Domain 1 - Healthcare Industry Flashcards
Official (ISC)2 Guide to the HCISPP CBK
A Health Information Exchange (HIE) is an example of ____________.
A. Health Information Technology (HIT).
B. Personal Health Record.
C. An exclusion under HIPAA.
D. An implantable medical device.
A. Health Information Technology
Information security and privacy MOST benefit the healthcare industry by _____________.
A. Increasing informational technology costs.
B. Allowing the organisation to meet legal mandatory requirements.
C. Enduring risk is identified and managed in an appropriate and timely manner.
D. Transferring risk from the organization to another party.
C. Ensuring risk is identified and managed in an appropriate and timely manner.
Two of the MOST important features of a Health Information Exchange are ____________.
A. Scalability and patient “ease of use”.
B. Scalability and security.
C. Interoperability and security.
D. Interoperability and patient “ease of use”.
C. Interoperability and security.
Which of the following BEST describes the general benefits of a Health Information Exchange?
A. Providing a vehicle for improving quality and safety of patient care, providing a basic level of interoperability among electronic health records (EHRs) maintained by individual physicians and organizations, and reducing healthcare fraud and abuse.
B. Providing a vehicle for improving quality and safety of patient care, reducing healthcare fraud and abuse, and providing the backbone of technical infrastructure for leveraging by national and state-level initiatives.
C. Reducing healthcare fraud and abuse, providing a basic level of interoperability among electronic health records (EHRs) maintained by individual physicians and organizations, and providing the backbone of technical infrastructure for leveraging by national and state-level initiatives.
D. Reducing healthcare fraud and abuse, providing a basic level of interoperability among electronic health records (EHRs) maintained by individual physicians and organizations, and providing the backbone of technical infrastructure for leveraging by national and state level initiatives.
A. Providing a vehicle for improving quality and safety of patient care, providing a basic level of interoperability among electronic health records (EHRs) maintained by individual physicians and organizations, and reducing healthcare fraud and abuse.
When designing a workflow for sensitive patient information, which of the following is MOST important in terms of privacy?
A. Data integrity checks and audit logs.
B. “Minimum necessary use” and data integrity checks.
C. Audit logs and availability tests.
D. “Minimum necessary use” and audit logs.
D. “Minimum necessary use” and audit logs.
In the United States under HIPAA, doctors, clinics, pharmacies, and psychologists are BEST defined as ___________.
A. Health information clearing houses.
B. Providers of services.
C. Health Plans.
D. Business Associates.
B. Providers of services.
How does the US HIPAA privacy and US HIPAA security rule differ?
A. No difference exists; they mandate the same requirements.
B. The privacy rule applies to electronic transmissions while the security rule applies to physical and verbal matters.
C. The security rule applies to electronic transmissions while the privacy rule applies to physical and verbal matters.
D. The privacy rule contradicts the security rule regarding electronic health records.
C. The security rule applies to electronic transmissions while the privacy rule applies to physical and verbal matters.
The US Privacy Rule de-indentification requirement _________.
A. Allows patient data to be used for research without consent if the data is from less than 18 people.
B. Allows patient data to be used for research without consent if an expert determines the data has been de-identified or if 18 specific identifiers are removed.
C. Allows research on data of individuals over the age of 18 without their consent.
D. Allows the selling of fully identifiable patient data to non-covered entities.
B. Allows patient data to be used for research without consent if an expert determines the data has been de-identified or if 18 specific identifiers are removed.
Which of the following BEST explains the relationship between the US HIPAA and US HITECH laws?
A. HIPAA enhances HITECH by specifying that the US Food and Drug Administration must administer a PHI breach notification and enforcement program.
B. HITECH nullifies HIPAA and acts as a holistic replacement designed with electronic health records in mind.
C. HITECH enhances HIPAA by specifying the U.S. HHS Office of Civil Rights as the enforcer of HIPAA privacy and security rules.
D. HIPAA nullifies HITECH and acts as a holistic replacement designed with electronic health records in mind.
C. HITECH enhances HIPAA by specifying the U.S. HHS Office of Civil Rights as the enforcer of HIPAA privacy and security rules.
Select the BEST response from the following to complete the phrase: Medical coding
A. Is used as part of an organization’s information security and privacy risk management process.
B. Has unified the practice of healthcare internationally and established a standard for billing and payment from private and government programs.
C. Provides an effective way to determine data classification.
D. Provides a standard to determine an information’s confidentiality, integrity, and availability impact.
B. Has unified the practice of healthcare internationally and established a standard for billing and payment from private and government programs.
