Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

HIM 320 FINAL EXAM QUESTIONS LATEST UPDATE 2024/2025 WITH 100% DETAILED VERIFIED ANSWER, Exams of Business Administration

HIM 320 FINAL EXAM QUESTIONS LATEST UPDATE 2024/2025 WITH 100% DETAILED VERIFIED ANSWERS

Typology: Exams

2024/2025

Available from 11/06/2024

Wanjiruesther
Wanjiruesther 🇰🇪

5

(2)

931 documents

1 / 7

Toggle sidebar

Related documents


Partial preview of the text

Download HIM 320 FINAL EXAM QUESTIONS LATEST UPDATE 2024/2025 WITH 100% DETAILED VERIFIED ANSWER and more Exams Business Administration in PDF only on Docsity!

HIM 320 FINAL EXAM

QUESTIONS LATEST UPDATE

2024/2025 WITH 100%

DETAILED VERIFIED ANSWERS

protecting information from loss, unauthorized access of misuse, and keeping it confidential Security Which HIPAA rule deals with just electronic PHI, and which governs all PHI, regardless of medium? Security rule deals with ePHI & the Privacy rule is for all PHI Balancing the need for ready access to PHI by those involved in patient care, and the need to protect against unauthorized access and loss of critical health information HIPAA Privacy rule What are the components of the CIA Triad? Confidentiality, Integrity, Availability A requirement that private or confidential information not be disclosed to unauthorized individuals Confidentiality A requirement that info and programs are changed only in a specified and authorized manner; performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Integrity A requirement intended to ensure that systems work promptly and service is not denied to authorized users.

Availability The standards of the HIPAA security unique in that they sate fairly general objectives, but provide no detailed instructions concerning how to meet them (technology neutral) Who is applicable to the privacy and security rule? Covered entity (CE), Business agreement (BA), subcontractors of BAs General security standard requirements for HIPAA security rule

  • Ensure the CIA triad os all ePHI that they receive, create, maintain or transmit
  • Protect against any reasonably anticipated threats or hazards to the security and integrity of such ePHI
  • Protect against any reasonably anticipated uses or disclosures of such ePHI that are not otherwise permitted or required by the privacy rule
  • Ensure compliance with the security rule by their workforce Detailed instructions for implementing a particular standard (designated as required or addressable) implementation specifications Must be present if the CE is to be in compliance Required specification More discretionary and provides the CE flexibility with respect to compliance Addressable specification Continued review of the reasonableness and appropriateness of security measures with necessary modifications and updates Maintenance Which rule(s) apply to ePHI? Both security rule and privacy rules Security rule standards are: Administrative, physical, and technical

T/F: According to the security rule, all healthcare organizations must implement the same security measures. False In the security rule, detailed instructions for implementing a particular standard are called: implementation specifications T/F: The HIM directory could serve as Security officer of a covered entity. True Administrative safeguards *security management process *assigned security responsibility *workforce security *information access management *security awareness training *security incident reporting *contingency planning *evaluation *business associate contracts & other arrangements Requires the implementation of policies and procedures to prevent, detect, contain, and correct security violations Security management process Must conduct an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI risk analysis Must implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level to comply with the security standards Risk management

must apply appropriate sanctions against workforce members who fail to comply with their security policies and procedures Sanction policy Must implement procedures to regularly review records of information system activity, access reports, and security incident tracking reports Information system activity review Required identification of the individual responsible for overseeing development of the organization's security policies and procedures; privacy official and the security official positions may be filled by the same person Assigned security responsibility Requires implementation of policies and procedures to ensure that all members of a CEs workforce have appropriate access to ePHI and prevent those workforce members who do not have access from obtaining access Workforce security Must have procedures for ensuring that the workforce working with ePHI has adequate authorization and/or supervision Authorization and supervision Must be a procedure to determine what access is appropriate for the workforce Workforce clearance procedure Must be a procedure for terminating access to ePHI when a workforce member is no longer employed or responsibilities change Termination procedures Requires policies and procedures for authorizing access to ePHI Information access management Policy and procedure for granting access to ePHI through a workstation, transaction, program, or other process

Access authorization Policy and procedure to establish, document, review, and modify a user's right to access a workstation, transaction, program, or process Access establishment and modification Requires implementation of ongoing, reasonable, and appropriate security awareness training for a CE's workforce Security awareness training Four implementation specs for security awareness training *Security reminders (a) *Protection from malicious software *Log-in monitoring *Password management An event in which the security of a system was breached or threatened Policies and procedures to address this event is required. Security incident reporting Implementation spec for security incident reporting response and reporting Five implementation specifications of contingency planning data backup plan, disaster recovery plan, emergency mode operation plan, testing and revision procedures, and applications and data criticality analysis Procedures to create an exact copy of ePHI Data backup plan Procedures to restore lost data Disaster recovery plan

Procedures for continuation of critical business processes needed to protect ePHI while operating in emergency mode Emergency mode operation plan Test all contingency plans periodically testing and revision procedures assess the criticality of specific applications and data in support of contingency plans Application and data criticality analysis Periodic performance of technical and nontechnical evaluations in response to changes affecting the security of ePHI Security safeguards evaluation Business associate contracts and other arrangements implementation spec. written contract or other arrangement HIPAA security rule physical safeguards facility access controls, workstation use, workstation security, device and media controls Requires policies and procedures to limit physical access to electronic information systems and facilities that contain such systems Facility access controls Allow facility access to support the restoration of lost data under disaster recovery plan and emergency mode operations plan Contingency operations Policy and procedures to safeguard facility and equipment from unauthorized access, tampering, and theft Facility security plan Procedure to control and validate access to facilities based on user functions

Access control and validation procedures document repairs and modifications to physical components of a facility as they related to security Maintenance records Requires policies and procedures to secure ePHI contained in or used at workstations Workstation Use Policies for workstation use should specify: *Proper functions to be performed *Manner in which those functions are to be performed *Physical attributes of the surroundings of a specific workstation *Classification of workstation that can be used to access PHI