Health Information Security and Privacy Training Certification
By: Sheba Thornton
Which of the following are ways that health information is regulated?
County Laws
State Laws
Federal Laws
By Accreditation Bodies
Organizational Policies
What information does the HIPAA Privacy Rule protect?
Only electronic health information
Billing information
All types of patient information
Lab results
What information does the HIPAA Security protect?
Paper health information
Only electronic health information
All types of patient information
Billing information
Which public health reports are required by state law?
Disease outbreaks
Abuse of children
Pollution
Abuse of the disabled
Abuse of the elderly
Births and deaths
Which of the following standards provides safeguarding for the privacy and security of health information?
Freedom of Information Act
Drug Abuse Prevention, Treatment, and Rehabilitation Act of 1974
HITECH
AHIMA Code of Ethics
The Privacy Rule in HIPAA states ________
Measures that control access and protect information from unauthorized disclosure, alteration, destruction or loss while remaining available for those who need it
The right of a patient to control disclosure of one’s health information
The Security Rule in HIPAA states ________
Measures that control access and protect information from unauthorized disclosure, alteration, destruction or loss while remaining available for those who need it
The right of a patient to control disclosure of one’s health information
What is administrative simplification?
How to safeguard an individual’s information
Effort by HIPAA to standardize the healthcare industry’s inefficient business practices
Addressing group health plan coverage for individuals with pre-existing conditions and tax requirements for specific groups
Prevention of discrimination in health insurance enrollment or premiums
HIPAA applies to which of the following?
Medical supply distributors
Healthcare providers that conduct certain electronic transactions
Health plans
National Committee for Quality Assurance
Healthcare clearinghouses
Business Associates
What does the Designated Record Set include?
Clinical information
Telephone messages
Surgery schedules
Financial information
What does the Legal Health Record include?
Enrollment information
Healthcare services delivered by the entity for regulatory and disclosure purposes
Documentation of healthcare services or health status
Payment and claims
Documentation of care for reimbursement
Research and public health information
Disclosure is ________
Restriction of access
Asking for access to PHI
Handling of PHI by a covered entity or Business Associate
Dissemination of PHI from a covered entity or Business Associate
Which key documents provide individuals with information and some control over PHI?
Terms of Service
Notice of Privacy
Consent
License agreement
Authorization
Disclaimer
What does a Notice of Privacy explain?
How a covered entity will use the individual's PHI
The covered entity’s legal duties regarding PHI
The individual's health status
The organization is not responsible for the individual's PHI
The individual's rights in regard to their PHI
Is consent always required by HIPAA?
Yes
No
When is authorization required?
For defective information
For psychotherapy notes
Conducting counseling training
Legal defense
When is the opportunity to agree or object to authorization required?
Being listed in the facility directory
In TPO (treatment, payment, operations)
Religious affiliation with clergy
In case of emergencies
When is use and disclosure permitted without authorization?
In case of emergencies
Victims of abuse, neglect, or domestic violence
Law enforcement purposes
Research
Preemption gives _______
Legal precedence to federal law when it conflicts with state law
Safeguarding to PHI
Authorization to access PHI
Codes of ethics to an organization
Which of the following is not one of the Individual Rights provided by HIPAA?
Access
Authorization
Amendment
Accounting of Disclosures
Restriction requests
Confidential communications
The Security Rule requires covered entities to ______
Ensure confidentiality, integrity, and availability of all electronic PHI (ePHI) created, received, maintained, or transmitted
Protect physical records from damage or theft
Protect against reasonably anticipated uses or disclosures of ePHI that is not permitted or required
Restrict access to PHI
Workstation security is an example of which type of safeguard?
Technical safeguard
Administrative safeguard
Physical safeguard
Encryption and decryption are examples of which type of safeguard?
Technical safeguard
Administrative safeguard
Physical safeguard
Security awareness and training is which type of safeguard?
Technical safeguard
Administrative safeguard
Physical safeguard
How can threats be categorized?
Internal or External
Multidimensional
Human
Natural/Environmental
Computational
Error
A vulnerability is _____
An inherent weakness or lack of a safeguard
An unused terminal
An irresponsibility
An aid to risk analysis
Which of the following is not a control category in risk analysis
Preventive
Deterrent
Diversion
Detective
Reactive
Recovery
A Contingency Plan is _______
Preventive measures to ensure data is not lost
Providing for data availability after an event
What must be done to restore critical services as quickly as possible and manage business recovery processes after an event
A set of procedures for responding to emergencies, both during and after one
Health Information Exchanges (HIEs) is ___________
Retrieval of information lost due to an event
Copying of data to secondary storage devices
Movement of health information across organizations, communities or regions
Ensuring confidentiality of data
{"name":"Health Information Security and Privacy Training Certification By: Sheba Thornton", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Please enter your first and last name before beginning., Which of the following are ways that health information is regulated?, What information does the HIPAA Privacy Rule protect?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}