What type of Safeguard is Security Management Process, assigned security responsibility, workforce security, information access management?
Administrative Safeguards
What type of safe guards are workforce security awareness and training, security incident procedures, contingency plans, evaluation, business associate's agreement
Administrative Safegaurds
What are some physical safeguards
Facility access controls
workstation use
workstation security
devices and media
What are technical safegaurds
Access controls
audit controls
data integrity
person or entity authentication
transmission security
You are reviewing your privacy security policies, procedures, training program, and so on, and comparing them to the HIPAA and ARRA regulations you are conducting
Compliance Audit
A patient has submitted an authorization to release information to a physician office for continues care. The ROI clerk wants to limit the information provided because of the minimum necessary rule. What should the supervisor tell the clerk?
The patient is the exception to the min necessary rule and process the request as written
Processing a request for medical information- The record contains op note and discharge summary from another hospital. Is it included ?
Yes, if falls under TPO treatment, payment, and operations
Would a policy on requirements for a valid authorization include the following:
A. Expiration
B. Request for an accounting of disclosure
C. Statement or right to revoke
D. Description of information to be disclosed
All except B request for an accounting of disclosure
A contingency plan includes which of the following:
A. data quality
B. System Analysis
C. Disaster Planning
D. Hiring practices
Hiring Practices
Patient Authorization is required to release to the:
D. PHI to the patient's attorney
Which of the following would a facility employ for access control?
1. automatic log-off
2. Authentication
3. integrity controls
4. unique user identification
1 and 4
ARRA mandates the a CE must comply with a requested restriction unless it meets one of the exceptions
True
Margot looked up information on her ex-sister in-law A routine audit discovered the violation under ARRA can she be prosecuted
No she is not a covered enity
Which security measure utilizes finger prints or retina scans?
Biometrics
Which of the following should the record destruction program include:
D. the method of destruction
The HIPPA security rule does not require specific tech to be used but rather provides direction on the outcome which is?
Technology neutral
A mechanism to ensure the PHI has not been altered or destroyed inappropriately has been established. This process is called.
integrity
The computer system containing the electronic health record was located in a room that was flooded and is inoperable. What would be implemented
Business continuity process
You are destroying PHI contained in the systems old server before it is trashed. Which method should you use
Degaussing is the process of decreasing or eliminating a remnant magnetic field
Which of the following is subjected to the HIPAA security rule
B. scanned op report on a CD
Which of the following would require authorization before disclosing the PHI
A. Authorization to the Bureau of Disability Dertermination.
B. Health oversight activity
C. Worker's comp
D. Public health activities
Public Health Activities
A covered enity
includes health care providers who perform specified action electronically
What is the accidental destruction of a record that is involved in a medical malpractice suit
Spoliation
You have been asked to explain the purpose of the new secruity awareness program your response is
help the staff realize the importance of security
Our web service was attacked by malware that overloaded it. What type of malware was this?
Denial of service
A data use agreement is requied when
a limited data set is used
What type of digital signature uses encryption
digital signature
Today is August 30, 2011 when can HIPAA training records be destroyed
7 years aug 30 2018
you just learned that one of your business associates is out of compliance with your contract and with the privacy rule. What do you do?
request the business associate correct the problem or stop doing business with the organization
Which of the following is subjected to the HIPAA security rule?
C. the security rule only applies to e-PHI
you work for an organization that publishes a health informatin management journal and provides clearinghouse services what must you do
separate the e-PHI form the non-covered entity portions of the organization.
Document the destruction with
Date of the destruction
method of the destruction description of disposed record
description of the disposed records
inclusivedates covered
a statement that the records were destroyed in the normal course of business.