CMOM CERTIFICATION STUDY SET –
MODULE 4 EXAM QUESTIONS AND
ANSWERS
Risk Analysis - Required Administrative SafeGuard - ANSWER Conduct an
accurate and thorough evaluation of potential risks and vulnerabilities to the
confidentiality, integrity, and availability of electronic PHI maintained by or on
behalf of the covered entity.
Risk Management - Required Administrative Safeguard - ANSWER
Implement security measures sufficient to reduce risks and vulnerabilities to a
reasonable and appropriate level to comply with the standard.
Sanction Policy -Required Administrative Safeguard - ANSWER Implement
appropriate sanctions against workforce members who fail to comply with the
security policies and procedures of a covered entity.
Information system activity review -Required Administrative Safeguard -
ANSWER implements procedures to regularly review records of information
system activity, such as audit logs, access reports, and security incident tracking
reports.
Assigned security responsibility -Required Administrative Safeguard ANSWER
Identify the security official who is responsible for the development and
implementation of the policies and procedures required by this subpart for the
entity.
,Workforce Security -Required Administrative Safeguard - ANSWER
Implement policies and procedures to ensure that all members of the workforce
have the appropriate access to electronic PHI and to prevent those workforce
members who do not have to electronic PHI.
Authorization and/or Supervision - Addressable Administrative Safeguard -
ANSWER Implement procedures for the authorization and/or supervision of
workforce members who work with electronic PHI or in locations where it
might be accessed.
Workforce Clearance Procedure -Addressable Administrative Safeguard -
ANSWER Implement procedures to determine that the access of a workforce
member to electronic PHI is appropriate.
Termination procedures -Addressable Administrative Safeguard - ANSWER
Implement procedures for terminating access to electronic PHI when the
employment of a member ends or as required by the standard and privacy rule.
Information access management - Required Administrative Safeguard -
ANSWER implement policies and procedures for authorizing access to
electronic protected health information that are consistent with he applicable
requires in the standard and privacy rule
Isolating Health Care Clearinghouse functions -Required Administrative
safeguard - ANSWER If part of a larger organization, Clearinghouse must
implement policies and procedures that protect the electronic PHI from
unauthorized access by the larger organization
Access authorization - Addressable Administrative Safeguard - ANSWER
Implement policy and procedures for granting access to electronic PHI, for
, example, through access to a workstation, transaction, program, process or other
mechanism.
Establishment and modification of access - Addressable Administrative
Safeguard - ANSWER Implement policies and procedures that establish,
document, review and modify a user's right of access to a workstation,
transaction, program or process.
Security awareness and training - Required administrative Safeguard -
ANSWER implement a security awareness and training program for all
members of the workforce, including management
Security Reminders - Addressable Administrative Safeguard - ANSWER
implement periodic security updates as applicable and needed
Protection from malicious software - Addressable Administrative Safeguard -
ANSWER Procedures for guarding agains, detecting and reporting malicious
software
Log-In monitoring - Addressable Administrative Safeguard - ANSWER
procedures for monitoring log-in attempts and reporting discrepancies
Password Management - Addressable Administrative Safeguard - ANSWER
implement procedures for creating, changing and safeguarding passwords
Security incident procedures - Required Administrative safeguard - ANSWER
implement policies and procedures to address security incidents
MODULE 4 EXAM QUESTIONS AND
ANSWERS
Risk Analysis - Required Administrative SafeGuard - ANSWER Conduct an
accurate and thorough evaluation of potential risks and vulnerabilities to the
confidentiality, integrity, and availability of electronic PHI maintained by or on
behalf of the covered entity.
Risk Management - Required Administrative Safeguard - ANSWER
Implement security measures sufficient to reduce risks and vulnerabilities to a
reasonable and appropriate level to comply with the standard.
Sanction Policy -Required Administrative Safeguard - ANSWER Implement
appropriate sanctions against workforce members who fail to comply with the
security policies and procedures of a covered entity.
Information system activity review -Required Administrative Safeguard -
ANSWER implements procedures to regularly review records of information
system activity, such as audit logs, access reports, and security incident tracking
reports.
Assigned security responsibility -Required Administrative Safeguard ANSWER
Identify the security official who is responsible for the development and
implementation of the policies and procedures required by this subpart for the
entity.
,Workforce Security -Required Administrative Safeguard - ANSWER
Implement policies and procedures to ensure that all members of the workforce
have the appropriate access to electronic PHI and to prevent those workforce
members who do not have to electronic PHI.
Authorization and/or Supervision - Addressable Administrative Safeguard -
ANSWER Implement procedures for the authorization and/or supervision of
workforce members who work with electronic PHI or in locations where it
might be accessed.
Workforce Clearance Procedure -Addressable Administrative Safeguard -
ANSWER Implement procedures to determine that the access of a workforce
member to electronic PHI is appropriate.
Termination procedures -Addressable Administrative Safeguard - ANSWER
Implement procedures for terminating access to electronic PHI when the
employment of a member ends or as required by the standard and privacy rule.
Information access management - Required Administrative Safeguard -
ANSWER implement policies and procedures for authorizing access to
electronic protected health information that are consistent with he applicable
requires in the standard and privacy rule
Isolating Health Care Clearinghouse functions -Required Administrative
safeguard - ANSWER If part of a larger organization, Clearinghouse must
implement policies and procedures that protect the electronic PHI from
unauthorized access by the larger organization
Access authorization - Addressable Administrative Safeguard - ANSWER
Implement policy and procedures for granting access to electronic PHI, for
, example, through access to a workstation, transaction, program, process or other
mechanism.
Establishment and modification of access - Addressable Administrative
Safeguard - ANSWER Implement policies and procedures that establish,
document, review and modify a user's right of access to a workstation,
transaction, program or process.
Security awareness and training - Required administrative Safeguard -
ANSWER implement a security awareness and training program for all
members of the workforce, including management
Security Reminders - Addressable Administrative Safeguard - ANSWER
implement periodic security updates as applicable and needed
Protection from malicious software - Addressable Administrative Safeguard -
ANSWER Procedures for guarding agains, detecting and reporting malicious
software
Log-In monitoring - Addressable Administrative Safeguard - ANSWER
procedures for monitoring log-in attempts and reporting discrepancies
Password Management - Addressable Administrative Safeguard - ANSWER
implement procedures for creating, changing and safeguarding passwords
Security incident procedures - Required Administrative safeguard - ANSWER
implement policies and procedures to address security incidents
