Test Your Knowledge About HIPAA Security And Privacy Rule! Trivia Quiz
Test Your Knowledge about HIPAA Security and Privacy Rule by taking this trivia quiz. The act was put in place to protect a patient’s information and records no matter what position one holds in at the hospital. Take up this quiz and get to see if you understand all the requirements of the ACT and what it means to those in the health sector.
- 1.Latent or “silent errors” in HIT are those that:
- A.
A. Obvious to designers of Health IT
- B.
B. Related to a mismatch of the function of the HIT and what the user really does with it
- C.
C. Are discovered most often after the system is installed and being used
- D.
D. Are discovered most often during the programming phase as the HIT is being built
- E.
E. B & D
- F.
F. B & C
- 2.How could HIT help to “unstick” those who are stuck in thinking?
- A.
A. Offer (but do not force) an alternative, but equally effective and less expensive medication when a clinician orders a drug.
- B.
B. Provide a link to the institution’s practice guidelines
- C.
C. Offer a “tip” or a “shortcut” on log in – such as “would you like to see how to use the system to quickly discharge a patient today?”
- D.
D. All of the above
- 3.In the assigned reading by Ash, Berg, & Coeira (2004) when a “U.K. hospital supplanted the telephoning of results by laboratory staff with installation of a results-reporting system in an emergency department and on the medical admissions ward, the results were devastating: ‘‘The results from 1,443/3,228 (45%) of urgent requests from accident and emergency and 529/ 1836 (29%) from the admissions ward were never accessed via the ward terminal. . . . In up to 43/1,443 (3%) of the accident and emergency test results that were never looked at, the findings might have led to an immediate change in patient management.” Why did this happen?
- A.
A. The doctors were not skilled enough to use the computer
- B.
B. The providers believed that they had sufficient levels of expertise to not bother with the lab results
- C.
C. The nurses did it for them
- D.
D. The designers of the system did not understand the normal workflow and did not sufficiently plan for the change that doctors had to retrieve their own results from the system
- 4.A computer, used in healthcare can
- A.
A. Result in undue trust and belief in what the computer suggests or displays
- B.
B. Replace or augment human decision-making
- C.
C. Augment decision-making by the human but never replace it
- D.
D. A & B
- E.
E. C & A
- 5.Which of the following is an advantage of electronic health records compared to paper records?
- A.
A. Electronic records can be transported over networks as long as encryption is not used during transport.
- B.
B. With electronic records, it is not necessary to prepare for potential disasters, such as fires and natural catastrophes, which affect paper records.
- C.
C. Electronic records allow for fine-tuned control of access permissions, potentially putting patients in control of their health information.
- 6.Which of the following terms describes the practices a provider employs to protect patients’ privacy rights?
- A.
A. privacy
- B.
B. confidentiality
- C.
C. security
- D.
D. integrity
- 7.Which of the following terms refers to the specific safeguards or controls that are put in place to ensure the confidentiality of patient data?
- A.
A. privacy
- B.
B. confidentiality
- C.
C. security
- D.
D. Integrity
- 8.Which of the following security management system standards is specific to the health care sector?
- A.
A. HIPAA Security Rule
- B.
B. ISO 27001
- C.
C. NIST 800-53
- D.
D. PCI DSS
- 9.EPHI is a common acronym in health care, which stands for:
- A.
A. Employer protected health inquiry
- B.
B. Employer processed health information
- C.
C. Electronic processed health information
- D.
D. Electronic protected health information
- 10.Which of the following is NOT typically used to categorize types of security safeguards?
- A.
A. Administrative safeguards
- B.
B. Complacent safeguards
- C.
C. Physical safeguards
- D.
D. Technical safeguards
- 11.Which of the following is NOT part of the Security Management Process?
- A.
A. Risk analysis
- B.
B. Risk management
- C.
C. Risk prevention
- D.
D. System activity review
- 12.Which of the following is an example of a workstation as defined in the HIPAA Security Rule?
- A.
