Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS3350 LEGAL ISSUES IN INFORMATION SECURITY > IS3350 CHAPTER 6 > Flashcards

IS3350 CHAPTER 6 Flashcards

1
Q

A written consent that allows protected health information (PHI) to be shared is called ___?
Patients sign consents. These documents are required for many purposes. This term is defined by the Health Insurance Portability and Accountability Act.

A

AUTHORIZATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An organization that performs a health care activity on behalf of a covered entity is called ___?
This term is defined by the Health Insurance Portability and Accountability Act.

A

BUSINESS ASSOCIATES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Health plans, health care clearinghouses, any health care provider that transmits certain types of health information in electronic form is called ___?
These entities must follow the HIPAA Security and Privacy rules. This term is defined by HIPAA.

A

COVERED ENTITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Refers to how a covered entity shares PHI with other organizations that may not be affiliated with it. This term is defined by the HIPAA and is called ___?

A

DISCLOSURE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The legal process used to gather evidence in a lawsuit is called ___?

A

DISCOVERY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Patient health information that is computer based is called ___?
It is PHI stored electronically. This term is defined by the HIPAA.

A

ELECTRONIC PROTECTED HEALTH INFORMATION (EPHI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A crime that takes place when a person’s personally identifiable health information is used without permission in order to receive medical services or goods is called ___?
A specialized type of identity theft.

A

MEDICAL IDENTITY THEFT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A rule that covered entities may only disclose the amount of PHI absolutely necessary to carry out a particular function is called ___?
This term is defined by the HIPAA.

A

MINIMUM NECESSARY RULE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A legal concept that describes a person’s right to sue another for harm that the latter caused is called ___?

A

PRIVATE CAUSE OF ACTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Any individually identifiable information about the past, present, or future health of a person is called ___?
It includes mental and physical health data.
This term is defined by the HIPAA .

A

PROTECTED HEALTH INFORMATION (PHI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How a covered entity shares or handles PHI within its organization is called ___?
This term is defined by HIPAA.

A

USE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. An addressable implementation specification must be used if it is ____?
A

Reasonable and appropriate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is the maximum fine for a single violation of the HIPAA Privacy or Security Rule?
  2. $100
  3. $1500
  4. $1 million
  5. $1.5Million
  6. It is unlimited
A

$1.5Million

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Covered entities must notify affected individuals of a breach within ___ days.
A

60

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. HIPAA limits the pre-existing condition waiting period to ___ months.
A

12

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. What conditions must be met to be considered a health care provider under HIPAA?
  2. Provide health care services to a person
  3. Conduct standard transactions electronically
  4. Handle electronic transactions on a clearinghouses behalf
  5. 1 & 2 only
  6. None of the above
A

Provide health care services to a person

Conduct standard transactions electronically

17
Q
  1. A business associate is ___.
A

An organization that performs a health care activity on behalf of a covered entity.

18
Q
  1. What term refers to how a covered entity shares PHI within the organization?
  2. Disclosure
  3. Discuss
  4. Use
  5. Handle
  6. None of the above
A

Use

19
Q
  1. A covered entity must disclose PHI to a person’s family and friends in an emergency.
    TRUE OR FALSE
A

FALSE

20
Q
  1. A covered entity must respond to a person’s request to access PHI within ___ days.
A

30

21
Q
  1. Which uses and disclosures of PHI are allowed without a person’s consent?
  2. Made to a person about their own PHI
  3. Made for treatment, payment, and health care operations
  4. Made for public safety and health activities
  5. All the above
  6. None of the above
A

Made to a person about their own PHI
Made for treatment, payment, and health care operations
Made for public safety and health activities

All the above

22
Q
  1. What term refers to how a covered entity shares PHI with other organizations?
  2. Disclosure
  3. Discuss
  4. Use
  5. Handle
  6. None of the above
A

Disclosure

23
Q

12.What is the legal process used to gather evidence in a lawsuit?

  1. Disclosure
  2. Discovery
  3. Forensics
  4. Trial
  5. None of the above
A

Discovery

24
Q
  1. Which entity enforces the HIPAA Privacy Rule?
  2. FDIC
  3. FTC
  4. OCR
  5. CDC
  6. None of the above
A

OCR

25
Q
  1. Which rule is similar to the information security concept of need to know?
  2. Use rule
  3. Clearinghouse rule
  4. Operations rule
  5. Absolute rule
  6. Minimum necessary rule
A

Minimum necessary rule

26
Q
  1. A HIPAA breach is a breach of ___PHI.
A

Unsecured

IS3350 LEGAL ISSUES IN INFORMATION SECURITY (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions