Exam (elaborations)
The HIPAA Privacy Rule_ QUESTIONS AND ANSWERS
- Course
- Institution
The HIPAA Privacy Rule_ QUESTIONS AND ANSWERS
[Show more]
Content preview
The HIPAA Privacy Rule:A breach as defined by the DoD is broader than a HIPAA breach (or breach defined by HHS). -
questions and answers-True
A covered entity (CE) must have an established complaint process. - questions and
answers-True
A Privacy Impact Assessment (PIA) is an analysis of how information is handled: - questions
and answers-All of the above
To ensure handling conforms to applicable legal, regulatory, and policy requirements regarding
privacy
To determine the risks and effects of collecting, maintaining and disseminating information in
identifiable form in an electronic information system
To examine and evaluate protections and alternative processes for handling information to
mitigate potential privacy risks
A Privacy Impact Assessment (PIA) is an analysis of how information is handled: - questions
and answers-Physical measures, including policies and procedures that are used to protect
electronic information systems and related buildings and equipment, from natural and
environmental hazards, and unauthorized intrusion
(correct)
Administrative safeguards are: - questions and answers-A. Administrative actions, and policies
and procedures that are used to manage the selection, development, implementation and
maintenance of security measures to protect electronic PHI (ePHI). These safeguards also
outline how to manage the conduct of the workforce in relation to the protection of ePHI
An incidental use or disclosure is not a violation of the HIPAA Privacy Rule if the covered entity
(CE) has: - questions and answers-All of the above (answer)
Implemented the minimum necessary standard
Established appropriate administrative safeguards
Established appropriate physical and technical safeguards
Elements of a risk analysis include: - questions and answers-Defining the scope of the analysis
to include all ePHI the CE creates, receives, maintains and transmits, and documenting where
the ePHI is located
, Identifying and documenting reasonably anticipated and potential threats specific to the CE's
operating environment and vulnerabilities which, if exploited by a threat, would create a risk of
an inappropriate use or disclosure of ePHI
Assessing existing security measures
Determining and documenting the potential impact and risk to the confidentiality, integrity and
availability of ePHI
Periodically reviewing and updating the risk analysis
ePHI - questions and answers-ePHI is PHI that is created, received, maintained, or transmitted
in electronic media by a HIPAA CE or BA.
Fundamental objectives of information security: - questions and answers-Confidentiality
## Integrity
## Availability
If an individual believes that a DoD covered entity (CE) is not complying with HIPAA, he or she
may file a complaint with the: - questions and answers-All of the above (answer)
DHA Privacy Office
HHS Secretary
MTF HIPAA Privacy Officer
In which of the following circumstances must an individual be given the opportunity to agree or
object to the use and disclosure of their PHI? - questions and answers-A and C (answer)
a). Before their information is included in a facility directory
b). Before PHI directly relevant to a person's involvement with the individual's care or payment
of health care is shared with that person
Information security: - questions and answers-the process of protecting data from unauthorized
access, destruction, modification, or disruption
physical safeguard in the form of an access control to a secure area of the Valley Forge MTF. -
questions and answers-Pursuant to the HIPAA Security Rule, covered entities must maintain
secure access (for example, facility door locks) in areas where PHI is located. Allowing an
unidentified individual to bypass a security entrance in this scenario violates the HIPAA Security
Rule and exposes the MTF and its patients to a potential breach situation.
Physical safeguards are: - questions and answers--Administrative actions, and policies and
procedures that are used to manage the selection, development, implementation and
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller lizmwikali72. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75759 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now