1-The HIPAA Security Rule protects:
verbal data
electronic data
written data
All of the above
2-According to HIPAA, PHI does NOT include:
IP addresses
Patient’s past medical treatment information
Payments for health care provision
Health information with the identifiers removed
3-Which of the following access control mechanisms used to prevent employees from copying a document labeled with high security to another document labeled with ‘public’?
Firewall
Zones
Encryption
Archive
4-It would be appropriate to release patient information to:
the patient’s (non-attending) physician brother
personnel from the hospital the patient transferred from 2 days ago, who is calling to check on the patient
the respiratory therapy personnel doing an ordered procedure
retired physician who is a friend of the family
5-Healthcare providers must ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI) that the covered entity creates, receives, maintains, or transmits under:
HIPAA
EHR
FCRA
FERPA
6-The mission of the law is to protect consumers’ personal financial information held by financial institutions
PCAOB
PHR
HIPAA
GLB
7-Which of the following statements about retention principles is true?
Organizations should keep business records as long as possible.
We only need to manage the records that are in use.
How long the records should be kept depends on the legal requirements and business needs.
Due to the security consideration, organizations should retain records longer than required.
8-Red flag rule requires that financial institutions:
must implement a written Identity Theft prevention Program
must comply with PCI standards
notify the customer that they may be a victim of identity theft
All of the above
9-Restricting access to the IT Department office of a hospital would fall under which type of safeguard required by the Security Rule of HIPAA?
electronic
technical
physical
administrative
10-According to Omnibus Final Rule, which of the following statements are correct?
If one EMR software vendor needs access to PHI, it would need to complete a BAA.
Business associates does not include entity that maintain PHI.
A BAA is required for the US Postal Service.
Cloud service providers for EMR storage and backup are not liable for compliance with the HIPAA privacy rule.
11-Which of the following is not part of the PII definition established by GAPP:
Address
Credit card number
Student ID
Medical information
12-This term refers to the security practice where no one has more access than is needed to do their job
Auditing
Least privilege
Authentication
CIA Triangle
13-The law “to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to securities laws, and for other purposes.”
CIA
PCI
SOX
SEC
14-Being able to recover records after a disaster:
Effectiveness
Efficiency
Competency
Continuity
15-Law that requires a free credit report annually
FACTA
Red Flag Rule
FERPA
FCRA
16-Any list, description, or other grouping of consumers (and publicly available information pertaining to them) derived using any personally identifiable financial information that is not publicly available
PII
NPI
FTC
PIN
17-Which of the following is specific to the health care industry?
PII
Non-public financial information
Student academic record
PHI
18-The statutory requirement that public companies submit quarterly and annual reports is promulgated by which agency:
FBI
SEC
CIA
CICA
19-Disposition is not part of the records management lifecycle.
True.
False.
20-In the CIA Triangle, the letters refer to what:
Confidentiality, Integrity, and Availability
Central Intelligence Agency
Confidentiality, Intrusion, and Availability
Cybersecurity In Action