Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

HCI 578 > 578 quizes full > Flashcards

578 quizes full Flashcards

1
Q

The Freedom of Information Act (FOIA) applies to:

A
  • Federal agency records
  • All medical records
  • Only records maintained by the department of veterans affairs
  • None of the above
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following accreditation organizations focuses on health and human service providers?

A
  • The Accreditation Association for Ambulatory Health Care
  • The American Osteopathic Association
  • The Commission on Accreditation of Rehabilitation Facilities
  • The Joint Commission
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Changes to HIPAA are included in:

A
  • Medicare Conditions of Participation
  • HITECH
  • Privacy Act of 1974
  • Child Abuse Prevention and Treatment Act
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The Medicare Conditions of Participation:

A
  • Apply to self-pay patients
  • Do not have provisions relating to the confidentiality of patient information
  • Apply to all healthcare providers
  • Regulate only providers who receive Medicare and Medicaid reimbursement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The Drug Abuse Prevention, Treatment, and Rehabilitation Act of 1972:

A
  • Is a federal law
  • Promotes the disclosure of substance abuse treatment records
  • Applies only to federal substance abuse providers
  • None of the above
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The Federal Register:

A
  • Must be approved by the office of management and budget
  • Is the same as the code of federal regulations
  • Is a daily publication of the federal government
  • Is an interim final rule
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A notice of proposed rulemaking (NPRM) is:

A
  • Publication of a proposed rule in the Federal Register
  • Always required for final rules
  • Similar to a presidential executive order
  • A hearing at a Congressional subcommittee
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An administrative rule:

A
  • Precedes a statute
  • Is created from a statute
  • Is created by legislatures
  • Is the same type of law as a statute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The Office of the National Coordinator for Health Information Technology (ONC) was formed in 2004 to:

A
  • Build national networks that would exchange health information
  • Punish providers who don’t implement electronic health records
  • Pay all providers who implement electronic health records
  • Guide the federal government’s promotion of health information technology
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Vital statistics are compiled nationally by:

A
  • The Centers for Medicare and Medicaid Services
  • The Healthcare Facilities Accreditation Program
  • The National Center for Health Statistics
  • The Joint Commission
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Two legally separate covered entities share a common ownership. For purposes of HIPAA, they may refer to themselves as a single covered entity. These two entities are:

A
  • Affiliated covered entities
  • An illegal healthcare arrangement
  • An organized healthcare arrangement
  • Business associates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Administrative simplification refers to:

A
  • Standardizing the healthcare industry’s non-uniform business practices
  • None of the above
  • Eliminating healthcare fraud and abuse
  • Reducing health plan premiums
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Barbie is completing her required high school community service hours by serving as a volunteer at the local hospital. Barbie is a(n):

A
  • Employee
  • Covered entity
  • Business associate
  • Workforce member
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

St. Vincent Hospital has a contract with a local cleaning company that comes into the hospital to pick up all of the facility’s linens for off-site laundering. The cleaning company is:

A
  • A business associate because St. Vincent has a contract with it
  • Not a business associate because it does not use or disclose PHI
  • Not a business associate because it is a local company
  • A business associate because its employees may see PHI
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A limited data set:

A
  • Can only be in the custody of a covered entity
  • Does not completely deidentify an individual
  • Can only be used with the individual’s authorization
  • Is another term for deidentified data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The minimum necessary requirement does not apply to:

A
  • Hospital employees who want to access a variety of patient records
  • Disclosures to healthcare providers for treatment
  • All of the above
  • Payment disclosures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Generally, an individual acting in loco parentis of a minor is:

A
  • The minor’s personal representative even though the minor consented to his own treatment
  • Never the minor’s personal representative
  • Always the minor’s personal representative
  • Not the minor’s personal representative if the minor consented to his own treatment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A designated record set:

A
  • Consists of records used in whole or in part to make decisions about an individual
  • Includes surgery schedules
  • Contains only medical records
  • Includes telephone messages and appointment logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

General Hospital’s health record department delivers a group of patient records to the quality improvement department for its monthly review. This constitutes:

A
  • Disclosure
  • None of the above
  • Use
  • A HIPAA violation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The highest penalty tier available under HITECH is:

A
  • Willful neglect, uncorrected
  • Unknowing
  • Reasonable cause
  • Willful neglect, corrected
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The accounting of disclosures requirement:

