Please review all the HIPAAwise™  Quiz 3 answers below:
Question 1 - The Security Rule's requirements are organized into which of the following three categories:
  • Administrative, Non-Administrative, and Technical safeguards
  • Physical, Technical, and Non-Technical safeguards
  • Answer:  Administrative, Physical, and Technical safeguards
  • Privacy, Security, and Electronic Transactions

Question 2 - The Security Rule allows Covered Entities and Business Associates to take into account:
  • Their size, complexity, and capabilities
  • Their technical infrastructure, hardware, and software security capabilities
  • The cost of security measures
  • The probability and critical nature of potential risks to ePHI
  • Their access to and use of ePHI
  • Answer:  All of the above

Question 3 - The HIPAA Security Rule is a technology neutral, federally mandated "floor" of protection whose primary objective is to protect the confidentiality, integrity, and availability of individually identifiable health information in electronic form when it is stored, maintained, or transmitted.
  • Answer:  True

Question 4 - Which of the following are EXEMPT from the HIPAA Security Rule?
  • Large health plans
  • Hospitals
  • Answer:  Covered Entities or Business Associates that do not create, receive, maintain, or transmit ePHI
  • Business Associates

Question 5 - Who must comply with the Security Rule?
  • Answer:  Any person or organization that stores or transmits individually identifiable health information electronically
  • All Covered Entities and Business Associates
  • Any government agency
  • Any for-profit organization

Question 6 - The HIPAA Security Rule was specifically designed to:
  • Protect the integrity, confidentiality, and availability of health information
  • Protect against unauthorized uses or disclosures
  • Protect against hazards such as floods, fire, etc.
  • Ensure members of the workforce and Business Associates comply with such safeguards
  • Answer:  All of the above

Question 7 - All of the following are part of the HITECH and Omnibus updates, EXCEPT:
  • Increased penalties and enforcement
  • Expanded privacy rights for individuals
  • Direct enforcement of Business Associates
  • Answer:  Ability to sell PHI without an individual's approval
  • Breach notification of unsecured PHI
  • Business Associate Contract required

Question 8 - All of the following are true regarding the Omnibus Rule, EXCEPT:
  • Became effective on March 26, 2013
  • Covered Entities and Business Associates had until September 23, 2013 to comply
  • Answer:  The Omnibus Rule nullifies the previous HITECH regulations and introduces many new provisions into the HIPAA regulations
  • The Omnibus Rules are meant to strengthen and modernize HIPAA by incorporating provisions of the HITECH Act and the GINA Act as well as finalizing, clarifying, and providing detailed guidance on many previous aspects of HIPAA

Question 9 - All of the following are true regarding the HITECH and Omnibus Updates, EXCEPT:
  • One of the major purposes of the HITECH Act was to stimulate and greatly expand the use of EHR to improve efficiency and reduce costs in the healthcare system and to provide stimulus to the economy
  • Answer:  It guarantees portability of an individual's insurance coverage from one job to another
  • It includes incentives related to health information technology and specific incentives for providers to adopt EHRs
  • It expands the scope of privacy and security protections available under HIPAA in anticipation of the massive expansion in the exchange of ePHI

Question 10 - ARRA stands for:
  • Answer:  American Recovery and Reinvestment Act
  • American Recovery and Responsibility Act
  • American Reinvestment and Recovery Act
  • None of the above

Question 11 - All of the following are true about Business Associate Contracts, EXCEPT:
  • Both Covered Entities and Business Associates are required to ensure that a Business Associate Contract is in place in order to be in compliance with HIPAA
  • Business Associates are required to ensure that Business Associate Contacts are in place with any of the Business Associate's subcontractors
  • Covered Entities are required to obtain 'satisfactory assurances' from Business Associates that PHI will be protected as required by HIPAA
  • Answer:  Business Associates are not required to obtain 'satisfactory assurances' from subcontractors that PHI will be protected as required by HIPAA

Question 12 - HITECH stands for:
  • HIPAA Information Technology
  • High Technology
  • Health Information Technology for Economic Change and Health
  • Answer:  Health Information Technology for Economic and Clinical Health

Question 13 - All of the following are implicatons of non-compliance with HIPAA, EXCEPT:
  • Financial Penalties
  • Public exposure that could lead to loss of market share
  • Answer:  Having to file a public notice of non-compliance in the newspaper
  • Loss of accreditation (JCAHO, NCQA, etc.)
  • Litigation damages
  • Imprisonment

Question 14 - What is the key to HIPAA compliance?
  • Managerial expertise
  • Answer:  Education
  • Organizational structure
  • Good legal counsel

Question 15 - When should you promote HIPAA awareness?
  • After the polices and procedures have been written
  • At the end of rollout and implementation
  • Answer:  At the very beginning of the compliance process
  • After employees have been trained

Services

Implementation

Company

About Us
Partners
Security

Support

Contact
© COPYRIGHT 2017. ALL RIGHTS RESERVED.