed from a web browser, while the software and data are stored on the servers. Answer: C is incorrect. A thin client is a low-cost computer, often legacy desktops, with limited resources. Thin clients run the latest operating systems (Windows 2000 Server and Windows Server 2003) and applications through special software such as the Terminal Services application. There is no requirement to install and configure applications on each computer, as the software are installeC, Donfigured in a centralized location on the server. Hence, the maintenance tasks are centralized. Answer: A is incorrect. Terminal Services is a multisession environment that provides remote computers access to Windows-based programs running on a server. When a user runs a program on a Terminal Server, the application execution takes place on the server, and only the keyboard, mouse and display information are transmitted over the network. Each user sees only his individual session, which is managed transparently by the server operating system, and is independent of any other client session. Answer: B is incorrect. Application virtualization is an umbrella term that describes software technologies that improve portability, manageability and compatibility of applications by encapsulating them from the underlying operating system on which they are executed. Topic 3, Volume C

QUESTION NO: 262 While working on upgrading a system in the Emergency Department, you hear a warning over the PA system for a "Code Blue", followed by what looks like people running everywhere. What's going on? A. The hospital is being evacuated. You need to leave the building. B. The hospital is so full that all incoming patients are being diverted to other hospitals for care. You need to stay calm and continue your work. C. There's a flood in the restroom that's threatening to get out into the hallways. You need to make sure computer equipment is off the floor. D. A patient is in cardiac arrest and needs immediate resuscitation and critical care services. You need to stay calm and continue your work.

Answer: D Explanation: Code Blue or Code 99 are most often used to alert all available medical personnel that there is a patient in cardiac arrest who needs immediate and intensive treatment. Do not interfere, stay out of the way and continue your work. Answer: A is incorrect. There are no universal standard "codes" for evacuating the hospital, but each facility will have its own system of alerting staff that an evacuation is needed. It's important to learn those protocols for the facility in which you work. An example would be the Australian Health care system, where "Code Orange" indicated the need to evacuate the building. Answer: C is incorrect. There is no need to call a "code" for flooding, and though it may be a good idea to remove sensitive electrical equipment from the floor, most likely what's needed is someone to call custodial services or facility management. Answer: B is incorrect. A total divert or "bypass" can occur when a hospital, especially an ER trauma center, has reached maximum capacity and cannot safely treat any new patients. Again, learn the protocols for the facility in which you are working. Some hospitals use "Code Purple" or "Code Yellow" for this situation.

QUESTION NO: 301 Implementing an electronic health information system for hospital drug prescribing can reduce medication errors by upwards of 55%. If you are installing a drug prescribing system where doctor prescriptions are forwarded to the pharmacy via computer, what is this system better known as? A. Leapfrog B. Encoder C. ePharmacy D. Computerized Physician Order Entry

Answer: D Explanation: Computerized prescribing systems are referred to as Computerized Physician Order Entry or CPOE. Often they can also include orders to the pharmacy, radiology and the laboratory and with proper training and reduce medication errors by up to 55% in some studies. Answer: C is incorrect. ePharmacy is the name of a company in Australia and is not a product in the United States and is not a CPOE product. Answer: B is incorrect. Encoder is a health information system used to generate diagnosis and billing codes using the ICD9, ICD10, CPT and MSDRG systems. It does not involved drug prescribing. Answer: A is incorrect. The Leapfrog Group is the name of an organization which works to prevent errors in medical care like medication mistakes and works to improve the quality of health care. Although they have done studies on the effectiveness of CPOE system, they do not market a particular system.

QUESTION NO: 303 As a healthcare information technologist, it is your legal obligation to maintain patients privacy and not disclose protected health information. Which of the following describes this obligation? A. Data Security B. Privacy C. Conformity D. Confidentiality

Answer: D Explanation: Confidentiality is defined as as the legal and ethical obligation of health care professionals to meet the expectation of privacy from patients. Answer: C is incorrect. Conformity is defined as an individual adapting their behaviors, thoughts and attitudes to match what are perceived as normal by society. This answer choice is simply meant as a distractor. Answer: A is incorrect. Data security is incorrect as this is defined as technical and procedural methods to control and manage confidential information. Answer: B is incorrect. Privacy is incorrect as this is defined as the individual's right to control disclosure of his or her personal information.

QUESTION NO: 127 Which of the following is defined as the legal and ethical obligation of health care professionals to meet the expectation of privacy from patients? A. Privacy B. Conformity C. Data Security D. Confidentiality

Answer: D Explanation: Confidentiality is defined as the legal and ethical obligation of health care professionals to meet the expectation of privacy from patients. Answer: A is incorrect. Privacy is incorrect as this is defined as the individual's right to control disclosure of his or her personal information. Answer: C is incorrect. Data security is incorrect as this is defined as technical and procedural methods to control and manage confidential information. Answer: B is incorrect. Conformity is defined as an individual adapting their behaviors, thoughts and attitudes to match what are perceived as normal by society. This answer choice is simply meant as a distractor.

QUESTION NO: 490 You are asked to install a completely new information system for your facility. Your superiors inquire how long the project will take. You construct a chart illustrating how long the project will take. You design a chart based on the one shown below. Which of the following types of project management tools have you created to illustrate the time of completion for your project? A. PERT Diagram B. Gantt Chart C. Venn Diagram D. Critical Path

Answer: D Explanation: Critical path it is a tool used to indicate the overall time frame a project should take to complete. Answer: C is incorrect. Venn Diagram is incorrect as this diagram is diagram used in mathematics that are used to show all possible logical relations between a finite collection of sets. Answer: A is incorrect. PERT diagram is incorrect as this is a diagram which represent the steps or component parts of a project as circles connected by lines to indicated the sequence of events. Answer: B is incorrect. Gantt Chart is incorrect as this is a table that contains horizontal time lines and vertical indicators of project components, with bars indicating when and by whom tasks are to be completed.

QUESTION NO: 22 Which of the following is defined as the technical and procedural methods to control and manage confidential information? A. Conformity B. Privacy C. Confidentiality D. Data Security

Answer: D Explanation: Data security is defined as technical and procedural methods to control and manage confidential information. Answer: B is incorrect. Privacy is incorrect as this is defined as the individual's right to control disclosure of his or her personal information. Answer: C is incorrect. Confidentiality is incorrect as this is defined as the legal and ethical obligation of health care professionals to meet the expectation of privacy from patients. Answer: D is incorrect. Conformity is defined as an individual adapting their behaviors, thoughts and attitudes to match what are perceived as normal by society. This answer choice is simply meant as a distractor.

QUESTION NO: 229 As a healthcare information technologist, you are required to ensure that all data in every patients electronic health data remains confidential. Which of the following describes this duty? A. Conformity B. Privacy C. Confidentiality D. Data Security

Answer: D Explanation: Data security is defined as technical and procedural methods to control and manage confidential information. Answer: C is incorrect. Confidentiality is incorrect as this is defined as the legal and ethical obligation of health care professionals to meet the expectation of privacy from patients. Answer: A is incorrect. Conformity is defined as an individual adapting their behaviors, thoughts and attitudes to match what is perceived as normal by society. This answer choice is simply meant as a distractor. Answer: B is incorrect. Privacy is incorrect as this is defined as the individual's right to control disclosure of his or her personal information.

QUESTION NO: 4 Information such as your name, date of birth and social security number are all considered to be protected health information. This information would fall into which of the following categories? A. De-Indentified Health Information B. Individually Identifiable Health Information C. Archived Health Information D. Demographic Health Information

Answer: D Explanation: Demographic Health Information is a part of individually identifiable health information, it contains no information regarding and individual's illness or treatment. Demographic information is the patient's name, date of birth, address, social security number, insurance information and contact information. Answer: C is incorrect. Archived Health Information is incorrect as this is health information that has been stored on some sort of media such as a compact disc, dvd or videotape. Answer: A is incorrect. De-identified health information is incorrect as this information requires removal of all data in which a patient can be identified such as name, date of birth, social security number and address. Answer: B is incorrect. Individually Identifiable Health Information is incorrect as this is information, including demographic information that relates to the individual's past, present or future physical or mental health or condition, the provision of health care to an individual or the past, present or future payment of health care provisions.

