Filters
Question type
Study Flashcards

Which of the following is an example of a HIPAA technical safeguard standard?


A) Workforce Security
B) Workstation Use
C) Audit Controls
D) Workstation Security

E) A) and D)
F) C) and D)

Correct Answer

verifed

verified

Which of the following is not one of the three risk management activities in the security management process?


A) Protections
B) Analysis
C) Measures
D) Plan

E) A) and D)
F) None of the above

Correct Answer

verifed

verified

B

Which of the following is the goal of an Integrity Controls standard?


A) Implementing technical controls that protect ePHI from improper alteration or destruction
B) Restricting access to ePHI only to users and processes that have been specifically authorized
C) Implementing hardware, software, and procedural mechanisms that record and examine activity in information systems that contain ePHI
D) Verification that a person or process seeking to access ePHI is the one claimed

E) All of the above
F) A) and B)

Correct Answer

verifed

verified

Covered entities (CEs) include which of the following?


A) Health-care providers
B) Health plans
C) Health-care clearinghouses
D) All of the above

E) A) and B)
F) B) and C)

Correct Answer

verifed

verified

According to HIPAA, which of the following refers to anyone who does work at or for an organization?


A) Staff
B) Personnel
C) Employee
D) Workforce

E) B) and D)
F) B) and C)

Correct Answer

verifed

verified

Which of the following is an example of a HIPAA physical safeguard standard?


A) Workforce Security
B) Workstation Use
C) Audit Controls
D) Security Incident Response

E) None of the above
F) All of the above

Correct Answer

verifed

verified

Which of the following statements best describes the HIPAA breach notification rules?


A) Covered entities are required to notify individuals for any ePHI breach within 90 days after the discovery of the breach.
B) Covered entities are required to notify individuals for breach of unsecured ePHI within 60 days after the discovery of the breach.
C) Covered entities are required to notify individuals for any ePHI breach within 30 days after the discovery of the breach.
D) Covered entities are required to notify individuals for breach of unsecured ePHI within 30 days after the discovery of the breach.

E) A) and D)
F) A) and C)

Correct Answer

verifed

verified

B

Which of the following best describes HIPAA administrative safeguards?


A) Retention, availability, and update requirements related to supporting documentation
B) The use of technical security measures to protect ePHI data
C) Standards for business associate contracts and other arrangements
D) Documented policies and procedures for managing day-to-day operations and access to ePHI

E) B) and C)
F) B) and D)

Correct Answer

verifed

verified

Which of the following is a change made to HIPAA by the Omnibus Rule?


A) Expanded the definition of "business associates"
B) Increased penalties for violations to up to $1.5 million
C) Granting authority to state Attorneys General to enforce HIPAA rules and pursue criminal and civil cases
D) All of the above

E) A) and B)
F) All of the above

Correct Answer

verifed

verified

Which of the following was given the authority to bring criminal action against covered entities that wrongly disclose ePHI?


A) Department of Justice
B) Local law enforcement
C) Department of Health and Human Services
D) State Attorney

E) All of the above
F) C) and D)

Correct Answer

verifed

verified

Which of the following statements best describes a health-care provider?


A) A person or organization that provides patient or medical services
B) An entity that provides payment for medical services
C) An entity that processes nonstandard health information it receives from another entity
D) A person or entity that creates, receives, maintains, transmits, accesses, or has the potential to access ePHI

E) B) and C)
F) C) and D)

Correct Answer

verifed

verified

Security awareness and training and workforce security standards are examples of which of the following?


A) Administrative safeguards
B) Physical safeguards
C) Technical safeguards
D) Organizational requirements

E) A) and D)
F) C) and D)

Correct Answer

verifed

verified

Which of the following are the two required implementation specifications of the access control standard under HIPAA?


A) Unique user identification and establishing emergency access procedures
B) Implementing automatic logoff procedures and encrypting/decrypting information at rest
C) Unique user identification and implementing automatic logoff procedures
D) Encrypting/decrypting information at rest and establishing emergency access procedures

E) A) and C)
F) A) and B)

Correct Answer

verifed

verified

A

Which of the following backup types backs up anything that has changed since the last backup of any type?


A) Differential
B) Cumulative incremental
C) Incremental
D) Full

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

Which of the following is an example of a HIPAA administrative safeguard standard?


A) Workforce Security
B) Workstation Use
C) Audit Controls
D) Workstation Security

E) None of the above
F) All of the above

Correct Answer

verifed

verified

Who should be notified of ePHI breaches?


A) Department of Justice
B) Local law enforcement
C) Department of Health and Human Services
D) State Attorney

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

Which of the following is the goal of an Audit Controls standard?


A) Implementing technical controls that protect ePHI from improper alteration or destruction
B) Restricting access to ePHI only to users and processes that have been specifically authorized
C) Implementing hardware, software, and procedural mechanisms that record and examine activity in information systems that contain ePHI
D) Verifying that a person or process seeking to access ePHI is the one claimed

E) All of the above
F) C) and D)

Correct Answer

verifed

verified

ePHI refers to which of the following?


A) Electronic private health information
B) Electronic protected health information
C) Encrypted private health information
D) Encrypted protected health information

E) A) and C)
F) B) and C)

Correct Answer

verifed

verified

Which of the following statements best describes a health-care clearinghouse?


A) A person or organization that provides patient or medical services
B) An entity that provides payment for medical services
C) An entity that processes nonstandard health information it receives from another entity
D) A person or entity that creates, receives, maintains, transmits, accesses, or has the potential to access ePHI

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

Under the HITECH Act criminal violations can be brought against which of the following?


A) Covered entities
B) Employees
C) Covered entities and employees
D) Anyone who wrongly discloses PHI

E) A) and D)
F) C) and D)

Correct Answer

verifed

verified

Showing 1 - 20 of 20

Related Exams

Exam 1

Understanding Cybersecurity Policy and Governance

20 Questions

Exam 2

Cybersecurity Policy Organization, Format, and Styles

20 Questions

Exam 3

Cybersecurity Framework

20 Questions

Exam 4

Governance and Risk Management

20 Questions

Exam 5

Asset Management and Data Loss Prevention

19 Questions

Exam 6

Human Resources Security

20 Questions

Exam 7

Physical and Environmental Security

19 Questions

Exam 8

Communications and Operations Security

19 Questions

Exam 9

Access Control Management

18 Questions

Exam 10

Information Systems Acquisition, Development, and Maintenance

20 Questions

Exam 11

Cybersecurity Incident Response

20 Questions

Exam 12

Business Continuity Management

20 Questions

Exam 13

Regulatory Compliance for Financial Institutions

20 Questions

Exam 15

PCI Compliance for Merchants

20 Questions

Exam 16

Nist Cybersecurity Framework

20 Questions

Show Answer