ExamGecko
Search Search Login
Home Home / ISC / HCISPP

ISC HCISPP Practice Test - Questions Answers, Page 18

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following statements is NOT correct?
DRAG DROP During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. What is the best approach for the CISO? Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.
If you see other staff violating privacy policies you should?
The First Blue Cross plan was given to teachers at Baylor University allowing them 21 days of hospital care at six dollars a year.
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
Substance abuse regulations do not allow disclosure with a subpoena unless a court has issued an order following a show cause hearing.
You receive a call from staff at a local hospital stating that they need information regarding a former client of yours who is scheduled for surgery. They fax you a release of information form which only authorizes the release of medications but the person on the phone is asking for dates of treatment and diagnoses. How would you respond?
You always abide by the HIPAA privacy rule.
The criminal penalties for improperly disclosing patient health information can be as high as fines of $250,000 and prison sentences of up to 10 years.

Question 171

Report
Export
Collapse

Part of Administrative Safeguards under HIPAA is Workforce Security measures. Which is NOT a key element of a Workforce Security Element?

A.
Identification of barriers to client electronic Personal Health Information
A.
Identification of barriers to client electronic Personal Health Information
Answers
B.
Clearance Procedures
B.
Clearance Procedures
Answers
C.
Termination Procedures
C.
Termination Procedures
Answers
D.
Authorization and Supervision
D.
Authorization and Supervision
Answers
Suggested answer: A

Explanation:

Identification of barriers to client electronic Personal Health Information is more indicative of Risk Assessment, not Workforce Security.

Explanation:

Question 172

Report
Export
Collapse

What is impact of the HITECH Act in relation to HIPAA requirements and maintaining client records electronically?

A.
There is a push toward paper records to prevent the hacking and electronic violation of electronic records, which is easily done without detection
A.
There is a push toward paper records to prevent the hacking and electronic violation of electronic records, which is easily done without detection
Answers
B.
Providers must now maintain client records electronically, but may continue to provide clients a paper copy when access is requested
B.
Providers must now maintain client records electronically, but may continue to provide clients a paper copy when access is requested
Answers
C.
There is no requirement to maintain client records electronically, but clients have the right to insist on electronic access to an electronic health record, if it exists
C.
There is no requirement to maintain client records electronically, but clients have the right to insist on electronic access to an electronic health record, if it exists
Answers
D.
Electronic records now face intensified scrutiny, requiring practitioners to implement more sophisticated software and detailed accounting of records Your answer: Electronic records now face intensified scrutiny, requiring practitioners to implement more sophisticated software and detailed accounting of records
D.
Electronic records now face intensified scrutiny, requiring practitioners to implement more sophisticated software and detailed accounting of records Your answer: Electronic records now face intensified scrutiny, requiring practitioners to implement more sophisticated software and detailed accounting of records
Answers
Suggested answer: C

Explanation:

The impact of the HITECH Act in relation to HIPAA requirements and maintaining client records electronically is that there is no requirement yet to maintain client records electronically, but clients have the right to insist on electronic access to an electronic health record, if it exists.

Explanation:

Question 173

Report
Export
Collapse

Which is NOT one of the three major categories of Security Safeguards identified by HIPAA in the regulations?

A.
Administrative
A.
Administrative
Answers
B.
Professional
B.
Professional
Answers
C.
Physical
C.
Physical
Answers
D.
Technical
D.
Technical
Answers
Suggested answer: B

Explanation:

The three identified major categories of Security Safeguards are administrative, physical, and technical.

Explanation:

Question 174

Report
Export
Collapse

A therapist's client requests an accounting of disclosures of their medical record. What should that therapist do?

A.
Pull the file with the accounting of disclosures for the client
A.
Pull the file with the accounting of disclosures for the client
Answers
B.
Explain that disclosures are allowed as long as the client's information is deidentified or the client consents
B.
Explain that disclosures are allowed as long as the client's information is deidentified or the client consents
Answers
C.
Refer the client to the agency's Privacy Officer
C.
Refer the client to the agency's Privacy Officer
Answers
D.
Review the client's releases of information with the client
D.
Review the client's releases of information with the client
Answers
Suggested answer: C

Question 175

Report
Export
Collapse

Which is NOT consistent with Personnel Clearance Procedures needed to comply with HIPAA Administrative Safeguards?

