RHIA Domain 2 Practice Exam Questions and Answers All Correct
6 views 0 purchase
Course
RHIA Domain 2
Institution
RHIA Domain 2
RHIA Domain 2 Practice Exam Questions and Answers All Correct
The three components of a security program are protecting the privacy of data, ensuring the integrity of data, and ensuring the _________. - Answer-availability of data
HIPAA states that release to a coroner is allowed. State law s...
RHIA Domain 2 Practice Exam Questions
and Answers All Correct
The three components of a security program are protecting the privacy of data, ensuring
the integrity of data, and ensuring the _________. - Answer-availability of data
HIPAA states that release to a coroner is allowed. State law says that the coroner must
provide a subpoena. Which of the following is a correct statement? - Answer-Follow the
state law since it is stricter.
The computer system containing the electronic health record was located in a room that
was flooded. As a result, the system is inoperable. Which of the following would be
implemented? - Answer-business continuity processes
You have been given the responsibility of destroying the PHI contained in the system's
old server before it is trashed. What destruction method do you recommend? - Answer-
degaussing
A breach has been identified. How quickly must the patient be notified? - Answer-No
more than 60 days
In conducting an environmental risk assessment, which of the following would be
considered in the assessment? - Answer-placement of water pipes in the facility
Before we can go any further with our risk analysis, we need to determine what systems
/ information need to be protected. This step is known as - Answer-system
characterization
A hacker recently accessed our database. We are trying to determine how the hacker
got through the firewall and exactly what was accessed. The process used to gather this
evidence is called - Answer-forensics.
As the Chief Privacy Officer, you have been asked why you are conducting a risk
assessment. Which reason would you give? - Answer-to prevent breach of
confidentiality
Which of the following situations would require authorization before disclosing PHI? -
Answer-releasing information to the Bureau of Disability Determination
Which of the following is an example of a security incident? - Answer-A hacker
accessed PHI from off site
, The HIM director received an e-mail from the technology support services department
about her e-mail being full and asking for her password. The director contacted tech
support and it was confirmed that their department did not send this e-mail. This is and
example of what type of malware? - Answer-phishing
You have been asked to create a presentation on intentional and unintentional threats.
Which of the following should be included in the lists of threats you cite? - Answer-a
patient's Social Security number being used for credit card applications
The supervisors have decided to give nursing staff access to the EHR. They can add
notes, view, and print. This is an example of what? - Answer-a workforce clearance
procedure
The information systems department was performing their routine destruction of data
that they do every year. Unfortunately, they accidentally deleted a record that is
involved in a medical malpractice case. This unintentional destruction of evidence is
called. - Answer-spoliation
Which of the following examples is an exception to the definition of a breach? - Answer-
A coder accidentally sends PHI to a billing clerk in the same facility
Which of the following is an example of an administrative safeguard? - Answer-training
The physician office you go to has a data integrity issue. What does this mean? -
Answer-There has been unauthorized alteration of patient information.
You have been given some information that includes the patient's account number.
Which statement is true? - Answer-This is not de-identified information, because it is
possible to identify the patient.
Which of the following is an example of a trigger that might be used to reduce auditing?
- Answer-A patient and user have the same last name.
Bob submitted his resignation from Coastal Hospital. His last day is today. He should no
longer have access to the EHR and other systems as of 5:00 PM today. The removal of
his privileges is known as - Answer-terminating access.
The company's policy states that audit logs, access reports, and security incident
reports should be reviewed daily. This review is known as - Answer-an information
system activity review.
If an authorization is missing a Social Security number, can it be valid? - Answer-Yes
If the patient has agreed to be in the directory, which of the following statements would
be true? - Answer-The patient's condition can be described in general terms like "good"
and "fair."
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
