Question 1

Security of e-PHI has to do with keeping the data secure from a breach in the information system's security protocols.

Accepted Answer

A) True 
 B)False

Question 2

Match the HIPAA term with the correct definition.

-A study to find the problems or gaps between current practices and what the Security Rule requires.

Accepted Answer

A) Risk management 
B) Gap analysis 
C) Risk analysis 
D) Security management 
A) Risk management 
B) Gap analysis 
C) Risk analysis 
D) Security management

Question 3

Only monetary fines may be levied for violation under the HIPAA Security Rule.

Accepted Answer

A) True 
 B)False

Question 4

Identify the choice that best completes the statement or answers the question.
-Audit trails of computer systems include

Accepted Answer

A) who logged in, what was done, when it was done, and what equipment was accessed. 
B) who logged in, what was changed, and when it was altered. 
C) all user's passwords and login information. 
D) all security incidents recorded in patient records. 
A) who logged in, what was done, when it was done, and what equipment was accessed. 
B) who logged in, what was changed, and when it was altered. 
C) all user's passwords and login information. 
D) all security incidents recorded in patient records.

Question 5

Match the item that is addressed under the Security Rule with the correct area of safeguards.

-access control by login and password

Accepted Answer

A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards 
A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards

Question 6

Identify the choice that best completes the statement or answers the question.
-The Security Officer is to keep record of

Accepted Answer

A) all computer hardware and software used within the facility when it comes in and when it goes out of the facility. 
B) just the addition of hardware and software within the facility to be sure they are compliant with the Security Rule. 
C) just the removal of hardware and software within the facility to be sure all data is removed. 
D) the net value of disposed equipment that the facility has removed from use. 
A) all computer hardware and software used within the facility when it comes in and when it goes out of the facility. 
B) just the addition of hardware and software within the facility to be sure they are compliant with the Security Rule. 
C) just the removal of hardware and software within the facility to be sure all data is removed. 
D) the net value of disposed equipment that the facility has removed from use.

Question 7

Match the HIPAA term with the correct definition.

-A process whereby cost-effective security control measures may be selected to balance the cost of security control measures against the losses expected if these measures were not in place.

Accepted Answer

A) Risk management 
B) Gap analysis 
C) Risk analysis 
D) Security management 
A) Risk management 
B) Gap analysis 
C) Risk analysis 
D) Security management

Question 8

Identify the choice that best completes the statement or answers the question.
-Risk analysis in the Security Rule considers

Accepted Answer

A) when the Security Officer includes budget items to pay for a better computer system. 
B) how hard it is for hackers to access the computer system. 
C) a balance between what is cost-effective and the potential risks of disclosure. 
D) the cost of insurance to cover possible losses. 
A) when the Security Officer includes budget items to pay for a better computer system. 
B) how hard it is for hackers to access the computer system. 
C) a balance between what is cost-effective and the potential risks of disclosure. 
D) the cost of insurance to cover possible losses.

Question 9

Identify the choice that best completes the statement or answers the question.
-HIPAA training must be provided to

Accepted Answer

A) all clinical staff personnel. 
B) only volunteer and nonpaid staff. 
C) only new employees. 
D) all workforce employees and nonemployees. 
A) all clinical staff personnel. 
B) only volunteer and nonpaid staff. 
C) only new employees. 
D) all workforce employees and nonemployees.

Question 10

Security and privacy of protected health information really cover the same issues.

Accepted Answer

A) True 
 B)False

Question 11

Identify the choice that best completes the statement or answers the question.
-Which are the five areas the DHHS has mandated each covered entity to address so that e-PHI is maintained securely?

Accepted Answer

A) Organization requirements; policies, procedures, and documentation; technical safeguards; administrative safeguards; and physical safeguards 
B) Unique identifiers; administrative safeguards; technical safeguards; physical safeguards; and electronic signatures 
C) Administrative safeguards; physical safeguards; policies, procedures, and documentation; a HIPAA Security Officer in charge; and a complex computer data backup system 
D) Policies, procedures, and documentation; organization requirements; protected wireless access; secure firewalls; and virus protection 
A) Organization requirements; policies, procedures, and documentation; technical safeguards; administrative safeguards; and physical safeguards 
B) Unique identifiers; administrative safeguards; technical safeguards; physical safeguards; and electronic signatures 
C) Administrative safeguards; physical safeguards; policies, procedures, and documentation; a HIPAA Security Officer in charge; and a complex computer data backup system 
D) Policies, procedures, and documentation; organization requirements; protected wireless access; secure firewalls; and virus protection

Question 12

Identify the choice that best completes the statement or answers the question.
-Complaints about security breaches may be reported to

Accepted Answer

A) Centers for Medicare and Medicaid Services. 
B) Office of E-Health Standards and Services. 
C) Office for Civil Rights. 
D) Office of HIPAA Standards. 
A) Centers for Medicare and Medicaid Services. 
B) Office of E-Health Standards and Services. 
C) Office for Civil Rights. 
D) Office of HIPAA Standards.

Question 13

Identify the choice that best completes the statement or answers the question.
-What step is part of reporting of security incidents?

Accepted Answer

A) Report disclosure to all patients. 
B) Exclude notation of incident from the patient's medical record. 
C) Notify Business Associates and Trading Partners of the breach. 
D) Change passwords to protect from further invasion. 
A) Report disclosure to all patients. 
B) Exclude notation of incident from the patient's medical record. 
C) Notify Business Associates and Trading Partners of the breach. 
D) Change passwords to protect from further invasion.

Question 14

Match the item that is addressed under the Security Rule with the correct area of safeguards.

-integrity of data

Accepted Answer

A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards 
A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards

Question 15

The Office of HIPAA Standards seeks voluntary compliance to the Security Rule.

Accepted Answer

A) True 
 B)False

Question 16

Identify the choice that best completes the statement or answers the question.
-The policy of disclosing the "minimum necessary" e-PHI addresses

Accepted Answer

A) those who bill health claims only. 
B) authorizing personnel to view PHI. 
C) information sent to a health plan for reimbursement. 
D) all clinical staff when treating a patient. 
A) those who bill health claims only. 
B) authorizing personnel to view PHI. 
C) information sent to a health plan for reimbursement. 
D) all clinical staff when treating a patient.

Question 17

Match the item that is addressed under the Security Rule with the correct area of safeguards.

-device and media controls

Accepted Answer

A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards 
A) Administrative safeguards 
B) Physical safeguards 
C) Technical safeguards

Question 18

Identify the choice that best completes the statement or answers the question.
-Integrity of e-PHI requires confirmation that the data

Accepted Answer

A) has been backed up routinely. 
B) is accurate and has not been altered, lost, or destroyed in an unauthorized manner. 
C) has accepted all changes and modifications to the medical record. 
D) has been reviewed by the Security Officer as being accurate. 
A) has been backed up routinely. 
B) is accurate and has not been altered, lost, or destroyed in an unauthorized manner. 
C) has accepted all changes and modifications to the medical record. 
D) has been reviewed by the Security Officer as being accurate.

Question 19

One good requirement to ensure secure access control is to install automatic logoff at each workstation.

Accepted Answer

A) True 
 B)False

Question 20

Identify the choice that best completes the statement or answers the question.
-The required areas of the Security Rule

Accepted Answer

A) must be met with documentation being optional since everyone must comply. 
B) must be achieved and documented. 
C) may be met with a "reasonable and appropriate" approach. 
D) are the administrative and technical safeguards. 
A) must be met with documentation being optional since everyone must comply. 
B) must be achieved and documented. 
C) may be met with a "reasonable and appropriate" approach. 
D) are the administrative and technical safeguards.

Security of e-PHI has to do with keeping the data secure from a breach in the information system's security protocols.

Match the HIPAA term with the correct definition. -A study to find the problems or gaps between current practices and what the Security Rule requires.