QUESTION NO: 343 Which of the following actions refers to scanning, indexing and performing quality control on paper documents that are entered into a computerized system? A. Device Capture B. Document Archiving C. Clinical Imaging D. Document Imaging

Answer: D Explanation: Document imaging involves prepping, scanning, indexing and performing quality control on paper documents that are entered into a computerized system. Answer: A is incorrect. Device capture is the act of transmitting medical information directly from a medical device such as electrocardiogram. Answer: C is incorrect. Clinical imaging refers to medical information that is obtained by the use of photographs or other medical imaging devices that need to be a part of the patient's permanent medical record. Answer: B is incorrect. Document archiving is the act of ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location.

QUESTION NO: 474 Which of the following statements about FTP is true? A. It connects file servers on the World Wide Web. B. It manages network devices. C. It allows password free file transfers. D. It transfers files between computers. E. It holds files transmitted through POP3 mail.

Answer: D Explanation: File Transfer Protocol (FTP) is a primary protocol of the TCP/IP protocol suite, which is used to transfer text and binary files between a host computer and a server computer over the Internet. It provides a no-overhead method of transferring files between computers.

QUESTION NO: 165 This type of clinical module allows a small private practice of physicians to manage the day to day operations of a medical practice, including patient demographics, scheduling, lists of insurance payers, billing tasks and report generation. A. Tracking/Auditing B. Scheduling C. Order Entry D. Practice Management Software

Answer: D Explanation: For a small practice, a desktop PMS or Practice Management Software can handle many of the tasks for an outpatient physician practice. Larger physician groups or clinics often require larger systems with multiple modules to incorporate a variety of functions, but Practice Management Software can work for a small practice and still integrate with an EMR, electronic medical record system. Answer: C is incorrect. Order Entry systems or CPOE - computerized physician order entry systems, is a system where a physician can issue electronic orders to other staff or departments, like pharmacy, radiology, or the laboratory. It does not do scheduling, billing, or any other functions. This is more often a module used in hospitals and large clinics rather than in a small private practice. Answer: A is incorrect. Tracking/Auditing systems allow for the tracking of Release of Information requests, and sometimes other information like financial information or other information subject to audit and tracking. They are used in large healthcare organization and not typically part of a smaller practice. Answer: B is incorrect. Scheduling modules are usually part of a larger system within a hospital or large physician group. A small private practice would have all of those things integrated into a single system like a Practice Management System.

QUESTION NO: 153 A physician practice suspects that a patient was involved in the theft of drugs from its storeroom. The police have arriveA, Dre asking for the information the practice has about this patient, like the patient's name, last known address, and patient status. The practice can. A. Reveal only the Patient's name. B. Only corroborate information that the police already have. C. Reveal this information to the police, provided that they have an authorization. D. Provide the information, without an authorization, if it believes it will serve as evidence.

Answer: D Explanation: For crimes on the premises of a covered entity, no authorization is required as long as the entity believes the information they provide constitutes evidence of such criminal conduct, such as the fact that he was a patient at the practice.

QUESTION NO: 155 The HIPAA act prevents disclosure of health information to which of the following? A. The Patient B. Patient Representatives C. Department of Health and Human Services D. Patient Employer

Answer: D Explanation: HIPAA act does not allow a patient's health information to be disclosed to a patients employer. Answer: A is incorrect. The Patient is incorrect as the patient has a right to know any and all information pertinent to his/her medical care. Answer: B is incorrect. Patient representatives is incorrect as health information can be disclosed to anyone a patient designates to represent them such as a family member or attorney. Answer: C is incorrect. Department of Health and Human Services is incorrect as patient information may be disclosed to the Department of Health and Human Services when it is conducting a compliance investigation or review or enforcement action.

QUESTION NO: 189 A patient requests an accounting of all the instances in which her Protected Health Information (PHI) has been disclosed in the last six years. You are in charge of putting this accounting together. It seems like a monumental task. What disclosures must be listed in this accounting? A. Disclosures for treatment, payment or healthcare operations B. Disclosures incidental to another allowed use or disclosure C. National security or intelligence disclosures D. Disclosures that were made without a required written authorization

Answer: D Explanation: HIPAA excepts those disclosures for which you have a written authorization from the accounting record. HIPAA does require that an accounting can be made for all instances of PHI disclosure up to six years, other than the exceptions. Answer: C is incorrect. HIPAA does not require National security or intelligence disclosures in an accounting. Answer: A is incorrect. HIPAA does not require accounting for treatment, payment or healthcare operations. Patients sign a consent indicating that they know their information will be used in this way; that is essentially the HIPAA consent form. Answer: B is incorrect. HIPAA makes an exception to incidental disclosures, say for example information that was viewed by a physician reviewing another physician's work.

QUESTION NO: 13 According to HIPAA, how long must a medical practice retain a patient's medical records? A. ten years B. five years C. three years D. HIPAA does not mandate how long.

Answer: D Explanation: HIPAA's privacy rule applies to the complete period of record retention and disposal, but does not stipulate how long records must be kept. Answer: B, A, and C are incorrect. HIPAA doesn't set any standard for how long records must be retained, only how those records are treated to protect PHI.

QUESTION NO: 317 You are riding in an elevator with several physicians discussing the care of a patient. The patient's name is used in the conversation, which piece of legislation has been violated? A. MIPPA B. Patient Bill of Rights C. EMTALA D. HIPPA

Answer: D Explanation: HIPPA is the legislation designed to insure the privacy and security of personal health information.

QUESTION NO: 324 Which of the following acronyms is a system used to classify medical diagnoses, signs and symptoms into a set of numeric codes for use in billing and analysis? A. HL7 B. NDCID C. Snowmed D. ICD10

Answer: D Explanation: ICD10 is the International Classification of Diseases, 10th revision. Although not mandated for use until 2013, ICD10 and ICD9 are systems used in billing and public health analysis for classifying medical diagnoses into a system of numeric codes. Expanded into ICD10-CM, or the Clinical Modification of ICD10, it includes a vast level of detail about medical conditions and includes 155,000 codes. Answer: A is incorrect. HL7 or Health Level Seven is an organization that develops standards for interoperability in healthcare for electronic health information. HL7 develops and releases these standards so computer systems in healthcare can integrate easily. Answer: C is incorrect. Snowmed is the System of Nomenclature of Medicine. The Snowmed CT is a system of medical terminology organized to be able to be processed by a computer and used to organize medical records. Answer: B is incorrect. NDCID is the National Drug Code Identification, which is the product identifier code given to each new drug by the FDA. Every drug has a unique identifier number.

QUESTION NO: 92 Which of the following can occur if the power cable runs along with the computer network cable? A. Broadcast storm B. Surge C. ESD D. EMI

Answer: D Explanation: If the power cable runs along with the computer network cable, radiation from the power cable, known as electromagnetic interference (EMI) , may be inducted into the computer network cable affecting the signals that pass through it. Answer: C is incorrect. ESD stands for Electrostatic discharge. The static electricity that we generate everyday creates ESD. If you walk across a carpet and touch someone, you experience a mild shock. Electrostatic discharge occurs when the electrostatic charge is transferred from one charged entity to another entity sensitive to that charge. To minimize Electrostatic discharge (ESD) problems, consider wearing a wrist strap when you are working with computer components. A wrist strap is a wire with a watchband-style strap at one enA, D plug or clip on the other end. The wrist strap plug or clip is connected to the ground or to the piece of equipment being worked on. Answer: B is incorrect. Surge is a momentary voltage variation (+/- 170 volts) that lasts from one microsecond to a few milliseconds. Turning on and off large inductive electrical devices such as air conditioners and refrigerators can cause a surge. Answer: A is incorrect. Broadcast storm is a situation in which one or more network devices send jabber packets constantly, thereby increasing the traffic. A faulty network interface card (NIC) that sends jabber packets can be detected by the network monitor software. A faulty NIC can cause a broadcast storm on the network. Broadcast storms caused by a faulty network interface card can be resolved by disabling or replacing the card.

