HIM 3132 ch. 12 & 13 exam
The purpose of the implementation specifications of the HIPAA security rule is to
provide: - correct answer instruction for implementation of standards
One of the four general requirements a covered entity must adhere to for compliance
with the HIPAA security rule is to ensure the confidentiality, integrity and ___________
of ePHI. - correct answer availability
What are the primary distinctions between the HIPAAA Security Rule and HIPAA
Privacy rule? - correct answer Security rule applies to all forms of patients' PHI
whether electronic, written, or oral, but the security rule covers only electronic PHI.
Security rule provides for far more comprehensive security requirements than the
security rule and includes a level of detail not provided in the security rule.
The HIPAA security rule applied to which of the following covered entities? - correct
answer hospitals that bills medicare, physician electronic billing company, BlueCross
health insurance plan
If a HIPAA security rule implementation specification is addressable, this means -
correct answer an alternative may be implemented
The HIPAA Security Awareness and Training administrative safeguard requires all of
the following addressable implementation programs for an entity's workforce except: -
correct answer disaster recovery plan
Which of the following statements is false about the security officer? The security officer
- correct answer holds a required full-time position under HIPAA security rule
Non-compliance with the HIPAA security rule can lead to - correct answer criminal
penalties and civil penalties
Which is the following statements about HIPAA training is false? - correct answer
Privacy and security training should be separate
What term is also used to denote the HIPAA requirement of Contingency Planning? -
correct answer emergency mode of operation
Copying data onto tapes and storing the tapes at a distant location is an example of -
correct answer data backup
The capture of data by a hospital's data security system that shows multiple invalid
attempts to access the patients' database is an example of what type of security
control? - correct answer audit trail
, the HIPAA security rule contains the following safeguards except: - correct answer
reliability
The enforcement agency for the security rule is the: - correct answer Office for Civil
Rights
The HIPAA security rule requires that the covered entity - correct answer protect ePHI
from reasonably anticipated threats
the HIPAA Security Rule allows flexibility in implementation based on reasonableness
and appropriateness. What does the covered entity use to make these determinations?
- correct answer 1) size of the covered entity
2) security capabilities of the covered entities system
3) costs of security measures
With addressable standards, the covered entity may do all BUT WHICH of the
following? - correct answer Ignore the standard since it is addressable
the HIPAA security rule requires that passwords: - correct answer be updated by
organizational policy
according to the HIPAA Security Rule, what should a covered entity instruct a physician
who needs a new smart phone to do with her current smart phone that contains ePHI? -
correct answer Turn in her old smart phone
a nurse administrator who does not typically take calls gets called in over the weekend
to staff the emergency department. She does not have access to enter notes since this
is not a part of her typical role. in order to meet the intent of the HIPAA Security Rule,
the hospital policy should include - correct answer a provision to allow her emergency
access to the system
The HIPAA security rule contains what provisions about encryption? - correct answer
it is required based on organizational policy
The admissions department is getting some new computers from the surgery
department. The director is so excited to get the new computers that he does not
contact IT and installs the computers over the weekend in admissions. Since the
computers were not checked for the presence of ePHI, the admissions director has
violated which provision of the HIPAA security rule? - correct answer Device and
media control
The VP of finance wants to consider sending all of the medical transcriptions home to
work. What security issues should be included in the risk analysis? - correct answer
Access of data by unauthorized persons
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller flyhigher329. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £10.96. You're not tied to anything after your purchase.