Which of the following is true regarding the development of health record destruction policies?
a. All applicable laws must be considered.
b. The organization must find a way not to destroy any health records.
c. Health records involved in pending or ongoing litigation may be destroyed.
d. Only state laws must be considered. - ANSWERAll applicable laws must be considered.
A visitor walks through the work area and picks up a flash drive from an employee's desk. What security
controls should have been implemented to prevent this security breach?
a. Device and media controls
b. Facility access controls
c. Workstation use controls
d. Workstation security controls - ANSWERFacility access controls
An employee forgot his user ID badge at home and uses another employee's badge to access the
computer system. What controls should have been in place to minimize this security breach?
a. Access controls
b. Security incident procedures
c. Security management process
d. Workforce security awareness training - ANSWERWorkforce security awareness training
Which of the following is the systematic process of identifying security measures to afford protections
based on a healthcare entity's specific environment?
a. Gap analysis
b. Operations review
c. Readiness assessment
d. Risk analysis - ANSWERRisk analysis
, One of the medical staff committees at St. Vincent Hospital is responsible for reviewing cases of patients
readmitted within 14 days after discharge. This review of the patients' health records is considered
healthcare:
a. Actions
b. Operations
c. Payment
d. Treatment - ANSWEROperations
The process of entity authentication means a computer:
a. Prevents rebooting to deactivate a log-off system
b. Reads a predetermined set of criteria to determine if a user is who he or she claims to be
c. Allows rebooting to activate a sign-in process
d. Rejects multiple logins - ANSWERReads a predetermined set of criteria to determine if a user is who
he or she claims to be
A hospital is planning on allowing coding professionals to work at home. The hospital is in the process of
identifying strategies to minimize the security risks associated with this practice. Which of the following
would be best to ensure that data breaches are minimized when the home computer is unattended?
a. User name and password
b. Automatic session terminations
c. Cable locks
d. Encryption - ANSWERAutomatic session terminations
Under what access security mechanism would an individual be allowed access to ePHI if he or she has a
proper login and password, belongs to a specified group, and his or her workstation is located in a
specific place within the facility?
a. Role-based
b. User-based
c. Context-based
d. Job-based - ANSWERContext-based
a. All applicable laws must be considered.
b. The organization must find a way not to destroy any health records.
c. Health records involved in pending or ongoing litigation may be destroyed.
d. Only state laws must be considered. - ANSWERAll applicable laws must be considered.
A visitor walks through the work area and picks up a flash drive from an employee's desk. What security
controls should have been implemented to prevent this security breach?
a. Device and media controls
b. Facility access controls
c. Workstation use controls
d. Workstation security controls - ANSWERFacility access controls
An employee forgot his user ID badge at home and uses another employee's badge to access the
computer system. What controls should have been in place to minimize this security breach?
a. Access controls
b. Security incident procedures
c. Security management process
d. Workforce security awareness training - ANSWERWorkforce security awareness training
Which of the following is the systematic process of identifying security measures to afford protections
based on a healthcare entity's specific environment?
a. Gap analysis
b. Operations review
c. Readiness assessment
d. Risk analysis - ANSWERRisk analysis
, One of the medical staff committees at St. Vincent Hospital is responsible for reviewing cases of patients
readmitted within 14 days after discharge. This review of the patients' health records is considered
healthcare:
a. Actions
b. Operations
c. Payment
d. Treatment - ANSWEROperations
The process of entity authentication means a computer:
a. Prevents rebooting to deactivate a log-off system
b. Reads a predetermined set of criteria to determine if a user is who he or she claims to be
c. Allows rebooting to activate a sign-in process
d. Rejects multiple logins - ANSWERReads a predetermined set of criteria to determine if a user is who
he or she claims to be
A hospital is planning on allowing coding professionals to work at home. The hospital is in the process of
identifying strategies to minimize the security risks associated with this practice. Which of the following
would be best to ensure that data breaches are minimized when the home computer is unattended?
a. User name and password
b. Automatic session terminations
c. Cable locks
d. Encryption - ANSWERAutomatic session terminations
Under what access security mechanism would an individual be allowed access to ePHI if he or she has a
proper login and password, belongs to a specified group, and his or her workstation is located in a
specific place within the facility?
a. Role-based
b. User-based
c. Context-based
d. Job-based - ANSWERContext-based
