ExamGecko
Search Search Login
Home Home / ISC / HCISPP

ISC HCISPP Practice Test - Questions Answers, Page 2

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following statements is NOT correct?
If you see other staff violating privacy policies you should?
The First Blue Cross plan was given to teachers at Baylor University allowing them 21 days of hospital care at six dollars a year.
DRAG DROP During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. What is the best approach for the CISO? Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.
Substance abuse regulations do not allow disclosure with a subpoena unless a court has issued an order following a show cause hearing.
The criminal penalties for improperly disclosing patient health information can be as high as fines of $250,000 and prison sentences of up to 10 years.
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
You receive a call from staff at a local hospital stating that they need information regarding a former client of yours who is scheduled for surgery. They fax you a release of information form which only authorizes the release of medications but the person on the phone is asking for dates of treatment and diagnoses. How would you respond?
You always abide by the HIPAA privacy rule.

Question 11

Report
Export
Collapse

Title II of HIPPA includes a section, Administrative Simplification, not requiring:

A.
Improved efficiency in healthcare delivery by standardizing electronic data interchange
A.
Improved efficiency in healthcare delivery by standardizing electronic data interchange
Answers
B.
Protection of confidentiality of health data through setting and enforcing standards
B.
Protection of confidentiality of health data through setting and enforcing standards
Answers
C.
Protection of security of health data through setting and enforcing standards
C.
Protection of security of health data through setting and enforcing standards
Answers
D.
Protection of availability of health data through setting and enforcing standards
D.
Protection of availability of health data through setting and enforcing standards
Answers
Suggested answer: D

Question 12

Report
Export
Collapse

Who is not affected by HIPPA?

A.
clearing houses
A.
clearing houses
Answers
B.
banks
B.
banks
Answers
C.
universities
C.
universities
Answers
D.
billing agencies
D.
billing agencies
Answers
Suggested answer: B

Question 13

Report
Export
Collapse

HIPPA results in

A.
sweeping changed in some healthcare transaction and administrative information systems
A.
sweeping changed in some healthcare transaction and administrative information systems
Answers
B.
sweeping changes in most healthcare transaction and administrative information systems
B.
sweeping changes in most healthcare transaction and administrative information systems
Answers
C.
minor changes in most healthcare transaction and administrative information systems
C.
minor changes in most healthcare transaction and administrative information systems
Answers
D.
no changes in most healthcare transaction and minor changes in administrative information systems
D.
no changes in most healthcare transaction and minor changes in administrative information systems
Answers
Suggested answer: B

Question 14

Report
Export
Collapse

A health plan may conduct its covered transactions through a clearinghouse, and may require a provider to conduct covered transactions with it through a clearinghouse. The incremental cost of doing so must be borne

A.
by the HIPPA authorities
A.
by the HIPPA authorities
Answers
B.
by the health plan
B.
by the health plan
Answers
C.
by any other entity but the health plan
C.
by any other entity but the health plan
Answers
D.
by insurance companies
D.
by insurance companies
Answers
Suggested answer: B

Question 15

Report
Export
Collapse

Covered entities (certain health care providers, health plans, and health care clearinghouses) are not required to comply with the HIPPA Privacy Rule until the compliance date. Covered entities may, of course, decide to:

A.
unvoluntarily protect patient health information before this date
A.
unvoluntarily protect patient health information before this date
Answers
B.
voluntarily protect patient health information before this date
B.
voluntarily protect patient health information before this date
Answers
C.
after taking permission, voluntarily protect patient health information before this date
C.
after taking permission, voluntarily protect patient health information before this date
Answers
D.
compulsorily protect patient health information before this date
D.
compulsorily protect patient health information before this date
Answers
Suggested answer: B

Question 16

Report
Export
Collapse

The HIPPA task force must first

A.
inventory the organization's systems, processes, policies, procedures and data to determine which elements are critical to patient care and central to the organization's business
A.
inventory the organization's systems, processes, policies, procedures and data to determine which elements are critical to patient care and central to the organization's business
Answers
B.
inventory the organization's systems, processes, policies, procedures and data to determine which elements are non critical to patient care and central to the organization's business
B.
inventory the organization's systems, processes, policies, procedures and data to determine which elements are non critical to patient care and central to the organization's business
Answers
C.
inventory the organization's systems, processes, policies, procedures and data to determine which elements are critical to patient complaints and central to the organization's peripheral businesses
C.
inventory the organization's systems, processes, policies, procedures and data to determine which elements are critical to patient complaints and central to the organization's peripheral businesses
Answers
D.
modify the organization's systems, processes, policies, procedures and data to determine which elements are critical to patient care and central to the organization's business
D.
modify the organization's systems, processes, policies, procedures and data to determine which elements are critical to patient care and central to the organization's business
Answers
Suggested answer: A