QUESTION NO: 79 When working in a healthcare organization email communication presents special problems. Though a very useful tool, it can also present problems for an organization. Which of the following is NOT a potential problem regarding email communication? A. Protected health information must be encrypted in order to send PHI via email, in case an email is intercepted during transmission. B. Many emails regarding treatment, payment and business operations can by both HIPAA and Sarbanes Oxley law be required to be retained as part of the legal record and stored for years. C. If any protected health information is going to be sent through email, authentication of the recipient is crucial for protection of PHI. Access control systems must be in place to authenticate sender and recipient of any email containing PHI. D. If patient's request the service, email can be used for appointment reminders, prescription refill completion and other low-sensitivity messages.

Answer: D Explanation: If the security rule requirements at 45 C.F.R. Part 164, Subpart C are fulfilled, email can be used to communicate with patients. Even unencrypted emails are possible if information is not of a sensitive nature and patients have opted in to the service. Answer: B is incorrect. This is a serious consideration to any business, not just a healthcare business. Email is part of the business recorC, Dan be held up in court as evidence of wrongdoing. Deleting emails can be considered hiding evidence. Answer: C is incorrect. This can be a serious problem with any means of transferring PHI. It is very important if protected health information is emailed, that the end recipient is authenticated. Some organizations use internal email systems requiring layers of authentication to access in order to guarantee that the intended recipient receives an email. Answer: A is incorrect. HIPAA security rule demands that if PHI is to be transmitted by electronic means that it needs to be encrypted so that it cannot be read if intercepted in transmission.

QUESTION NO: 275 During your yearly medical physical, your doctor diagnoses you with leukocytosis. Leukocytosis is defined as? A. Study of white blood cells B. Surgery involving white blood cells C. Inflammation of the white blood cells D. Disease of the white blood cells

Answer: D Explanation: In medical terminology, any word that end in the suffix -osis refers to a disease process of a particular area. Examples, diverticulosis is disease of the diverticulum, tuberculosis is a disease process of the tubercles of the lungs and leukocytosis is a disease process of the white blood cells. Answer: C is incorrect. Inflammation is incorrect as any medical term referring to inflammation ends with the suffix -itis. Answer: A is incorrect. Study of is incorrect as any term referring to the study of anything end with the suffix -ology, example Radiology is the study of radiation,Cardiology is the study of the heart. Answer: B is incorrect. Opening is incorrect as any medical condition that refers to opening ends with the suffix -otomy, example thoracotomy means an opening was made in the thorax.

QUESTION NO: 280 Which of the following refers to information that relates to any individual's past, present or future physical or mental health? A. De-Indentified Health Information B. Archived Health Information C. Demographic Health Information D. Individually Identifiable Health Information

Answer: D Explanation: Individually Identifiable Health Information is information, including demographic information that relates to the individual's past, present or future physical or mental health or condition, the provision of health care to an individual or the past, present or future payment of health care provisions. Answer: A is incorrect. De-identified health information is incorrect as this information requires removal of all data in which a patient can be identified such as name, date of birth, social security number and address. Answer: B is incorrect. Archived Health Information is incorrect as this is health information that has been stored on some sort of media such as a compact disc, dvd or videotape. Answer: C is incorrect. Demographic Health Information is incorrect although, this is a part of individually identifiable health information, it contains no information regarding and individual's illness or treatment. Demographic information is the patient's name, date of birth, address, social security number, insurance information and contact information.

QUESTION NO: 378 You are about to undergo a surgical procedure, the physician explains the reasons for the procedure, the risks and rewards of the procedure and answers any question. . Which of the following pieces of legislation has the physician followed? A. Safe Medical Device Act B. HIPPA C. Patient's Bill of Rights D. Informed Consent

Answer: D Explanation: Informed consent is classically defined as the consent of patient to undergo a medical procedure or participate in a clinical trial after achieving an understanding of the medical fact and risks involved. Answer: A is incorrect. Safe Medical Device Act is as this piece of legislation requires users of medical devices to report any incidences that could in any way suggest that the incident caused death, serious injury or illness to a patient. Answer: C is incorrect. Patient's Bill of Rights is as this legislation requires health care providers inform all patients of their rights as patients receiving medical treatment. Answer: B is incorrect. HIPPA is as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 270 Your healthcare facility is involved in a lawsuit where protected health information is important to the case. Can your facility disclose this information and still be within HIPAA compliance? A. No. It is not in the best interests of the healthcare organization to disclose protected health information at any time. B. No. The organization should not disclose that information under these circumstances because it risks falling into HIPAA noncompliance. C. Yes. The needs of the lawsuit outweigh the HIPAA law and the information should be disclosed even at the risk of HIPAA compliance. D. Yes. The organization will still be within HIPAA compliance if it discloses PHI within a legal proceeding.

Answer: D Explanation: Legal proceedings fall within the "operations" exception of HIPAA privacy rule as part of "TPO" - reatment, payment and operations. Therefore, PHI may be disclosed during a lawsuit, but the minimum necessary standard still applies. The amount of nformation disclosed and the persons allowed to access the information should be kept to a minimum. Answer: B is incorrect. The healthcare organization can definitely comply with any subpoenas or requests for information as part of a legal proceeding and still remain in compliance with HIPAA regulations. Answer: C is incorrect. The healthcare organization can definitely comply with any subpoena or requests for information as part of a legal proceeding and still remain in compliance with HIPAA regulations. A lawsuit does not "supersede" HIPAA or render its mandates unnecessary. Answer: A is incorrect. Healthcare organizations cannot claim HIPAA law or organizational rights allow them to not comply with a subpoena. A healthcare facility has to turn over information that is relevant to a case.

QUESTION NO: 385 Which of the following methods of filing is best suited for limited space, low volume facilities with one file clerk? A. Open Shelf Files B. Filing Cabinets with Drawers C. Compressible Units with Open Files D. Motorized Revolving Files

Answer: D Explanation: Motorized revolving files is best for limited space, low volume facilities with one file clerk. This option allows for patient records to be covered and locked but is expensive to acquire and maintain.Answer: B is incorrect. Filing cabinets with drawers is incorrect as this method for small, low volume facilities is filing cabinets with drawers. This type of filing allows for patient records to be locked, fireproofed and protected from the environment, however, this method required significant space. Answer: A is incorrect. Open shelf files is incorrect as this method is best for high volume facilities with multiple filing staff to provide security. This option also requires significant floor space. Answer: C is incorrect. Compressible units with open files is best for limited space, medium volume facilities with two or three file clerks. This method allows for easy access and saves space.

QUESTION NO: 216 You work as a Network Administrator for McRobert Inc. You want to know the NetBIOS name of your computer. Which of the following commands will you use? A. NETSTAT -n B. NETSTAT -s C. NBTSTAT -s D. NBTSTAT -n

Answer: D Explanation: NBTSTAT -n displays the list of local NetBIOS names.

QUESTION NO: 175 Which of the following data types encompassed in a patient's EHR would include body weight and temperature readings? A. Signals B. Images C. Text D. Numbers

Answer: D Explanation: Numeric data is a type of data that may be found in a patient's electronic health record. Examples of numerical data would be blood pressure readings, body weight and temperature readings.

QUESTION NO: 517 Which of the following stores document copies and backup media away from the computer center? A. Storage area network B. Network attached storage C. On-site storage D. Off-site storage

Answer: D Explanation: Off-site storage refers to a location away from the computer center where document copies and backup media are kept. This storage method is more secure but less convenient and more costly. Answer: C is incorrect. On-site storage refers to the same location where the work place is. It is considered more convenient but less secure in case of disaster. Answer: A is incorrect. A storage area network (SAN) is an architecture to attach remote computer storage devices (such as disk arrays, tape libraries, and optical jukeboxes) to servers in such a way that the devices appear as locally attached to the operating system. Answer: B is incorrect. Network attached storage (NAS), in contrast to SAN, uses file-based protocols such as NFS or SMB/CIFS where it is clear that the storage is remote, and computers request a portion of an abstract file rather than a disk block.

