Healthstream Workplace UPDATED
ACTUAL Questions and CORRECT
Answers
A typical reason for disclosing PHI to law enforcement is - CORRECT ANSWER - D. All
the above
A covered entity that is a correctional institution may use the PHI of inmates for any purpose for
which such PHI may be disclosed under HIPAA - CORRECT ANSWER - A. True
All warrants, court orders and subpoenas are legitimate and therefore authorize the disclosure of
PHI. - CORRECT ANSWER - B. False
In regard to court orders, subpoenas or warrants, often define(s) the requirements of such
documents. - CORRECT ANSWER - B. local and state laws
Prior to disclosing PHI directly to law enforcement, be sure you have . - CORRECT
ANSWER - B. the authority to make such a release
Which of the following is a permitted disclosure of PHI to a correctional institution or in a
custodial law enforcement situation? - CORRECT ANSWER - E. A, B, and D
Prior to any release of PHI directly to law enforcement, make sure you know what with law
enforcement. - CORRECT ANSWER - C. can and cannot be shared
Certain medical devices that contain ePHI can be wirelessly hacked for the protected information
or to stop the device or alter its programming. - CORRECT ANSWER - A. True
An indicator of a phishing attempt is that the email - CORRECT ANSWER - E. All the
above
,Electronic media includes _________________ - CORRECT ANSWER - D. All the above
________________ are subject to the Security Rule. - CORRECT ANSWER - C. Health
plans, healthcare providers and healthcare clearinghouses that transmit PHI electronically
Rented or leased devices used in health care, such as copiers, fax machines and scanners, should
be stripped of all information prior to returning to the owners. - CORRECT ANSWER - A.
True
If you believe you have identified a phishing email, the best approach would be to . - CORRECT
ANSWER - B. stop, and follow your organization's policy and procedure for a suspected
phishing attempt
Choose the CORRECT statement(s) regarding the purpose of the Security Rule. - CORRECT
ANSWER - D. B and C
ePHI is defined as . - CORRECT ANSWER - B. PHI that is covered under the HIPAA
Security Rule and is produced, saved, transferred or received in an electronic form
If you have a concern as to the legitimacy of an email, you can always . - CORRECT
ANSWER - B. pick up the phone and call the company from a number you already have,
not one listed in the email
Two reasons for the value of healthcare information are ____________ and ____________. -
CORRECT ANSWER - D. B and C
Under the Security Rule Technical Safeguards, encryption is defined as the process of converting
. - CORRECT ANSWER - D. information or data into a code, the purpose of which is to
prevent unauthorized access
, The definition of decryption is . - CORRECT ANSWER - C. the process of taking encoded
or encrypted text or other data and converting it back into text that you or the computer can read
and understand
ePHI is defined as . - CORRECT ANSWER - B. PHI that is covered under the HIPAA
Security Rule and is produced, saved, transferred or received in an electronic form
The Technical Safeguards are the technology and the policies and procedures for its use that
protect and control access to ePHI. - CORRECT ANSWER - A. True
Which of the following is a Physical Safeguard? - CORRECT ANSWER - D. All the
above
The Security Rule operationalizes the protections contained in the Privacy Rule by addressing
the Technical and nontechnical Safeguards that covered entities must put in place to secure
individuals' ePHI. - CORRECT ANSWER - A. True
Which of the following can help avoid risks associated with social media? - CORRECT
ANSWER - D. A and C
A unique and strong password contains a combination of uppercase and lowercase letters,
numbers and symbols. - CORRECT ANSWER - A. True
Choose the CORRECT statement regarding Minimum Necessary requirements. - CORRECT
ANSWER - A. A covered entity is required to limit the access of ePHI to a workforce
member to only that which is necessary to do his or her job
Which of the following is a rule regarding passwords? - CORRECT ANSWER - E. A, B,
and C
Which of the following is a government sanction provided under the Stark regulation? -
CORRECT ANSWER - E. B and C only
