Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
111 Cards in this Set
- Front
- Back
|
The Fair and Accurate Credit Transactions Act works to reduce - security breaches - privacy breaches - identity theft - the number of invalid authorizations |
identity theft |
|
|
The company's policy states that audit logs, access reports, and security incident reports should be reviewed daily. This review is known as - a workforce clearinghouse - an information system activity review - a data criticality analysis - a risk analysis |
an information system activity review |
|
|
I have been asked if I want to be in the directory. The admission clerk explains that if I am in the directory, - my friends and family can find out my room number - my condition can be released to hospital staff only - my condition can be discussed with any caller in detail - my condition can be released to the news media |
my friends and family can find out my room number |
|
|
You are a nurse who works on 3West during the day shift. One day, you had to work the night shift because they were shorthanded. However, you were unable to access the EHR. What type of access control(s) are being used? - role-based - user-based - context-based - either user- or role-based |
context-based |
|
|
Kyle, the HIM Director, has received a request to amend a patient's health record. The appropriate action for him to take is - return the notice to the patient because amendments are not allowed - route the request to the physician who wrote the note in question to determine appropriateness of the amendment - make the modification because you have received the request - file the request in the chart to document the disagreement with the information contained in the medical record. |
route the request to the physician who wrote the note in question to determine appropriateness of the amendment - the person who recorded the documentation in question should be the one who authorizes the change. While these references may not explicitly state this, it does state that the form should have a place for the provider's signature and comments |
|
|
Ms. Thomas was a patient at your facility. She has been told that there are some records that she cannot have access to. These records are most likely - mental health assessment - alcohol and drug records - AIDS records - psychotherapy notes |
psychotherapy notes |
|
|
Mary processed a request for information and mailed it out last week. Today, the requestor, an attorney, called and said that all of the requested information was not provided. Mary pulls the documentation, including the authorization and what was sent. She believes that she sent everything that was required based on what was requested. She confirms this with her supervisor. The requestor still believes that some extra documentation is required. Given the above information, which of the following statements is true? - Mary is required to release the extra documentation because the requester knows what is needed - Mary is not required to release the additional information because her administrator agrees with her - Mary is required to release the extra documentation because, in the customer service program for the facility, the customer is always right - Mary is not required to release the extra documentation because the facility has the right to interpret a request and apply the minimum standard rule |
Mary is not required to release the extra documentation because the facility has the right to interpret a request and apply the minimum standard rule |
|
|
The patient has the right to control access to his or her health information. This is known as - confidentiality - security - disclosure - privacy |
privacy |
|
|
You have been asked to given an example of secure information. Which of the following will you give as your answer? - data that is encrypted which makes it unreadable - data that require biometrics to access - data that require a password to access - data in a loce |
data that is encrypted which makes it unreadable |
|
|
Which of the following is an example of a trigger that might be used to reduce auditing? - the patient is a Medicare patient - a nurse is caring for a patient and reviews the patient's record - a patient has not signed their notice of privacy practices - a patient and user have the same last name |
a patient and user have the same last name |
|
|
The patient has requested an amendment to her heath record. The facility, after review with the physician, has decided to deny the request. According to HIPAA, the patient must be notified within how many days? - 90 - 30 - 60 - 45 |
60 |
|
|
You are reviewing your privacy and security policies, procedures, training program, and so on, and comparing them to the HIPAA and ARRA regulations. You are conducting a - policy assessment - compliance audit - risk assessment - risk management |
risk assessment |
|
|
Which of the following is allowed by HIPAA? - permitting a spouse to pick up medication for the patient - letting a business associate use PHI in whatever manner they see fit - releasing patient information to the patient's attorney without an authorization - mandating that a health care facility can amend the health record of a patient at the patient's request |
permitting a spouse to pick up medication for the patient |
|
|
John is allowed to delete patients in the EHR. Florence is not. They both have the same role in the organization. What is different? - their authentication - their authorization - their understanding of the system - their permissions |
their permissions |
|
|
Which of the following should the record destruction program include? - the name of the supervisor of the person destroying the records - citing the laws followed - requirement of daily destruction - the method of destruction |
the method of destruction |
|
|