QUESTION NO: 168 Ambulatory Surgical Centers provide outpatient surgeries, pain management and diagnostic procedures. These often use the latest in electronic health records and health management software systems, and require the services of healthcare IT personnel. As a healthcare IT professional, who are you most likely to deal with during your employment at an ambulatory surgical center? A. Chief Executive Officer B. Nursing Manager C. Chief of Medical Staff D. Administrator

Answer: D Explanation: Often the manager of day to day operations at an ambulatory surgical center is simply referred to as an "administrator". IT issues, regulatory requirements, finance, billing, many aspects of the smooth functioning of a small ambulatory surgical center are covered by the administrator, or delegated by the administrator to the next layer of management. Answer: C is incorrect. Chief of Medical Staff is not going to be directly involved in IT matters. Answer: A is incorrect. The Chief Executive Officer is not going to be directly involved in IT matters on a day to day basis. Answer: B is incorrect. Although potentially consulted for design decisions and training programs, a nursing manager is not likely to be in charge of managing IT matters for an ambulatory surgical center.

QUESTION NO: 491 Which of the following types of budget is primarily based on the predicted work volume? A. Organizational Budget B. Master Budget C. Statistical Budget D. Operating Budget

Answer: D Explanation: Operating budget is a type of budget predicts labor, supplies and other expenses based on predicted work volume. Answer: C is incorrect. Statistical budget is incorrect as this type of budget budget predicts future volume based primarily on historical data. Answer: A is incorrect. Organizational budget is incorrect as this answer choice is meant simply for a distractor. Organizational budgets are not Opused in a healthcare setting. Answer: B is incorrect. Master Budget is incorrect as this type of budget is this type of budget incorporates the budget of each department or business unit into one budget for the entire facility.

QUESTION NO: 76 Due to concerns with rapid changes in technology less use of magnetic tapes or CDs to backup information, your hospital is working to develop a policy to ensure continued access to electronic health information over time. Which one of these methods is NOT a good way to deal with aging electronic media? A. Use software independent forms for storage, such as document management systems B. Have a plan to reformat and migrate older records to new software or hardware systems. C. Maintain necessary software and hardware to read any old records, make sure that older versions of programs and operation systems are maintained somewhere to use if necessary. D. Print out in paper format information that might be lost in an electronic system and store paper copies.

Answer: D Explanation: Option A, option B, and option C are all potential ways of dealing with changes in electronic medical record technology, but option Dis not a good plan. Often, a hospital spends a good deal of time and money migrating from paper records, which take a deal of space and money to store, to an electronic storage and or imaging system. Doing the reverse to prevent software or hardware obsolescence would not be a popular or feasible approach. Answer: A is incorrect. Implementing a document management system where records are kept in a software independent format is a route many healthcare facilities are taking, so Option A is a good approach. Answer: B is incorrect. Consistently migrating older records to a newer system can be time consuming, but it is far better than losing access to those records or printing them out on paper. Answer: C is incorrect. Retaining good copies of older hardware and software is a good plan for making sure records remain accessible.

QUESTION NO: 500 Which of the following statements regarding the Health Insurance Portability and Accountability Act's "Security Rule" is NOT accurate? A. The Security Rule mandates efforts to protect the security of PHI from anticipated threats and hazards, and anticipated uses and disclosures not permitted by the HIPAA Privacy rule. B. The Security Rule only covers electronic protected health information (PHI), no other media. C. The Security Rule mandates a series of administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of protected health information. D. The HIPAA Security Rule mandates a strict methodology for the implementation of security standards and safeguards

Answer: D Explanation: Options A, B, C are all important components of the HIPAA Security Rule, whereas Option D is not accurate. The HIPAA Security Rule follows a principle of flexibility, allowing covered entities to develop their own methods and plans for implementing the mandated administrative, physical and technical safeguards depending upon the size, complexity and capabilities of the covered entity. Answer: B is incorrect. Option A is a factual statement. The HIPAA Security Rule and its mandates apply only to the protection of electronic protected health information (ePHI), not paper, film, or other storage media. Answer: C is incorrect. Option B is a factual statement. The key regulations of the Security Rule involve the requirements for administrative, technical and physical safeguards to protect ePHI. Answer: A is incorrect. Option C is a factual statement. It is very important for any organization dealing with the security of ePHI to think about the future of potential physical threats like nature disasters, technical threats like hacking, and anticipate the potential for uses and disclosures in lawsuits or other potentialities.

QUESTION NO: 14 Which of the following portable computer systems is used by smart phones for offering advanced OS capabilities? Each correct answer represents a complete solution. Choose all that apply. A. SBC B. SFF C. Tablet PC D. PDA E. laptop

Answer: D Explanation: PDA stands for personal digital assistant and it is also known as a palmtop computer or handheld computer. It is a mobile device, which functions as a personal information manager and connects to the Internet. Smartphone uses PDA for offering advanced OS capabilities. The PDA has an electronic visual display enabling it to include a Web browser, but some newer models also have audio capabilities, enabling them to be used as mobile phones or portable media players. Many PDAs can access the Internet, intranets or extranets via Wi-Fi, or Wireless Wide Area Networks. The typical features of a PDA are as follows: 1.Touch screen 2.Memory cards 3.Wired connectivity 4.Wireless connectivity 5.Synchronization Answer: C is incorrect. A Tablet PC refers to a fully functional laptop PC, equipped with a stylus. Tablet PCs are personal computers where the owner is free to install any compatible application or operating system. Answer: E is incorrect. A laptop is a type of portable computer. It is designed for mobile use and small and light enough to sit on a person's lap while in use. It integrates most of the typical components of a desktop computer, including a display, a keyboard, a pointing device (touchpad or trackpad, pointing stick), speakers, and often including a battery, into a single small and light unit. Answer: A is incorrect. Single-board computers (SBCs) are complete computers built on a single circuit board. The design is centered on a single or dual microprocessor with RAM, IO and all other features needed to be a functional computer on one board. Answer: B is incorrect. Small form factor computers are those computers that are generally designed to support the same features as modern desktop computers, but in a smaller space. Most accept standard x86 microprocessors, standard DIMM memory modules, standard 3.5 inch hard disks, and standard 5.25 inch optical drives. SFF computers can be far smaller than typical desktop computers. They are often used in space-limited areas where normal computers cannot be placed.

QUESTION NO: 90 An 80 year old man is dissatisfied with several aspects of his hospital stay, which of the following pieces of legislation allows him to file a formal complaint? A. MIPPA B. HIPPA C. EMTALA D. Patient Bill of Rights

Answer: D Explanation: Patient Bill of Rights. Patient Bill of Rights is correct as this legislation requires health care providers inform all patients of their rights as patients receiving medical treatment. There are eight rights every patient has as a recipient of medical care and one of those rights is the ability to file a complaint against the health plan, physician, hospitals and other health care personnel. Answer: A is incorrect. MIPPA is as this as this legislation is designed used to adjust Medicare reimbursement to certain facilities. Answer: C is incorrect. EMTALA is as this legislation legally obligates health care facilities to provide emergent care regardless of citizenship, legal status or ability to pay Answer: B is incorrect. HIPPA is as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 443 You are assigned the duty of creating an in depth, non-numerical description of the information contained in a patient's medical record. Which of the following have you been asked to create? A. Statistical Analysis B. Quantitative Analysis C. Master Patient Index D. Qualitative Analysis

Answer: D Explanation: Qualitative Analysis of healthcare information is used to derive an in-depth, nonnumerical description of the information contained within a patient's medical record. A qualitative analysis does not contain any statistical analyses. Answer: C is incorrect. Master Patient Index (MPI) is incorrect as this is a database that contains a unique index for every patient registered at a healthcare organization. Answer: B is incorrect. Quantitative analysis is incorrect as this refers to information contained within a patient's EHR being converted from words to numbers. The numbers of interest are then quantified and statistically analyzed. Answer: A is incorrect. Statistical analysis is incorrect as this is the method used to analyze the data obtained from a quantitative analysis of a patient's EHR.