A
  • Includes the 12 public interest and benefit circumstances
  • Exempts the 12 public interest and benefit circumstances
  • Must include disclosures made pursuant to an authorization
  • Includes incidental disclosures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The concept of preemption:

A
  • Gives legal precedence to federal law
  • Requires congress to decide what law should prevail if there is a conflict
  • Requires state governors to decide what law should prevail if there is a conflict
  • Gives legal precedence to state law
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

HITECH granted power to bring civil actions in federal district court based on alleged HIPAA violations to:

A
  • The Office of the National Coordinator for Health Information Technology (ONC)
  • Federal prosecutors
  • State attorneys general
  • Federal judges
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The Notice of Privacy Practices:

A
  • Is optional
  • Must be given to an individual every time he visits a covered entity
  • Informs individuals about how their PHI is used or disclosed
  • Must be signed each time PHI is used or disclosed
25
Q

Public interest and benefit disclosures:

A
  • Require an individual’s verbal agreement
  • Do not require the patient’s written authorization or verbal agreement
  • Include incidental disclosures
  • Require an individual’s written authorization
26
Q

HIPAA enforcement:

A
  • Includes one-day onsite visits
  • Includes audits
  • Is complaint-driven only
  • Does not include business associates
27
Q

Kay Denton wrote to Mercy Hospital, requesting an amendment to her PHI. She informed them that her record incorrectly states she is 180 lbs. instead of her actual 150 lbs., and that correcting it would look better on her record. The information is present on a copy of a History & Physical that General Hospital sent to Mercy Hospital. Mercy Hospital may decline to grant her request based on which privacy rule provision?

A
  • Individuals do not have the right to make amendment requests
  • A History & Physical is never part of the designated record set
  • None of the above—Mercy Hospital must grant her request
  • The History & Physical was not created by Mercy Hospital
28
Q

To place a patient in a facility directory, a covered entity:

A
  • Must include the patient’s admission date and address
  • Does not need any type of permission from the patient
  • Must obtain the patient’s written authorization
  • Must obtain the patient’s verbal agreement
29
Q

Which of the following is a goal of the HIPAA Privacy Rule?

A
  • Allow patients to control his or her health information
  • Provide an individual with greater rights regarding his or her health information
  • Protect the security of electronic patient information
  • All of the above
30
Q

An addressable implementation specification:

A
  • May be implemented as written if it is reasonable and appropriate
  • Must be implemented even if the likelihood of the risk is negligible
  • None of the above
  • Must be present for compliance
31
Q

An audit trail:

A
  • Analyzes network traffic and sends alarms
  • Is a retrospective audit control
  • Validates the accuracy and completeness of health information
  • Is also known as single-factor authentication
32
Q

Which of the following is the most stringent access control mechanism?

A
  • All are equally stringent
  • Role-based
  • User-based
  • Context-based
33
Q

The HIPAA Security Rule defines facility as:

A
  • The interior of buildings only
  • The interior and exterior of buildings and physical premises
  • Only areas that are secured by a fence
  • None of the above
34
Q

Private key infrastructure:

A
  • Is more secure than public key infrastructure
  • Uses one key to encrypt, transmit, and send a message
  • Is less secure than public key infrastructure
  • Uses multiple keys to encrypt, transmit, and send a message
35
Q

Media reuse:

A
  • Is environmentally irresponsible
  • Is prohibited by the Security Rule
  • Keeps costs down
  • Is only permitted by the Security Rule if it is internal
36
Q

Erasing or deleting an electronic file:

A
  • Obliterates the data in a file
  • Removes the pathway that leads to the data
  • Sufficiently removes ePHI
  • Duplicates data in a file
37
Q

“Break the glass” functionality:

A
  • Does not need to be audited after the fact for appropriateness
  • Can be exercised only by an organization’s CEO
  • Allows access privileges in limited and necessary situations
  • Is prohibited by the Security Rule
38
Q

The HIPAA Security Rule is scalable. This means:

A
  • A variety of different types of security measures may be used
  • It applies to entities of any size
  • Its standards are impossible to achieve
  • It does not prescribe certain technologies
39
Q

Which of the following presents the greatest risk of large-scale health information breaches?

A
  • Computer monitors positioned toward high-traffic areas
  • Unlocked rooms
  • Laptop theft
  • Unattended computer workstations
40
Q

What is the most constant threat to health information integrity?