Question 17

Report
Export
Collapse

The confidentiality of alcohol and drug abuse patient records maintained by this program is protected by federal law and regulations. Generally, the program may not say to a person outside the program that a patient attends the program, or disclose any information identifying a patient as an alcohol or drug abuser even if:

A.
The person outside the program gives a written request for the information
A.
The person outside the program gives a written request for the information
Answers
B.
the patient consent in writing
B.
the patient consent in writing
Answers
C.
the disclosure is allowed by a court order
C.
the disclosure is allowed by a court order
Answers
D.
the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.
D.
the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.
Answers
Suggested answer: D

Explanation:

Incident handling is not related to disaster recovery, it is related to security incidents.

Explanation:

Question 18

Report
Export
Collapse

What is a Covered Entity? The term "Covered Entity" is defined in 160.103 of the regulation.

A.
The definition is complicate and long.
A.
The definition is complicate and long.
Answers
B.
The definition is referred to in the Secure Computing Act
B.
The definition is referred to in the Secure Computing Act
Answers
C.
The definition is very detailed.
C.
The definition is very detailed.
Answers
D.
The definition is deceptively simple and short
D.
The definition is deceptively simple and short
Answers
Suggested answer: D

Question 19

Report
Export
Collapse

Are employers required to submit enrollments by the standard transactions?

A.
Though Employers are not CEs and they have to send enrollment using HIPPA standard transactions. However, the employer health plan IS a CE and must be able to conduct applicable transactions using the HIPPA standards
A.
Though Employers are not CEs and they have to send enrollment using HIPPA standard transactions. However, the employer health plan IS a CE and must be able to conduct applicable transactions using the HIPPA standards
Answers
B.
Employers are not CEs and do not have to send enrollment using HIPPA standard transactions.However, the employer health plan IS a CE and must be able to conduct applicable transactions using the HIPPA standards.
B.
Employers are not CEs and do not have to send enrollment using HIPPA standard transactions.However, the employer health plan IS a CE and must be able to conduct applicable transactions using the HIPPA standards.
Answers
C.
Employers are CEs and have to send enrollment using HIPPA standard transactions. However, the employer health plan IS a CE and must be able to conduct applicable transactions using the HIPPA standards.
C.
Employers are CEs and have to send enrollment using HIPPA standard transactions. However, the employer health plan IS a CE and must be able to conduct applicable transactions using the HIPPA standards.
Answers
D.
Employers are CEs and do not have to send enrollment using HIPPA standard transactions. Further, the employer health plan IS also a CE and must be able to conduct applicable transactions using the HIPPA standards.
D.
Employers are CEs and do not have to send enrollment using HIPPA standard transactions. Further, the employer health plan IS also a CE and must be able to conduct applicable transactions using the HIPPA standards.
Answers
Suggested answer: B

Question 20

Report
Export
Collapse

The HIPPA task force must inventory the organization's systems, processes, policies, procedures and data to determine which elements are critical to patient care and central to the organizations business. All must be inventoried and listed by

A.
by priority as well as encryption levels, authenticity, storage-devices, availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused and carefully document all the criteria used.
A.
by priority as well as encryption levels, authenticity, storage-devices, availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused and carefully document all the criteria used.
Answers
B.
by priority and cost as well as availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused and carefully document all the criteria used.
B.
by priority and cost as well as availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused and carefully document all the criteria used.
Answers
C.
by priority as well availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused but need not document all the criteria used.
C.
by priority as well availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused but need not document all the criteria used.
Answers
D.
by priority as well as availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused and carefully document all the criteria used.
D.
by priority as well as availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused and carefully document all the criteria used.
Answers
Suggested answer: D
Total 305 questions
Go to page: of 31
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms