1) What is the main goal of a HIPAA risk analysis? 45 CFR §164.308(a)(1)(ii)(A) a) improve hospital marketing b) to assess threats to ePHI c) to evaluate employee attendance d) to reduce patient wait times 2) who is required to perform a HIPAA risk analysis? Citation: HHS.gov – HIPAA Security Rule a) only physicians  b) only large hospitals c) all covered entities and business associates d) only IT departments 3) Which of the following is a technical safeguard? Citation: 45 CFR §164.312(a)(1)  a) password protected doors b) unique user ID c) locked filing cabinets d) privacy notices 4) How often should risk analyses be conducted? Citation: HHS.gov Risk Analysis Guidance a) once at the time of system installation b) every 10 years c) only after a breach d) regularly and after major changes  5) What should be identified first in a risk analysis? Citation: HHS.gov – Risk Analysis Guidance a) billing errors b) staff training needs c) locations of ePHI d) cafeteria procedures 6) What is ePHI? Citation: 45 CFR §160.103 a) electronic health records for doctors b) employee performance history c) encrypted patient hospital index d) electronic protected health information 7) What should you do after discovering a possible breach ? Citation: 45 CFR §§ 164.400-414 a) ignore it b) wait until the next team meeting c) report it immediately to the privacy officer d) tell a coworker 8) Which of the following is NOT a required safeguard under HIPAA? Citation: 45 CFR §164.306 a) technical b) administrative c) physical d) virtual 9) what is the minimum necessary rule ? Citation: 45 CFR §164.502(b) a) share all patient data for convenience b) use only the minimum ePHI needed for a task c) limit access to only IT managers  d) avoid storing ePHI digitally  10) which of the following is a physical safeguard ?Citation: 45 CFR §164.310(a)(1) a) password rotation b) role based access c) firewalls d) locking server rooms 11) what's the purpose of audit logs? Citation: 45 CFR §164.312(b) a) to track user access to ePHI b) to track vacation days c) to log patient opinions d) to record internet usage 12) which of these would be considered a risk? Citation: NIST SP 800-30  a) security software b) office snacks c) decorations d) a public WiFi network 13) what is a violation of HIPAA security? Citation: 45 CFR §164.310(b) a) locking your workstation b) leaving your computer unlocked and unattended c) logging out of the EMR system d) using secure emails  14) what is a security incident under HIPAA?Citation: 45 CFR §164.304 a) a late lunch b) unauthorized attempt to access ePHI c) patient asking questions d) routine password changes  15) which is an administrative safeguard?Citation: 45 CFR §164.308(a)(5) a) role based access control b) installing antivirus software c) providing workforce HIPAA training d) having encrypted laptops  16) What does role based access ensure? Citation: 45 CFR §164.312(a)(1) a) everyone can access anything b) only patients has access c) access is based on job role d) employees share passwords 17) what type of encryption should be used or ePHI? Citation: HHS.gov – Security Rule Guidelines a) randomized algorithms b) 8 digit passwords c) NIST compliant encryption d) printable codes 18) who is responsible for HIPAA compliance?Citation: HHS.gov a) IT department b) everyone who handles PHI c) only administrators d) compliance officers  19) What is an example of a breach?Citation: 45 CFR §164.402  a) sharing PHI with unauthorized individuals b) logging out of a system c) updating a software license d) using a secure printer  20) true or false : HIPAA allows encryption to be optional.  Citation: 45 CFR §164.312(a)(2)(iv) a) true b) false

Risk analysis Game

by
Print
Embed

Leaderboard

Visual style

Options

Switch template

Continue editing: ?