HIM375
Healthcare Data Security and Privacy
LATEST MIDTERM REVIEW
© 2024/2025
,1. Multiple Choice: Which of the following is considered a best
practice for securing patient health information (PHI) in digital
form?
a) Using strong, complex passwords
b) Sharing passwords among medical staff
c) Storing passwords in a text file on the desktop
d) Using the same password for all systems
Answer: a) Using strong, complex passwords
Rationale: Strong, complex passwords help prevent unauthorized
access to systems containing PHI.
2. Fill-in-the-Blank: ___________ is a security measure that
ensures a person is who they claim to be online.
Answer: Authentication
Rationale: Authentication verifies the identity of a user before
granting access to sensitive information.
3. True/False: Encryption is an optional component of healthcare
data security.
Answer: False
Rationale: Encryption is a critical security measure that protects
data from being read by unauthorized individuals.
© 2024/2025
, 4. Multiple Response: Select all that apply. Which of the following
are key elements of a comprehensive healthcare data security
strategy?
a) Risk assessment
b) Regular software updates
c) Use of public Wi-Fi for transmitting PHI
d) Employee training
e) Strong encryption protocols
Answers: a) Risk assessment, b) Regular software updates, d)
Employee training, e) Strong encryption protocols
Rationale: These elements are essential for protecting healthcare
data against various security threats.
5. True/False: De-identified data can be shared freely without any
privacy concerns.
Answer: False
Rationale: Even de-identified data can sometimes be re-
identified, so it must be handled with care to protect patient
privacy.
6. Multiple Choice: Under the HIPAA Privacy Rule, which of the
following is NOT considered PHI?
© 2024/2025
Healthcare Data Security and Privacy
LATEST MIDTERM REVIEW
© 2024/2025
,1. Multiple Choice: Which of the following is considered a best
practice for securing patient health information (PHI) in digital
form?
a) Using strong, complex passwords
b) Sharing passwords among medical staff
c) Storing passwords in a text file on the desktop
d) Using the same password for all systems
Answer: a) Using strong, complex passwords
Rationale: Strong, complex passwords help prevent unauthorized
access to systems containing PHI.
2. Fill-in-the-Blank: ___________ is a security measure that
ensures a person is who they claim to be online.
Answer: Authentication
Rationale: Authentication verifies the identity of a user before
granting access to sensitive information.
3. True/False: Encryption is an optional component of healthcare
data security.
Answer: False
Rationale: Encryption is a critical security measure that protects
data from being read by unauthorized individuals.
© 2024/2025
, 4. Multiple Response: Select all that apply. Which of the following
are key elements of a comprehensive healthcare data security
strategy?
a) Risk assessment
b) Regular software updates
c) Use of public Wi-Fi for transmitting PHI
d) Employee training
e) Strong encryption protocols
Answers: a) Risk assessment, b) Regular software updates, d)
Employee training, e) Strong encryption protocols
Rationale: These elements are essential for protecting healthcare
data against various security threats.
5. True/False: De-identified data can be shared freely without any
privacy concerns.
Answer: False
Rationale: Even de-identified data can sometimes be re-
identified, so it must be handled with care to protect patient
privacy.
6. Multiple Choice: Under the HIPAA Privacy Rule, which of the
following is NOT considered PHI?
© 2024/2025
