New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

ISC HCISPP HealthCare Information Security and Privacy Practitioner Exam Practice Test

Page: 1 / 31
Total 305 questions

HealthCare Information Security and Privacy Practitioner Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$67.5  $225

PDF Study Guide

  • Product Type: PDF Study Guide
$59.7  $199
Question 1

What is a credential for Coders?

Options:

A.

AAPC

B.

ASPCA

C.

AHIMA

Question 2

As health care resources increase:

Options:

A.

Outcomes deteriorate.

B.

Outcomes initially improve and then deteriorate.

C.

Outcomes improve and then level off.

D.

Outcomes are not affected.

Question 3

Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?

Options:

A.

Internal audit

B.

Internal controls

C.

Board review

D.

Risk management

Question 4

This is for people 65 years or older with disabilities or people with End Stage Renal Disease.

Options:

A.

Medicare

B.

Medicaid

Question 5

Reviews and verifies medical staff application data.

Options:

A.

Ethics Committee

B.

Joint Conference

C.

Credentials

Question 6

Employers often advocate on behalf of their employees in benefit disputes and appeals, answer QUESTION NO:s with regard to the health plan, and generally help them navigate their health benefits. Is this type of assistance allowed under the regulation?

Options:

A.

The final rule does nothing to hinder or prohibit plan sponsors from advocating on behalf of group health plan participants or providing assistance in understanding their health plans.

B.

The final rule prohibits plan sponsors from advocating on behalf of group health plan participants or providing assistance in understanding their health plans

C.

The final rule does hinder but does not prohibit plan sponsors from advocating on behalf of group health plan participants or providing assistance in understanding their health plans

D.

The final rule does no advocating on behalf of group health plan participants or provide assistance in understanding their health plan.

Question 7

This Hospital makes up 60% of hospitals in the United States. It is owned by religious or volunteer groups and is not for profit.

Options:

A.

Teaching

B.

Volunteer

C.

Government

Question 8

Which of the following statements is NOT correct?

Options:

A.

Staff should have access to and use only the minimum necessary to perform their duties

B.

Other laws and regulations never take precedence or preempt HIPAA

C.

PHI includes a long list of individually identifiable data

Question 9

__________________ is responsible for hospital organization, management, control and operation and for appointing medical staff.

Options:

A.

Administration

B.

Board of Trustees

C.

Medical Staff

Question 10

HIPAA guidelines say employers that sponsor employee group health plans must maintain privacy of which __________________ in secured locations, if kept in the office?

Options:

A.

Information related to lawsuits again employers

B.

Enrollment and claim information

C.

Workman's Compensation claims

D.

Deidentified information

Question 11

Which is not an underlying assumption of a theoretical model of costs and health outcomes?

Options:

A.

The relevant outcome is the overall health of a population rather than of an individual.

B.

It is possible to quantify health at a population level.

C.

It is necessary to focus on health outcomes, those aspects of health status directly under the influence of health care.

D.

It is impossible to reduce cost without also reducing health outcomes.

Question 12

The malpractice liability system negatively impacts quality of care because.

Options:

A.

The fear and stress of malpractice litigation creates an "I didn't do it" response from the physician, rather than working on improvement

B.

The system is economically wasteful and takes dollars away from improving care

C.

It wreaks unnecessary stress on often innocent and talented physicians

D.

All of the above

Question 13

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Options:

A.

Application

B.

Storage

C.

Power

D.

Network

Question 14

Are there penalties under HIPPA?

Options:

A.

No penalties

B.

HIPPA calls for severe civil and criminal penalties for noncompliance, including: -- fines up to $25k for multiple violations of the same standard in a calendar year -- fines up to $250k and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information.

C.

HIPPA calls for severe civil and criminal penalties for noncompliance, includes: -- fines up to 50k for multiple violations of the same standard in a calendar year -- fines up to $500k and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information

D.

HIPPA calls for severe civil and criminal penalties for noncompliance, including: -- fines up to $100 for multiple violations of the same standard in a calendar year -- fines up to $750k and/or imprisonment up to 20 years for knowing misuse of individually identifiable health information

Question 15

Patient cost sharing (deductibles and copayments) reduces the rate of ambulatory care use, especially among the.

Options:

A.

Uninsured

B.

Critically ill

C.

Poor

D.

All of the above

Question 16

Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider’s customers?

Options:

A.

Security

B.

Privacy

C.

Access

D.

Availability

Question 17

The HIPPA task force must inventory the organization's systems, processes, policies, procedures and data to determine which elements are critical to patient care and central to the organizations business. All must be inventoried and listed by

Options:

A.

by priority as well as encryption levels, authenticity, storage-devices, availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused and carefully document all the criteria used.

B.

by priority and cost as well as availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused and carefully document all the criteria used.

C.

by priority as well availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused but need not document all the criteria used.

D.

by priority as well as availability, reliability, access and use. The person responsible for criticality analysis must remain mission-focused and carefully document all the criteria used.

Question 18

Which central agency manages the health care delivery system in the United States?

Options:

A.

Centers for Disease Control and Prevention

B.

Department of Health and Human Services

C.

Department of Commerce

D.

NONE

Question 19

Which is not a "painless" cost control strategy?

Options:

A.

Reduction of administrative waste

B.

Use of cost-effective analysis to limit care

C.

Elimination of inappropriate care

D.

Elimination of ineffective care

Question 20

The confidentiality of alcohol and drug abuse patient records maintained by this program is protected by federal law and regulations. Generally, the program may not say to a person outside the program that a patient attends the program, or disclose any information identifying a patient as an alcohol or drug abuser even if:

Options:

A.

