HIM 320 Guide Questions with Verified Answers
| Assured Success
security
protecting information from loss unauthorized access or misuse, and keeping it confidential
privacy and confidentiality of all PHI, regardless of medium
what does the privacy rule govern?
only the PHI transmitted by or maintained in some form of electronic media
what does the security rule govern?
both Privacy and Security Rules
which rule(s) apply to ePHI?
so highly guarded that health information is not readly available to those treating a patient
a provider can be liable if records are
confidentiality, integrity, and availability
what is part of the CIA triad?
permitting access to EHRs by unauthorized personnel or from inadequately safeguarding
the EHR from destruction
a provider can also be liable for privacy and security breaches that result from
confidentiality
,a requirement that private or confidential information not be disclosed to unauthorized
individuals
data integrity
a requirement that information and programs are changed only in a specified and authorized
manner
security integrity
a requirement that a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system
availability
a requirement intended to ensure that systems work promptly and service is not denied to
authorized users
technology neutral
HIPAA security standards are essentially
"reasonably and appropriately implement" the security standards of the rule
covered entities may use any security methods that enable them to
the flexibility and scalability of the standards
what makes it possible for all CEs, regardless of size, to be compliant with the HIPAA Security
Rule?
safeguards that will achieve the HIPAA security rule objectives in their own organizations
and operational environments
, CEs are allowed to design specific
while the administrative, technical, and physical safeguards are mentioned in the Privacy
Rule, the Security Rule gives much more comprehensive and detailed security
requirements.
what is the difference between the privacy rule and security rule?
CEs, BAs, and subcontractors of BAs
who does the security rule apply to?
ongoing process that requires constant analysis as new technologies are used and new
systems are implemented
security is not a one-time project, but an
security measures to implement, using a risk analysis to determine circumstances that leave
them open to unauthorized access and disclosure of ePHI
what must CEs and BAs decide in regard to the HIPAA securtiy rule?
assess what security measures are already in place and what measures are still necessary
what does ongoing security analysis do?
-ensure the confidentiality, integrity, and availability of all ePHI that they create, receive,
maintain, or transmit
-protect against any reasonably anticipated threats or hazards to the security and integrity
of such ePHI
-protect against any reasonably anticipated uses or disclosures of such ePHI that are not
| Assured Success
security
protecting information from loss unauthorized access or misuse, and keeping it confidential
privacy and confidentiality of all PHI, regardless of medium
what does the privacy rule govern?
only the PHI transmitted by or maintained in some form of electronic media
what does the security rule govern?
both Privacy and Security Rules
which rule(s) apply to ePHI?
so highly guarded that health information is not readly available to those treating a patient
a provider can be liable if records are
confidentiality, integrity, and availability
what is part of the CIA triad?
permitting access to EHRs by unauthorized personnel or from inadequately safeguarding
the EHR from destruction
a provider can also be liable for privacy and security breaches that result from
confidentiality
,a requirement that private or confidential information not be disclosed to unauthorized
individuals
data integrity
a requirement that information and programs are changed only in a specified and authorized
manner
security integrity
a requirement that a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system
availability
a requirement intended to ensure that systems work promptly and service is not denied to
authorized users
technology neutral
HIPAA security standards are essentially
"reasonably and appropriately implement" the security standards of the rule
covered entities may use any security methods that enable them to
the flexibility and scalability of the standards
what makes it possible for all CEs, regardless of size, to be compliant with the HIPAA Security
Rule?
safeguards that will achieve the HIPAA security rule objectives in their own organizations
and operational environments
, CEs are allowed to design specific
while the administrative, technical, and physical safeguards are mentioned in the Privacy
Rule, the Security Rule gives much more comprehensive and detailed security
requirements.
what is the difference between the privacy rule and security rule?
CEs, BAs, and subcontractors of BAs
who does the security rule apply to?
ongoing process that requires constant analysis as new technologies are used and new
systems are implemented
security is not a one-time project, but an
security measures to implement, using a risk analysis to determine circumstances that leave
them open to unauthorized access and disclosure of ePHI
what must CEs and BAs decide in regard to the HIPAA securtiy rule?
assess what security measures are already in place and what measures are still necessary
what does ongoing security analysis do?
-ensure the confidentiality, integrity, and availability of all ePHI that they create, receive,
maintain, or transmit
-protect against any reasonably anticipated threats or hazards to the security and integrity
of such ePHI
-protect against any reasonably anticipated uses or disclosures of such ePHI that are not
