DHA-US001 HIPAA Challenge Exam(Answered)2022

In which of the following circumstances must an individual be given the opportunity to agree or object to the use and disclosure of their PHI? Both A and C -Before their information is included in a facility directory -Before PHI directly relevant to a person's involvement with the individual's care or payment of healthcare is shared with that person Which of the following statements about the HIPAA Security Rule are true? All of the above -Established a national set of standards for the protection of PHI that is created, received, maintained, or transmitted in electronic media by a HIPAA covered entity (CE) or business associate (BA) -Protects electronic PHI (ePHI) -Addresses three types of safeguards - administrative, technical, and physical- that must be in place to secure individuals' ePHI 01:14 01:21 A covered entity (CE) must have an established complaint process. True The e-Government Act provides the use of electronic government services by the public and improves the use of information technology in the government. True When must a breach be reported to the U.S. Computer Emergency Readiness Team? Within 1 hour of discovery Which of the following statements about the Privacy Act are true? All of the above -Balances the privacy rights of individuals with the Government's need to collect and maintain information -Regulates how federal agencies solicit and collect personally identifiable information (PII) -Sets forth requirements for the maintenance, use, and disclosure of PII What of the following are categories for punishing violations of federal health care laws? All of the above -Criminal penalties -Civil money penalties -Sanctions Which of the following are common causes of reaches? All of the above -Theft and intentional unauthorized access to PHI and personally identifiable information (PII) -Human error (e.g. Misdirected communication containing PHI or PII) -Lost or stolen electronic media devices or paper records containing PHI or PII Which of the following are fundamental objectives of information security? All of the above -Confidentiality -Integrity -Availability If an individual believes that a DoD covered entity (CE) is not complying with HIPAA, he or she may file a complaint with the: All of the above -DHA Privacy Office -HHS Secretary -MTF HIPAA Privacy Officer Technical safeguards are: Information technology and the associated policies and procedures that are used to protect and control access to ePHI A privacy Impact Assessment (PIA) is an analysis of how information is handled: All of the above: -to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy -to determine the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system -to examine and evaluate protections and alternative process for handling information to mitigate potential privacy risks