Home / ISC / HCISPP

ISC HCISPP Practice Test - Questions Answers

Question list

List of questions

Question 1

(0)

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed i

Question 2

(0)

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

Question 3

(0)

Which of the BEST internationally recognized standard for evaluating security products and systems?

Question 4

(0)

The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health infor

Question 5

(0)

Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?

Question 6

(0)

Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?

Question 7

(0)

Which of the following is the BEST reason for the use of security metrics?

Question 8

(0)

Which of the following is the BEST reason for writing an information security policy?

Question 9

(0)

A covered healthcare provider which a direct treatment relationship with an individual need not:

Question 10

(0)

Health Information Rights although your health record is the physical property of the healthcare practitioner or facility that compiled it, the information belongs to you. You do not have the right

Related questions

Which of the following statements is NOT correct?

DRAG DROP During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. What is the best approach for the CISO? Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.

If you see other staff violating privacy policies you should?

The First Blue Cross plan was given to teachers at Baylor University allowing them 21 days of hospital care at six dollars a year.

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

Substance abuse regulations do not allow disclosure with a subpoena unless a court has issued an order following a show cause hearing.

You receive a call from staff at a local hospital stating that they need information regarding a former client of yours who is scheduled for surgery. They fax you a release of information form which only authorizes the release of medications but the person on the phone is asking for dates of treatment and diagnoses. How would you respond?

You always abide by the HIPAA privacy rule.

The criminal penalties for improperly disclosing patient health information can be as high as fines of $250,000 and prison sentences of up to 10 years.

Question 1

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

Document the system as high risk

Perform a vulnerability assessment

Perform a quantitative threat assessment

Notate the information and move on

Show Answer Comment (0)

Question 2

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

Public Key Infrastructure (PKI) and digital signatures

Trusted server certificates and passphrases

User ID and password

Asymmetric encryption and User ID

Show Answer Comment (0)

Question 3

Which of the BEST internationally recognized standard for evaluating security products and systems?

Payment Card Industry Data Security Standards (PCI-DSS)

Common Criteria (CC)

Health Insurance Portability and Accountability Act (HIPAA)

Sarbanes-Oxley (SOX)

Show Answer Comment (0)

Question 4

The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health information (PHI) data leak?

Auditing

Anonymization

Privacy monitoring

Data retention

Show Answer Comment (0)

Question 5

Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?

Internal audit

Internal controls

Board review

Risk management

Show Answer Comment (0)

Question 6

Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?

poor governance over security processes and procedures

immature security controls and procedures

variances against regulatory requirements

unanticipated increases in security incidents and threats

Show Answer Comment (0)

Question 7

Which of the following is the BEST reason for the use of security metrics?

They ensure that the organization meets its security objectives.

They provide an appropriate framework for Information Technology (IT) governance.

They speed up the process of quantitative risk assessment.

They quantify the effectiveness of security processes.

Show Answer Comment (0)

Question 8

Which of the following is the BEST reason for writing an information security policy?

To support information security governance

To reduce the number of audit findings

To deter attackers

To implement effective information security controls

Show Answer Comment (0)

Question 9

A covered healthcare provider which a direct treatment relationship with an individual need not:

provide the notice no later than the date of the first service delivery, including service delivered electronically

have the notice available at the service delivery site for individuals to request and keep

get a acknowledgement of the notice from each individual on stamped paper

post the notice in a clear and prominent location where it is reasonable to expect individuals seeking service from the covered healthcare provider to be able to read it

Show Answer Comment (0)

Question 10

Health Information Rights although your health record is the physical property of the healthcare practitioner or facility that compiled it, the information belongs to you. You do not have the right to:

obtain a paper copy of the notice of information practices upon request inspect and obtain a copy of your health record as provided for in 45 CFR 164.524

request a restriction on certain uses and disclosures of your information outside the terms as provided by 45 CFR 164.522

amend your health record as provided in 45 CFR 164.528 obtain an accounting of disclosures of your health information as provided in 45 CFR 164.528

revoke your authorization to use or disclose health information except to the extent that action has already been taken

Show Answer Comment (0)

Total 305 questions

1 2 3 4 5

Go to page: of 31