Week 7

Question 1

How many title statues HIPAA has?

Answer 1

5

Question 2

What is title one?

Answer 2

Portability: preventation of discrimination in health care insurance enrollment and premiums. Health insurance coverage and protecting individuals and their dependence from losing coverage when they leave or otherwise change jobs

Question 3

What is title two?

Answer 3

Administrative Simplification: Efforts by HIPAA to standardize the healthcare industry’s capricious and inefficient business practices. Prevention of abuse and healthcare fraud

Question 4

Are all providers covered entities?

Answer 4

No, not all providers are cover. Per definition, a health care provider who transmits any information pertain a certain transaction in electronic form.

Question 5

Security Rule

Answer 5

Defines a facility as the physical premises and the interior and exterior building

Question 6

Role- Based Access Control

Answer 6

Gives access to users based on their roles as member of the organization and users are aligned to a preestablished group with it with certain access priviledge based on the groups need to access the information

Question 7

Based on the US department of Health and Human Services, how many people are effect by laptop theft resulting to a health information breach?

Answer 7

500 or more individuals

Question 8

True or False: Erasing or deleting a file does not sufficiently remove EPI.

Answer 8

True

Question 9

Encryption

Answer 9

scrambles or encodes data, protecting it from being comprehend by unauthorized individuals

Question 10

Public Key Infrastructure

Answer 10

is a more secure method of encryption technology because it use two keys encrypt transmit and send message

Question 11

Audit Control

Answer 11

Requires installation of hardware, software, or manual mechanism to examine and record activity in systems that contain ePHI

Question 12

Firewall

Answer 12

is a buffer between an organization internal trusted network and the internet which is considered an untrusted network

Question 13

Risk Management

Answer 13

Applies to all aspects of an organization’s operational and focuses on identifying, evaluating, and controlling risk that can expose the organization to financial liability,

Question 14

HIPAA has three primary documents to inform patients and give them control over their PHI

Answer 14

Notice of Privacy Practice, Authorization, and Consent

Question 15

Notice of privacy practices written in________ and explains how a covered entity will use his or her PHI

Answer 15

Plain Language

Question 16

Use and disclosure permitted with authorization

Answer 16

Facility Directory
Disclosure of Relevant

Question 17

Facility Directory

Answer 17

If a patient agrees to disclose to those who ask to for the individual by name
Emergencies
Clergy of individual’s religious affiliation may receive list

Question 18

Disclosure of Relevant PHI

Answer 18

To family members, relatives, or close friends involved in individual care or payment
If individual unable to agree or object covered entity may use professional judgment to decide if it is in the individuals best interest

Question 19

True or False: 16 circumstances where written authorization and verbal agreement or objection are not required

Answer 19

True

Question 20

What are the first 12 of the use and disclosure permitted without authorization is referred as?

Answer 20

Public interest and benefit

Question 21

Public health activities

Answer 21

No written authorization is required for disclosure of student immunization records from cover entity

Question 22

Decedents

Answer 22

HIPAA privacy act protection survive as individual’s per HITECH for 50 years after death

Question 23

Business Associate

Answer 23

A person or organization not a part of the cover entity’s workforce, that performs a function or activities on behalf of or affecting a covered entity involving use or disclosure of individual identifies health information

Question 24

Business Associate Agreement

Answer 24

Under HIPAA, as originally written business associates as business associates once they were identify as covered entity business associate through a contracted
- even without a contract
-allows covered entity to lawfully disclose protected health information to business associate

Question 25

Workforce

Answer 25

is any individual working under the covered entity’s direct control regardless of whether they are paid by the covered entity or not

Question 26

PHI three part test

Answer 26

Identify the person
Future present and past
it held or transmitted by a covered entity or its business associate in any form of medium

Question 27

Limited Dataset

Answer 27

is PHI that does not completely de-identified individual but excludes most direct identifiers of the individual and individual’s relative employers or household members

Question 28

What is covered by HIPAA?

Answer 28

Privacy Rule: electronic, oral, written

Security Rule: Electronic only

Question 29

Calling out patient’s name in a physician’s office or hospital visitor walking down the hallway and called a patient’s name is an example of?

Answer 29

Incidental uses and disclosures

Question 30

Preemption

Answer 30

Federal law trumps state law unless state law is “stronger”. Covered entity mu

Question 31

Can a covered entity deny the request ?

