What are the main sections of the HIPAA Security Rule?
Physical, technical, administrative, and organizational safeguards
2. True or false: One
... [Show More] purpose of establishing the Privacy Rule was to protect and enhance the rights of healthcare consumers by providing them access to their health information and ensure the appropriate use of that information.
True
Describe the difference between privacy, confidentiality, and security.
-Privacy is the right of an individual to be let alone; refers to who should have access, what constitutes the patient's rights to confidentiality, and what constitutes inappropriate access to health records.
-Confidentiality is when data or information is not made available or disclosed to unauthorized persons or processes and establishes how the records (or the systems that hold those records) should be protected from inappropriate access.
-Security is the means by which the privacy and confidentiality of information is maintained
True or false: The minimum necessary standard requires a covered entity or business associate to make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.
True
The Breach Notification Rule requires covered entities to do which of the following?
Establish a process for investigating whether a breach occurred and Notify affected individuals when a breach occurs
If state law mandated more requirements on an authorization that the HIPAA regulations, the state law is considered to be
Stringent
How many identifiers are required to be removed during de-identification under the safe harbor method?
18
True or false: If a patient requests that his or her name is removed from the hospital directory, the hospital must comply and remove the patient's name.
True
True or false: PHI can be used and disclosed without permission of the patient if the PHI is deidentified
True
If an attorney comes in to request medical records for a malpractice case that he or she is assigned to, what documentation requirements are necessary to release the records, and what type of verification should be completed prior to releasing the records
Documentation to release records: Authorization for Disclosure of PHI signed by the patient (or representative) ● Verification: Identification of attorney Link to the law firm by attorney (request on letter head, business card, and such)
What are the three basic methods to address risk after a HIPAA risk analysis?
Mitigate, transfer and accept.
True or false: The HIPAA Security Rule requires an organization to review system activity only when a security breach occurs
False
When establishing an audit and monitoring program, the first step is
Determine which systems produce audit logs
True or false: Data in motion are data stored within a database or on a server where it is no longer being used or access.
False, it is data in the process of being transmitted from one location to another
Which of the following is a potential impact of a virus getting onto an end-user device?
Modified or deleted files.
The process of an end user logging into an electronic system using specific credentials defined by the organization is called
User authentication [Show Less]