New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ISC > ISC 2 Credentials > HCISPP

HCISPP HealthCare Information Security and Privacy Practitioner Question and Answers

Question # 4

Is a voluntary process that a health care facility or organization undergoes to demonstrate that is has met standards.

A.

Joint Commission

B.

Regulations

C.

Accreditation

Full Access
Question # 5

Breach notification exceptions are provided to all, EXCEPT:

A.

Business associates who access information by good faith, unintentional means and do not further disclose information

B.

Unintentional, good faith access by employees of covered entities if the information was not further disclosed

C.

If the information impacted less than 500 people within a single demographic area

D.

Inadvertent disclosure made individual to individual within a covered entity who is authorized to access protected health information

Full Access
Question # 6

What was the function of a pest house in the preindustrial period?

A.

To house people who had a contagious disease.

B.

To provide refuge to those who were threatened by pests.

C.

To eradicate pests.

D.

To treat contagious diseases.

Full Access
Question # 7

A Governing board is also known as the___________.

A.

Medical Staff

B.

Administration

C.

Board of Trustees

Full Access
Question # 8

___________________ is a physician who has completed their internship in a program of training designed to increase their knowledge of clinical or special fields.

A.

Resident

B.

Chief Resident

C.

Intern

Full Access
Question # 9

Privacy and security includes which of the following best practices?

A.

Talking about consumers in public areas or where you can be overheard

B.

Sharing your computer password with a new staff that does not have their own

C.

Including PHI in an unecypted email via a public system

D.

Keeping computer screens out of sight of others

E.

None of the above

Full Access
Question # 10

In the preindustrial era, _____ often functioned as surgeons.

A.

butchers

B.

tailors

C.

clergymen

D.

barbers

Full Access
Question # 11

What is the primary purpose of the National Health Service Corps?

A.

To recruit physicians to provide services in physician shortage areas in the U.S.

B.

To recruit physicians from abroad to work in the United States

C.

To send U.S. physicians to developing countries to provide services to the indigent

D.

To recruit physicians into the military

Full Access
Question # 12

True or False? In a single-payer system, the primary payer usually is an insurance company.

A.

True

B.

False

Full Access
Question # 13

Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?

A.

Vulnerability to crime

B.

Adjacent buildings and businesses

C.

Proximity to an airline flight path

D.

Vulnerability to natural disasters

Full Access
Question # 14

True or False? Globalization of health care has produced positive effects in both developed and developing countries.

A.

True

B.

False

Full Access
Question # 15

All of the following items should be included in a Business Impact Analysis (BIA) QUESTION NO:naire EXCEPT QUESTION NO:s that

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Full Access
Question # 16

Covered entities (certain health care providers, health plans, and health care clearinghouses) are not required to comply with the HIPPA Privacy Rule until the compliance date. Covered entities may, of course, decide to:

A.

unvoluntarily protect patient health information before this date

B.

voluntarily protect patient health information before this date

C.

after taking permission, voluntarily protect patient health information before this date

D.

compulsorily protect patient health information before this date

Full Access
Question # 17

True or false: For people with Medicaid coverage, access to health care is guaranteed.

A.

True

B.

False

Full Access
Question # 18

Community rating is able to redistribute funds from the healthy to the sick by.

A.

Providing benefits in excess of premiums to those who become ill.

B.

Setting premiums based on community experience, rather than that of subgroups.

C.

Charging the same premium for high-risk and low-risk populations.

D.

All of the above

Full Access
Question # 19

Which of the following is the MOST significant benefit to implementing a third-party federated identity architecture?

A.

Attribute assertions as agencies can request a larger set of attributes to fulfill service delivery

B.

Data decrease related to storing personal information

C.

Reduction in operational costs to the agency

D.

Enable business objectives so departments can focus on mission rather than the business of identity management

Full Access
Question # 20

You are approached by an individual who tells you that he is here to work on the computers and wants you to open a door for him or point the way to a workstation. How do you respond to this request?

A.

Provide him with the information or access he needs.

B.

Ask him who at the facility has hired him and refer him to that person for assistance.

C.

Call the police.

Full Access
Question # 21

In a free market who would pay for the delivery of health care services?

A.

numerous health insurance companies

B.

patients

C.

government

D.

multiple payers

Full Access
Question # 22

Children under age 18 comprise approximately, what percentage of the homeless population?

A.

40%

B.

30%

C.

35%

D.

45%

Full Access
Question # 23

Regulatory strategies for health insurance financing seek to control public expenditures for health care by.

A.

Implementing tax-financed health insurance or limiting premiums

B.

Limiting the annual use of services among patients

C.

Increasing competition among health insurance plans

D.

Only A and C

Full Access
Question # 24

Who believed that the only was to understand a disease was to examine the cells of the affected body?

A.

Lister

B.

Flemming

C.

Koch

D.

Virchow

Full Access
Question # 25

HIPAA requires a response and reporting of security incidents. What is required when an organization has an attempted unauthorized access of protected health information?

A.

HIPAA must be notified

B.

Nothing is required of an attempted unauthorized access

C.

The organization must respond and notify the appropriate parties

D.

Federal authorities must be notified

Full Access
Question # 26

A therapist's client requests an accounting of disclosures of their medical record. What should that therapist do?

A.

Pull the file with the accounting of disclosures for the client

B.

Explain that disclosures are allowed as long as the client's information is deidentified or the client consents

C.

Refer the client to the agency's Privacy Officer

D.

Review the client's releases of information with the client

Full Access
Question # 27

Among women, which racial/ethnic group has the highest percentage distribution of AIDS?

A.

White, non-Hispanic

B.

Black, non-Hispanic

C.

Hispanic

D.

American Indian

Full Access
Question # 28

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

A.

Document the system as high risk

B.

Perform a vulnerability assessment

C.

Perform a quantitative threat assessment

D.

Notate the information and move on

Full Access
Question # 29

Development of the hospital and ______ happened almost hand in hand in a symbiotic relationship between the two.

A.

dependency of patients

B.

growth of scientific knowledge

C.

professionalization of medical practice

D.

cohesiveness of the medical profession

Full Access
Question # 30

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

A.

Application

B.

Storage

C.

Power

D.

Network

Full Access
Question # 31

If you suspect someone is violating the facility's privacy policy, you should:

A.

Say nothing. It's none of your business.

B.

Watch the individual until you have gathered solid evidence against them.

C.

Report your suspicions to your clinical supervisor for further follow-up.

Full Access
Question # 32

HIPPA does not call for:

A.

Standardization of electronic patient health, administrative and financial data

B.

Unique health identifiers for individuals, employers, health plans, and health care providers.

C.

Common health identifiers for individuals, employers, health plans and health care providers.

D.

Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

Full Access
Question # 33

Under HIPAA, Regional Health Information Organizations and Personal Health Record Vendors are considered to be:

A.

Health care clearinghouses

B.

Business associates

C.

Covered entities

D.

Personal health care vendors

Full Access
Question # 34

They create and vote on bylaws

A.

Medical Staff

B.

Administration

C.

Governing Board

Full Access
Question # 35

In its historical context, which of the following has played a major role in revolutionizing health care delivery?

A.

Beliefs and values

B.

Science and technology

C.

Medical education

D.

Economic growth

Full Access
Question # 36

Substance abuse regulations do not allow disclosure with a subpoena unless a court has issued an order following a show cause hearing.

A.

True

B.

False

Full Access
Question # 37

_____________ converts paper records to an electronic health record.

A.

Image Processing

B.

Incomplete Record Processing

C.

Coding and Abstracting

Full Access
Question # 38

An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third-party information technology (IT) systems. During the due diligence process, the third party provides previous audit report on its IT system.

Which of the following MUST be considered by the organization in order for the audit reports to be acceptable?

A.

The audit assessment has been conducted by an independent assessor.

B.

The audit reports have been signed by the third-party senior management.

C.

The audit reports have been issued in the last six months.

D.

The audit assessment has been conducted by an international audit firm.

Full Access
Question # 39

They make sure that patient charts are coded correctly for reimbursement.

A.

Health Information Managers

B.

Coders and reimbursement specialist

C.

Cancer Registrars

Full Access
Question # 40

Business Associate Agreements are required by the regulation whenever a business associate relationship exists. This is true even when the business associates are both covered entities.

A.

There are no specific elements which must be included in a Business Associate Agreement. However some recommended but not compulsory elements are listed in 164.504(e) (2)

B.

There are specific elements which must be included in a Business Associate Agreement. These elements are listed Privacy Legislation

C.

There are no specific elements which must be included in a Business Associate Agreement.

D.

There are specific elements which must be included in a Business Associate Agreement. These elements are listed in 164.504(e) (2)

Full Access
Question # 41

HIPAA's Administrative Simplification procedures were prompted by the desire to:

A.

Reduce administrative overhead in provider-payer transactions

B.

Simplify administrative functions such as payroll and benefits

C.

Create multiple forms for various transactions

D.

Add more details to the processing of electronic transactions

Full Access
Question # 42

The mode of payment that is considered to be proportional is.

A.

Out -of pocket payment

B.

Individual private insurance

C.

Employment-based group private insurance

D.

Government financing

Full Access
Question # 43

Excessive health care is a concern because it is.

A.

Wasteful

B.

Costly

C.

Potentially harmful

D.

All of the above

Full Access
Question # 44

Courtesy allows doctors to admit an occasional patient to the hospital.

A.

True

B.

False

Full Access
Question # 45

Was known for identifying anthrax.

A.

Robert Koch

B.

Edward Jenner

C.

Louis Pasteur

Full Access