QUESTION NO: 2 Which of the following measures the time a cathode-ray tube (CRT) electron beam takes to paint a screen from top to bottom? A. Bus width B. Dot Pitch C. Video RAM size D. Refresh rate

Answer: D Explanation: Refresh rate measures the time a CRT electron beam takes to paint a screen from top to bottom. A monitor's image is updated 60 to 85 times per second. Refresh rate lower than 70-75 Hz is likely to cause noticeable screen flicker, eyestrain, and headaches. You should look for a refresh rate of 75 Hz or better to avoid these problems. Answer: B is incorrect. Dot Pitch is spacing between dots on a computer's monitor. The closer the dots, the sharper the image. The space between dots should not be greater than 0.25 mm. Answer: C is incorrect. VRAM, also known as Video RAM, is used to store image data for processing by the video adapter. It is the memory that stores information about the pictures that display on the monitor screen.

QUESTION NO: 259 You work as the Security Administrator for Prodotxiss Inc. You want to ensure the security of your Wi-Fi enterprise network against the wireless snooping attacks. Which of the following measures will you take over the site network devices of the network? A. Download and install new firmware patch for the router. B. Apply firewalls at appropriate spots. C. Apply a standard ACL on the router. D. Disable the SSID broadcast feature of the router.

Answer: D Explanation: SSID broadcasts can be seen by the Wi-Fi enabled computers looking for a network to connect to. You can turn this broadcasting feature off so that the router appears invisible to casual wireless snoopers. Turning off the SSID broadcast feature hides the router from casual wireless surfers. Service Set Identifier (SSID) is a configurable client identification that allows a client to communicate with a particular base station. It is a case sensitive name assigned to a wireless device in a Wi-Fi network. A client can communicate with the base station if both have the same SSID. Answer: C is incorrect. Applying standard or extended ACL can only stop the router from sending packets to specified addresses. It is an address filtering feature of a router. Answer: B is incorrect. A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. An administrator can configure the following settings for a firewall. Open and Closed Ports. Through this setting firewall determines which data packet to be allowed or drop during communication.Program Filters. Through program filters, firewall determines which program to be allowed or disallow for communication. Answer: A is incorrect. Downloading, installing patches and thus updating firmware inside the router fixes bugs and improves security. It does not provide security against attacks.

QUESTION NO: 320 You work as a healthcare IT technician for an organization. You want to allow some doctors to fill out an application online. But you need the online application data to be secured. Whatever method you pick should integrate easily with Web pages. Which of the following should you pick? A. IPsec B. AES C. DES D. SSL

Answer: D Explanation: Secure Sockets Layer (SSL) works with digital certificates to secure data. It is specifically used with Web sites. When combined with http (hyper text transfer protocol), it creates https (Secure HTTP).

QUESTION NO: 176 You are responsible for ensuring that every electrocardiogram and electroencephalogram becomes a part of the patient's electronic medical record. Which of the following types of data are you responsible for? A. Text B. Numbers C. Images D. Signals

Answer: D Explanation: Signal data is a type of data that may be found in a patient's electronic health record. Examples of signal data is tracing that are obtained from EEG or EKG tracings.

QUESTION NO: 319 Which of the following data types encompassed in a patient's EHR would include tracings from and EEG or EKG? A. Images B. Numbers C. Text D. Signals

Answer: D Explanation: Signal data is a type of data that may be found in a patient's electronic health record. Examples of signal data is tracing that are obtained from EEG or EKG tracings.

QUESTION NO: 30 You are working on installing a new workstation in an area in which medical assistants interact with patients and the public. What are two physical safeguards you can do during installation of the system to help keep protected health information safe at this workstation? A. Video surveillance of the area surrounding the workstation, and role based access control programs installed on the machine. B. Configuring the server to deny access on to the machine after several failed attempts to log on with a user name, and preventing a workstation from being installed facing into a busy corridor. C. Installing a privacy screen to prevent viewing from the side or above and user-based access control programs installed on the machine. D. Installing a privacy screen to prevent viewing from the side or above, preventing a workstation from being installed facing into a busy corridor

Answer: D Explanation: Simple physical safeguards in a busy public or semi-public area where PHI may be access can include privacy screens installed around a workstation monitor that prevent anyone other than the authorized user directly in front of the screen from viewing the information on the screen. Also, making the simple precaution of checking where a monitor would be facing during use and installing the workstation so that the monitor or display does not face out into a busy corridor is another simply way of protecting PHI. Answer: A is incorrect. Also video surveillance is considered a physical safeguard to prevent theft of PHI, it is not usually in a Healthcare IT technicians ability to implement this system during the installation of the workstation. Also, the installation of a role based access control program is not a physical safeguard, but a technical safeguard involving software, likely at the server level. Answer: C is incorrect. As said about Option A, privacy screens are an excellent physical safeguard for installation in a new workstation to added protection for PHI, but access control programs of any kind are not a physical safeguard but a technical safeguard, and likely to be installed and maintained at the server level. Answer: B is incorrect. Locking out a user-name for too many failed attempts to access the system is an excellent technical safeguard to protect PHI, but it is not a physical safeguard, and would likely be maintained by software at the server level.

QUESTION NO: 178 Which of the following statements correctly defines social engineering? A. It is a branch of Ceramic engineering. B. It is a way of socializing a person's social life. C. It is a sub-branch of Software engineering. D. It is a method of using people so that they voluntarily provide all sensitive information.

Answer: D Explanation: Social engineering is a method of using people so that they voluntarily provide all sensitive information such as business information or trade secrets. A social engineer takes advantage of people's weakness for gaining something or for self-advantage. A pattern is followed by the social engineer while working.

QUESTION NO: 34 CORRECT TEXT Fill in the blank with the name of the appropriate authentication technology. Fingerprint scanner, retinal scanner, facial recognition software, voice print identification, etc., are part of technology.

Answer: biometric Explanation: Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user. Nowadays, the usage of biometric devices such as hand scanners and retinal scanners is becoming more common in the business environment.

QUESTION NO: 212 Which of the following can search contents of a hard disk, address book of an e-mail, or any information about the computer, and transmit the information to the advertisers or other interested parties without user knowledge? A. Firmware B. Malware C. Adware D. Spyware

Answer: D Explanation: Spyware is software that gathers information about a user without his knowledge. Spyware can get into a computer when the user downloads software from the Internet. Spyware can search the contents of a hard disk, address book of an e-mail, or any information about the computer, and transmits the information to the advertisers or other interested parties. Answer: A is incorrect. Firmware is a term often used to denote the fixed, usually rather small, programs and data structures that internally control various electronic devices. Firmware sits on the reader and controls its function. It reads only one type of tag either active or passive. Answer: B is incorrect. Malware or malicious software is a threat that attempts to break into a computer or damage it without the consent of the owner of the system. There are a number of types of malware depending upon their threat level and functions. Some malware are conditionally executed while others are unconditional. Answer: C is incorrect. Adware is software that automatically downloads and display advertisements in the Web browser without user permission. When a user visits a site or downloads software, sometimes a hidden adware software is also downloaded to display advertisement automatically. This can be quite irritating to user. Some adware can also be spyware.

QUESTION NO: 185 Which of the following is an Institute of Electrical and Electronics Engineering (IEEE) specification that defines standards for Ethernet? A. 802.5 B. 802.4 C. 802.12 D. 802.3

Answer: D Explanation: The 802.3 specification of the IEEE defines standards for Ethernet. The IEEE 802.3 standards define the physical layer and the media access control (MAC) sublayer of the data link layer of a wired Ethernet. These standards are made for physical connections between nodes and infrastructure devices by various types of copper or fiber cable. Infrastructure devices include hubs, switches, routers, etc. Answer: A, B are incorrect. The 802.5 and 802.4 specifications of the IEEE define standards for token ring and token bus respectively. Answer: C is incorrect. There is no IEEE specification such as 802.12.

