Question 1

Risk management for the HIPAA Security Officer is a "one-time" task.

Accepted Answer

A) True 
 B)False  False

Question 2

Identify the choice that best completes the statement or answers the question.
-The ability to continue after a disaster of some kind is a requirement of Security Rule.What item is considered part of the contingency plan or business continuity plan?

Accepted Answer

A) Regular biohazard drills 
B) Risk analysis 
C) Emergency mode operation plan 
D) Find someone to figure the payroll 
A) Regular biohazard drills 
B) Risk analysis 
C) Emergency mode operation plan 
D) Find someone to figure the payroll C

Question 3

Identify the choice that best completes the statement or answers the question.
-Information access is a required administrative safeguard under HIPAA Security Rule.It is defined as

Accepted Answer

A) access to the medical record for treatment purposes. 
B) limiting access to the minimum necessary for the particular job assigned to the particular login. 
C) restricting access to only clinical staff for treatment purposes, medical records department for coding purposes, and the billing department for purposes of claim submission. 
D) only allowing patients access to their medical records if it is court ordered. 
A) access to the medical record for treatment purposes. 
B) limiting access to the minimum necessary for the particular job assigned to the particular login. 
C) restricting access to only clinical staff for treatment purposes, medical records department for coding purposes, and the billing department for purposes of claim submission. 
D) only allowing patients access to their medical records if it is court ordered. B

Question 4

Identify the choice that best completes the statement or answers the question.
-Access privilege to protected health information is

Accepted Answer

A) having the ability to enter a facility where paper medical records are kept. 
B) what allows an individual to enter a computer system for an authorized purpose. 
C) finding a password to gain access to medical information. 
D) permitted only to the HIPAA Officer and the computer technicians. 
A) having the ability to enter a facility where paper medical records are kept. 
B) what allows an individual to enter a computer system for an authorized purpose. 
C) finding a password to gain access to medical information. 
D) permitted only to the HIPAA Officer and the computer technicians.

Question 5

Identify the choice that best completes the statement or answers the question.
-Reasonable physical safeguards for patient care areas include

Accepted Answer

A) a staff escort at all times. 
B) having monitors turned away from viewing by visitors. 
C) having a sign-in and sign-out register for all visitors. 
D) providing all visitors with your policy document. 
A) a staff escort at all times. 
B) having monitors turned away from viewing by visitors. 
C) having a sign-in and sign-out register for all visitors. 
D) providing all visitors with your policy document.

Question 6

If a business visitor is also a Business Associate, that individual does not need to be escorted in the building to ensure protection of PHI.

Accepted Answer

A) True 
 B)False

Question 7

Identify the choice that best completes the statement or answers the question.
-Whenever a device has become obsolete, the Security Office must

Accepted Answer

A) check the item off the list of equipment to maintain in the facility. 
B) verify that the facility does not need the equipment any more before selling it. 
C) log the date of disposal and the amount of its depreciation. 
D) record when and how it is disposed of and that all data was deleted from the device. 
A) check the item off the list of equipment to maintain in the facility. 
B) verify that the facility does not need the equipment any more before selling it. 
C) log the date of disposal and the amount of its depreciation. 
D) record when and how it is disposed of and that all data was deleted from the device.

Question 8

Identify the choice that best completes the statement or answers the question.
-Use of e-mail for transmitting PHI is

Accepted Answer

A) permitted only if a security algorithm is in place. 
B) permitted without restrictions. 
C) excluded from possible use under the Security Rule. 
D) allowed only if both sender and receiver(s) agree to keep e-PHI private. 
A) permitted only if a security algorithm is in place. 
B) permitted without restrictions. 
C) excluded from possible use under the Security Rule. 
D) allowed only if both sender and receiver(s) agree to keep e-PHI private.

Question 9

The Security Rule requires that all paper files of medical records be copied and kept securely locked up.

Accepted Answer

A) True 
 B)False

Question 10

Match the item that is addressed under the Security Rule with the correct area of safeguards.

-facility access controls

Accepted Answer

A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards 
A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards

Question 11

Identify the choice that best completes the statement or answers the question.
-The Security Officer is responsible to review all

Accepted Answer

A) Business Associate contracts for compliancy issues. 
B) Trading Partner agreements to ensure they are fully complying with HIPAA rules. 
C) Both A and B as required by Organization Requirements of Security Rule. 
D) Neither A nor B in order to comply with the Security Rule. 
A) Business Associate contracts for compliancy issues. 
B) Trading Partner agreements to ensure they are fully complying with HIPAA rules. 
C) Both A and B as required by Organization Requirements of Security Rule. 
D) Neither A nor B in order to comply with the Security Rule.

Question 12

The Centers for Medicare and Medicaid Services (CMS) have information on their Web site to help a HIPAA Security Officer know the required and addressable areas of securing e-PHI.

Accepted Answer

A) True 
 B)False

Question 13

To protect e-PHI that is sent through the Internet, a covered entity must use encryption technology to minimize the risks.E-PHI that is "at rest" must also be encrypted to maintain security.

Accepted Answer

A) True 
 B)False

Question 14

Only a serious security incident is to be documented and measures taken to limit further disclosure.

Accepted Answer

A) True 
 B)False

Question 15

Match the item that is addressed under the Security Rule with the correct area of safeguards.

-Business Associate contract

Accepted Answer

A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards 
A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards

Question 16

Identify the choice that best completes the statement or answers the question.
-Business Associate contracts must include

Accepted Answer

A) wording that protects the integrity of HIPAA standard transmissions. 
B) assurance that each covered entity will use the HIPAA identifiers in transmissions. 
C) implementation of safeguards to ensure data integrity. 
D) only items as related to the Privacy Rule. 
A) wording that protects the integrity of HIPAA standard transmissions. 
B) assurance that each covered entity will use the HIPAA identifiers in transmissions. 
C) implementation of safeguards to ensure data integrity. 
D) only items as related to the Privacy Rule.