Which of the following situations violate a patient's privacy? - the hospital provides names and addresses to a pharmaceutical company to be used in a mass mailing of free drug samples - the physicians of the quality improvement committee reviews medical records for potential quality problems - the hospital sends patients who are scheduled for deliveries information on free childbirth classes - the hospital uses aggregate data to determine whether or not to add a new operating room suite |
the hospital provides patient names and addresses to a pharmaceutical company to be used in a mass mailing of free drug samples - the release of childbirth information is acceptable because it is related to the reason for admission - the mass mailing of samples violates giving out confidential information to outside agencies |
|
|
The patient has the right to agree or object in which of the following situations? - disclosing information to patient's attorney - disclosing information to minister - disclosing information to family member who is not directly involved in the care - disclosing information to family member who is directly involved in care |
disclosing information to family member who is directly involved in care |
|
|
Robert Burchfield was recently caught accessing his wife's health record. The system automatically notified the staff of a potential breach due to the same last name for the user and the patient. This was an example of a - transmission security - telephone callback procedures - biometrics - trigger |
trigger |
|
|
The HIM director received an e-mail from the technology support services department about her e-mail being full and asking for her password. The director contacted tech support and it was confirmed that their department did not send this e-mail. This is an example of what type of malware? - virus - denial of service - spyware - phishing |
phishing |
|
|
Your organization is sending confidential patient information across the Internet using technology that will transform the original data into unintelligible code that can be re-created by authorized users. This technique is called - a firewall - data encryption - validity processing - a call-back process |
data encryption |
|
|
Which of the following statements is true about the Privacy Act of 1974? - it applies to the federal government - it applies to all organizations that maintain health care data in any form - it applies to all healthcare organizations - it applies to federal government except for the Veterans Health Administration |
it applies to the federal government |
|
|
Researchers can access patient information if it is - a limited data set - related to identity theft - patient specific - protected health information |
a limited data set |
|
|
John is a 45-year-old male who is mentally retarded. Who can authorize release of his health record? - John - legal guardian - executive of his will - John's sister |
legal guardian |
|
|
The information systems department was performing their routine destruction of data that they do every year. Unfortunately, they accidently deleted a record that is involved in a medical malpractice case. This unintentional destruction of evidence is called - forensics - mitigation - a security event - spoliation |
spoliation |
|
|
spoliation |
the action of ruining or destroying something; unintentional destruction of evidence |
|
|
Critique this statement: Security training must be face to face - training may through face to face meeting or through newsletters only - training can use many different methods - face to face is required for new employees - this is a true statement |
training can use many different methods |
|
|
Your department was unable to provide a patient with a copy of his record within the 30-day limitation. What should you do? - call the patient and apologize - write the patient and tell him that you will need a 30-day extension - write and call the patient to tell him you need a 30-day extension - call the patient and let him know that you will need a 30-day extension |
write the patient and tell him that you will need a 30-day extension |
|
|
Which of the following can be released without consent or authorization? - summary of patient care for the latest discharge - personal health information - protected health information - de-identified health information |
de-identified information |
|
|
When logging into a system, you are instructed to enter a string of characters. These characters appear distorted onscreen, however. What kind of access control is this? - two-factor authentication - token - biometrics - CAPTCHA |
CAPTCHA |
|
|
CAPTCHA |
a kind of access control; when logging into a system, you are instructed to enter a string of characters that appear distorted onscreen which a human will be able to determine but a bot will not |
|
|
If an authorization is missing a Social Security number, can it be valid? - yes - only if the patient is a minor - only if the patient is an adult - no |
yes |
|
|
Mountain Hospital has discovered a security breach. Someone hacked into the system and viewed 50 medical records. According to ARRA, what is the responsibility of the covered entity in a reasonable time not to exceed 60 days? - ARRA does not address this issue - notify CMS - notify FTC - notify the patient |
notify the patient |
|
|
In case your system crashes, your facility has defined the policies and procedures necessary to keep your business going. This is known as: - data backup - data recovery - business continuity plan - core operations |
business continuity plan |
|
|
business continuity plan |
defined policies and procedures for your facility necessary to keep your business going in case your system crashes |
|
|
Which statement is true about when a family member can be provided with PHI? - the patient's mother can always receive PHI on her child - the family member is a health care professional - the family member lives out of town and cannot come to the facility to check on the patient - the family member is directly involved in the patient's care |
