Quiz IT electronic documents management

1-The HIPAA Security Rule protects:

verbal data

electronic data

written data

All of the above

2-According to HIPAA, PHI does NOT include:

IP addresses

Patient’s past medical treatment information

Payments for  health care provision

Health information with the identifiers removed

3-Which of the following access control mechanisms used to prevent employees from copying a document labeled with high security to another document labeled with ‘public’?

Firewall

Zones

Encryption

Archive

4-It would be appropriate to release patient information to:

the patient’s (non-attending) physician brother

personnel from the hospital the patient transferred from 2 days ago, who is calling to check on the patient

the respiratory therapy personnel doing an ordered procedure

retired physician who is a friend of the family

5-Healthcare providers must ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI) that the covered entity creates, receives, maintains, or transmits under:

HIPAA

EHR

FCRA

FERPA

6-The mission of the law is to protect consumers’ personal financial information held by financial institutions

PCAOB

PHR

HIPAA

GLB

7-Which of the following statements about retention principles is true?

Organizations should keep business records as long as possible.

We only need to manage the records that are in use.

How long the records should be kept depends on  the legal requirements and business needs.

Due to the security consideration, organizations should retain records longer than required.

8-Red flag rule requires that financial institutions:

must implement a written Identity Theft prevention Program

must comply with PCI standards

notify the customer that they may be a victim of identity theft

All of the above

9-Restricting access to the IT Department office of a hospital would fall under which type of safeguard required by the Security Rule of HIPAA?

electronic

technical

physical

administrative

10-According to Omnibus Final Rule, which of the following statements are correct?

If one EMR software vendor needs access to PHI, it would need to complete a BAA.

Business associates does not include entity that  maintain PHI.

A BAA is required for the US Postal Service.

Cloud service providers for EMR storage and backup are not liable for compliance with the HIPAA privacy rule.

11-Which of the following is not part of the PII definition established by GAPP:

Address

Credit card number

Student ID

Medical information

12-This term refers to the security practice where no one has more access than is needed to do their job

Auditing

Least privilege

Authentication

CIA Triangle

13-The law “to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to securities laws, and for other purposes.”

CIA

PCI

SOX

SEC

14-Being able to recover records after a disaster:

Effectiveness

Efficiency

Competency

Continuity

15-Law that requires a free credit report annually

FACTA

Red Flag Rule

FERPA

FCRA

16-Any list, description, or other grouping of consumers (and publicly available information pertaining to them) derived using any personally identifiable financial information that is not publicly available

PII

NPI

FTC

PIN

17-Which of the following is specific to the health care industry?

PII

Non-public financial information

Student academic record

PHI

18-The statutory requirement that public companies submit quarterly and annual reports is promulgated by which agency:

FBI

SEC

CIA

CICA

19-Disposition is not part of the records management lifecycle.

True.

False.

20-In the CIA Triangle, the letters  refer to what:

Confidentiality, Integrity, and Availability

Central Intelligence Agency

Confidentiality, Intrusion, and Availability

Cybersecurity In Action

Tags: No tags