Add to collection(s) Add to saved
  1. Business
  2. Management

7.1-Assessment-Key

advertisement 
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
The CAHIMS Exam Preparation Course
and the CAHIMS exam are the result of
collaboration between the Life Science
Informatics Center at Bellevue College
and the Healthcare Information and
Management Systems Society (HIMSS).
Significant content found in the CAHIMS
Exam Preparation Course stems from the
Office of the National Coordinator for
Health Information Technology. Creation
of the CAHIMS Exam Preparation Course
and the CAHIMS exam was made
possible through support from the National
Science Foundation (NSF).
Curriculum Team:
Margaret Schulte, DBA
Michèle Royer, PhD
Nathan Savage, MLIS
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Section 7 - Privacy and Security
Lesson 7.1 - Privacy, Security & Confidentiality Policies & Standards
Assessment Questions Answer Key
Lectures 1, 2 & 3
1. Which of the following was NOT a security principle for health information
proposed in the 1997 “For the Record” report?
a. Use two-factor authentication
b. Establish security education and training
c. Develop policies for software discipline
*d. Avoid storage on portable drives
e. Use encryption to protect information in transit
Answer: d. Avoid storage on portable drives
Lecture(s)/Slide(s): 2/4, 10, 11, 15
2. Allowing cancer researchers to use the existing data in hospital systems,
without asking each patient for permission, illustrates which of the following
principles underlying the HIPAA privacy rule?
a. Boundaries
b. Security
c. Consumer Control
d. Accountability
*e. Public Responsibility
Answer: e. Public Responsibility
Lecture(s)/Slide(s): 1/17
3. The 1996 HIPAA legislation related to
*a. portability of health insurance across state lines.
b. privacy of health information held in government institutions.
c. the principle in the Hippocratic Oath of “First, do no harm.”
d. promoting electronic health records.
Answer: a. portability of health insurance across state lines.
Lecture(s)/Slide(s): 1/7
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 1
4. Which of the following is the strongest example of authentication?
a. Having a username that is not related to your real name
b. Having both a username and a password
c. Memorizing your password so you don’t have to write it down
d. Keeping information encrypted
*e. Using both a password and a device with changing unique numbers
Answer: e. Using both a password and a device with changing unique numbers
Lecture(s)/Slide(s): 2/4
5. Why did Congress fail to pass privacy legislation in 1999?
a. There was almost unanimous disagreement with what had been proposed.
b. Congress did not agree with the privacy principles put forth by the Secretary of
Health and Human Services.
c. Congress felt existing state laws were sufficient to protect privacy.
*d. The legislators could not agree among themselves about what to propose.
Answer: d. The legislators could not agree among themselves about what to
propose.
Lecture(s)/Slide(s): 1/18-20
6. Before the HIPAA Privacy Rule was implemented, state laws were
a. less strict than the federal laws.
*b. very variable.
c. more strict than the federal laws.
d. only applicable to sensitive conditions like mental health or sexually
transmitted disease information.
Answer: b. very variable.
Lecture(s)/Slide(s): 1/11
7. Which of the following was NOT one of the factors that led to changes in HIPAA
as a result of the HITECH Act?
a. There were reports of breaches of information security.
b. Enforcement was not being done well.
*c. The 1997 security recommendations were outdated.
d. Privacy advocates felt there was not enough consumer control.
Answer: c. The 1997 security recommendations were outdated.
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 2
Lecture(s)/Slide(s): 3/3-9
8. Which of the following was a change with the HITECH Privacy Regulations?
*a. Tracking disclosures for TPO was now required.
b. Authorization for use of information for advertising purposes was now required.
c. Patient acknowledgement that they had read a hospital’s privacy practices was
no longer required.
d. Reporting breaches to the media was no longer required.
Answer: a. Tracking disclosures for TPO was now required.
Lecture(s)/Slide(s): 3/11-18
9. What is the major challenge with the changes to HIPAA in the HITECH Act?
a. Patients will not accept the changes.
*b. They will require major changes in work processes.
c. They cannot be enforced.
d. They will cost the government more money.
Answer: b. They will require major changes in work processes.