the family member is directly involved in the patient's care |
|
|
The surgeon comes out to speak to a patient's family. He tells them that the patient came through the surgery fine. The mass was benign and they could see the patient in an hour. He talks low so that the other people in the waiting room will not hear but someone walked by and heard. This is called a(n) - privacy breach - privacy incident - violation of policy - incidental disclosure |
incidental disclosure |
|
|
You have been given some information that includes the patient's account number. Which statement is true? - these data are individually identified data - this is de-identified information because the patient's name and social security are not included in the data - these data are a limited data set - this is not de-identified information, because it is possible to identify the patient |
this is not de-identified information, because it is possible to identify the patient |
|
|
You have been given the responsibility of destroying the PHI contained in the system's old server before it is trashed. What destruction method do you recommend? - crushing - degaussing - incineration - overwriting data |
degaussing |
|
|
degaussing |
the process of reducing or eliminating an unwanted magnetic field (or data) stored on tape and disk media such as computer and laptop hard drives, diskettes, reels, cassettes, and cartridge tapes |
|
|
Which of the following is an example of an administrative safeguard? - access control - physical security of hardware - training - firewall |
training |
|
|
The police came to the HIM Department today and asked that a patient's right to an accounting of disclosure be suspended for two months. What is the proper response to this request? - "I'm sorry officer, but privacy regulations do not allow us to do this." - "Certainly officer. We will take care of that right now." - "I'm sorry officer but we can only do this for one month." - "Certainly officer. We will be glad to do that as soon as we have the request in writing." |
"Certainly officer. We will be glad to do that as soon as we have the request in writing." |
|
|
Barbara, a nurse, has been flagged for review because she logged in to the EHR in the evening when she usually works the day shift. Why should this conduct be reviewed? - this needs to be investigated before a decision is made because there may be a legitimate reason why she logged in at this time - this is not a violation since Barbara, as a nurse, has full access to data in the EHR - this is a privacy violation - no action is required |
this needs to be investigated before a decision is made because there may be a legitimate reason why she logged in at this time |
|
|
A patient signed an authorization to release information to a physician but decided not to go see that physician. Can he stop the release? - yes, as long as it has not been released already - no, once the release is signed, it cannot be reversed - yes, in all circumstances - yes, as long as the physician agrees |
yes, as long as it has not been released already |
|
|
The computer system containing the electronic health record was located in a room that was flooded. As a result, the system is inoperable. Which of the following would be implemented? - business continuity processes - information systems strategic planning - request for proposal - SWOT anlaysis |
business continuity processes
- in some facilities, it is referred to as emergency mode operation rather than business continuity planning |
|
|
The administrator states that he should not have to participate in privacy and security training as he does not use PHI. How should you respond? - "I will record that in my files so that we will not bother you again on this issue." - "Did you read the privacy rules?" - "All employees are required to participate in the training, including top administration." - "You are correct. There is no reason for you to participate in the training." |
All employees are required to participate in the training, including top administration." |
|
|
Which of the following is an example of two-factor authentication? - fingerprint and retinal scan - username and password - token and smart card - password and token |
password and token |
|
|
two-factor authentication |
an extra layer of security that requires not only a password and username but also something that the user has on them (such as a token)
|
|
|
You are defining the designated record set for South Beach Healthcare Center. Which of the following would be included? - information compiled for use in civil hearing - psychotherapy notes - quality reports - discharge summary |
discharge summary |
|
|
The physician office has set the information systems so that they will log out after 5 minutes of inactivity. This is an example of which of the following? - administrative requirements - physical safeguard - cryptography - access safeguard |
physical safeguard |
|
|
A home health care agency employee has contacted the Center for Medicare and Medicaid Services to report health care fraud. Patient information is provided in the report. Which of the following is true? - CMS can never access patient information - the disclosure is not a violation of HIPAA if the information was provided in good faith - this is a violation of the patient rights and the employee should be charged with a HIPAA violation - the disclosure is not a violation of HIPAA even if the employee made up the charges |
The disclosure is not a violation of HIPAA if the information was provided in good faith |
|
|
