Filters
Question type
Study Flashcards

Identify the choice that best completes the statement or answers the question. -Whenever a device has become obsolete, the Security Office must


A) check the item off the list of equipment to maintain in the facility.
B) verify that the facility does not need the equipment any more before selling it.
C) log the date of disposal and the amount of its depreciation.
D) record when and how it is disposed of and that all data was deleted from the device.

E) All of the above
F) A) and B)

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -Business Associate contracts must include


A) wording that protects the integrity of HIPAA standard transmissions.
B) assurance that each covered entity will use the HIPAA identifiers in transmissions.
C) implementation of safeguards to ensure data integrity.
D) only items as related to the Privacy Rule.

E) A) and B)
F) B) and D)

Correct Answer

verifed

verified

Only a serious security incident is to be documented and measures taken to limit further disclosure.

A) True
B) False

Correct Answer

verifed

verified

Risk management for the HIPAA Security Officer is a "one-time" task.

A) True
B) False

Correct Answer

verifed

verified

False

Identify the choice that best completes the statement or answers the question. -Use of e-mail for transmitting PHI is


A) permitted only if a security algorithm is in place.
B) permitted without restrictions.
C) excluded from possible use under the Security Rule.
D) allowed only if both sender and receiver(s) agree to keep e-PHI private.

E) All of the above
F) A) and C)

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -The ability to continue after a disaster of some kind is a requirement of Security Rule.What item is considered part of the contingency plan or business continuity plan?


A) Regular biohazard drills
B) Risk analysis
C) Emergency mode operation plan
D) Find someone to figure the payroll

E) None of the above
F) B) and C)

Correct Answer

verifed

verified

C

"At home" workers such as transcriptionists are not required to follow the workstation security rules for passwords, viewing of monitors by others, or locking of computer screens.

A) True
B) False

Correct Answer

verifed

verified

Match the HIPAA term with the correct definition. -Implementing policies and procedures to prevent, detect, and contain any intrusions of security or unauthorized access.


A) Risk management
B) Gap analysis
C) Risk analysis
D) Security management

E) B) and C)
F) None of the above

Correct Answer

verifed

verified

Match the item that is addressed under the Security Rule with the correct area of safeguards. -facility access controls


A) Administrative safeguards
B) Physical safeguards
C) Technical safeguards

D) A) and B)
E) A) and C)

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -Which of the following items is a technical safeguard of the Security Rule?


A) Workstation location
B) Data backup plan
C) Sufficient storage capacity
D) Entity authentication

E) None of the above
F) A) and B)

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -Access privilege to protected health information is


A) having the ability to enter a facility where paper medical records are kept.
B) what allows an individual to enter a computer system for an authorized purpose.
C) finding a password to gain access to medical information.
D) permitted only to the HIPAA Officer and the computer technicians.

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

Match the item that is addressed under the Security Rule with the correct area of safeguards. -Business Associate contract


A) Administrative safeguards
B) Physical safeguards
C) Technical safeguards

D) B) and C)
E) A) and C)

Correct Answer

verifed

verified

The Centers for Medicare and Medicaid Services (CMS) have information on their Web site to help a HIPAA Security Officer know the required and addressable areas of securing e-PHI.

A) True
B) False

Correct Answer

verifed

verified

The Security Rule requires that all paper files of medical records be copied and kept securely locked up.

A) True
B) False

Correct Answer

verifed

verified

If a business visitor is also a Business Associate, that individual does not need to be escorted in the building to ensure protection of PHI.

A) True
B) False

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -Information access is a required administrative safeguard under HIPAA Security Rule.It is defined as


A) access to the medical record for treatment purposes.
B) limiting access to the minimum necessary for the particular job assigned to the particular login.
C) restricting access to only clinical staff for treatment purposes, medical records department for coding purposes, and the billing department for purposes of claim submission.
D) only allowing patients access to their medical records if it is court ordered.

E) None of the above
F) B) and D)

Correct Answer

verifed

verified

B

To protect e-PHI that is sent through the Internet, a covered entity must use encryption technology to minimize the risks.E-PHI that is "at rest" must also be encrypted to maintain security.

A) True
B) False

Correct Answer

verifed

verified

Compliance to the Security Rule is solely the responsibility of the Security Officer.

A) True
B) False

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -Reasonable physical safeguards for patient care areas include


A) a staff escort at all times.
B) having monitors turned away from viewing by visitors.
C) having a sign-in and sign-out register for all visitors.
D) providing all visitors with your policy document.

E) B) and C)
F) A) and C)

Correct Answer

verifed

verified

Identify the choice that best completes the statement or answers the question. -The Security Officer is responsible to review all


A) Business Associate contracts for compliancy issues.
B) Trading Partner agreements to ensure they are fully complying with HIPAA rules.
C) Both A and B as required by Organization Requirements of Security Rule.
D) Neither A nor B in order to comply with the Security Rule.

E) A) and B)
F) A) and D)

Correct Answer

verifed

verified

Showing 1 - 20 of 53

Related Exams

Exam 1

Introduction to Hipaa

43 Questions

Exam 2

Privacy Issues Explained

47 Questions

Exam 3

Transactions and Code Sets

46 Questions

Exam 5

Unique Health Identifiers and Hipaa Myths

50 Questions

Exam 6

Further Rulings Influencing Hipaa

34 Questions

Show Answer