CIPP US REVIEW EXAM QUESTIONS AND ANSWERS

CIPP US REVIEW EXAM QUESTIONS AND ANSWERS Texas Privacy Laws (Texas HIPAA) - Answer-Under the Texas law, covered entities (health care providers, health insurers, and health clearinghouses) must provide customized employee training regarding the maintenance and protection of electronic protected health information (PHI). Covered entities are required to tailor the employee training to reflect the nature of the covered entity's operations and each employee's scope of employment as they relate to the maintenance and protection of PHI. New employees must complete the training within 60 days of hire and all employees must complete training at least once every two years. Covered entities must maintain training attendance records for all employees. The Texas law requires covered entities to provide patients with electronic copies of their EHR within fifteen days of the patient's written request for the records. This provision of the Texas law reduces the timeframe a covered entity has to produce EHR following a patient's request from thirty days under HIPAA. The law charges the Texas Health and Human Services Commission with establishing a standard format for releasing patient EHR that is consistent with federal laws. HB 300 also requires the Texas Attorney General (AG) to establish and maintain a website that states and explains patients' privacy rights under Texas and federal law. The website will list the state agencies that regulate covered entities, and provide the agencies' contact information and each agency's complaint enforcement process. Under the new law, the AG must issue an annual report regarding the number and types of complaints pertaining to patient privacy issues. In which service model of cloud computing are applications hosted by the cloud provider in the cloud and typically accessed by users through a web browser? - Answer-Software as a Service (SaaS) How are employers allowed to use genetic information of employees and applicants? - Answer-Employer offered wellness program where the employee voluntarily participates with written authorization FMLA requests for use with legally required toxin exposure monitoring in the workplace DNA analysis for law enforcement purposes Fair Information Practices (FIP) - Answer-1. Notice and awareness 2. Choice and Consent 3. Access and Participation 4. Integrity and security 5. Enforcement and redress In the EU, of what must a data subject be informed before processing? - Answer-who your company/organisation is (your contact details, and those of your DPO if any); why your company/organisation will be using their personal data (purposes) ; the categories of personal data concerned; the legal justification for processing their data; for how long the data will be kept; who else might receive it; whether their personal data will be transferred to a recipient outside the EU; that they have a right to a copy of the data (right to access personal data) and other basic rights in the field of data protection (see complete list of rights); their right to lodge a complaint with a Data Protection Authority (DPA);