Which of the following examples is an exception to the definition of a breach? - information was erroneously sent to another healthcare facility - information was loaded on the internet inappropriately - the wrong patient information was sent to the patient's attorney - a coder accidentally sends PHI to a billing clerk in the same facility |
a coder accidentally sends PHI to a billing clerk in the same facility |
|
|
Which of the following documents is subject to the HIPAA security rule? - document faxed to the facility - copy of discharge summary - scanned operative report stored on CD - paper medical record |
scanned operative report stored on CD |
|
|
An effective monitoring program contains which of the following? - log-ins to be reviewed - outlining how employees suspected of a breach will be confronted - training employees on what a breach is and the importance of security of ePHI - installation of software that will monitor for and remove malware from any system that contains ePHI |
outlining how employees suspected of a breach will be confronted |
|
|
The data on a hard drive were erased by a corrupt file that had been attached to an e-mail message. Which of the following can be used to prevent this? - virus checker - acceptance testing - encryption - messaging standards |
virus checker |
|
|
As chief privacy officer, you have been asked why you are conducting a risk assessment. Which reason would you give? - to change organizational culture - to learn about the organization - to get rid of problem staff - to prevent breach of confidentiality |
to prevent breach of confidentiality |
|
|
The information system has just notified you that someone has attempted to access the system inappropriately. This process is known as - integrity - intrusion protocol - cryptography - intrusion detection |
intrusion detection |
|
|
You work for a 60-bed hospital in a rural community. You are conducting research on what you need to do to comply with HIPAA. You are afraid that you will have to implement all of the steps that your friend at a 900-bed teaching hospital is implementing at his facility. You continue reading and learn that you only have to implement what is prudent and reasonable for your facility. This is called - access control - risk assessment - scalable - technology neutral |
scalable |
|
|
The patient calls and has a telephone consultation. Which of the following is true about notice of privacy practices? - telephone encounters are exempt from the requirement for providing the patient a notice of privacy practices - telephone encounters are not allowed since the patient cannot be handed a notice of privacy practices - the patient must come in within 72 hours to sign the document - the notice of privacy practices can be mailed to the patient |
the notice of privacy practices can be mailed to the patient - the Notice of Privacy must be written in plain English so that it can be understood |
|
|
HIPAA allows health care providers to charge patients reasonable cost-based charges. Which of the following is allowed when determining the charge? - chart retrieval fees - preparing a summary - utilities - insurance for the facility |
preparing a summary - non-patients can be charged a retrieval fee but not the patient |
|
|
HIPAA states that release to a coroner is allowed. State law says that the coroner must provide a subpoena. Which of the following is a correct statement? - you must request a ruling from a judge - follow the HIPAA requirement since it is a federal law - you can follow either the state law or the HIPAA rule - follow the state law since it is stricter |
follow the state law since it is stricter |
|
|
The HIPAA security rule impacts which of the following protected health information? - clinical data repository - faxed records - x-ray films stored in radiology - paper medical records |
clinical data repository |
|
|
clinical data repository (CDR) |
a real time database that consolidates data from a variety of clinical sources to present a unified view of a single patient |
|
|
Which security measure utilizes fingerprints or retina scans? - authentication - encryption - audit trail - biometrics |
biometrics |
|
|
Someone accessed the covered entity's electronic health record and sold the information that was accessed. This person is known as which of the following? - a virus - a cracker - a hacker - malware |
a cracker |
|
|
cracker vs hacker |
- a cracker is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security or gain access to software without paying royalties - the general view is that, while hackers build things, crackers break things - cracker is the name given to hackers who break into computers for criminal gain; whereas, hackers can also be internet security experts hired to find vulnerabilities in systems |
|
|
In conducting an environmental risk assessment, which of the following would be considered in the assessment? - use of single sign-on technology - placement of water pipes in the facility - verifying that virus checking software is in place - authentication |
placement of water pipes in the facility |
|
|
To which of the following requesters can a facility release information about a patient without that patient’s authorization? - a court with a court order - a business associate - the nurse caring for the patient - the public health department |
a court with a court order |
|
|
A physician office has requested PHI for continued care. The release of information clerk wants to limit the information provided because of the minimum necessary rule. What should the supervisor tell the clerk? - patient care is an exception to the minimum necessary rule, so process the request as written - good call, that is exactly what you should have done - the minimum necessary rule only applies to attorneys - the minimum necessary rule was eliminated with ARRA |
patient care is an exception to the minimum necessary rule, so process the request as written |
|
|
Critique this statement: A business associate has the right to use a health care facility's information beyond the scope of their agreement with the health care facility. - This is a true statement because business associates can use the information for their main source of business as long as the patient's privacy is protected. - This is a true statement as long as they have patient consent. - This is a false statement because it is prohibited by the HIPAA privacy rule. - This is a false statement because the HIPAA privacy rule states that to use it in their own business they must have the health care facility's approval. |
This is a false statement because it is prohibited by the HIPAA privacy rule |
|
|
Before an employee can be given access to the EHR, someone has to determine what the employee is allowed to have access to. What is this known as? - authorization - health care clearinghouse - workforce clearance procedure - authentication |
workforce clearance procedure |
|
|
Which of the following situations would require authorization before disclosing PHI? - workers' compensation - public health activities - releasing information to the Bureau of Disability Determination - health oversight activity |
releasing information to the Bureau of Disability Determination |
|
|
A hacker recently accessed our database. We are trying to determine how the hacker got through the firewall and exactly what was accessed. The process used to gather this evidence is called - security event - forensics - mitigation - incident |
forensics |
|
|
Which of the following is the term used to identify who made an entry into a health record? - access control - authorship - accessibility - authentication |
authorship |
|
|
The three components of a data security program are protecting the privacy of data, ensuring the integrity of data, and ensuring the ________ - availability of data - security of hardware - validity of data - security of data |
availability of data |
|
|
The supervisors have decided to give nursing staff access to the EHR. They can add notes, view, and print. This is an example of what? - spoliation - an information system activity review - the termination process - a workforce clearance procedure |
a workforce clearance procedure |
|
|
Breach notification is required unless: - the organization does not take Medicare patients - the hacker made an electronic download of the data - the organization is a covered entity - the probability of PHI being compromised is low |
the probability of PHI being compromised is low |
|
|
You have to decide which type of firewall you want to use in your facility. Which of the following is one of your options? - packet filter - secure socket layer - denial of service - CCOW |
secure socket layer |
|
|
The purpose of the notice of privacy practices is to - notify researchers of allowable data use - notify the patient of uses of PHI - report incidents to the OIG - notify the patient of audits |
notify the patient of uses of PHI |
|
|
Miles has asked you to explain the rights he has via HIPAA privacy standards. Which of the following is one of his HIPAA-given rights? - he can discuss financial arrangements with business office staff - he can ask to be contacted at an alternative site - he can ask a patient advocate to sit in on all appointments at the facility - he can review his bill |
he can ask to be contacted at an alternative site |
|
|
In a recent review, it was determined that the EHR is essential to the operations of the home health agency. What type of review is this? - risk assessment - risk analysis - emergency mode operation plan - criticality analysis |
criticality analysis |
|
|
Which of the following would be a business associate? - security guards - childbirth class instructor - bulk food service provider - release of information company |
release of information company |
|
|
Protected health information includes - individually identifiable health information in any format stored by a health care provider or business associate - individually identifiable health information in any format stored by a health care provider - only paper individually identifiable health information - only electronic individually identifiable health information |
individually identifiable health information in any format stored by a health care provider or business associate |
|
|
Nancy has asked the health care facility for a copy of her grandmother’s health record. Her grandmother died 20 years ago. Nancy is not the executor of the estate, and she does not want to ask her aunt who is for permission. Select the appropriate response to Nancy. - "Since you are a descendant, please sign this release." - "You cannot access your grandmother’s privacy, as she has the right of privacy for 50 years after her death." - "You cannot access your grandmother’s privacy, as she has the right of privacy for 50 years after her death or her 100th birthday." - "You cannot access your grandmother’s health record until she has been deceased for 25 years." |
"You cannot access your grandmother’s privacy, as she has the right of privacy for 50 years after her death." |
|
|
When patients are able to obtain a copy of their health record, this is an example of which of the following? - a required standard - a patient right - a preemption - an addressable requirement |
a patient right |
|
|
A certification agency validates the use of encryption between two organization's websites. How do they validate it? - digital certificate - hypertext markup language - portal - links |
hypertext markup language |
|
|
You have been assigned the responsibility of performing an audit to confirm that all of the workforce's access is appropriate for their role in the organization. This process is called - risk assessment - workforce clearance procedure - information system activity review. - information access management |
workforce clearance procedure |
|
|
