click below
click below
Normal Size Small Size show me how
Privacy HIT
Important points in privacy for RHIT exam
Question | Answer |
---|---|
ARRA | American Recovery and Reinvestment Act of 2009 |
According to the ARRA, in the event of a security breach of medical records, all affected individuals must be notified within how many days? | 60 |
Process of gathering evidence | Forensics |
This person is responsible for developing a plan for reporting privacy complaints | Chief Privacy Officer (CPO) |
When complying with a request for an accounting of disclosure, the ARRA requires us to go back how many years? | 3 |
Method of access control of multiple related but independent software systems | SOS - Single Sign-On |
Entity that uses or discloses PHI for only part of its business operations | Hybrid entity |
Example of a business associate (BA) | Release of information company |
Are records retained by business associates a part of the designated record set? | Yes |
Holds computer processors but not data | Cold site |
Identification of humans by their characteristics or traits that can be used for automatic recognition by identity verification | Biometrics |
Examples of these include: facility access codes, workstation use, workstation security, and device/media controls | Physical safeguards |
System automatically notifies staff of a potential breach in security when certain things are done, such as a user accessing the record of a patient with the same last name | Trigger |
Type of malware intended to make a machine/network unavailable to its intended users | Denial of Service |
HIPAA workforce security requires that access to PHI be ___________ | Appropriate |
A plan devised for an outcome other than the usual (expected) plan | Contingency Planning |
ARRA changes to the accounting of disclosure rules: only organizations with an EHR is _________ to account for all __________ | Required; disclosures |
Privacy Act of 1974 applies to what? | Federal government |
HIPAA Security | Electronic |
HIPAA Privacy | Paper |
To cause to become less harsh or hostile | Mitigate |
Secure socket layer is a type of what? | Firewall |
Process of auditing to confirm that all of the workforce's access is appropriate for their role in the organization | Workforce clearance procedure |
Encryption, emergency access to records, and biometrics are all a part of what type of security? | Technical |
CE | Covered Entity |
ARRA mandates that a covered entity must comply with a requested restriction unless it meets on of the exceptions | True |
Length of time a facility has to accept or deny a request for amendment | 30 days |
Training records from HIPAA privacy training must be kept for how long? | 6 years |
A facility would employ what for access control? | Automatic logoff, passwords |
Used to prevent a breach in confidentiality | Risk assessment |
Process of reviewing privacy and security policies, procedures, training programs, etc. and comparing them to HIPAA regulations | Compliance audit |
Types of encryption for EHRs | Symmetric and asymetric |
Record destruction should include | method of destruction |
A data use agreement is required when a __________ data set is used | limited |
Type of records patient cannot have access to | psychotherapy notes |
Duplicating hardware and cables to prevent a network from going down | Redundancy |