Lecture(s)/Slide(s): 3/19-23
10. The recommendations for sanctions for privacy or security violations relates
to which principle:
a. Boundaries
b. Consumer Control
*c. Accountability
d. Public Responsibility
Answer: c. Accountability
Lecture(s)/Slide(s): 1/16
11. The principle of boundaries includes all EXCEPT
a. software programs for access validation.
b. authentication procedures.
c. audit-trail mechanisms.
*d. off-site storage of data.
Answer: d. off-site storage of data
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 3
Lecture(s)/Slide(s): 1/1-5, 7
12. According to the lecture, which confidentiality measure is typically in place in
EHR systems but often not activated or monitored?
*a. Audit-trail mechanisms
b. Biometric authentication procedures
c. Two-stage authentication procedures
d. Remote monitoring devices
Answer: a. Audit-trail mechanisms
Lecture(s)/Slide(s): 2/6
13. According to the lecture, which of the following statements explains why
education and training programs for healthcare organizations’ employees are
crucial in the implementation and maintenance of security for HIPAA
expectations?
*a. Healthcare organizations are held responsible for the actions of their
employees.
b. Customer satisfaction is directly related to the security of personal health
records.
c. Healthcare employees are not familiar with the standards set by the HITECH
act.
d. Security policies and procedures are often ignored if not taught formally.
Answer: a. Healthcare organizations are held responsible for the actions of their
employees
Lecture(s)/Slide(s): 2/15
14. Consumer control includes all of the following EXCEPT
a. patients can learn who has accessed their records.
b. patients can correct errors in their medical records.
*c. covered entities must honor the request to not report a visit to insurance
companies regardless of payment methods.
d. patients have the right to request a copy of their personal electronic medical
record.
Answer: c. covered entities must honor the request to not report a visit to
insurance companies regardless of payment methods.
Lecture(s)/Slide(s): 1/15; 2/6; 3/17
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 4
15. Which HITECH Privacy regulation creates the greatest public relations
challenge?
a. Tracking all disclosures including those for TPO
*b. Notification to media of security breaches if more than 500 individuals are
affected
c. Transferring electronic medical records directly to other entities upon patient
request
d. Responding to patient requests for electronic medical records in an encrypted
format
Answer: b. Notification to media of security breaches if more than 500 individuals
are affected
Lecture(s)/Slide(s): 3/16, 18, 21, 25
Lectures 4 & 5
16. HIPAA stands for:
a. Health Investment Protection and Availability Act
b. Health Information Protection and Access Act
c. Health Information Portability and Accountability Act
*d. Health Insurance Portability and Accountability Act
e. Health Insurance Prosperity and Access Act
Answer: d. Health Insurance Portability and Accountability Act
Lecture(s)/Slide(s): 4/4
17. HIPAA requires protection not only of information that explicitly links to the
patient (e.g., social security number), but also of information that could
reasonably be used to identify the patient (e.g., ZIP code).
*a. True
b. False
Answer: a. HIPAA requires protection not only of information that explicitly links
to the patient (e.g., social security number), but also of information that could
reasonably be used to identify the patient (e.g., ZIP code). Though there are 18
unique identifiers that are universally considered identifiable links, any
information collected should be scrutinized to see if it can be in some way
tracked back to identify the patient. This could include other data including X-ray
images, some video, audio etc .
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 5
Lecture(s)/Slide(s): 4/5
18. Local and state laws governing privacy of health information tend to
supersede federal laws.
a. True
*b. False
Answer: b. Federal laws generally take precedence.
Lecture(s)/Slide(s): 4/6
19. Which is NOT a common form of security breach?
a. Password-based attack
b. Identity spoofing
c. Application layer attack
d. Eavesdropping
*e. Parasite attack
Answer: e. Parasite attack is not a listed or valid type of security breach.
Lecture(s)/Slide(s): 5/13
20. Which is NOT a type of safeguard required by HIPAA?
*a. Virtual requirements
b. Technical safeguards
c. Physical safeguards
d. Administrative safeguards
Answer: a. Virtual requirements are not a required or recognized safeguard.
Lecture(s)/Slide(s): 4/11
21. Which is NOT an important tool for transmission security?
*a. Solid-state drive
b. Firewall
c. Encryption
d. Virtual Private Network (VPN)
e. Virtual Local Area Network (VLAN)
Answer: a. All other items are related to data transmission. Drives are related to
data storage.
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 6
Lecture(s)/Slide(s): 5/7
Lectures 6 & 7
22. Security is __________.
a. the quality or state of being secure
b. freedom from fear or anxiety
c. measures taken to guard against espionage or sabotage, crime, attack or
escape
*d. all of the above
Answer: d Security is defined by the Merriam-Webster Dictionary as the quality or
state of being secure, freedom from danger, freedom from fear or anxiety, and
measures taken to guard against espionage or sabotage, crime, attack, or
escape.
Lecture(s)/Slide(s): 6/3
23. __________ is making sure that only authorized individuals have access to
information.
a. Integrity
b. Availability
*c. Confidentiality
d. Nonrepudiation
Answer: c Confidentiality is making sure that only authorized individuals have
access to information.
Lecture(s)/Slide(s): 6/6
24. __________ means that the data on a system is the same as the data from the
original source. It has not been altered.
*a. Integrity
b. Availability
c. Confidentiality
d. Nonrepudiation
Answer: a Integrity means that the data on a system is the same as the data from
the original source. The data has not been altered or destroyed.
Lecture(s)/Slide(s): 6/9
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 7
25. __________ is the process of taking data applying a cipher to create
ciphertext.
a. Hashing
*b. Encryption
c. Scrambling
d. Ciphering
Answer: b Encryption is the process of taking data, referred to as plaintext, and
applying an encryption algorithm, called cipher, to create ciphertext.
Lecture(s)/Slide(s): 6/10
26. __________ provides proof that a certain action has taken place or that
something/someone is what they claim to be.
a. Integrity
b. Availability
c. Confidentiality
*d. Nonrepudiation
Answer: d Nonrepudiation provides proof that a certain action has taken place, or
that something/someone is what he claims to be.
Lecture(s)/Slide(s): 6/16
27. __________ are used to verify the identity of the source. It binds a public key
with information about the source.
a. PKI
b. Encryption
*c. Certificates
d. Hashes
Answer: c Certificates are used to bind a public key with a person, an
organization, their address, contact information, and other relevant information.
Certificates are used to verify the identity of the source.
Lecture(s)/Slide(s): 6/17
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 8
28. __________ is who or what is allowed access to a particular resource and
what level of access they are allowed.
*a. Access Control
b. Authentication
c. Accessibility
d. Authorization
Answer: a Access control is: Who, or what, is allowed access to a particular
resource, and what level of access is allowed.
Lecture(s)/Slide(s): 7/3
29. In __________ it is completely up to the owner of the object who has access to
them and what access they have.
a. Mandatory Access Control
*b. Discretionary Access Control
c. Role Based Access Control
d. Privileges
Answer: b Discretionary Access Control (DAC) means that it is completely up to
the owner of the objects who has access to them, and what access they have.
Lecture(s)/Slide(s): 7/5
30. An __________ is a list that is associated with a file, directory or object that
lists who has access to it and what access they have.
a. Authentication
b. Accessibility
c. Authorization
*d. Access Control List
Answer: d An Access Control List (ACL) is a list that is associated with a file,
directory or object that lists who has access to it, and the type of access.
Lecture(s)/Slide(s): 7/7
31. __________ use Internet technology to transmit data between sites. Data is
encrypted as it travels from site to site.
a. WANs
b. Intranets
*c. VPNs
d. Extranets
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 9
Answer: c Virtual private networks (VPNs) use Internet technology to transmit
data between sites. The data is encrypted as it travels from site to site.
Lecture(s)/Slide(s): 7/16
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 10
Related documents
the HIPAA quiz
the HIPAA quiz
7.3-Assessment-Key
7.3-Assessment-Key
Security of Health Information
Security of Health Information
Presentation Slides
Presentation Slides
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
“You have the Right”
“You have the Right”
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Download
advertisement