A. Desktop computer
- B.
B. Laptop
- C.
C. USB drive
- D.
D. All of the above
- 13.Before sending unneeded computer equipment containing EPHI away for surplus or resale, you should:
- A.
A. Delete files containing EPHI from the computer simply using the delete function of the operating system.
- B.
B. Change the passwords of all users accessing the system, preventing access to all EPHI.
- C.
C. Either remove the hard drives from the computer equipment for destruction, or perform a secure deletion of all data using special methods that ensures data on magnetic media is completely unreadable.
- D.
D. Make sure that whoever acquires the computer equipment agrees not to hold you liable for any EPHI contained on the equipment.
- 14.Which of the following is an example of two-factor authentication?
- A.
A. Requiring a user to provide a password along with a smart card to access an EHR.
- B.
B. A physician having access to more patient information in an EHR than an administrative user.
- C.
C. Enforcing complexity requirements when changing a password.
- D.
D. Biometric authentication.
- 15.A small single provider health care clinic is more likely to implement a custom-built HIT system than to acquire an off-the-shelf product to meet a particular health care need.
- A.
True
- B.
False
- 16.1.Name the four general processes that make up the software development lifecycle. Answers: Planning and Analysis, Design, Implementation, Support/Evaluation
- A.
True
- B.
False
- 17.3. Which of the following activities highlighted in this unit is likely to be a part of 2 or more phases of the systems development process?
- A.
A. Strategic Planning
- B.
B. User Needs Analysis
- C.
C. Training
- 18.4.Why is it important to have a vision for how a proposed HIT system will impact and be used within a health care organization? Answer: A vision for an HIT system should support the goals and mission of the organization, ensuring that the HIT system implementation helps the organization achieve its goals. The vision also feeds the analysis of HIT systems and determination of required features, ensuring that the needs of the organization, rather than the features of proposed solutions, drives the choice and implementation of a solution.
- A.
True
- B.
False
- 19.5What is another term used to describe “business process modeling?” Answer: user needs analysis
- A.
True
- B.
False
- 20.Which of the following is NOT part of business process analysis?
- A.
A .Observation of current workflow
- B.
B .Implementation of software to solve a workflow challenge
- C.
C .Interviewing employees involved in a business process
- D.
D. Sharing analysis with those interviewed
- 21.List three (3) potential improvements to health care that a HIT system implementation could generally be expected to enable, over existing paper-based processes. Possible answers: a. Simplify existing workflows (improving efficiency) b. Improving the accessibility of health care information to patients c. Improving the safety of cared. Enabling improved documentation, and more comprehensive documentation of care e. Allow for the delegation of tasks to make the most efficient use of provider and staff time.
- A.
True
- B.
False
- 22.Why is it important to include a “practice” version of a new HIT system during the implementation phase? Answer: A “practice” version of the system can be used as part of the training plan for the organization, allowing for a safe environment for staff of the organization to learn how to use the new system without negatively impacting the functioning of the production system.
- A.
True
- B.
False
- 23.Which is NOT an important step in creating a testing strategy?
- A.
A. Identify testing environment.
- B.
B. Create test scenarios and scripts.
- C.
C. Identify participants.
- D.
D. Identify required equipment.
- 24.The procedure for sign-off for testing activities identifies the person who will manage defects in the project
- A.
True
- B.
False
- 25.End user testing is best suited for less-experienced staff and should represent a cross-section of the end-user environment.
- A.
True
- B.
False
Questions: 17 | Attempts: 29448 | Last updated: Jun 22, 2021
-
Sample QuestionWhat kind of personally identifiable health information is protected by HIPAA privacy rule?
Questions: 10 | Attempts: 6931 | Last updated: Jun 6, 2017
-
Sample QuestionWhat is PHI?
Questions: 10 | Attempts: 4401 | Last updated: Feb 22, 2021
-
Sample QuestionProtected health information is also known as the "Privacy rule of health insurance portability and accountability act of 1996".
Back to top