When developing security procedures for remote workforce, the HIM director should reference which of the following?
A) privacy and security rule, state statutes and other federal statutes
B) privacy and security rule
C) security rule, state statutes, other federal statutes, compliance regulations
D) privacy and security rule, state statutes and compliance regulations
Question 1 - The Security Rule's requirements are organized into which of the following three categories:
- Administrative, Non-Administrative, and Technical safeguards
- Physical, Technical, and Non-Technical safeguards
- Answer: Administrative, Physical, and Technical
safeguards
- Privacy, Security, and Electronic Transactions
Question 2 - The Security Rule allows Covered Entities and Business Associates to take into account:
- Their size, complexity, and capabilities
- Their technical infrastructure,
hardware, and software security capabilities
- The cost of security measures
- The probability and critical nature of potential risks to ePHI
- Their access to and use of ePHI
- Answer: All of the
above
Question 3 - The HIPAA Security Rule is a technology neutral, federally mandated "floor" of protection whose primary objective is to protect the confidentiality, integrity, and availability of individually identifiable health information in electronic form when it is stored, maintained, or transmitted.
Question 4 - Which of the following are EXEMPT from the HIPAA Security Rule?
- Large health plans
- Hospitals
- Answer: Covered Entities or Business Associates that do not create, receive, maintain, or transmit ePHI
- Business
Associates
Question 5 - Who must comply with the Security Rule?
- Answer: Any person or organization that stores or transmits individually identifiable health information electronically
- All Covered Entities and Business Associates
- Any government
agency
- Any for-profit organization
Question 6 - The HIPAA Security Rule was specifically designed to:
- Protect the integrity, confidentiality, and availability of health information
- Protect against unauthorized uses or
disclosures
- Protect against hazards such as floods, fire, etc.
- Ensure members of the workforce and Business Associates comply with such safeguards
- Answer: All of the above
Question 7 - All of the following are part of the HITECH and Omnibus updates, EXCEPT:
- Increased penalties and enforcement
- Expanded privacy rights for individuals
- Direct enforcement of Business Associates
- Answer: Ability to sell PHI without an individual's
approval
- Breach notification of unsecured PHI
- Business Associate Contract required
Question 8 - All of the following are true regarding the Omnibus Rule, EXCEPT:
- Became effective on March 26, 2013
- Covered
Entities and Business Associates had until September 23, 2013 to comply
- Answer: The Omnibus Rule nullifies the previous HITECH regulations and introduces many new provisions into the HIPAA regulations
- The Omnibus Rules are meant to strengthen and modernize HIPAA by incorporating provisions of the HITECH Act and the GINA Act as
well as finalizing, clarifying, and providing detailed guidance on many previous aspects of HIPAA
Question 9 - All of the following are true regarding the HITECH and Omnibus Updates, EXCEPT:
- One of the major purposes of the HITECH Act was to stimulate and greatly expand the use of EHR to improve efficiency and reduce costs in the healthcare system and to provide
stimulus to the economy
- Answer: It guarantees portability of an individual's insurance coverage from one job to another
- It includes incentives related to health information technology and specific incentives for providers to adopt EHRs
- It expands the scope of privacy
and security protections available under HIPAA in anticipation of the massive expansion in the exchange of ePHI
Question 10 - ARRA stands for:
- Answer: American Recovery and Reinvestment Act
- American Recovery and Responsibility Act
- American
Reinvestment and Recovery Act
- None of the above
Question 11 - All of the following are true about Business Associate Contracts, EXCEPT:
- Both Covered Entities and Business Associates are required to ensure that a Business Associate Contract is in place in order to be in compliance with
HIPAA
- Business Associates are required to ensure that Business Associate Contacts are in place with any of the Business Associate's subcontractors
- Covered Entities are required to obtain 'satisfactory assurances' from Business Associates that PHI will be protected as required by HIPAA
- Answer:
Business Associates are not required to obtain 'satisfactory assurances' from subcontractors that PHI will be protected as required by HIPAA
Question 12 - HITECH stands for:
- HIPAA Information Technology
- High Technology
- Health
Information Technology for Economic Change and Health
- Answer: Health Information Technology for Economic and Clinical Health
Question 13 - All of the following are implicatons of non-compliance with HIPAA, EXCEPT:
- Financial Penalties
- Public
exposure that could lead to loss of market share
- Answer: Having to file a public notice of non-compliance in the newspaper
- Loss of accreditation (JCAHO, NCQA, etc.)
- Litigation damages
- Imprisonment
Question 14 - What is the key to HIPAA compliance?
- Managerial expertise
- Answer: Education
- Organizational structure
- Good legal counsel
Question 15 - When should you promote HIPAA awareness?
- After the polices and procedures have been written
- At the end of rollout and implementation
- Answer: At the very beginning of the compliance process
- After employees have been trained
Which of the following are factors that will determine the details of implementing the HIPAA security Rule?
Compliance with the Security Rule will depend on a number of factors, including those identified in § 164.306(b)(2): “(i) The size, complexity, and capabilities of the covered entity. (ii) The covered entity's technical infrastructure, hardware, and software security capabilities. (iii) The costs of security measures.
Which of the following are exempt from the HIPAA security Rule?
Organizations that do not have to follow the government's privacy rule known as the Health Insurance Portability and Accountability Act (HIPAA) include the following, according to the US Department of Health and Human Services: Life insurers. Employers. Workers' compensation carriers.
Which term does the HIPAA security Rule use to define data or information that has not been altered or destroyed in an unauthorized manner?
Integrity means the property that data or information have not been altered or destroyed in an unauthorized manner. Malicious software means software, for example, a virus, designed to damage or disrupt a system.
Which of the following is a best practice to comply with the revised security provisions of the Hitech Act quizlet?
Which of the following is a best practice to comply with the revised security provisions of the HITECH Act? Inventory BAs to determine which Business Associates Agreements need amending.