QUESTION NO: 512 The Affordable Care Act, which was signed into law in 2010, was established in order to reform health insurance in the United States. Which of the following governing bodies is most likely responsible for this piece of legislation? A. The Joint Commission B. Occupational Safety and Health Administration C. Food and Drug Administration D. Department of Health and Human Services

Answer: D Explanation: The Department of Health and Human Services (HHS) is the United States government's principal agency for protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves. Answer: B is incorrect. Occupational Safety and Health Administration (OSHA) is as the purpose of this agency is to ensure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance. Answer: A is incorrect. The Joint Commission is as the purpose of this agency is to continuously improve health care for the public by evaluating health care organizations and inspiring them to excel in providing safe and effective care of the highest quality and value. Answer: C is incorrect., Food and Drug Administration is as the purpose of this agency is to protect the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation, and by regulating the manufacture, marketing, and distribution of tobacco products.

QUESTION NO: 174 Which of the following standards lists the components and content of the patient's medical record and includes definitions that conform to standard nomenclature? A. E1368 B. E1392 C. E1357 D. E1384

Answer: D Explanation: The E1384 publication of the American Society of Testing and Materials (ASTM) lists the components and content of the patient's medical record and includes definitions that conform to standard nomenclature. Answer: C is incorrect. The E1384 publication of the American Society of Testing and Materials (ASTM) lists the components and content of the patient's medical record and includes definitions that conform to standard nomenclature. Answer: A is incorrect. The E1384 publication of the American Society of Testing and Materials (ASTM) lists the components and content of the patient's medical record and includes definitions that conform to standard nomenclature. Answer: B is incorrect. The E1384 publication of the American Society of Testing and Materials (ASTM) lists the components and content of the patient's medical record and includes definitions that conform to standard nomenclature.

QUESTION NO: 106 Which of the following file permissions permits reading, writing, changing and deleting of the file? A. Read B. Write C. Modify D. Full Access

Answer: D Explanation: The Full Access permission permits reading, writing, changing and deleting of the file. Read, Write, Modify, and Full Access are the basic permissions that can be assigned to files and folders. These permissions are summarized in the following table.

QUESTION NO: 172 You need a patient's medical information for a research project. Which type of medical information can you obtain without consent from the patient? A. Archived Health Information B. Paper Health Information C. Electronic Health Information D. De-Identified Health Information

Answer: D Explanation: The HIPAA act requires no restrictions on de-identified health information. De-identified health information refers to health records, x-rays, lab results or any part of the patients permanent health record in which pertinent information has been removed so the patient cannot be identified. Pertinent identifiers include patient's name, social security number, date of birth or address. De-identified health information is usually used for research and training purposes. Answer: A is incorrect. Archived Health Information is incorrect as any patient information stored on any media, compact disc, dvd, or video tape is protected by the HIPAA act. Answer: B is incorrect. Paper Health Information is incorrect as any patient information written on paper is covered by the HIPAA act. Paper health information includes the patient's chart, prescriptions and consent forms. Answer: C is incorrect. Electronic Health Information is incorrect as all patient records stored in any hospital computer is regulated by the HIPPA Act.

QUESTION NO: 367 You have the duty of ensuring patient's medical records are completed in the required amount of time. You are required by the Joint Commission for the Accreditation of Health Organizations to have a patient's medical record complete within how many days after discharge? A. 14 days B. 7 days C. 24 hours D. 30 days.

Answer: D Explanation: The Joint Commission for the Accreditation of Health Organizations requires a patient's medical record to be complete within a time period not to exceed 30 days. Answer: C is incorrect. The regulation stipulated by the Joint Commission for the Accreditation of Health Organizations requires a patient's medical record to be complete within a time period not to exceed 30 days. Answer: B is incorrect. The regulation stipulated by the Joint Commission for the Accreditation of Health Organizations requires a patient's medical record to be complete within a time period not to exceed 30 days. Answer: A is incorrect. The regulation stipulated by the Joint Commission for the Accreditation of Health Organizations requires a patient's medical record to be complete within a time period not to exceed 30 days.

QUESTION NO: 475 The Joint Commission for the Accreditation of Healthcare Organizations requires a review of all delinquent medical records at least once per which of the following time frames? A. 60 days B. 120 days C. 30 days D. 90 days

Answer: D Explanation: The Joint Commission for the Accreditation of Health Organizations requires any health care facility to institute a review of all delinquent medical records to be performed at least once per 90 days. Answer: C is incorrect. The Joint Commission for the Accreditation of Health Organizations requires any health care facility to institute a review of all delinquent medical records to be performed at least once per 90 days. Answer: A is incorrect. The Joint Commission for the Accreditation of Health Organizations requires any health care facility to institute a review of all delinquent medical records to be performed at least once per 90 days. Answer: B is incorrect. The Joint Commission for the Accreditation of Health Organizations requires any health care facility to institute a review of all delinquent medical records to be performed at least once per 90 days.

QUESTION NO: 77 The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within what period of time for acute care patients? A. 48 hours B. 12 hours C. 6 hours D. 24 hours

Answer: D Explanation: The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 24 hours for acute care patients. Answer: C is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 24 hours for acute care patients. Answer: B is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 24 hours for acute care patients. Answer: A is incorrect. The Joint Commission for the Accreditation of Healthcare organizations requires a history and physical be dictated and transcribed within 24 hours for acute care patients.

QUESTION NO: 67 Which of the following governing bodies standardizes the transmission of healthcare data? A. Department of Health and Human Services B. The Joint Commission C. Occupational Safety and Health Administration D. National Committee on Vital and Health Statistics

Answer: D Explanation: The National Committee on Vital and Health Statistics is the governing body that standardized the transmission of protected health information. Answer: A is incorrect. Department of Health and Human Services is incorrect as this agency is protecting the health of all Americans and providing essential human services, especially for those who are least able to help themselves.

QUESTION NO: 150 An open heart surgical procedure is required to save your life. You choose not to have the surgery. This is your right based on which of the following pieces of legislation? A. HIPAA B. COBRA C. EMTALA D. Patient Self Determination Act

Answer: D Explanation: The Patient Self Determination Act, enacted in 1990, is the piece of of legislation preserves the patient's wishes, rights, healthcare options and advanced directives even if the decision results in the death of the patient. Answer: B is incorrect. COBRA, the Consolidated Omnibus Budget Reconciliation Act, was devised in 1985 gives workers and their families who lose their health benefits the right to choose to continue group health benefits provided by their group health plan for limited periods of time under certain circumstances such as voluntary or involuntary job loss, reduction in the hours worked, transition between jobs, death, divorce, and other life events. Answer: C is incorrect. EMTALA is incorrect as this legislation legally obligates health care facilities to provide emergent care regardless of citizenship, legal status or ability to pay. Answer: A is incorrect. HIPPA is incorrect as this legislation is designed to insure the privacy and security of personal health information.

QUESTION NO: 226 You and your department are doing and audit to make sure that you are compliant with HIPAA Security Standards laid out in detail in the Security Rule. Which of the following is NOT a type of security standard you would be responsible for? A. Administrative Safeguards B. Physical Safeguards C. Technical Safeguards D. Procedural Safeguards

Answer: D Explanation: The Security Rule specifies a list of Administrative, Technical and Physical safeguards that must be adopted for an organization to be in compliance with the HIPAA Security Rule. There are not "Procedural Safeguards" Answer: A is incorrect. Administrative Safeguards are a key part of the HIPAA Security Rule standards. Administrative safeguards include. developing written policies to prevent, detect and contain privacy and security violations; appointing individuals and a chain of command responsible for oversight of security issues; requiring a policy for appropriate levels of workforce information access and access management; security awareness training procedures; incident reporting; written contingency plans for power failures and natural disasters; a schedule for periodic audits and evaluations and the clear use of business associate contracts for privacy and security. Answer: C is incorrect. Technical Safeguards are another key part of the HIPAA Security rule standards. Technical safeguards include. the use of electronic access control (i.e. passwords, PINs, thumbprint ID device); audit controls to record and examine activity on the network; integrity controls (write access control) to protect from improper alteration of information; entity authentication (procedures to check if individuals are who they say they are) and transmission security. Answer: B is incorrect. Physical Safeguards are another key part of the HIPAA Security rule standards. Physical safeguards include. facility access control (locks and IDs), standards of workstation use, workstation placement, remote device and media controls.