A
  • Humans
  • Natural threats
  • Environmental threats
  • Internal threats
41
Q

The most commonly anticipated reason for health information exchanges is:

A
  • Public access to patient information
  • Payment
  • Healthcare operations
  • Treatment
42
Q

Which of the following describes continued organizational functions despite an event?

A
  • Disaster recovery plan
  • Emergency mode operations
  • Contingency plan
  • Security restoration
43
Q

Risk determination considers the factors of:

A
  • Risk prioritization and control recommendations
  • Risk prioritization and impact
  • Likelihood and impact
  • Likelihood and control recommendations
44
Q

Which of the following restores critical services as quickly as possible after an event?

A
  • Emergency mode operations
  • Contingency plan
  • Security restoration
  • Disaster recovery plan
45
Q

Which of the following is the best practice for protecting information that is text messaged?

A
  • Presume that telephone numbers stored in memory remain valid
  • Send a text message to more than one person
  • Encrypt text messages during transmission
  • Enter a person’s telephone number each time a text message is sent to him
46
Q

If electronic data is backed up consistently, which of the following will be minimized?

A
  • Data reintegration
  • Contingency plan
  • Software maintenance
  • Data recovery
47
Q

Which of the following is not included in the Red Flags Rule’s definition of “creditor”?

A
  • Furnishes information to consumer reporting agencies in connection with a credit transaction
  • Allows individuals to pay for their medical services via credit card
  • Advances funds to—or on behalf of—someone, except for funds for expenses incidental to a service provided by the creditor to that person
  • Obtains or uses consumer reports in connection with a credit transaction
48
Q

Personal health records (PHRs):

A
  • Are controlled by a provider
  • Are official business records
  • Are created by patients
  • Do not provide a longitudinal health history
49
Q

Which step of risk analysis identifies information assets that need protection?

A
  • Identifying vulnerabilities
  • Likelihood determination
  • System characterization
  • Control analysis
50
Q

Spyware:

A
  • Can only be activated on unsecured wireless networks
  • Is primarily designed to attach to the host computer
  • Is primarily designed to propagate multiple computers
  • Includes misleading applications
51
Q

The Cybersecurity Act of 2015 resulted in:

A
  • Creation of the framework for improving critical infrastructure cybersecurity
  • Formation of the health care industry cybersecurity task force
  • A decrease in ransomware attacks
  • A federal requirement that all businesses conduct risk analyses
52
Q

Persistent cookies:

A
  • Remain stored on a computer to allow retention of personal information
  • Store information about the user only for the period of time a session is open
  • Are known for sharing information across more than one website
  • Are used to deliver political messages
53
Q

Middlecross Hospital has an EHR vendor that just learned about a vulnerability in the EHR system. The vendor has not yet been able to warn Middlecross Hospital about the vulnerability or fix it before an attacker hacks into the system. Middlecross Hospital has just experienced a:

A
  • Social engineering attack
  • Trojan horse
  • Hacktivist activity
  • Zero day exploit
54
Q

Attackers who exploit computer systems:

A
  • Do so primarily for personal gain
  • Do so primarily to satisfy their curiosity
  • Have the sole aim of proving their technological capabilities to others
  • Violate the intended use of the systems
55
Q

Cybersecurity protects information systems against:

A
  • Humans
  • Spam and phishing attempts
  • Threats that exploit a system’s vulnerabilities
  • Viruses
56
Q

A computer virus:

A
  • Must be preceded by an action by the computer user to be effective
  • Must be spread by an e-mail message
  • Is able to replicate itself
  • Always requires a host
57
Q

Whaling is:

A
  • Phishing directed at a specific group of people
  • Malware that targets large populations of people
  • A type of malware that penetrates a firewall
  • Spearphishing aimed at an organization’s executive
58
Q

Joe is on the first month of his job in a hospital IT department when the hospital’s network is flooded with traffic. It becomes unusable for users trying to access information. What has occurred is:

A
  • A mobile device breach
  • Denial of service
  • A power outage
  • A ransomware attack
59
Q

Data backup:

A
  • Prevents ransomware from affecting devices on which back-up data is stored
  • Is the solution to all ransomware attacks
  • Can prevent the publication of information that has been taken hostage
  • Cannot prevent ransomware from blocking a computer’s functionality

HCI 578 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions