Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

7.3-Assessment-Key

advertisement 
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
The CAHIMS Exam Preparation Course
and the CAHIMS exam are the result of
collaboration between the Life Science
Informatics Center at Bellevue College
and the Healthcare Information and
Management Systems Society (HIMSS).
Significant content found in the CAHIMS
Exam Preparation Course stems from the
Office of the National Coordinator for
Health Information Technology. Creation
of the CAHIMS Exam Preparation Course
and the CAHIMS exam was made
possible through support from the National
Science Foundation (NSF).
Curriculum Team:
Margaret Schulte, DBA
Michèle Royer, PhD
Nathan Savage, MLIS
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Section 7 - Privacy and Security
Lesson 7.3 - Data and Systems Security Management
Assessment Questions Answer Key
Lectures 1 & 2
1. Which of the following is an advantage of electronic health records compared
to paper records?
a. Electronic records can be transported over networks as long as encryption is
not used during transport.
b. With electronic records, it is not necessary to prepare for potential disasters,
such as fires and natural catastrophes, which affect paper records.
*c. Electronic records allow for fine-tuned control of access permissions,
potentially putting patients in control of their health information.
Answer: C. Electronic records allow for fine-tuned control of access permissions,
potentially putting patients in control of their health information.
Lecture/Slide: 1/3
2. Which of the following terms describes the practices a provider employs to
protect patients’ privacy rights?
a. privacy
*b. confidentiality
c. security
d. integrity
Answer: B. Confidentiality
Lecture/Slide: 1/4
3. Which of the following terms refers to the specific safeguards or controls that
are put in place to ensure the confidentiality of patient data?
a. privacy
b. confidentiality
*c. security
d. Integrity
Answer: C. Security
Lecture/Slide: 1/4
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 1
4. Which of the following security management system standards is specific to
the health care sector?
*a. HIPAA Security Rule
b. ISO 27001
c. NIST 800-53
d. PCI DSS
Answer: A. HIPAA Security Rule
Lecture/Slide: 1/5
5. EPHI is a common acronym in health care, which stands for:
a. employer protected health inquiry
b. employer processed health information
c. electronic processed health information
*d. electronic protected health information
Answer: D. Electronic protected health information
Lecture/Slide: 1/6
6. Which of the following is NOT typically used to categorize types of security
safeguards?
a. administrative safeguards
*b. complacent safeguards
c. physical safeguards
d. technical safeguards
Answer: B. Complacent safeguards
Lecture/Slide: 1/8
7. Which of the following is NOT part of the Security Management Process?
a. risk analysis
b. risk management
*c. risk prevention
d. system activity review
Answer: C. Risk prevention
Lecture/Slide: 1/9
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 2
8. Which of the following is an example of a workstation as defined in the HIPAA
Security Rule?
a. desktop computer
b. laptop
c. USB drive
*d. all of the above
Answer: D. All of the above
Lecture/Slide: 2/3
9. Before sending unneeded computer equipment containing EPHI away for
surplus or resale, you should:
a. Delete files containing EPHI from the computer simply using the delete
function of the operating system.
b. Change the passwords of all users accessing the system, preventing access
to all EPHI.
*c. Remove the hard drives from the computer equipment for destruction, or
perform a secure deletion of all data using special methods that ensures data on
magnetic media is completely unreadable.
d. Make sure that whoever acquires the computer equipment agrees not to hold
you liable for any EPHI contained on the equipment.
Answer: C. Remove the hard drives from the computer equipment for
destruction, or perform a secure deletion of all data using special methods that
ensures data on magnetic media is completely unreadable.
Lecture/Slide: 2/4
10. Which of the following is an example of two-factor authentication?
*a. requiring a user to provide a password along with a smart card to access an
EHR
b. a physician having access to more patient information in an EHR than an
administrative user
c. enforcing complexity requirements when changing a password
d. biometric authentication
Answer: A. Requiring a user to provide a password along with a smart card to
access an EHR
Lecture/Slide: 2/7
This work is funded by the National Science Foundation
Advanced Technological Education Grant 1003223
Page 3
Related documents
8.3-Assessment-Key
8.3-Assessment-Key
9.4-Assessment-Key
9.4-Assessment-Key
2.2-Assessment-Key
2.2-Assessment-Key
5.2-Assessment-Key
5.2-Assessment-Key
Electronic Information – Security What Researchers Need
Electronic Information – Security What Researchers Need
HIPAA Factsheet
HIPAA Factsheet
4.1-Assessment-Key
4.1-Assessment-Key
3.4-Assessment-Key
3.4-Assessment-Key
presentation, part 1 ( format)
presentation, part 1 ( format)
7.1-Assessment-Key
7.1-Assessment-Key
NC DHHS Work Area Physical Safeguards Assessment for HIPAA
NC DHHS Work Area Physical Safeguards Assessment for HIPAA
“You have the Right”
“You have the Right”
Download
advertisement