HIM 3132 CH. 12 & 13 EXAM STUDY GUIDE
The purpose of the implementation specifications of the HIPAA security rule is to
provide: - ANSWER instruction for implementation of standards
One of the four general requirements a covered entity must adhere to for
compliance with the HIPAA security rule is to ensure the confidentiality, integrity
and ___________ of ePHI. - ANSWER availability
What are the primary distinctions between the HIPAAA Security Rule and HIPAA
Privacy rule? - ANSWER Security rule applies to all forms of patients' PHI
whether electronic, written, or oral, but the security rule covers only electronic
PHI.
Security rule provides for far more comprehensive security requirements than
the security rule and includes a level of detail not provided in the security rule.
The HIPAA security rule applied to which of the following covered entities? -
ANSWER hospitals that bills medicare, physician electronic billing company,
BlueCross health insurance plan
If a HIPAA security rule implementation specification is addressable, this means
- ANSWER an alternative may be implemented
The HIPAA Security Awareness and Training administrative safeguard requires
all of the following addressable implementation programs for an entity's
workforce except: - ANSWER disaster recovery plan
Which of the following statements is false about the security officer? The
security officer - ANSWER holds a required full-time position under HIPAA
security rule
Non-compliance with the HIPAA security rule can lead to - ANSWER criminal
penalties and civil penalties
Which is the following statements about HIPAA training is false? - ANSWER
Privacy and security training should be separate
What term is also used to denote the HIPAA requirement of Contingency
Planning? - ANSWER emergency mode of operation
, Copying data onto tapes and storing the tapes at a distant location is an example
of - ANSWER data backup
The capture of data by a hospital's data security system that shows multiple
invalid attempts to access the patients' database is an example of what type of
security control? - ANSWER audit trail
the HIPAA security rule contains the following safeguards except: - ANSWER
reliability
The enforcement agency for the security rule is the: - ANSWER Office for Civil
Rights
The HIPAA security rule requires that the covered entity - ANSWER protect ePHI
from reasonably anticipated threats
the HIPAA Security Rule allows flexibility in implementation based on
reasonableness and appropriateness. What does the covered entity use to make
these determinations? - ANSWER 1) size of the covered entity
2) security capabilities of the covered entities system
3) costs of security measures
With addressable standards, the covered entity may do all BUT WHICH of the
following? - ANSWER Ignore the standard since it is addressable
the HIPAA security rule requires that passwords: - ANSWER be updated by
organizational policy
according to the HIPAA Security Rule, what should a covered entity instruct a
physician who needs a new smart phone to do with her current smart phone that
contains ePHI? - ANSWER Turn in her old smart phone
a nurse administrator who does not typically take calls gets called in over the
weekend to staff the emergency department. She does not have access to enter
notes since this is not a part of her typical role. in order to meet the intent of the
HIPAA Security Rule, the hospital policy should include - ANSWER a provision to
allow her emergency access to the system
The HIPAA security rule contains what provisions about encryption? - ANSWER
it is required based on organizational policy
The admissions department is getting some new computers from the surgery
department. The director is so excited to get the new computers that he does
not contact IT and installs the computers over the weekend in admissions. Since
the computers were not checked for the presence of ePHI, the admissions
The purpose of the implementation specifications of the HIPAA security rule is to
provide: - ANSWER instruction for implementation of standards
One of the four general requirements a covered entity must adhere to for
compliance with the HIPAA security rule is to ensure the confidentiality, integrity
and ___________ of ePHI. - ANSWER availability
What are the primary distinctions between the HIPAAA Security Rule and HIPAA
Privacy rule? - ANSWER Security rule applies to all forms of patients' PHI
whether electronic, written, or oral, but the security rule covers only electronic
PHI.
Security rule provides for far more comprehensive security requirements than
the security rule and includes a level of detail not provided in the security rule.
The HIPAA security rule applied to which of the following covered entities? -
ANSWER hospitals that bills medicare, physician electronic billing company,
BlueCross health insurance plan
If a HIPAA security rule implementation specification is addressable, this means
- ANSWER an alternative may be implemented
The HIPAA Security Awareness and Training administrative safeguard requires
all of the following addressable implementation programs for an entity's
workforce except: - ANSWER disaster recovery plan
Which of the following statements is false about the security officer? The
security officer - ANSWER holds a required full-time position under HIPAA
security rule
Non-compliance with the HIPAA security rule can lead to - ANSWER criminal
penalties and civil penalties
Which is the following statements about HIPAA training is false? - ANSWER
Privacy and security training should be separate
What term is also used to denote the HIPAA requirement of Contingency
Planning? - ANSWER emergency mode of operation
, Copying data onto tapes and storing the tapes at a distant location is an example
of - ANSWER data backup
The capture of data by a hospital's data security system that shows multiple
invalid attempts to access the patients' database is an example of what type of
security control? - ANSWER audit trail
the HIPAA security rule contains the following safeguards except: - ANSWER
reliability
The enforcement agency for the security rule is the: - ANSWER Office for Civil
Rights
The HIPAA security rule requires that the covered entity - ANSWER protect ePHI
from reasonably anticipated threats
the HIPAA Security Rule allows flexibility in implementation based on
reasonableness and appropriateness. What does the covered entity use to make
these determinations? - ANSWER 1) size of the covered entity
2) security capabilities of the covered entities system
3) costs of security measures
With addressable standards, the covered entity may do all BUT WHICH of the
following? - ANSWER Ignore the standard since it is addressable
the HIPAA security rule requires that passwords: - ANSWER be updated by
organizational policy
according to the HIPAA Security Rule, what should a covered entity instruct a
physician who needs a new smart phone to do with her current smart phone that
contains ePHI? - ANSWER Turn in her old smart phone
a nurse administrator who does not typically take calls gets called in over the
weekend to staff the emergency department. She does not have access to enter
notes since this is not a part of her typical role. in order to meet the intent of the
HIPAA Security Rule, the hospital policy should include - ANSWER a provision to
allow her emergency access to the system
The HIPAA security rule contains what provisions about encryption? - ANSWER
it is required based on organizational policy
The admissions department is getting some new computers from the surgery
department. The director is so excited to get the new computers that he does
not contact IT and installs the computers over the weekend in admissions. Since
the computers were not checked for the presence of ePHI, the admissions