The person outside the program gives a written request for the information

B.

the patient consent in writing

C.

the disclosure is allowed by a court order

D.

the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.

Question 21

Each state has the same laws, rules, and/or regulations governing confidentiality of health care information.

Options:

A.

True

B.

False

Question 22

What mandates all privacy in hospital administration?

Options:

A.

HIPPA

B.

JCAH

C.

Medicare

Question 23

Supplier-induced demand is created by:

Options:

A.

Patients

B.

Providers

C.

Health insurance companies

D.

The government

Question 24

A Governing board is also known as the___________.

Options:

A.

Medical Staff

B.

Administration

C.

Board of Trustees

Question 25

This type of hospital is privately owned.

Options:

A.

For Profit

B.

Not for Profit

Question 26

What is impact of the HITECH Act in relation to HIPAA requirements and maintaining client records electronically?

Options:

A.

There is a push toward paper records to prevent the hacking and electronic violation of electronic records, which is easily done without detection

B.

Providers must now maintain client records electronically, but may continue to provide clients a paper copy when access is requested

C.

There is no requirement to maintain client records electronically, but clients have the right to insist on electronic access to an electronic health record, if it exists

D.

Electronic records now face intensified scrutiny, requiring practitioners to implement more sophisticated software and detailed accounting of records

Your answer: Electronic records now face intensified scrutiny, requiring practitioners to implement more sophisticated software and detailed accounting of records

Question 27

The titles of CEO, CFO, CIO and COO can be found here.

Options:

A.

Board of Trustees

B.

Medical Staff

C.

Administration

Question 28

In its historical context, which of the following has played a major role in revolutionizing health care delivery?

Options:

A.

Beliefs and values

B.

Science and technology

C.

Medical education

D.

Economic growth

Question 29

When providers deliver unnecessary services with the objective of protection themselves against lawsuits, this practice is called

Options:

A.

defensive medicine

B.

supplier-induced demand

C.

primary protection

D.

legal risk

Question 30

The dramatic increase in the number of physicians since the 1970s is largely due to.

Options:

A.

The decrease in strenuous licensing requirements

B.

The shortage of Physician Assistants

C.

The increase of non-primary care specialists

D.

None of the above

Question 31

Which of the following is the BEST reason for the use of security metrics?

Options:

A.

They ensure that the organization meets its security objectives.

B.

They provide an appropriate framework for Information Technology (IT) governance.

C.

They speed up the process of quantitative risk assessment.

D.

They quantify the effectiveness of security processes.

Question 32

The primary objectives of a healthcare system include all of the following except:

Options:

A.

Enabling all citizens to receive healthcare services

B.

Delivering healthcare services that are cost-effective

C.

Delivering healthcare services using the most current technology, regardless of cost

D.

Delivering healthcare services that meet established standards of quality

Question 33

He used a microscope to study organisms and also discovered bacteria.

Options:

A.

Koch

B.

Leeuwenhoek

C.

Flemming

D.

Aselli

Question 34

Access to health care is measured by.

Options:

A.

The type of insurance a person has.

B.

The number of times a person uses health care services.

C.

The quality of health care services a person has.

D.

The number of physicians available to a person.

Question 35

Results of tests/procedures can be made available to the clients family if the client is unable to communicate well.

Options:

A.

True

B.

False

Question 36

Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?

Options:

A.

Cloud directory

B.

Directory synchronization

C.

Assurance framework

D.

Lightweight Directory Access Protocol (LDAP)

Question 37

Which of the following is NOT a best practice for privacy and security?

Options:

A.

Keeping fax machines in areas that are not generally accessible

B.

Keeping consumer records and other documents containing PHI out of sight

C.

Documents containing PHI do not need to be shredded

D.

Keeping medical records rooms locked/secured

Question 38

The BEST method to mitigate the risk of a dictionary attack on a system is to

Options:

A.

use a hardware token.

B.

use complex passphrases.

C.

implement password history.

D.

encrypt the access control list (ACL).

Question 39

What time period was the Cannon of Medicine in?

Options:

A.

Ancient

B.

Modern

C.

Medieval

D.

Prehistoric

Question 40

A gap analysis for the Transactions set does not refer to

Options:

A.

the practice of identifying the data content you currently have available through your medical software

B.

the practice of and comparing that content to what is required by HIPPA, and ensuring there is a match.

C.

and requires that you study the specific format of a regulated transaction to ensure that the order of the information when sent electronically matches the order that is mandated in the Implementation Guides.

D.

but does not require that you study the specific format of a regulated transaction to ensure that the order of information when sent electronically matches the order that is mandated in the Implementation Guides.

Question 41

The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health information (PHI) data leak?

Options:

A.

Auditing

B.

Anonymization

C.

Privacy monitoring

D.

Data retention

Question 42

Copies of patient information may be disposed of in any garbage can in the facility.

Options:

A.

True

B.

False

Question 43

Is a voluntary process that a health care facility or organization undergoes to demonstrate that is has met standards.

Options:

A.

Joint Commission

B.

Regulations

C.

Accreditation

Question 44

Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?

Options:

A.

Read-through

B.

Parallel

C.

Full interruption

D.

Simulation

Question 45

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

Options:

A.

Document the system as high risk

B.

Perform a vulnerability assessment

C.

Perform a quantitative threat assessment

D.

Notate the information and move on

Page: 1 / 31
Total 305 questions