Answer 31

Yes, if it determines that PHI or the record either was not available for inspections or is already accurate and complete

Question 32

Individual Amendments

Answer 32

it must identify the records in the DRS that are affected by the amendment and append the information or the link to the amendments location

Question 33

Willful neglect

Answer 33

intentional failing comply or reckless indifference. Corrected min $10,000 /max $50,00 per violation
Uncorrected: min $50,000/ max $50,000

Question 34

Prior to HIPAA, how was HIPAA violations detected?

Answer 34

Solely complaint driven

Question 35

Breach notification

Answer 35

the requirements are significant becaise they require both covered entity and business associates to complete breach

Question 36

OCR

Answer 36

has discretion to pursue corrective action without assessing penalties for unknowing violations and where reasonable diligence would not have revealed the violation

Question 37

General Concepts of the security rule

Answer 37

Flexible, Scalable, technology netural

Question 38

Flexible

Answer 38

Any security measures may be used that allows a covered entity to reasonably and appropriately implement the requirement

Question 39

Scalable

Answer 39

it is written to accurate and apply yo org of any size

Question 40

Technology neutral

Answer 40

it does not require or prescribe technology

Question 41

addressable specification

Answer 41

is met if the organization either a determines that the specification is reasonable and appropriate and implements it as written, reasonable and appropriate alternative or document why it is not reasonable and appropriate to implement the specification

Question 42

Designated Record Set

Answer 42

In each case, the records are used in whole in part to make decisions about individual

Question 43

Risk analysis framwork has two primary

Answer 43

disaster recovery and risk anlysis

Question 44

Risk Anlysis First step

Answer 44

systematic characteristeric: focuses on what the organization possess by identifying which information asset needs portection

Question 45

2nd step of risk analysis

Answer 45

identfiying threats: focus on threats * humans are the most constant threat to health information intergrity

Question 46

5th step of risk analysis

Answer 46

Impacy Analysis: See how great of a threat it may impact the organization

Question 47

Risk Determination

Answer 47

quanifies threats enabling to prioritize risk and allocate limited resources like money, people, and time

Question 48

Result Documentation

Answer 48

org should be aware of residual risk which are risk that contribute to exit even after the organization has applies safeguards and control
* must retained for 6 years

Question 49

Disaster REcovery Plan

Answer 49

Defines resource, action, task and data required to restore critical service quickly to manages business recovery processes after major events

Question 50

Data REcovery

Answer 50

effort should be minimal for electronic information as long as thorough and consistent data back up and storage methods or follows

Question 51

Emergency Mode Operation

Answer 51

describes the processes and controls that will be followed until operation are fully restored following an event

Question 52

Are PHR portal is about to be edited by patient?

Answer 52

patients are able to control and create the content of their own PHR

Question 53

Cyber security

Answer 53

activties and process that protects information systems against threats

Question 54

Dangers of Malware

Answer 54

Patient safety and confidentiality of patient information

Question 55

Malious Software

Answer 55

can be destroyed or disrupt a information system introduced through system vulnerabilities by hackers

Question 56

Zero Day Exploit

Answer 56

Sometimes attackers can exploit a software vulernability that software vendor is not yet aware of or has not been able to warn user about

Question 57

Worm

Answer 57

is type of virus that does not need human interaction to spread

Question 58

spyware

Answer 58

is a malware that is primary designed to attach to the host it has infected. Installed without the computer user’s ,permission in order to collect information about their user and browsing habits

Question 59

Cookies

Answer 59

identify the user’s computer to that website and it sort of service as electronic information

Question 60

Session cookies

Answer 60

stores information about their user for only the period of the session

Question 61

Persistent cookie

Answer 61

remained stored on a computer to allow personal information to be retain

Question 62

Scareware

Answer 62

uses ficitious threat to trick users information malware infected

Question 63

Whaling

Answer 63

aimed at an executive in an organization

Question 64

Unsecured wireless network

Answer 64

when accessed they can introduced malware and it users create accounts using the same email address and password thet use for other services the attackers can than hack into the other services like the user’s bank account

Question 65

Denial of Services

Answer 65

Attacker takes control of the device or network with traffic jams

Question 66

Distributes Denial of Services

Answer 66

Attacker uses one or more originating computers with vulnerabilities to attack other computers

Question 67

Ransomware

Answer 67

Resembles scare ware however the threat is real. The attacker will kidnap information for exchange of money

Question 68

Data backup

Answer 68

does not resolve problems that are created when ransomware blocks a computer functionality

Question 69

VPN

Answer 69

Virtual private network. Remote workers utilizes VPN because it has secure tunnels