|
Home > Preview
The flashcards below were created by user
ambirc
on FreezingBlue Flashcards.
-
What type of Safeguard is Security Management Process, assigned security responsibility, workforce security, information access management?
Administrative Safeguards
-
What type of safe guards are workforce security awareness and training, security incident procedures, contingency plans, evaluation, business associate's agreement
Administrative Safegaurds
-
What are some physical safeguards
- Facility access controls
- workstation use
- workstation security
- devices and media
-
What are technical safegaurds
- Access controls
- audit controls
- data integrity
- person or entity authentication
- transmission security
-
You are reviewing your privacy security policies, procedures, training program, and so on, and comparing them to the HIPAA and ARRA regulations you are conducting
Compliance Audit
-
A patient has submitted an authorization to release information to a physician office for continues care. The ROI clerk wants to limit the information provided because of the minimum necessary rule. What should the supervisor tell the clerk?
The patient is the exception to the min necessary rule and process the request as written
-
Processing a request for medical information- The record contains op note and discharge summary from another hospital. Is it included ?
Yes, if falls under TPO treatment, payment, and operations
-
Would a policy on requirements for a valid authorization include the following:
A. Expiration
B. Request for an accounting of disclosure
C. Statement or right to revoke
D. Description of information to be disclosed
All except B request for an accounting of disclosure
-
A contingency plan includes which of the following:
A. data quality
B. System Analysis
C. Disaster Planning
D. Hiring practices
Hiring Practices
-
Patient Authorization is required to release to the:
A. PHI to the patient's attorney
B. PHI that is relevant to national security
C. Law enforcement who needs it to identifiy a suspect
D. PHI t the patient family physician for follow-up
A. PHI to the patient's attorney (this multiple choice question has been scrambled)
-
Which of the following would a facility employ for access control?
1. automatic log-off
2. Authentication
3. integrity controls
4. unique user identification
1 and 4
-
ARRA mandates the a CE must comply with a requested restriction unless it meets one of the exceptions
True
-
Margot looked up information on her ex-sister in-law A routine audit discovered the violation under ARRA can she be prosecuted
No she is not a covered enity
-
Which security measure utilizes finger prints or retina scans?
Biometrics
-
Which of the following should the record destruction program include:
A. the method of destruction
B. The name of the supervisor of the person destroying the records
C. citing the laws followed
D. requirement of daily destruction
A. the method of destruction (this multiple choice question has been scrambled)
-
The HIPPA security rule does not require specific tech to be used but rather provides direction on the outcome which is?
Technology neutral
-
A mechanism to ensure the PHI has not been altered or destroyed inappropriately has been established. This process is called.
integrity
-
The computer system containing the electronic health record was located in a room that was flooded and is inoperable. What would be implemented
Business continuity process
-
You are destroying PHI contained in the systems old server before it is trashed. Which method should you use
Degaussing is the process of decreasing or eliminating a remnant magnetic field
-
Which of the following is subjected to the HIPAA security rule
A. Paper medical Record
B. doc faxed to the facility
C. Copy of discharge summary
D. scanned op report on a CD
D. scanned op report on a CD (this multiple choice question has been scrambled)
-
Which of the following would require authorization before disclosing the PHI
A. Authorization to the Bureau of Disability Dertermination.
B. Health oversight activity
C. Worker's comp
D. Public health activities
Public Health Activities
-
A covered enity
includes health care providers who perform specified action electronically
-
What is the accidental destruction of a record that is involved in a medical malpractice suit
Spoliation
-
You have been asked to explain the purpose of the new secruity awareness program your response is
help the staff realize the importance of security
-
Our web service was attacked by malware that overloaded it. What type of malware was this?
Denial of service
-
A data use agreement is requied when
a limited data set is used
-
What type of digital signature uses encryption
digital signature
-
Today is August 30, 2011 when can HIPAA training records be destroyed
7 years aug 30 2018
-
you just learned that one of your business associates is out of compliance with your contract and with the privacy rule. What do you do?
request the business associate correct the problem or stop doing business with the organization
-
Which of the following is subjected to the HIPAA security rule?
A. faxed records
B. x-ray films
C. Paper medical records
D. clinical data repository
D. the security rule only applies to e-PHI (this multiple choice question has been scrambled)
-
you work for an organization that publishes a health informatin management journal and provides clearinghouse services what must you do
separate the e-PHI form the non-covered entity portions of the organization.
-
Document the destruction with
- Date of the destruction
- method of the destruction description of disposed record
- description of the disposed records
- inclusivedates covered
- a statement that the records were destroyed in the normal course of business.
- Signatures of supervisorand witness
|
|
Get the free mobile app
Take the Quiz
Learn more
Learn more