QUESTION NO: 446 You are employed at a physician practice that has very little space, employs multiple file clerks and has a moderate workload on a daily basis. Which of the following filing system would be appropriate for your facility? A. Filing Cabinets with Drawers B. Open Shelf Files C. Motorized Revolving Files D. Compressible Units with Open Files

Answer: D Explanation: The best filing option for limited space, medium volume facilities with multiple file clerks is compressible units with open files. This method allows for easy access and saves space, but access may be vulnerable to a mechanical failure. Answer: A is incorrect. Filing cabinets with drawers is incorrect as this method for small, low volume facilities is filing cabinets with drawers. This type of filing allows for patient records to be locked, fireproofed and protected from the environment, however, this method required significant space. Answer: C is incorrect. Motorized revolving files are best for limited space, low volume facilities with one file clerk. This option allows for patient records to be covered and locked but is expensive to acquire and maintain. Answer: B is incorrect. Open shelf files are incorrect as this method is best for high volume facilities with multiple filing staff to provide security. This option also requires significant floor space.

QUESTION NO: 94 Which of the following payment terms is based on the cost of the provider to perform services? A. Sliding Scale Fee B. Customary Charges C. Capitation D. Fee for Services

Answer: D Explanation: The fee for services term of payment is dependent on the cost of the provider to provide services such as lab tests, x-rays etc. Hospitals or other facilities receiving fee for service are paid for each individual service that is provided. Answer: B is incorrect. Customary charges is incorrect as this type of payment term is based on what is normally charged or what is reasonable for the service provided. Answer: A is incorrect. Sliding Scale fee is incorrect as this type of payment term is common in low income areas and is based on the patient's ability to pay. Answer: C is incorrect. Capitation is incorrect as this payment term is a pre-paid amount based on a per-person or per-capita amount.

QUESTION NO: 442 Which type of database models used the typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces? A. Object Oriented Model B. Enterprise Model C. Network Model D. Hierarchal Model

Answer: D Explanation: The hierarchal database model uses the format of a typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces? Answer: C is incorrect. Network model is incorrect as this model is designed to allow the child to have more than one parent. This model is often referred to as the many to many model. Answer: A is incorrect. Object oriented model is incorrect as this model is essentially a collection of objects, related by encapsulation (an object such as a patient has certain characteristics) or inheritance (an object such as a resident inherits characteristics from a physician object). There is no primary key in this model. Answer: B is incorrect. Enterprise model is meant as a distractor, the enterprise database model does not exist.

QUESTION NO: 10 Which of the following types of budget incorporates the budgets of each individual business unit? A. Organizational Budget B. Operating Budget C. Statistical Budget D. Master Budget

Answer: D Explanation: The master budget incorporates the budget of each department or business unit into one budget for the entire facility Answer: C is incorrect. Statistical budget is incorrect as this type of budget budget predicts future volume based primarily on historical data. Answer: A is incorrect. Organizational budget is incorrect as this answer choice is meant simply for a distractor. Organizational budgets are not Opused in a healthcare setting. Answer: B is incorrect. Operating budget is incorrect as this type of budget predicts labor, supplies and other expenses based on predicted work volume.

QUESTION NO: 8 A dot matrix printer prints faded or light characters on the paper. What could be the most likely cause of the issue? A. Incorrect printer driver B. A print head pin that is stuck inside the print head C. Bad printer port D. Worn-out ribbon

Answer: D Explanation: The most likely cause of the issue could be that the ribbon has worn out. A worn-out ribbon in a dot matrix printer results in faded or light characters on the paper. To resolve this issue, a user should replace the ribbon with a new one. Answer: B is incorrect. If a print head pin gets stuck inside the print head, there will be a small blank line running through a line of print. Answer: A is incorrect. If the printer driver is incorrect, the printer will print junk characters. Answer: C is incorrect. A bad printer port will not print anything.

QUESTION NO: 11 Which of the following database models is simply a collection of objects related by an object that has certain characteristics? A. Enterprise Model B. Network Model C. Hierarchal Model D. Object Oriented Model

Answer: D Explanation: The object oriented model is essentially a collection of objects, related by encapsulation (an object such as a patient has certain characteristics) or inheritance (an object such as a resident inherits characteristics from a physician object). There is no primary key in this model. Answer: C is incorrect. Hierarchal model is incorrect as this database model uses the format of a typical parent-child arrangement, whereas, one piece of information can have many subordinated pieces. Answer: B is incorrect. Network model is incorrect as this model is designed to allow the child to have more than one parent. This model is often referred to as the many to many model. Answer: A is incorrect. Enterprise model is meant as a distractor, the enterprise database model does not exist.

QUESTION NO: 129 Your medical practice is being audited by a physician reviewer of a PPO with whom your practice has a contract. In order to determine the medical competency of all the physicians at your practice, the partners of the practice wish to review five charts from your patient files to review provider performance regarding the newer associate doctors. In this situation what do you need to do comply with HIPAA? A. Ensure that the patients have signed an authorization to allow for their information to be reviewed by doctors other than their own doctor. B. Copy the files and remove or black-out identifying information C. The associate doctors are required to sign a Business Associate agreement. D. Simply make sure that the patients had signed the HIPAA privacy notification.

Answer: D Explanation: Under HIPAA, as long as patients receive a privacy notification prior to treatment, they are informed that their information may be shared for the entity to carry out healthcare operations. HIPAA includes reviewing physician competency under healthcare operations. Answer: A is incorrect. Authorizations are signed only in certain instances that usually fall outside of the treatment, healthcare operations, and payment functions of an entity. Answer: B is incorrect. It is unnecessary under HIPAA since healthcare operations allow for this sharing of information. Answer: C is incorrect. Business Associates are those individuals or entities outside a covered entity. In this case, the physicians are within the covered entity.

QUESTION NO: 402 Which of the following is the most common way of performing social engineering attacks? A. War driving B. Session hijacking C. Email D. Phone

Answer: D Explanation: The phone is the most common way of performing social engineering attacks. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name, password, computer name, IP address, employee ID, or other information that can be misused. Answer: C is incorrect. Although emails are also used for social engineering attacks, but it is not used as much as the phone. Answer: A is incorrect. War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, one needs a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources. Answer: B is incorrect. Session hijacking refers to the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to Web developers, as the HTTP cookies used to maintain a session on many Web sites can be easily stolen by an attacker using anintermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.

QUESTION NO: 390 A patient has had a two month extended stay in the hospital. Over that period of time, her chart has become too large and cumbersome to handle. You are asked to make this chart easier to work with. Which of the following tasks have you been asked to perform? A. Scanning B. Coding C. Archiving D. Thinning

Answer: D Explanation: The purpose of thinning is to make a patients chart easier to handle after it has become to large and cumbersome to handle. This act is normally necessary for a patient who has incurred an extended stay in the hospital. The medical records that have been thinned are not destroyed but sent to the central medical records area where they should still be readily accessible. Answer: C is incorrect. Archiving is incorrect as this act is ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. Answer: B is incorrect. Coding is incorrect as this is the act of applying the proper codes for medical services for billing purposes. Answer: A is incorrect. Scanning is incorrect as this is the act of converting paper medical records into computerized form.

QUESTION NO: 333 Which of the following options will you use to minimize ESD problems? A. A plastic CPU cover. B. An antiglare screen. C. Wearing synthetic clothes in the computer lab. D. A wrist strap.

Answer: D Explanation: To minimize Electrostatic Discharge (ESD) problems, you should wear a wrist strap when you are working on computer components. A wrist strap is a simple wire with a watchband-style strap at one enA, D clip on the other end. The clip is connected to a common ground or to the piece of equipment being worked on. Answer: B is incorrect. An antiglare screen on the monitor is used to protect the eyes from radiation. Answer: C is incorrect. Wearing synthetic clothes can make the ESD problem worse. Synthetic clothes an transfer ESD charges from your skin when they rub against your clothes and can damage the computer components. It happens when your body or clothes come in contact with computer components. Answer: A is incorrect. A plastic CPU cover cannot decrease the ESD problem.