ACTUAL Questions and CORRECT
Answers
A typical reason for disclosing PHI to law enforcement is - CORRECT ANSWER - D. All
the above
A covered entity that is a correctional institution may use the PHI of inmates for any purpose for
which such PHI may be disclosed under HIPAA - CORRECT ANSWER - A. True
All warrants, court orders and subpoenas are legitimate and therefore authorize the disclosure of
PHI. - CORRECT ANSWER - B. False
In regard to court orders, subpoenas or warrants, often define(s) the requirements of such
documents. - CORRECT ANSWER - B. local and state laws
Prior to disclosing PHI directly to law enforcement, be sure you have . - CORRECT
ANSWER - B. the authority to make such a release
Which of the following is a permitted disclosure of PHI to a correctional institution or in a
custodial law enforcement situation? - CORRECT ANSWER - E. A, B, and D
Prior to any release of PHI directly to law enforcement, make sure you know what with law
enforcement. - CORRECT ANSWER - C. can and cannot be shared
Certain medical devices that contain ePHI can be wirelessly hacked for the protected information
or to stop the device or alter its programming. - CORRECT ANSWER - A. True
An indicator of a phishing attempt is that the email - CORRECT ANSWER - E. All the
above
,Electronic media includes _________________ - CORRECT ANSWER - D. All the above
________________ are subject to the Security Rule. - CORRECT ANSWER - C. Health
plans, healthcare providers and healthcare clearinghouses that transmit PHI electronically
Rented or leased devices used in health care, such as copiers, fax machines and scanners, should
be stripped of all information prior to returning to the owners. - CORRECT ANSWER - A.
True
If you believe you have identified a phishing email, the best approach would be to . - CORRECT
ANSWER - B. stop, and follow your organization's policy and procedure for a suspected
phishing attempt
Choose the CORRECT statement(s) regarding the purpose of the Security Rule. - CORRECT
ANSWER - D. B and C
ePHI is defined as . - CORRECT ANSWER - B. PHI that is covered under the HIPAA
Security Rule and is produced, saved, transferred or received in an electronic form
If you have a concern as to the legitimacy of an email, you can always . - CORRECT
ANSWER - B. pick up the phone and call the company from a number you already have,
not one listed in the email
Two reasons for the value of healthcare information are ____________ and ____________. -
CORRECT ANSWER - D. B and C
Under the Security Rule Technical Safeguards, encryption is defined as the process of converting
. - CORRECT ANSWER - D. information or data into a code, the purpose of which is to
prevent unauthorized access
, The definition of decryption is . - CORRECT ANSWER - C. the process of taking encoded
or encrypted text or other data and converting it back into text that you or the computer can read
and understand
ePHI is defined as . - CORRECT ANSWER - B. PHI that is covered under the HIPAA
Security Rule and is produced, saved, transferred or received in an electronic form
The Technical Safeguards are the technology and the policies and procedures for its use that
protect and control access to ePHI. - CORRECT ANSWER - A. True
Which of the following is a Physical Safeguard? - CORRECT ANSWER - D. All the
above
The Security Rule operationalizes the protections contained in the Privacy Rule by addressing
the Technical and nontechnical Safeguards that covered entities must put in place to secure
individuals' ePHI. - CORRECT ANSWER - A. True
Which of the following can help avoid risks associated with social media? - CORRECT
ANSWER - D. A and C
A unique and strong password contains a combination of uppercase and lowercase letters,
numbers and symbols. - CORRECT ANSWER - A. True
Choose the CORRECT statement regarding Minimum Necessary requirements. - CORRECT
ANSWER - A. A covered entity is required to limit the access of ePHI to a workforce
member to only that which is necessary to do his or her job
Which of the following is a rule regarding passwords? - CORRECT ANSWER - E. A, B,
and C
Which of the following is a government sanction provided under the Stark regulation? -
CORRECT ANSWER - E. B and C only
