RHIT - Health Information Privacy and Secuirty

Card Set Information

RHIT - Health Information Privacy and Secuirty
2013-06-22 11:23:56
RHIT Health Information Privacy Secuirty

RHIT - Health Information Privacy and Secuirty
Show Answers:

  1. What type of Safeguard is Security Management Process, assigned security responsibility, workforce security, information access management?
    Administrative Safeguards
  2. What type of safe guards are workforce security awareness and training, security incident procedures, contingency plans, evaluation, business associate's agreement
    Administrative Safegaurds
  3. What are some physical safeguards
    • Facility access controls
    • workstation use
    • workstation security
    • devices and media
  4. What are technical safegaurds
    • Access controls
    • audit controls
    •  data integrity
    • person or entity authentication
    • transmission security
  5. You are reviewing your privacy security policies, procedures, training program, and so on, and comparing them to the HIPAA and ARRA regulations you are conducting
    Compliance Audit
  6. A patient has submitted an authorization to release information to a physician office for continues care. The ROI clerk wants to limit the information provided because of the minimum necessary rule. What should the supervisor tell the clerk?
    The patient is the exception to the min necessary rule and process the request as written
  7. Processing a request for medical information- The record contains op note and discharge summary from another hospital. Is it included ?
    Yes, if falls under TPO treatment, payment, and operations
  8. Would a policy on requirements for a valid authorization include the following:
    A. Expiration
    B. Request for an accounting of disclosure
    C. Statement or right to revoke
    D. Description of information to be disclosed
    All except B request for an accounting of disclosure
  9. A contingency plan includes which of the following:
    A. data quality
    B. System Analysis
    C. Disaster Planning
    D. Hiring practices
    Hiring Practices
  10. Patient Authorization is required to release to the:
    A. PHI to the patient's attorney
    B. PHI that is relevant to national security 
    C. Law enforcement who needs it to identifiy a suspect 
    D. PHI t the patient family physician for follow-up
    A. PHI to the patient's attorney
    (this multiple choice question has been scrambled)
  11. Which of the following would a facility employ for access control?
    1. automatic log-off
    2. Authentication
    3. integrity controls
    4. unique user identification
    1 and 4
  12. ARRA mandates the a CE must comply with  a requested restriction unless it meets one of the exceptions
  13. Margot looked up information on her ex-sister in-law  A routine audit discovered the violation under ARRA can she be prosecuted
    No she is not a covered enity
  14. Which security measure utilizes finger prints or retina scans?
  15. Which of the following should the record destruction program include:
    A. the method of destruction
    B. The name of the supervisor of the person destroying the records
    C. citing the laws followed
    D. requirement of daily destruction
    A. the method of destruction
    (this multiple choice question has been scrambled)
  16. The HIPPA security rule does not require specific tech to be used but rather provides direction on the outcome which is?
    Technology neutral
  17. A mechanism to ensure the PHI has not been altered or destroyed inappropriately has been established. This process is called.
  18. The computer system containing the electronic health record was located in a room that was flooded and is inoperable. What would be implemented
    Business continuity process
  19. You are destroying PHI contained in the systems old server before it is trashed. Which method should you use
    Degaussing is the process of decreasing or eliminating a remnant magnetic field
  20. Which of the following is subjected to the HIPAA security rule
    A. Paper medical Record
    B. doc faxed to the facility
    C. Copy of discharge summary
    D. scanned op report on a CD
    D. scanned op report on a CD
    (this multiple choice question has been scrambled)
  21. Which of the following would require authorization before disclosing the PHI
    A. Authorization to the Bureau of Disability Dertermination.
    B. Health oversight activity
    C. Worker's comp
    D. Public health activities
    Public Health Activities
  22. A covered enity
    includes health care providers who perform specified action electronically
  23. What is the accidental destruction of a record that is involved in a medical malpractice suit
  24. You have been asked to explain the purpose of the new secruity awareness program your response is
    help the staff realize the importance of security
  25. Our web service was attacked by malware that overloaded it. What type of malware was this?
    Denial of service
  26. A data use agreement is requied when
    a limited data set is used
  27. What type of digital signature uses encryption
    digital signature
  28. Today is August 30, 2011 when can HIPAA training records be destroyed
    7 years  aug 30 2018
  29. you just learned that one of your business associates is out of compliance with your contract and with the privacy rule. What do you do?
    request the business associate correct the problem or stop doing business with the organization
  30. Which of the following is subjected to the HIPAA security rule?
    A. faxed records
    B. x-ray films
    C. Paper medical records
    D. clinical data repository
    D. the security rule only applies to e-PHI
    (this multiple choice question has been scrambled)
  31. you work for an organization that publishes a health informatin management journal and provides clearinghouse services what must you do
    separate the e-PHI form the non-covered entity portions of the organization.
  32. Document the destruction with
    • Date of the destruction 
    • method of the destruction description of disposed record
    • description of the disposed records 
    • inclusivedates covered 
    • a statement that the records were destroyed in the normal course of business.  
    • Signatures of supervisorand witness