QUESTION NO: 277 You are working at a teaching hospital at a major university that is involved in healthcare research as well as providing care to patients. You are concerned that some of the information being used in a research study may involve protected health information and could be a violation of privacy law. There are three criteria that are necessary for a piece of information to be considered protected health information. Which one of these is NOT a criterion for being classified as protected health information? A. Information must identify the patient or give a reasonable basis to believe that the patient could be identified. B. Information must relate to a patient's past, present or future physical or mental health condition, the provision of healthcare, or the payment for the provision of healthcare C. Information must be held or transmitted by a covered entity or it's business associates. D. Information must be contain useful content for the research purposes.

Answer: D Explanation: Together, options A, B, D make up the three criteria that a piece of information must have in order to be considered protected health information (PHI) that has key privacy concerns from HIPAA legislation. All three of A,B, D must be true for information to qualify as PHI and be covered by HIPAA and subsequent healthcare information regulation. However, information can still be useful for research purposes but not identify a patient. Information that cannot identify a patient or has been "de-identified" with any patient characteristics like age, date of birth, address or similar identifiers removed, could still contain useful data for research purposes, like the reaction of a tumor to medication or whether or not the patient contracted an infection while in the hospital. It is important for a research committee to be closely involved with a research study and to check to make sure information remains de-identified. Answer: A is incorrect. Any information that can identify a patient (name, social security number, address) or could be used to easily guess at a patient's identity (initials, age, etc.) would be considered protected health information and could not be used without consent and would be governed by very strict HIPAA protocols. Most studies use "de-identified information" Answer: B is incorrect. All three of A,B, D together list the three criteria required for information to be considered PHI under HIPAA law. B, that information must relate to a patient's condition and healthcare or payment for healthcare, is a key part of the definition of PHI, and help defines the "health" part of the definition of protected health information. Answer: C is incorrect. Again, A, B, D together form the three criteria that define protected health information (PHI). Information must be in the possession of a healthcare facility, provider, health plan or healthcare clearinghouse (a covered entity) or in the hands of a business associate in order for the information to be protected by a covered entity or its' business associates.

QUESTION NO: 87 You are asked to design an information system in which the client-server platform is based on the following schematic. What type of architecture is incorporated within your information system? A. LAN Technology B. WAN Technology C. Three-Tier Architecture D. Two-Tier Architecture

Answer: D Explanation: Two-tier architecture is the client-server platform that consists simply with a PC interfaced with a database. Answer: A is incorrect. LAN Technology is incorrect as this is a mode of communication, not a client-server platform, that this refers to communication devices in a small geographic area such as PC and printer or PC and PC within a facility. Answer: B is incorrect. WAN Technology is incorrect as as this is a mode of communication, not a client-server platform, that allows for communication among a large geographic environment such as two or more LANs connected via a telephone system or satellite. Answer: C is incorrect. Three tier architecture is incorrect as this client server platform consists of a PC, database server and an application server that contains software to process the data.

QUESTION NO: 307 Which of the following statements is true about the installation of Universal Serial Bus (USB) devices? A. A computer has to be restarted to install a USB device. B. Software drivers are not required for USB devices. C. USB devices are non-Plug and Play. D. A USB device can be plugged to a computer without restarting it.

Answer: D Explanation: Universal Serial Bus (USB) is a high speed bus standard developed by Compaq, IBM, DEC, Intel, Microsoft, NEC, and Northern Telecom. It provides the Plug and Play capability of Windows to external hardware devices. USB supports hot plugging, which means that a USB device can be installed or removed while the computer is running. A single USB port can be used to connect up to 127 peripheral devices, such as CD-ROM drives, tape drives, keyboards, scanners etc. USB 1.1 has a maximum data transfer rate of 12 Mbps, whereas USB 2.0 has a maximum data transfer rate of 480 Mbps. USB 2.0 is fully backward compatible with USB 1.1. Answer: B is incorrect. Software drivers are required for USB devices. It is possible, though, that the drivers for your USB devices are already available on the computer. In this case, you do not need to provide a device driver separately. Answer: A is incorrect. It is not required to restart the computer to install USB devices.

QUESTION NO: 321 How will you identify that the PC has successfully completed its Power On Self Test (POST)? A. The PC give frequent beeps and gives a display on the monitor. B. The PC gives two beeps at the startup. C. The PC gives the message "Press DEL to enter the Setup" D. The PC gives a single beep at the startup.

Answer: D Explanation: When you start the system, it gives single beep if it has successfully completed the Power On Self Test (POST). If the PC gives a message "Press DEL to enter the Setup", it is because of the wrong setting in BIOS.

QUESTION NO: 432 You are working on a database of public records at a healthcare facility. What kind of information is contained within the database? A. records of x-rays taken in the Radiology department B. records of ages and chronic health conditions of patients C. records of names and addresses of patients D. records of de-identified patient information

Answer: D Explanation: Without extensive authorization procedures, most records at a healthcare facility are not public if they involve patient information. The exception is "de-identified" patient information which contains data about a patient that cannot be used to identify them. This kind of information is often used as part of research studies and public health initiatives. Answer: C is incorrect. Information which clearly identifies patients is protected health information and would not be a public record. Answer: B is incorrect. Information which could be used to make an education guess about the identity of a patient is still considered protected health information and could not be part of a public record. Answer: A is incorrect. X-rays contain specific information about a patient and could be used to potentially identify a patient and are therefore protected health information and could not be part of a public record.

QUESTION NO: 250 You have been hired to create a software program that will remove all the identifying information from patient records who were involved in a cancer research project, so that the outcomes of a particular treatment can be shared at a medical conference. HIPAA requires that you remove many types of information that could be used to identify the patient or could, in conjunction with other information that the receiver has, be used to identify the patient. Which information below would you NOT be required to remove. A. Health plan beneficiary numbers B. Web addresses C. Fax numbers D. Birth year if the patient(s) is under the age of 89

Answer: D Explanation: Year information must only be deleted if patients are over the age of 90; however they can be aggregated into a single category "90 or older."

QUESTION NO: 223 When engaged in EDI (Electronic Data Interchange) of PHR (Personal Health Records) between two covered entities or between a covered entity and a contracted entity that has entered into agreement with a covered entity, the covered entities must corroborate that the information exchanged comes from the entity who claims to be sending it. Which of the following is not a way of authenticating the sender? A. token systems B. two or three-way handshakes C. calling back by telephone D. passwords E. parity exchange

Answer: E Explanation: Handshakes are the process of two entities agreeing upon the technical parameters of a communication channel prior to the communication. A three-way handshake could for example be as follows. Party A sends a random number to party B. B sends back this number +1. A then sends back B's new number plus a new number. This corroborates the exchange. Calling back by telephone is the simple act of phoning the sender of EDI to confirm by voice that they actually sent the information. Passwords provide both sides the ability to encrypt and lock information to ensure that only entities with the password could have sent the EDI. a) Token systems may be a physical device or more often a software (token) that acts like an electronic key. For example, a digital signature or digital fingerprint.

CompTIA Hit-001 (Flashcards Only)

Set pelajaran terkait

Consumer Behavior Chapter 12

Unit 5 part 2

Economics

ART-041-S002

Ap psych chapter 11

GS ENVS 103 CH 3 Earthquake Geology and Seismology

Exam 3 - Chapters 56 & 57

Geology 1001 Chapter 9

Bontrager Chapter 2 Chest Situational Questions

Unit 11 Social Psychology Test

What is accounting!!!?

Science chapter 5

The Respiratory System

MIS 204 - Chapter 9 - Software

EXAM 4 cardiac quiz

Cell Biology Ch.7

Health Quiz Full Set

The 27 Amendments

Intro Decision Final PT 1

Strategic Management: Chapter 1 T/F