Question 17

Compliance to the Security Rule is solely the responsibility of the Security Officer.

Accepted Answer

A) True 
 B)False

Question 18

Match the HIPAA term with the correct definition.

-Implementing policies and procedures to prevent, detect, and contain any intrusions of security or unauthorized access.

Accepted Answer

A) Risk management 
B) Gap analysis 
C) Risk analysis 
D) Security management 
A) Risk management 
B) Gap analysis 
C) Risk analysis 
D) Security management

Question 19

Identify the choice that best completes the statement or answers the question.
-Which of the following items is a technical safeguard of the Security Rule?

Accepted Answer

A) Workstation location 
B) Data backup plan 
C) Sufficient storage capacity 
D) Entity authentication 
A) Workstation location 
B) Data backup plan 
C) Sufficient storage capacity 
D) Entity authentication

Question 20

"At home" workers such as transcriptionists are not required to follow the workstation security rules for passwords, viewing of monitors by others, or locking of computer screens.

Accepted Answer

A) True 
 B)False

Risk management for the HIPAA Security Officer is a "one-time" task.

Identify the choice that best completes the statement or answers the question. -The ability to continue after a disaster of some kind is a requirement of Security Rule.What item is considered part of the contingency plan or business continuity plan?

Identify the choice that best completes the statement or answers the question. -Information access is a required administrative safeguard under HIPAA Security Rule.It is defined as

Identify the choice that best completes the statement or answers the question. -Access privilege to protected health information is

Identify the choice that best completes the statement or answers the question. -Reasonable physical safeguards for patient care areas include

If a business visitor is also a Business Associate, that individual does not need to be escorted in the building to ensure protection of PHI.

Identify the choice that best completes the statement or answers the question. -Whenever a device has become obsolete, the Security Office must

Identify the choice that best completes the statement or answers the question. -Use of e-mail for transmitting PHI is

The Security Rule requires that all paper files of medical records be copied and kept securely locked up.

Match the item that is addressed under the Security Rule with the correct area of safeguards. -facility access controls

Identify the choice that best completes the statement or answers the question. -The Security Officer is responsible to review all

The Centers for Medicare and Medicaid Services (CMS) have information on their Web site to help a HIPAA Security Officer know the required and addressable areas of securing e-PHI.

To protect e-PHI that is sent through the Internet, a covered entity must use encryption technology to minimize the risks.E-PHI that is "at rest" must also be encrypted to maintain security.

Only a serious security incident is to be documented and measures taken to limit further disclosure.

Match the item that is addressed under the Security Rule with the correct area of safeguards. -Business Associate contract

Identify the choice that best completes the statement or answers the question. -Business Associate contracts must include

Compliance to the Security Rule is solely the responsibility of the Security Officer.

Match the HIPAA term with the correct definition. -Implementing policies and procedures to prevent, detect, and contain any intrusions of security or unauthorized access.

Identify the choice that best completes the statement or answers the question. -Which of the following items is a technical safeguard of the Security Rule?

"At home" workers such as transcriptionists are not required to follow the workstation security rules for passwords, viewing of monitors by others, or locking of computer screens.

Introduction to Hipaa

Privacy Issues Explained

Transactions and Code Sets

Unique Health Identifiers and Hipaa Myths

Further Rulings Influencing Hipaa

Filters

Exam 4: Security Ruling Explained

Risk management for the HIPAA Security Officer is a "one-time" task.

Identify the choice that best completes the statement or answers the question. -The ability to continue after a disaster of some kind is a requirement of Security Rule.What item is considered part of the contingency plan or business continuity plan?

Identify the choice that best completes the statement or answers the question. -Information access is a required administrative safeguard under HIPAA Security Rule.It is defined as

Identify the choice that best completes the statement or answers the question. -Access privilege to protected health information is

Identify the choice that best completes the statement or answers the question. -Reasonable physical safeguards for patient care areas include

If a business visitor is also a Business Associate, that individual does not need to be escorted in the building to ensure protection of PHI.

Identify the choice that best completes the statement or answers the question. -Whenever a device has become obsolete, the Security Office must

Identify the choice that best completes the statement or answers the question. -Use of e-mail for transmitting PHI is

The Security Rule requires that all paper files of medical records be copied and kept securely locked up.

Match the item that is addressed under the Security Rule with the correct area of safeguards. -facility access controls

Identify the choice that best completes the statement or answers the question. -The Security Officer is responsible to review all

The Centers for Medicare and Medicaid Services (CMS) have information on their Web site to help a HIPAA Security Officer know the required and addressable areas of securing e-PHI.

To protect e-PHI that is sent through the Internet, a covered entity must use encryption technology to minimize the risks.E-PHI that is "at rest" must also be encrypted to maintain security.

Only a serious security incident is to be documented and measures taken to limit further disclosure.

Match the item that is addressed under the Security Rule with the correct area of safeguards. -Business Associate contract

Identify the choice that best completes the statement or answers the question. -Business Associate contracts must include

Compliance to the Security Rule is solely the responsibility of the Security Officer.

Match the HIPAA term with the correct definition. -Implementing policies and procedures to prevent, detect, and contain any intrusions of security or unauthorized access.

Identify the choice that best completes the statement or answers the question. -Which of the following items is a technical safeguard of the Security Rule?

"At home" workers such as transcriptionists are not required to follow the workstation security rules for passwords, viewing of monitors by others, or locking of computer screens.

Introduction to Hipaa

Privacy Issues Explained

Transactions and Code Sets

Unique Health Identifiers and Hipaa Myths

Further Rulings Influencing Hipaa

Filters