HCISPP HealthCare Information Security and Privacy Practitioner Questions and Answers

True

False

It may serve to create unnecessary code complexity

It may not enforce job separation duties

It may create unnecessary application hardening

It may allow malicious code to be inserted

Say nothing. It's none of your business.

Watch the individual until you have gathered solid evidence against them.

Report your suspicions to your clinical supervisor for further follow-up.

Coder

Consultant

Medical Transcriptionist

No, a client is not allowed to have access to any part of a mental health record, with or without psychotherapy notes

Generally, including conditioning enrollment in a plan on the client granting authorization for disclosure of psychotherapy notes

Yes, and client is entitled to all of the same information in both settings

Generally, psychotherapy notes are not included in the provision that allows clients to see and copy their health information

To recruit physicians to provide services in physician shortage areas in the U.S.

To recruit physicians from abroad to work in the United States

To send U.S. physicians to developing countries to provide services to the indigent

To recruit physicians into the military

Discourage the overuse of services among patients.

Discourage physicians from overcharging patients.

Encourage patients to utilize more health care services.

Encourage physicians to provide more effective health care services.

True

False

Business associates now must notify clients directly of privacy breaches, as if they were a covered entity

There are no significant changes in business associate practices

Covered entities have increase responsibilities to ensure the practice of business associates

Business associates are no longer required to notify clients directly of privacy breaches

AAPC

ACMCS

AHIMA

NCRA

Yes

No

Security

Privacy

Access

Availability

Locks on medical records rooms

Passwords to access computerized records

Rules that prohibit employees from looking at records unless they have a need to know

All of the above

There are numerous health plans, which is difficult for providers to handle

Payments are not standardized across health plans

Some healthcare services are covered for people in the north, but not in the south

Government programs required extensive documentation proving services were provided before paying providers

White

Black or African American

Asian or Pacific Islander

Hispanic

Standardization of electronic patient health, administrative and financial data

Unique health identifiers for individuals, employers, health plans, and health care providers.

Common health identifiers for individuals, employers, health plans and health care providers.

Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

by the HIPPA authorities

by the health plan

by any other entity but the health plan

by insurance companies

The Office of Civil Rights of the Department of Confidentiality Services is responsible for enforcement of these rules

The Office of Civil Rights of the Department of Health and Human Services is responsible for enforcement of these rules

The Office of Health Workers Rights of the Department of Health and Human Services in responsible for enforcement of these rules

The Department of Civil Rights of the Office of Health and Human Services is responsible for enforcement of these rules

White

Black or African American

Asian or Pacific Islander

Hispanic

Data aggregation

Anonymous

Non-disclosed

Anonymized

Wasteful

Costly

Potentially harmful

All of the above

Primary

Secondary

Quaternary

determine the risk of a business interruption occurring

determine the technological dependence of the business processes

Identify the operational impacts of a business interruption

Identify the financial impacts of a business interruption

obtain a paper copy of the notice of information practices upon request inspect and obtain a copy of your health record as provided for in 45 CFR 164.524

request a restriction on certain uses and disclosures of your information outside the terms as provided by 45 CFR 164.522

amend your health record as provided in 45 CFR 164.528 obtain an accounting of disclosures of your health information as provided in 45 CFR 164.528

revoke your authorization to use or disclose health information except to the extent that action has already been taken

Development, testing, and deployment

Prevention, detection, and remediation

People, technology, and operations

Certification, accreditation, and monitoring

provide the notice no later than the date of the first service delivery, including service

delivered electronically

have the notice available at the service delivery site for individuals to request and keep

get a acknowledgement of the notice from each individual on stamped paper

post the notice in a clear and prominent location where it is reasonable to expect individuals

seeking service from the covered healthcare provider to be able to read it

For Profit

Not for Profit

Current database of what personnel has access to buildings, offices, filing cabinets, computers, and databases

New employees, contractors, and unpaid staff have references checked

Appropriate exit interviews for outgoing personnel

Discretion given to who does and does not have access to secure office spaces or keys/door codes

True

False

Flemming

Koch

Fracastoro

Bill

Contains all levels of care, from primary to tertiary

Provides the necessary staff for this full spectrum of care

Provides the necessary facility for all levels of care

All of the above.

Medicare Part A

Medicare Part B

Both A and B

None of the above

Elderly

Vulnerable

Underinsured

Politically above

Providing benefits in excess of premiums to those who become ill.

Setting premiums based on community experience, rather than that of subgroups.

Charging the same premium for high-risk and low-risk populations.

All of the above

Aggregate it into one database in the US

Process it in the US, but store the information in France

Share it with a third party

Anonymize it and process it in the US

Ensure the fire prevention and detection systems are sufficient to protect personnel

Review the architectural plans to determine how many emergency exits are present

Conduct a gap analysis of a new facilities against existing security requirements

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Fee-for-service with utilization review

Preferred provide organizations (PPOs)

Health maintenance organizations (HMOs)

All of the above.

Internal audit

Internal controls

Board review

Risk management

The purpose of the disclosure

A description of what information was sent

Disclosures for treatment, payment, or health care operations

The dates of disclosure and to whom the information was sent

Robert Koch

Edward Jenner

Louis Pasteur

Ben Franklin and Edward Jenner

Rob and Jackson

Flemming and Koch

Crawford Long and William T.G Morton