CMOM Certification Study Set-Module 4 Questions and Answers Complete

Risk Analysis - Required Administrative SafeGuard - Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI held by a covered entity. Risk Management - Required Administrative Safeguard - Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with the standard. Sanction Policy -Required Administrative Safeguard - Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of a covered entity. Information system activity review -Required Administrative Safeguard - implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. Assigned security responsibility -Required Administrative Safeguard - Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the entity. Workforce Security -Required Administrative Safeguard - Implement policies and procedures to ensure that all members of the workforce have the appropriate access to electronic PHI and to prevent those workforce members who do not have to electronic PHI. Authorization and/or Supervision - Addressable Administrative Safeguard - Implement procedures for the authorization and/or supervision of workforce members who work with electronic PHI or in locations where it might be accessed. Workforce Clearance Procedure -Addressable Administrative Safeguard - Implement procedures to determine that the access of a workforce member to electronic PHI is appropriate.Termination procedures -Addressable Administrative Safeguard - Implement procedures for terminating access to electronic PHI when the employment of a member ends or as required by the standard and privacy rule. Information access management - Required Administrative Safeguard - implement policies and procedures for authorizing access to electronic protected health information that are consistent with he applicable requires in the standard and privacy rule Isolating Health Care Clearinghouse functions -Required Administrative safeguard - If part of a larger organization, Clearinghouse must implement policies and procedures that protect the electronic PHI from unauthorized access by the larger organization Access authorization - Addressable Administrative Safeguard - Implement policy and procedures for granting access to electronic PHI, for example, through access to a workstation, transaction, program, process or other mechanism. Access establishment and modification - Addressable Administrative Safeguard - Implement policies and procedures that establish, document, review and modify a user's right of access to a workstation, transaction, program or process. Security awareness and training - Required administrative Safeguard - implement a security awareness and training program for all members of the workforce, including management Security Reminders - Addressable Administrative Safeguard - implement periodic security updates as applicable and needed Protection from malicious software - Addressable Administrative Safeguard - Procedures for guarding agains, detecting and reporting malicious software Log-In monitoring - Addressable Administrative Safeguard - procedures for monitoring log-in attempts and reporting discrepanciesPassword Management - Addressable Administrative Safeguard - implement procedures for creating, changing and safeguarding passwords