Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Privacy HIT
Important points in privacy for RHIT exam
| Question | Answer |
|---|---|
| ARRA | American Recovery and Reinvestment Act of 2009 |
| According to the ARRA, in the event of a security breach of medical records, all affected individuals must be notified within how many days? | 60 |
| Process of gathering evidence | Forensics |
| This person is responsible for developing a plan for reporting privacy complaints | Chief Privacy Officer (CPO) |
| When complying with a request for an accounting of disclosure, the ARRA requires us to go back how many years? | 3 |
| Method of access control of multiple related but independent software systems | SOS - Single Sign-On |
| Entity that uses or discloses PHI for only part of its business operations | Hybrid entity |
| Example of a business associate (BA) | Release of information company |
| Are records retained by business associates a part of the designated record set? | Yes |
| Holds computer processors but not data | Cold site |
| Identification of humans by their characteristics or traits that can be used for automatic recognition by identity verification | Biometrics |
| Examples of these include: facility access codes, workstation use, workstation security, and device/media controls | Physical safeguards |
| System automatically notifies staff of a potential breach in security when certain things are done, such as a user accessing the record of a patient with the same last name | Trigger |
| Type of malware intended to make a machine/network unavailable to its intended users | Denial of Service |
| HIPAA workforce security requires that access to PHI be ___________ | Appropriate |
| A plan devised for an outcome other than the usual (expected) plan | Contingency Planning |
| ARRA changes to the accounting of disclosure rules: only organizations with an EHR is _________ to account for all __________ | Required; disclosures |
| Privacy Act of 1974 applies to what? | Federal government |
| HIPAA Security | Electronic |
| HIPAA Privacy | Paper |
| To cause to become less harsh or hostile | Mitigate |
| Secure socket layer is a type of what? | Firewall |
| Process of auditing to confirm that all of the workforce's access is appropriate for their role in the organization | Workforce clearance procedure |
| Encryption, emergency access to records, and biometrics are all a part of what type of security? | Technical |
| CE | Covered Entity |
| ARRA mandates that a covered entity must comply with a requested restriction unless it meets on of the exceptions | True |
| Length of time a facility has to accept or deny a request for amendment | 30 days |
| Training records from HIPAA privacy training must be kept for how long? | 6 years |
| A facility would employ what for access control? | Automatic logoff, passwords |
| Used to prevent a breach in confidentiality | Risk assessment |
| Process of reviewing privacy and security policies, procedures, training programs, etc. and comparing them to HIPAA regulations | Compliance audit |
| Types of encryption for EHRs | Symmetric and asymetric |
| Record destruction should include | method of destruction |
| A data use agreement is required when a __________ data set is used | limited |
| Type of records patient cannot have access to | psychotherapy notes |
| Duplicating hardware and cables to prevent a network from going down | Redundancy |
Created by:
emilydouglas
Popular Medical sets