ExamGecko
Search Search Login
Home Home / ISC / HCISPP

ISC HCISPP Practice Test - Questions Answers, Page 20

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following statements is NOT correct?
DRAG DROP During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. What is the best approach for the CISO? Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.
If you see other staff violating privacy policies you should?
The First Blue Cross plan was given to teachers at Baylor University allowing them 21 days of hospital care at six dollars a year.
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
Substance abuse regulations do not allow disclosure with a subpoena unless a court has issued an order following a show cause hearing.
You receive a call from staff at a local hospital stating that they need information regarding a former client of yours who is scheduled for surgery. They fax you a release of information form which only authorizes the release of medications but the person on the phone is asking for dates of treatment and diagnoses. How would you respond?
You always abide by the HIPAA privacy rule.
The criminal penalties for improperly disclosing patient health information can be as high as fines of $250,000 and prison sentences of up to 10 years.

Question 191

Report
Export
Collapse

HIPAA guidelines say employers that sponsor employee group health plans must maintain privacy of which __________________ in secured locations, if kept in the office?

A.
Information related to lawsuits again employers
A.
Information related to lawsuits again employers
Answers
B.
Enrollment and claim information
B.
Enrollment and claim information
Answers
C.
Workman's Compensation claims
C.
Workman's Compensation claims
Answers
D.
Deidentified information
D.
Deidentified information
Answers
Suggested answer: B

Explanation:

Enrollment and claim information must be kept locked and secured if maintained in office spaces.

Explanation:

Question 192

Report
Export
Collapse

Under HIPAA, Regional Health Information Organizations and Personal Health Record Vendors are considered to be:

A.
Health care clearinghouses
A.
Health care clearinghouses
Answers
B.
Business associates
B.
Business associates
Answers
C.
Covered entities
C.
Covered entities
Answers
D.
Personal health care vendors
D.
Personal health care vendors
Answers
Suggested answer: B

Explanation:

Under HIPAA, Regional Health Information Organizations and Personal Health Record Vendors are considered to be business associates.

Explanation:

Question 193

Report
Export
Collapse

What administrative safeguard puts into place measures to assure that only authorized persons have access to electronic personal health information?

A.
Log-in monitoring
A.
Log-in monitoring
Answers
B.
Information management
B.
Information management
Answers
C.
Workforce security
C.
Workforce security
Answers
D.
Termination procedures
D.
Termination procedures
Answers
Suggested answer: C

Explanation:

Workforce security puts into place measures to assure that only authorized persons have access to electronic personal health information.

Explanation:

Question 194

Report
Export
Collapse

Data collected without identifiers, never coded, that was never tied to an individual, thereby fully protecting health information is considered what form of data?

A.
Data aggregation
A.
Data aggregation
Answers
B.
Anonymous
B.
Anonymous
Answers
C.
Non-disclosed
C.
Non-disclosed
Answers
D.
Anonymized
D.
Anonymized
Answers
Suggested answer: B

Explanation:

Anonymous information is data collected without identifiers that were never tied to an individual.

Explanation:

Question 195

Report
Export
Collapse

Administrative Safeguards on Security Awareness related to electronic Protected Health Information (PHI) and Log-in Monitoring includes all, EXCEPT:

A.
Review the system's login reports at regular intervals
A.
Review the system's login reports at regular intervals
Answers
B.
Prohibit the sharing of passwords among any employees, paid or unpaid
B.
Prohibit the sharing of passwords among any employees, paid or unpaid
Answers
C.
Limit the number of attempts a computer user can make at a log-in attempt
C.
Limit the number of attempts a computer user can make at a log-in attempt
Answers
D.
Use of software that locks the user out of the system after a certain number of unsuccessful log-in attempts are made
D.
Use of software that locks the user out of the system after a certain number of unsuccessful log-in attempts are made
Answers
Suggested answer: B

Explanation:

The least appropriate answer is to prohibit the sharing of passwords among any employees, paid or unpaid.

Explanation:

Question 196

Report
Export
Collapse

Sammy applied for and received her National Provider Identifier online. What may she now do?

A.
Have guaranteed payment by a health plan
A.
Have guaranteed payment by a health plan
Answers
B.
Receive credentialing or licensing as a therapist provider
B.
Receive credentialing or licensing as a therapist provider
Answers
C.
Be guaranteed enrollment as a provider in a health plan
C.
Be guaranteed enrollment as a provider in a health plan
Answers
D.
Be identified as a unique health care provider during HIPAA transactions
D.
Be identified as a unique health care provider during HIPAA transactions
Answers
Suggested answer: D

Explanation:

Sammy may now be identified as a unique health care provider during HIPAA transactions.

Explanation:

Question 197

Report
Export
Collapse

Marcus, age 33, is fully competent to handle his own affairs. He is starting services with a covered entity, as defined by HIPAA, and has received a copy of the organization's privacy practices. How many signatures are going to be required on the receipt or acknowledgement form indicating Marcus received the required information?

A.
One
A.
One
Answers
B.
Three
B.
Three
Answers
C.
Four
C.
Four
Answers
D.
Two
D.
Two
Answers
Suggested answer: D

Explanation:

Two signatures are required on the receipt form. One signature from the client, Marcus, and one from a witness or staff member.

Explanation:

Question 198

Report
Export
Collapse

What is the title given to the group authorized by the HIPAA Privacy Rule to approve a waiver of authorization for the disclosure and/or use of personally identifiable health information?

A.
Cohort Group
A.
Cohort Group
Answers
B.
Institutional Review Board
B.
Institutional Review Board
Answers
C.
Privacy Board
C.
Privacy Board
Answers
D.
Board of Directors
D.
Board of Directors
Answers
Suggested answer: C

Explanation:

The Privacy Board is the group authorized by the HIPAA Privacy Rule to approve a waiver of authorization for the disclosure and/or use of personally identifiable health information.

Explanation:

Question 199

Report
Export
Collapse

Breach notification exceptions are provided to all, EXCEPT:

A.
Business associates who access information by good faith, unintentional means and do not further disclose information
A.
Business associates who access information by good faith, unintentional means and do not further disclose information
Answers
B.
Unintentional, good faith access by employees of covered entities if the information was not further disclosed
B.
Unintentional, good faith access by employees of covered entities if the information was not further disclosed
Answers
C.
If the information impacted less than 500 people within a single demographic area
C.
If the information impacted less than 500 people within a single demographic area
Answers
D.
Inadvertent disclosure made individual to individual within a covered entity who is authorized to access protected health information
D.
Inadvertent disclosure made individual to individual within a covered entity who is authorized to access protected health information
Answers
Suggested answer: C

Explanation:

Information impacting less than 500 individuals, regardless of their demographic area, is regarded as a breach unless one of the other three qualifiers is met.

Explanation:

Question 200

Report
Export
Collapse

Handled the first bioterrorism attack in the mail. Also replaced Health Care Financing Administration.

A.
Joint Commission
A.
Joint Commission
Answers
B.
CMS
B.
CMS
Answers
C.
HIPPA
C.
HIPPA
Answers
Suggested answer: B
Total 305 questions
Go to page: of 31
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms