Question 1

Keeping e-PHI secure includes which of the following:

Accepted Answer

A)  the HIPAA Security Officer has placed limits on what information is viewed by Business Associates determined by their job description. 
B)  policies and procedures are written to protect against unlawful access by administration. 
C)  changing the passwords for computer access every 30 days. 
D)  safeguards are in place to protect it against unauthorized access or loss. 
A)  the HIPAA Security Officer has placed limits on what information is viewed by Business Associates determined by their job description. 
B)  policies and procedures are written to protect against unlawful access by administration. 
C)  changing the passwords for computer access every 30 days. 
D)  safeguards are in place to protect it against unauthorized access or loss.

Question 2

The Security Officer is to keep record of

Accepted Answer

A)  all computer hardware and software used within the facility when it comes in and when it goes out of the facility. 
B)  just the addition of hardware and software within the facility to be sure they are compliant with the Security Rule. 
C)  just the removal of hardware and software within the facility to be sure all data is removed. 
D)  the net value of disposed equipment that the facility has removed from use. 
A)  all computer hardware and software used within the facility when it comes in and when it goes out of the facility. 
B)  just the addition of hardware and software within the facility to be sure they are compliant with the Security Rule. 
C)  just the removal of hardware and software within the facility to be sure all data is removed. 
D)  the net value of disposed equipment that the facility has removed from use.

Question 3

The Security Rule requires that all paper files of medical records be copied and kept securely locked up.

Accepted Answer

A) True 
 B)False

Question 4

Record of HIPAA training is to maintained by a health care provider for

Accepted Answer

A)  4 years. 
B)  6 years. 
C)  7 years. 
D)  an indefinite time. 
A)  4 years. 
B)  6 years. 
C)  7 years. 
D)  an indefinite time.

Question 5

Complaints about security breaches may be reported to

Accepted Answer

A)  Centers for Medicare and Medicaid Services. 
B)  Office of E-Health Standards and Services. 
C)  Office for Civil Rights. 
D)  Office of HIPAA Standards. 
A)  Centers for Medicare and Medicaid Services. 
B)  Office of E-Health Standards and Services. 
C)  Office for Civil Rights. 
D)  Office of HIPAA Standards.

Question 6

The Office of HIPAA Standards seeks voluntary compliance to the Security Rule.

Accepted Answer

A) True 
 B)False

Question 7

The Security Officer is responsible to review all

Accepted Answer

A)  Business Associate contracts for compliancy issues. 
B)  Trading Partner agreements to ensure they are fully complying with HIPAA rules. 
C)  Both A and B as required by Organization Requirements of Security Rule. 
D)  Neither A nor B in order to comply with the Security Rule. 
A)  Business Associate contracts for compliancy issues. 
B)  Trading Partner agreements to ensure they are fully complying with HIPAA rules. 
C)  Both A and B as required by Organization Requirements of Security Rule. 
D)  Neither A nor B in order to comply with the Security Rule.

Question 8

The Centers for Medicare and Medicaid Services (CMS) have information on their Web site to help a HIPAA Security Officer know the required and addressable areas of securing e-PHI.

Accepted Answer

A) True 
 B)False

Question 9

Telemedicine videoconference tapes are

Accepted Answer

A)  never covered by HIPAA Security Rule. 
B)  covered by HIPAA Security Rule if they are not erased after the physician's report is signed. 
C)  covered by HIPAA Security Rule only if the patient has not signed a consent form. 
D)  not covered by HIPAA Security Rule if used to train medical students. 
A)  never covered by HIPAA Security Rule. 
B)  covered by HIPAA Security Rule if they are not erased after the physician's report is signed. 
C)  covered by HIPAA Security Rule only if the patient has not signed a consent form. 
D)  not covered by HIPAA Security Rule if used to train medical students.

Question 10

Only a serious security incident is to be documented and measures taken to limit further disclosure.

Accepted Answer

A) True 
 B)False

Question 11

Requirements that are addressable under the Security Rule may be omitted by the Security Officer.

Accepted Answer

A) True 
 B)False

Question 12

Investigation of complaints of violations to the Security Rule are under the direction of the

Accepted Answer

A)  Department of Justice. 
B)  Department of Health and Human Services. 
C)  Office of HIPAA Standards. 
D)  Office of Inspector General. 
A)  Department of Justice. 
B)  Department of Health and Human Services. 
C)  Office of HIPAA Standards. 
D)  Office of Inspector General.

Question 13

Security and Privacy of protected health information really cover the same issues.

Accepted Answer

A) True 
 B)False

Question 14

Closed circuit cameras are mandated by HIPAA Security Rule.

Accepted Answer

A) True 
 B)False

Question 15

Which are the five areas the DHHS has mandated each covered entity to address so that e-PHI is maintained securely?

Accepted Answer

A)  Organization requirements; policies, procedures, and documentation; technical safeguards; administrative safeguards; and physical safeguards 
B)  Unique identifiers; administrative safeguards; technical safeguards; physical safeguards; and electronic signatures 
C)  Administrative safeguards; physical safeguards; policies, procedures, and documentation; a HIPAA Security Officer in charge; and a complex computer data backup system 
D)  Policies, procedures, and documentation; organization requirements; protected wireless access; secure firewalls; and virus protection 
A)  Organization requirements; policies, procedures, and documentation; technical safeguards; administrative safeguards; and physical safeguards 
B)  Unique identifiers; administrative safeguards; technical safeguards; physical safeguards; and electronic signatures 
C)  Administrative safeguards; physical safeguards; policies, procedures, and documentation; a HIPAA Security Officer in charge; and a complex computer data backup system 
D)  Policies, procedures, and documentation; organization requirements; protected wireless access; secure firewalls; and virus protection

Question 16

Information access is a required administrative safeguard under HIPAA Security Rule. It is defined as

Accepted Answer

A)  access to the medical record for treatment purposes. 
B)  limiting access to the minimum necessary for the particular job assigned to the particular login. 
C)  restricting access to only clinical staff for treatment purposes, medical records department for coding purposes, and the billing department for purposes of claim submission. 
D)  only allowing patients access to their medical records if it is court ordered. 
A)  access to the medical record for treatment purposes. 
B)  limiting access to the minimum necessary for the particular job assigned to the particular login. 
C)  restricting access to only clinical staff for treatment purposes, medical records department for coding purposes, and the billing department for purposes of claim submission. 
D)  only allowing patients access to their medical records if it is court ordered.

Question 17

Responsibilities of the HIPAA Security Officer include

Accepted Answer

A)  making recommendations for new computers and seeing that they are configured to ensure secure e-PHI. 
B)  developing and implementing policies and procedures for the facility. 
C)  overseeing the training of new doctors and the retraining of all doctors on a regular basis. 
D)  reviewing the Notice of Privacy Practices for the facility and keeping them up to date. 
A)  making recommendations for new computers and seeing that they are configured to ensure secure e-PHI. 
B)  developing and implementing policies and procedures for the facility. 
C)  overseeing the training of new doctors and the retraining of all doctors on a regular basis. 
D)  reviewing the Notice of Privacy Practices for the facility and keeping them up to date.

Question 18

Access privilege to protected health information is

Accepted Answer

A)  having the ability to enter a facility where paper medical records are kept. 
B)  what allows an individual to enter a computer system for an authorized purpose. 
C)  finding a password to gain access to medical information. 
D)  permitted only to the HIPAA Officer and the computer technicians. 
A)  having the ability to enter a facility where paper medical records are kept. 
B)  what allows an individual to enter a computer system for an authorized purpose. 
C)  finding a password to gain access to medical information. 
D)  permitted only to the HIPAA Officer and the computer technicians.

Question 19

Business Associate contracts must include:

Accepted Answer

A)  wording that protects the integrity of HIPAA standard transmissions. 
B)  assurance that each covered entity will use the HIPAA identifiers in transmissions. 
C)  implementation of safeguards to ensure data integrity. 
D)  only items as related to the Privacy Rule. 
A)  wording that protects the integrity of HIPAA standard transmissions. 
B)  assurance that each covered entity will use the HIPAA identifiers in transmissions. 
C)  implementation of safeguards to ensure data integrity. 
D)  only items as related to the Privacy Rule.

Question 20

HIPAA Security Rule applies to data contained in

Accepted Answer

A)  unrecorded video teleconferencing. 
B)  any computer storage media. 
C)  voicemail messages 
D)  paper-to-paper faxes. 
A)  unrecorded video teleconferencing. 
B)  any computer storage media. 
C)  voicemail messages 
D)  paper-to-paper faxes.

Keeping e-PHI secure includes which of the following:

The Security Officer is to keep record of

The Security Rule requires that all paper files of medical records be copied and kept securely locked up.

Record of HIPAA training is to maintained by a health care provider for

Complaints about security breaches may be reported to

The Office of HIPAA Standards seeks voluntary compliance to the Security Rule.

The Security Officer is responsible to review all

The Centers for Medicare and Medicaid Services (CMS) have information on their Web site to help a HIPAA Security Officer know the required and addressable areas of securing e-PHI.

Telemedicine videoconference tapes are

Only a serious security incident is to be documented and measures taken to limit further disclosure.

Requirements that are addressable under the Security Rule may be omitted by the Security Officer.

Investigation of complaints of violations to the Security Rule are under the direction of the

Security and Privacy of protected health information really cover the same issues.

Closed circuit cameras are mandated by HIPAA Security Rule.

Which are the five areas the DHHS has mandated each covered entity to address so that e-PHI is maintained securely?

Information access is a required administrative safeguard under HIPAA Security Rule. It is defined as

Responsibilities of the HIPAA Security Officer include

Access privilege to protected health information is

Business Associate contracts must include:

HIPAA Security Rule applies to data contained in

Introduction to Hipaa

Privacy Issues Explained

Transactions and Code Sets

Unique Health Identifiers and Hipaa Myths

Filters

Exam 4: Security Rule Explained

Keeping e-PHI secure includes which of the following:

The Security Officer is to keep record of

The Security Rule requires that all paper files of medical records be copied and kept securely locked up.

Record of HIPAA training is to maintained by a health care provider for

Complaints about security breaches may be reported to

The Office of HIPAA Standards seeks voluntary compliance to the Security Rule.

The Security Officer is responsible to review all

The Centers for Medicare and Medicaid Services (CMS) have information on their Web site to help a HIPAA Security Officer know the required and addressable areas of securing e-PHI.

Telemedicine videoconference tapes are

Only a serious security incident is to be documented and measures taken to limit further disclosure.

Requirements that are addressable under the Security Rule may be omitted by the Security Officer.

Investigation of complaints of violations to the Security Rule are under the direction of the

Security and Privacy of protected health information really cover the same issues.

Closed circuit cameras are mandated by HIPAA Security Rule.

Which are the five areas the DHHS has mandated each covered entity to address so that e-PHI is maintained securely?

Information access is a required administrative safeguard under HIPAA Security Rule. It is defined as

Responsibilities of the HIPAA Security Officer include

Access privilege to protected health information is

Business Associate contracts must include:

HIPAA Security Rule applies to data contained in

Introduction to Hipaa

Privacy Issues Explained

Transactions and Code Sets

Unique Health Identifiers and Hipaa Myths

Filters