A.
Current database of what personnel has access to buildings, offices, filing cabinets, computers, and databases
A.
Current database of what personnel has access to buildings, offices, filing cabinets, computers, and databases
Answers
B.
New employees, contractors, and unpaid staff have references checked
B.
New employees, contractors, and unpaid staff have references checked
Answers
C.
Appropriate exit interviews for outgoing personnel
C.
Appropriate exit interviews for outgoing personnel
Answers
D.
Discretion given to who does and does not have access to secure office spaces or keys/door codes
D.
Discretion given to who does and does not have access to secure office spaces or keys/door codes
Answers
Suggested answer: C

Explanation:

Appropriate exit interviews for outgoing personnel is least consistent with personnel clearance procedures needed to comply with Administrative Safeguards.

Explanation:

Question 176

Report
Export
Collapse

Marcus is responsible for security management within a HIPAA-covered entity. He is reviewing administrative safeguards and examining the organization's risk analysis. Which element is NOT part of risk analysis?

A.
Developing adequate communication with all contractors, interns, and staff in relation to the agency's security policies
A.
Developing adequate communication with all contractors, interns, and staff in relation to the agency's security policies
Answers
B.
Assessing vulnerabilities of integrity and availability of electronic personal health information
B.
Assessing vulnerabilities of integrity and availability of electronic personal health information
Answers
C.
Determining how client electronic personal health information confidentiality may be compromised
C.
Determining how client electronic personal health information confidentiality may be compromised
Answers
D.
Determining barriers in existence to needed client electronic personal health information
D.
Determining barriers in existence to needed client electronic personal health information
Answers
Suggested answer: A

Explanation:

Developing communication is not a function of risk analysis.

Explanation:

Question 177

Report
Export
Collapse

Under the HIPAA Privacy Rule, who is NOT considered a covered entity?

A.
Clearinghouse
A.
Clearinghouse
Answers
B.
Client patient
B.
Client patient
Answers
C.
Health practitioner
C.
Health practitioner
Answers
D.
Third party
D.
Third party
Answers
Suggested answer: B

Explanation:

A health care provider, health plan, and a clearinghouse are all considered covered entities. HIPAA compliance is required of all covered entities.

Explanation:

Question 178

Report
Export
Collapse

Which is NOT an element of Security Awareness Training?

A.
Determination that all staff will receive security training
A.
Determination that all staff will receive security training
Answers
B.
Policy related to documentation of all security training
B.
Policy related to documentation of all security training
Answers
C.
Procedural issues of who will terminate user access
C.
Procedural issues of who will terminate user access
Answers
D.
Training on vulnerabilities of the electronic Protected Health Information policies
D.
Training on vulnerabilities of the electronic Protected Health Information policies
Answers
Suggested answer: C

Explanation:

Procedural issues of who will terminate user access in not an element of Security Awareness Training.

Explanation:

Question 179

Report
Export
Collapse

Under HIPAA Administrative Simplification, what must covered entities do in relation to submission of claims?

A.
Provide standardized format in electronic or paper form
A.
Provide standardized format in electronic or paper form
Answers
B.
Request permission for use of specific privacy software
B.
Request permission for use of specific privacy software
Answers
C.
Purchase and install approved privacy software
C.
Purchase and install approved privacy software
Answers
D.
Provide standardized electronic claim formatting
D.
Provide standardized electronic claim formatting
Answers
Suggested answer: D

Explanation:

Under HIPAA Administrative Simplification, covered entities must provide standardized electronic claims`

Explanation:

Question 180

Report
Export
Collapse

As of 2010, what is different with regard to business associates and HIPAA protections?

A.
Business associates now must notify clients directly of privacy breaches, as if they were a covered entity
A.
Business associates now must notify clients directly of privacy breaches, as if they were a covered entity
Answers
B.
There are no significant changes in business associate practices
B.
There are no significant changes in business associate practices
Answers
C.
Covered entities have increase responsibilities to ensure the practice of business associates
C.
Covered entities have increase responsibilities to ensure the practice of business associates
Answers
D.
Business associates are no longer required to notify clients directly of privacy breaches
D.
Business associates are no longer required to notify clients directly of privacy breaches
Answers
Suggested answer: A

Explanation:

As of 2010, business associates must notify clients directly of privacy breaches, as if they were a covered entity.

Explanation:

Total 305 questions
Go to page: of 31
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms