1-The HIPAA Security Rule protects:
All of the above
2-According to HIPAA, PHI does NOT include:
Patient’s past medical treatment information
Payments for health care provision
Health information with the identifiers removed
3-Which of the following access control mechanisms used to prevent employees from copying a document labeled with high security to another document labeled with ‘public’?
4-It would be appropriate to release patient information to:
the patient’s (non-attending) physician brother
personnel from the hospital the patient transferred from 2 days ago, who is calling to check on the patient
the respiratory therapy personnel doing an ordered procedure
retired physician who is a friend of the family
5-Healthcare providers must ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI) that the covered entity creates, receives, maintains, or transmits under:
6-The mission of the law is to protect consumers’ personal financial information held by financial institutions
7-Which of the following statements about retention principles is true?
Organizations should keep business records as long as possible.
We only need to manage the records that are in use.
How long the records should be kept depends on the legal requirements and business needs.
Due to the security consideration, organizations should retain records longer than required.
8-Red flag rule requires that financial institutions:
must implement a written Identity Theft prevention Program
must comply with PCI standards
notify the customer that they may be a victim of identity theft
All of the above
9-Restricting access to the IT Department office of a hospital would fall under which type of safeguard required by the Security Rule of HIPAA?
10-According to Omnibus Final Rule, which of the following statements are correct?
If one EMR software vendor needs access to PHI, it would need to complete a BAA.
Business associates does not include entity that maintain PHI.
A BAA is required for the US Postal Service.
Cloud service providers for EMR storage and backup are not liable for compliance with the HIPAA privacy rule.
11-Which of the following is not part of the PII definition established by GAPP:
Credit card number
12-This term refers to the security practice where no one has more access than is needed to do their job
13-The law “to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to securities laws, and for other purposes.”
14-Being able to recover records after a disaster:
15-Law that requires a free credit report annually
Red Flag Rule
16-Any list, description, or other grouping of consumers (and publicly available information pertaining to them) derived using any personally identifiable financial information that is not publicly available
17-Which of the following is specific to the health care industry?
Non-public financial information
Student academic record
18-The statutory requirement that public companies submit quarterly and annual reports is promulgated by which agency:
19-Disposition is not part of the records management lifecycle.
20-In the CIA Triangle, the letters refer to what:
Confidentiality, Integrity, and Availability
Central Intelligence Agency
Confidentiality, Intrusion, and Availability
Cybersecurity In Action