Chapter 12 Quiz Answers Flashcards Preview

HIM 250 > Chapter 12 Quiz Answers > Flashcards

Flashcards in Chapter 12 Quiz Answers Deck (10)
Loading flashcards...
1
Q

The purpose of the implementation specifications of the HIPAA Security Rule is to provide _______.
A. protection of patient information
B. instruction for implementation of standards
C. guidance for security training and education
D. sample policies and procedures for compliance

A

instruction for implementation of standards

2
Q
One of the four general requirements a covered entity must adhere to for compliance with the HIPAA Security Rule is to ensure the confidentiality, integrity and \_\_\_\_\_\_\_ of ePHI.
A. addressability
B. accuracy
C. availability
D. accountability
A

Availability

3
Q
The HIPAA Security Rule applies to which of the following covered entities?
A. Hospital that bills Medicare
B. Physician electronic billing company
C. BlueCross health insurance plan
D. All of the above
A

All of the above

4
Q

Non-compliance with the HIPAA Security Rule can lead to _______.
A. Civil penalties
B. Criminal penalties
C. Both a and b
D. A maximum annual penalty of $1 million

A

Both a and b

5
Q

Copying data onto tapes and storing the tapes at a distant location is an example of ______.

a. Data Backup
b. Data Mapping
c. Data Recovery
d. Data Storage for Recovery

A

Data Backup

6
Q

The capture of data by a hospital’s data security system that shows multiple invalid attempts to access the patients’ database is an example of what type of security control?

a. Audit trail
b. Access Control
c. Auto-Authentication
d. Override function

A

Audit Trail

7
Q

The HIPAA Security Rule contains the following safeguards except ______.

a. technical
b. administrative
c. physical
d. reliability

A

Reliability

8
Q

The enforcement agency for the security rule is _________.

a. Office of the Inspector General
b. Centers for Medicare and Medicaid Services
c. Office of Civil Rights
d. Office of Management and Budget

A

Office for civil rights

9
Q

With addressable standards, the covered entity may do all but which of the following?

a. implement the standard as written
b. implement an alternative standard
c. ignore the standard since it is addressable
d. determine the risk of not implementing is negligible

A

Ignore the standard since it is addressable

10
Q

A nurse administrator who does not typically take call gets called in over the weekend to staff the emergency department. She does not have access to enter notes since this is not a part of her typical role. In order to meet the intent of the HIPAA Security Rule, the hospital policy should include _______.

a. a requirement for her to attend training before accessing ePHI.
b. a provision to allow her to share a password with another nurse.
c. a provision to allow her emergency access to the system.
d. a restriction on her ability to access ePHI.

A

A provision to allow her emergency access to the system.