Chapter 12 Test 4 Flashcards

1
Q

Protection of information from loss, unauthorized access, or misuse, along with protecting its confidentiality

A

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Protects PHI regardless of the medium on which it resides

A

Privacy rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Protects electronic PHI (ePHI)

A

Security rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Lack of alteration of destruction in an unauthorized manner

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Not made available or disclosed to unauthorized persons or processes

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

HIPAA Security Rule Protects ePHI that is:

A

Created
Maintained
Transmitted
Received

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

HIPAA Security rule Required compliance date

A

April 2005

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Small health plans date

A

April 2006

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Changes included as part of HITECH (a portion of ARRA)

Passed by Congress in _______

A

February 2009

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Enforcement of the Security Rule was assumed by the _________ in 2009 (taken over from Centers for Medicare and Medicaid Services)

A

Office for Civil Rights of HHS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PHI maintained or transmitted in electronic form
For example, tapes, disks, optical disks, hard drives, servers, Internet, private networks
Not included: Voice mail messages, paper-to-paper faxes; copy machines

A

ePHI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

HIPAA Security Rule Must be implemented

A

Required (R)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

HIPAA Security Rule Must be implemented as the rule states or in an alternate manner or documented that risk does not exist or is negligible
Addressable implementation specifications cannot be ignored

A

Addressable (A)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Covered entities and BAs must use a ________ to decide which security measures to implement.

A

Risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

__________ should be conducted to determine the cost of compliance.

A

Financial analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Implement policies and procedures to prevent, detect, contain, and correct security violations

A

Security Management Process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Identify a security official to develop and implement security policies and procedures to manage and supervise the use of security measures and the conduct of personnel in relation to protecting the data

A

Assigned Security Responsibility

18
Q

Implement policies and procedures to ensure appropriate access to ePHI

A

Workforce Security

19
Q

Implement policies and procedures authorizing access to ePHI

A

Information Access Management

20
Q

Implement a security and awareness training program for all workforce members

A

Security Awareness Training

21
Q

Implement policies & procedures to address security incidents

A

Security Incident Procedures

22
Q

Establish policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems containing ePHI

A

Contingency Plan

23
Q

Perform a periodic technical and non-technical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of ePHI, that establishes extent to which an entity’s security policies and procedures meet HIPAA requirements

A

Evaluation

24
Q

A covered entity may permit a BA to create, receive, maintain, or transmit ePHI on the covered entity’s behalf only if the covered entity obtains satisfactory assurances the BA will appropriately safeguard the information

A

Business Associate Contracts & Other Arrangements

25
Q

Implement policies and procedures to limit physical access to electronic information systems and the facility(ies) in which they are housed, while ensuring that properly authorized access is allowed

A

Facility Access Controls

26
Q

Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI

A

Workstation Use

27
Q

Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users

A

Workstation Security

28
Q

Implement policies and procedures that govern the receipt/removal of hardware and electronic media containing ePHI into and out of a facility, and the movement of these items within the facility

A

Device and Media Controls

29
Q

Implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs that have been granted access rights

A

Access Controls

30
Q

Implement hardware, software, or procedural mechanisms that record and examine activity in information systems that contain or use ePHI

A

Audit Controls

31
Q

Implement policies and procedures to protect ePHI from improper alteration/destruction

A

Integrity

32
Q

Implement procedures to ensure the validity of a person or vendor seeking access is the one claimed

A

Person or Entity Authentication

33
Q

Implement technical security measures to guard against unauthorized access to ePHI transmitted over an electronic communications network

A

Transmission Security

34
Q

Requires plan sponsor to reasonably and appropriately safeguard the confidentiality, integrity, and availability of ePHI

A

Group health plans

35
Q

Implement ___________ to comply with the standards, implementation specifications, and other requirements
____________ may be changed at any time, as long as the changes are documented and implemented

A

Policies and Procedures

36
Q

Requires maintenance of policies and procedures implemented to comply with the security rule in written form

A

Documentation

37
Q

Unknowing violations fine amount

A

$100–$50,000/violation

38
Q

Due to reasonable cause (and not willful neglect) fine amount

A

$1,000–$50,000/violation

39
Q

Due to willful neglect and corrected within 30 days of discovery fine amount

A

$10,000–$50,000/violation

40
Q

Due to willful neglect and not corrected as required fine amount

A

$50,000+/violation

41
Q

Cap of ______ for each violation category

A

$1.5 million