HIPAA allows healthcare organizations to control many information decisions. However, where the patient retains control, which of the following is true? |
If a person has a right to make a healthcare decision, then generally that person has a right to control information associated with the decision. |
HIPAA’s "incidental uses and disclosures" provision excuses deviations from the minimum necessary standard. What is excused? |
Truly accidental "excess" uses and disclosures, where reasonable caution was otherwise used and there was no negligence. |
Privacy, in the health information context, refers to: |
The rules about who can access health information, and under what circumstances. |
Under the federal HIPAA regulations, state health privacy laws: |
Can remain in force if "more stringent" than HIPAA, complementing HIPAA’s foundation of protections, provided there is no direct conflict in requirements. |
With respect to permissions for uses and disclosures, HIPAA divides health information into three categories. Into which category does information related to "treatment, payment and health care operations" go? |
Information related to treatment, payment, and healthcare operations may generally be used or disclosed without any specific permission, at least under HIPAA. State law may set a higher standard. |
Which of the following is a correct statement about the balance among prevention, detection, and response (PDR)? |
The greater the sensitivity and quantity of the data at issue, the more carefully the balance among these three must be evaluated. |
Which of these is not generally a good practice for telephone use? |
Using voicemail systems and answering machines that do not require a password or PIN for access. |
Which of these is generally not a good practice with respect to oral communications (that is, talking) in organizations like healthcare facilities? |
Use of full names in public areas or on intercom/paging systems, because there is no security issue with identifying persons in public areas and using full names helps avoid misidentification. |
Which of these is not generally a good practice for fax machine use? |
Sensitive faxes — inbound or outbound — are left sitting in or around the machine. |
Fines and jail time (occasionally) for information security failures are: |
Generally, only applied for serious, deliberate misuse, where someone intentionally accesses data in order to do harm or for personal gain. |
Which of the following are important for protecting computing devices and systems? |
– Physical safeguards like a secure space protected by locked doors, etc. – Technical safeguards like passwords, encryption, and protective software. – Administrative safeguards like rules against sharing passwords. |
Which of these is not a good security practice for web browsing? |
Browsing to sites using links sent in emails without taking steps to assure the destination is safe. |
Which of the following is a good practice if one wishes to avoid "social engineering" attacks? |
– Taking appropriate steps to confirm a person’s (or site’s) identity for any transaction that involves sensitive data. – Not opening attachments or clicking on links in messages, emails, or on websites unless absolutely sure of the source’s authenticity. – Using strict procedures when it is necessary to exchange an authentication credential like a password, PIN, account number, or other personal data that is critical to establishing personal identity. – Being cautious any time someone asks for sensitive information, whether by phone, fax, email, or even in person. It could be a phishing scam. |
Which of these is not a good practice for protecting computing devices? |
Login and screen-saver passwords, or token or biometric mechanisms, are disabled to make it easier to use the device quickly. |
Which of these is not a good security practice for email? |
Sending sensitive information in email messages or in attachments to such messages, as long as a legally-binding confidentiality notice is included. |
CITI – SoCRA Researchers
Share This
Unfinished tasks keep piling up?
Let us complete them for you. Quickly and professionally.
Check Price