Chapter 12 Quiz Answers Flashcards
The purpose of the implementation specifications of the HIPAA Security Rule is to provide _______.
A. protection of patient information
B. instruction for implementation of standards
C. guidance for security training and education
D. sample policies and procedures for compliance
instruction for implementation of standards
One of the four general requirements a covered entity must adhere to for compliance with the HIPAA Security Rule is to ensure the confidentiality, integrity and \_\_\_\_\_\_\_ of ePHI. A. addressability B. accuracy C. availability D. accountability
Availability
The HIPAA Security Rule applies to which of the following covered entities? A. Hospital that bills Medicare B. Physician electronic billing company C. BlueCross health insurance plan D. All of the above
All of the above
Non-compliance with the HIPAA Security Rule can lead to _______.
A. Civil penalties
B. Criminal penalties
C. Both a and b
D. A maximum annual penalty of $1 million
Both a and b
Copying data onto tapes and storing the tapes at a distant location is an example of ______.
a. Data Backup
b. Data Mapping
c. Data Recovery
d. Data Storage for Recovery
Data Backup
The capture of data by a hospital’s data security system that shows multiple invalid attempts to access the patients’ database is an example of what type of security control?
a. Audit trail
b. Access Control
c. Auto-Authentication
d. Override function
Audit Trail
The HIPAA Security Rule contains the following safeguards except ______.
a. technical
b. administrative
c. physical
d. reliability
Reliability
The enforcement agency for the security rule is _________.
a. Office of the Inspector General
b. Centers for Medicare and Medicaid Services
c. Office of Civil Rights
d. Office of Management and Budget
Office for civil rights
With addressable standards, the covered entity may do all but which of the following?
a. implement the standard as written
b. implement an alternative standard
c. ignore the standard since it is addressable
d. determine the risk of not implementing is negligible
Ignore the standard since it is addressable
A nurse administrator who does not typically take call gets called in over the weekend to staff the emergency department. She does not have access to enter notes since this is not a part of her typical role. In order to meet the intent of the HIPAA Security Rule, the hospital policy should include _______.
a. a requirement for her to attend training before accessing ePHI.
b. a provision to allow her to share a password with another nurse.
c. a provision to allow her emergency access to the system.
d. a restriction on her ability to access ePHI.
A provision to allow her emergency access to the system.