578 quizes

Question 1

The Freedom of Information Act (FOIA) applies to:

Answer 1

Federal agency records

Question 2

Which of the following accreditation organizations focuses on health and human service providers?

Answer 2

The Commission on Accreditation of Rehabilitation Facilities

Question 3

Changes to HIPAA are included in:

Answer 3

HITECH

Question 4

The Medicare Conditions of Participation:

Answer 4

Regulate only providers who receive Medicare and Medicaid reimbursement

Question 5

The Drug Abuse Prevention, Treatment, and Rehabilitation Act of 1972:

Answer 5

Is a federal law

Question 6

The Federal Register:

Answer 6

Is a daily publication of the federal government

Question 7

A notice of proposed rulemaking (NPRM) is:

Answer 7

Publication of a proposed rule in the Federal Register

Question 8

An administrative rule:

Answer 8

Is created from a statute

Question 9

The Office of the National Coordinator for Health Information Technology (ONC) was formed in 2004 to:

Answer 9

Guide the federal government’s promotion of health information technology

Question 10

Vital statistics are compiled nationally by:

Answer 10

The National Center for Health Statistics

Question 11

Two legally separate covered entities share a common ownership. For purposes of HIPAA, they may refer to themselves as a single covered entity. These two entities are:

Answer 11

Affiliated covered entities

Question 12

Administrative simplification refers to:

Answer 12

Standardizing the healthcare industry’s non-uniform business practices

Question 13

Barbie is completing her required high school community service hours by serving as a volunteer at the local hospital. Barbie is a(n):

Answer 13

Workforce member

Question 14

St. Vincent Hospital has a contract with a local cleaning company that comes into the hospital to pick up all of the facility’s linens for off-site laundering. The cleaning company is:

Answer 14

A business associate because St. Vincent has a contract with it

Question 15

A limited data set:

Answer 15

Does not completely deidentify an individual

Question 16

The minimum necessary requirement does not apply to:

Answer 16

Disclosures to healthcare providers for treatment

Question 17

Generally, an individual acting in loco parentis of a minor is:

Answer 17

Not the minor’s personal representative if the minor consented to his own treatment

Question 18

A designated record set:

Answer 18

Consists of records used in whole or in part to make decisions about an individual

Question 19

General Hospital’s health record department delivers a group of patient records to the quality improvement department for its monthly review. This constitutes:

Answer 19

Use

Question 20

The highest penalty tier available under HITECH is:

Answer 20

Willful neglect, uncorrected

Question 21

The accounting of disclosures requirement:

Answer 21

Includes the 12 public interest and benefit circumstances

Question 22

The concept of preemption:

Answer 22

Gives legal precedence to federal law

Question 23

HITECH granted power to bring civil actions in federal district court based on alleged HIPAA violations to:

Answer 23

State attorneys general

Question 24

The Notice of Privacy Practices:

Answer 24

Informs individuals about how their PHI is used or disclosed

Question 25

Public interest and benefit disclosures:

Answer 25

Do not require the patient’s written authorization or verbal agreement

Question 26

HIPAA enforcement:

Answer 26

Includes audits

Question 27

Kay Denton wrote to Mercy Hospital, requesting an amendment to her PHI. She informed them that her record incorrectly states she is 180 lbs. instead of her actual 150 lbs., and that correcting it would look better on her record. The information is present on a copy of a History & Physical that General Hospital sent to Mercy Hospital. Mercy Hospital may decline to grant her request based on which privacy rule provision?

Answer 27

The History & Physical was not created by Mercy Hospital

Question 28

To place a patient in a facility directory, a covered entity:

Answer 28

Must obtain the patient’s verbal agreement

Question 29

Which of the following is a goal of the HIPAA Privacy Rule?

Answer 29

Provide an individual with greater rights regarding his or her health information

Question 30

An addressable implementation specification:

Answer 30

May be implemented as written if it is reasonable and appropriate

Question 31

An audit trail:

Answer 31

Is a retrospective audit control

Question 32

Which of the following is the most stringent access control mechanism?

Answer 32

Context-based

Question 33

The HIPAA Security Rule defines facility as:

Answer 33

The interior and exterior of buildings and physical premises

Question 34

Private key infrastructure:

Answer 34

Is less secure than public key infrastructure

Question 35

Media reuse:

Answer 35

Keeps costs down

Question 36

Erasing or deleting an electronic file:

Answer 36

Removes the pathway that leads to the data

Question 37

“Break the glass” functionality:

Answer 37

Is prohibited by the Security Rule

Question 38

The HIPAA Security Rule is scalable. This means:

Answer 38

It applies to entities of any size

Question 39

Which of the following presents the greatest risk of large-scale health information breaches?

Answer 39

Laptop theft

Question 40

What is the most constant threat to health information integrity?

Answer 40

Humans

Question 41

The most commonly anticipated reason for health information exchanges is:

Answer 41

Treatment

Question 42

Which of the following describes continued organizational functions despite an event?

Answer 42

Emergency mode operations

Question 43

Risk determination considers the factors of:

Answer 43

Likelihood and impact

Question 44

Which of the following restores critical services as quickly as possible after an event?

Answer 44

Disaster recovery plan

Question 45

Which of the following is the best practice for protecting information that is text messaged?

Answer 45

Encrypt text messages during transmission

Question 46

If electronic data is backed up consistently, which of the following will be minimized?

Answer 46

Data recovery

Question 47

Which of the following is not included in the Red Flags Rule’s definition of “creditor”?

Answer 47

Obtains or uses consumer reports in connection with a credit transaction

Question 48

Personal health records (PHRs):

Answer 48

Are created by patients

Question 49

Which step of risk analysis identifies information assets that need protection?

Answer 49

System characterization

Question 50

Spyware:

Answer 50

Is primarily designed to attach to the host computer

Question 51

The Cybersecurity Act of 2015 resulted in:

Answer 51

Formation of the health care industry cybersecurity task force

Question 52

Persistent cookies:

Answer 52

Remain stored on a computer to allow retention of personal information

Question 53

Middlecross Hospital has an EHR vendor that just learned about a vulnerability in the EHR system. The vendor has not yet been able to warn Middlecross Hospital about the vulnerability or fix it before an attacker hacks into the system. Middlecross Hospital has just experienced a:

Answer 53

Zero day exploit

Question 54

Attackers who exploit computer systems:

Answer 54

Violate the intended use of the systems

Question 55

Cybersecurity protects information systems against:

Answer 55

Threats that exploit a system’s vulnerabilities

Question 56

A computer virus:

Answer 56

Is able to replicate itself

Question 57

Whaling is:

Answer 57

Spearphishing aimed at an organization’s executive

Question 58

Joe is on the first month of his job in a hospital IT department when the hospital’s network is flooded with traffic. It becomes unusable for users trying to access information. What has occurred is:

Answer 58

Denial of service

Question 59

Data backup:

Answer 59

Cannot prevent ransomware from blocking a computer’s functionality