Final Part 15

Question 1

Identify the true statement about integrity.

1) The CE only has to address data integrity for data stored in the database
2) The CE only has to address data integrity for data transmitted across a network
3) The CE has to address data integrity for data stored and in transmission
4) HIPAA does not require CEs to address data integrity

Answer 1

The CE has to address data integrity for data stored and in transmission

Question 2

To ensure minimum opportunity to access date, passwords

A. Need to be changed once a year
B. Can be any four letters in a person’s name for ease of remembering
C. Should be lengthened when staff changes position
D. Should be changed every ninety days or sooner

Answer 2

Should be changed every ninety days or sooner

Question 3

The HIPAA security rule defines facility as:

A. None of these
B. The interior and exterior of buildings and physical premises
C. Only areas secured by a fence
D. The interior of buildings only

Answer 3

The interior and exterior of buildings and physical premises

Question 4

Regarding PHI, which of the following is NOT one of the reasons that some requirements are relaxed or removed?

A. Treatment
B. Adjudication
C. Operations
D, Payment

Answer 4

Adjudication

Question 5

The CE has a policy that only authorized individuals will be allowed in the data center. This is known as _______.

A. Audit trail
B. Security management plan
C. Risk analysis
D. Facility access control

Answer 5

Facility access control

Question 6

HIPAA security standards whereby the CEcan determine if the standard is reasonable and appropriate is known as _______.

A. Noncompulsory
B. Optional
C. Addressable
D. Voluntary

Answer 6

Addressable

Question 7

If there has been a breach in the security of medical information systems, what are the steps a covered entity must take?

A. The local police are called into investigate the crime
B. A written report is created and all parties involved must be notified in writing of the event
C. All employees must follow a policy to not speak about the incident to anyone
D. The HIPAA officer must write an apology to the patients who have been affected

Answer 7

A written report is created and all parties involved must be notified in writing of the event

Question 8

A user had trouble remembering his password so he decided to write it down. No one obtained access to it and used it, so this is a _____.

A. Information system activity review
B. Security incident
C. Audit control
D. Security event

Answer 8

Security event

Question 9

Which of the following is NOT a part of HIPAA Title II, Administrative Simplification?

A. Transaction and code set rule
B. Privacy rule
C. Security rule
D. Medical Savings Rule

Answer 9

Medical Savings Rule

Question 10

One of the nurses in the quality management department has decided to work a few shifts on the nursing units in order to earn some extra money. When she logs in with her normal sign-in, she has certain functionality; when she logs in differently to work on the nursing unit, she has different functionality. This is known as _____.

A. Context-based authentication
B. Role-based authentication
C. Emergency access procedure
D. User-based authentication

Answer 10

Context-based authentication