Filters
Question type
Study Flashcards

Identify the choice that best completes the statement or answers the question. -Integrity of e-PHI requires confirmation that the data


A) has been backed up routinely.
B) is accurate and has not been altered, lost, or destroyed in an unauthorized manner.
C) has accepted all changes and modifications to the medical record.
D) has been reviewed by the Security Officer as being accurate.

E) B) and D)
F) A) and B)

Correct Answer

verifed

verified

The Office of HIPAA Standards seeks voluntary compliance to the Security Rule.

A) True
B) False

Correct Answer

verifed

verified

Security and privacy of protected health information really cover the same issues.

A) True
B) False

Correct Answer

verifed

verified

Only monetary fines may be levied for violation under the HIPAA Security Rule.

A) True
B) False

Correct Answer

verifed

verified

Security of e-PHI has to do with keeping the data secure from a breach in the information system's security protocols.

A) True
B) False

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -Which are the five areas the DHHS has mandated each covered entity to address so that e-PHI is maintained securely?


A) Organization requirements; policies, procedures, and documentation; technical safeguards; administrative safeguards; and physical safeguards
B) Unique identifiers; administrative safeguards; technical safeguards; physical safeguards; and electronic signatures
C) Administrative safeguards; physical safeguards; policies, procedures, and documentation; a HIPAA Security Officer in charge; and a complex computer data backup system
D) Policies, procedures, and documentation; organization requirements; protected wireless access; secure firewalls; and virus protection

E) All of the above
F) A) and C)

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -Audit trails of computer systems include


A) who logged in, what was done, when it was done, and what equipment was accessed.
B) who logged in, what was changed, and when it was altered.
C) all user's passwords and login information.
D) all security incidents recorded in patient records.

E) None of the above
F) B) and C)

Correct Answer

verifed

verified

Match the item that is addressed under the Security Rule with the correct area of safeguards. -device and media controls


A) Administrative safeguards
B) Physical safeguards
C) Technical safeguards

D) B) and C)
E) All of the above

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -The required areas of the Security Rule


A) must be met with documentation being optional since everyone must comply.
B) must be achieved and documented.
C) may be met with a "reasonable and appropriate" approach.
D) are the administrative and technical safeguards.

E) All of the above
F) None of the above

Correct Answer

verifed

verified

Match the HIPAA term with the correct definition. -A study to find the problems or gaps between current practices and what the Security Rule requires.


A) Risk management
B) Gap analysis
C) Risk analysis
D) Security management

E) A) and D)
F) None of the above

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -The Security Officer is to keep record of


A) all computer hardware and software used within the facility when it comes in and when it goes out of the facility.
B) just the addition of hardware and software within the facility to be sure they are compliant with the Security Rule.
C) just the removal of hardware and software within the facility to be sure all data is removed.
D) the net value of disposed equipment that the facility has removed from use.

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -What step is part of reporting of security incidents?


A) Report disclosure to all patients.
B) Exclude notation of incident from the patient's medical record.
C) Notify Business Associates and Trading Partners of the breach.
D) Change passwords to protect from further invasion.

E) B) and D)
F) B) and C)

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -Complaints about security breaches may be reported to


A) Centers for Medicare and Medicaid Services.
B) Office of E-Health Standards and Services.
C) Office for Civil Rights.
D) Office of HIPAA Standards.

E) All of the above
F) C) and D)

Correct Answer

verifed

verified

Match the item that is addressed under the Security Rule with the correct area of safeguards. -access control by login and password


A) Administrative safeguards
B) Physical safeguards
C) Technical safeguards

D) All of the above
E) A) and B)

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -Risk analysis in the Security Rule considers


A) when the Security Officer includes budget items to pay for a better computer system.
B) how hard it is for hackers to access the computer system.
C) a balance between what is cost-effective and the potential risks of disclosure.
D) the cost of insurance to cover possible losses.

E) A) and D)
F) A) and B)

Correct Answer

verifed

verified

Match the HIPAA term with the correct definition. -A process whereby cost-effective security control measures may be selected to balance the cost of security control measures against the losses expected if these measures were not in place.


A) Risk management
B) Gap analysis
C) Risk analysis
D) Security management

E) None of the above
F) A) and C)

Correct Answer

verifed

verified

Match the item that is addressed under the Security Rule with the correct area of safeguards. -integrity of data


A) Administrative safeguards
B) Physical safeguards
C) Technical safeguards

D) B) and C)
E) All of the above

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -HIPAA training must be provided to


A) all clinical staff personnel.
B) only volunteer and nonpaid staff.
C) only new employees.
D) all workforce employees and nonemployees.

E) B) and C)
F) All of the above

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -The policy of disclosing the "minimum necessary" e-PHI addresses


A) those who bill health claims only.
B) authorizing personnel to view PHI.
C) information sent to a health plan for reimbursement.
D) all clinical staff when treating a patient.

E) A) and B)
F) B) and C)

Correct Answer

verifed

verified

One good requirement to ensure secure access control is to install automatic logoff at each workstation.

A) True
B) False

Correct Answer

verifed

verified

Showing 21 - 40 of 53

Related Exams

Exam 1

Introduction to Hipaa

43 Questions

Exam 2

Privacy Issues Explained

47 Questions

Exam 3

Transactions and Code Sets

46 Questions

Exam 5

Unique Health Identifiers and Hipaa Myths

50 Questions

Exam 6

Further Rulings Influencing Hipaa

34 Questions

Show Answer