Only monetary fines may be levied for violation under the HIPAA Security Rule.

Identify the choice that best completes the statement or answers the question. -Audit trails of computer systems include

Match the item that is addressed under the Security Rule with the correct area of safeguards. -access control by login and password

Identify the choice that best completes the statement or answers the question. -The Security Officer is to keep record of

Match the HIPAA term with the correct definition. -A process whereby cost-effective security control measures may be selected to balance the cost of security control measures against the losses expected if these measures were not in place.

Identify the choice that best completes the statement or answers the question. -Risk analysis in the Security Rule considers

Identify the choice that best completes the statement or answers the question. -HIPAA training must be provided to

Security and privacy of protected health information really cover the same issues.

Identify the choice that best completes the statement or answers the question. -Which are the five areas the DHHS has mandated each covered entity to address so that e-PHI is maintained securely?

Identify the choice that best completes the statement or answers the question. -Complaints about security breaches may be reported to

Identify the choice that best completes the statement or answers the question. -What step is part of reporting of security incidents?

Match the item that is addressed under the Security Rule with the correct area of safeguards. -integrity of data

The Office of HIPAA Standards seeks voluntary compliance to the Security Rule.

Identify the choice that best completes the statement or answers the question. -The policy of disclosing the "minimum necessary" e-PHI addresses

Match the item that is addressed under the Security Rule with the correct area of safeguards. -device and media controls

Identify the choice that best completes the statement or answers the question. -Integrity of e-PHI requires confirmation that the data

One good requirement to ensure secure access control is to install automatic logoff at each workstation.

Identify the choice that best completes the statement or answers the question. -The required areas of the Security Rule

Introduction to Hipaa

Privacy Issues Explained

Transactions and Code Sets

Unique Health Identifiers and Hipaa Myths

Further Rulings Influencing Hipaa

Filters

Exam 4: Security Ruling Explained

Security of e-PHI has to do with keeping the data secure from a breach in the information system's security protocols.

Match the HIPAA term with the correct definition. -A study to find the problems or gaps between current practices and what the Security Rule requires.

Only monetary fines may be levied for violation under the HIPAA Security Rule.

Identify the choice that best completes the statement or answers the question. -Audit trails of computer systems include

Match the item that is addressed under the Security Rule with the correct area of safeguards. -access control by login and password

Identify the choice that best completes the statement or answers the question. -The Security Officer is to keep record of

Match the HIPAA term with the correct definition. -A process whereby cost-effective security control measures may be selected to balance the cost of security control measures against the losses expected if these measures were not in place.

Identify the choice that best completes the statement or answers the question. -Risk analysis in the Security Rule considers

Identify the choice that best completes the statement or answers the question. -HIPAA training must be provided to

Security and privacy of protected health information really cover the same issues.

Identify the choice that best completes the statement or answers the question. -Which are the five areas the DHHS has mandated each covered entity to address so that e-PHI is maintained securely?

Identify the choice that best completes the statement or answers the question. -Complaints about security breaches may be reported to

Identify the choice that best completes the statement or answers the question. -What step is part of reporting of security incidents?

Match the item that is addressed under the Security Rule with the correct area of safeguards. -integrity of data

The Office of HIPAA Standards seeks voluntary compliance to the Security Rule.

Identify the choice that best completes the statement or answers the question. -The policy of disclosing the "minimum necessary" e-PHI addresses

Match the item that is addressed under the Security Rule with the correct area of safeguards. -device and media controls

Identify the choice that best completes the statement or answers the question. -Integrity of e-PHI requires confirmation that the data

One good requirement to ensure secure access control is to install automatic logoff at each workstation.

Identify the choice that best completes the statement or answers the question. -The required areas of the Security Rule

Introduction to Hipaa

Privacy Issues Explained

Transactions and Code Sets

Unique Health Identifiers and Hipaa Myths

Further Rulings Influencing Hipaa

Filters