mechanism to ensure that PHI has not been altered or destroyed inappropriately has been established. This process is called - audit controls. - access control - integrity - entity authentication |
integrity |
|
|
Which of the following is an example of administrative safeguards under the security rule? - monitoring traffic on the network - encryption - monitoring the computer access activity of the user - assigning unique identifiers |
monitoring the computer access activity of the user |
|
|
The facility had a security breach. The breach was identified on October 10, 2016. The investigation was completed on October 15, 2016. What is the deadline that the notification must be completed? - 30 days from October 10 - 30 days from October 15 - 60 days from October 10 - 60 days from October 15 |
60 days from October 10 |
|
|
The clinic has decided to use mobile technology. Identify the best practice for this technology. - identify who owns the mobile device - allow usage of the mobile device for PHI access only - allow access of PHI by the patient during patient care - make mobile devices available to any employee at the health care facility |
identify who owns the mobile device |
|
|
What type of digital signature uses encryption? - electronic signature - digitized signature - encryption is not a part of digital signatures - digital signature |
digital signature |
|
|
Which of the following disclosures would require patient authorization? - workers' compensation - law enforcement activities - public health activities - release to patient's family |
release to patient's family |
|
|
A covered entity - includes health care providers who perform specified actions electronically - is exempt from the HIPAA privacy and security rules - must utilize business associates - includes all health care providers |
includes health care providers who perform specified actions electronically |
|
|
You are looking for potential problems and violations of the privacy rule. What is this security management process called? - risk management - business continuity planning - risk assessment - risk aversion |
risk assessment |
|
|
Intrusion detection systems analyze - firewalls - network traffic - authentications - audit trails |
network traffic |
|
|
You have been asked to provide examples of technical security measures. Which of the following would you include in your list of examples? - automatic logout - locked doors - minimum necessary - training |
automatic logout |
|
|
Before a user is allowed to access protected health information, the system confirms that this is a valid user. This is known as - authentication - authorization - notification - access control |
authentication |
|
|
Bob submitted his resignation from Coastal Hospital. His last day is today. He should no longer have access to the EHR and other systems as of 5:00 PM today. The removal of his privileges is known as - isolating access - sanction policy - password management - terminating access |
terminating access |
|
|
You work for an organization that publishes a health information management journal and provides clearinghouse services. What must you do? - follow the same rules in all parts of the organization - have the same security plan for the entire organization - train the journal staff on HIPAA security awareness - separate the ePHI from the noncovered entity portion of the organization |
separate the ePHI from the noncovered entity portion of the organization |
|
|
Our website was attacked by malware that overloaded it. What type of malware was this? - virus - spyware - phishing - denial of service |
denial of service |
|
|
The research coordinator viewed 10 patients' records for a research study being conducted. Select the term used for this practice. - use - disclosure - discovery - release |
use |
|
|
As chief privacy officer for Premier Medical Center, you are responsible for which of the following? - writing policies on protecting hardware - developing a plan for reporting privacy complaints - writing policies on encryption standards - writing policies on protecting hardware |
developing a plan for reporting privacy complaints |
|
|
You have to determine how likely a threat will occur. What is this assessment known as? - impact analysis - control analysis - control recommendation - risk determination |
risk determination |
|
|
Which of the following is an example of a security incident? - a handheld device was left unattended on the crash cart in the hall for 10 minutes - temporary employees were not given individual passwords - an employee took home a laptop with unsecured PHI - a hacker accessed PHI from off site |
a hacker accessed PHI from off site |
|
|
An employee in the admission department stole the patient's name, Social Security number, and other information and used it to get a charge card in the patient's name. This is an example of - identity theft - mitigation - release of information - disclosure |
identity theft |
|
|
You have been asked to create a presentation on intentional and unintentional threats. Which of the following should be included in the list of threats you cite? - hard drive failures - a patient's Social Security number being used for credit card applications - data deleted by accident - data loss due to electrical failures |
a patient's Social Security number being used for credit card applications |
|
|
Before we can go any further with our risk analysis, we need to determine what systems/information need to be protected. This step is known as - risk determination - system characterization - vulnerability - control analysis |
system characterization |
|
|
Contingency planning includes which of the following processes? - data quality - systems analysis - hiring practices - disaster planning |
disaster planning |
|
|
To prevent their network from going down, a company has duplicated much of its hardware and cables. This duplication is called - a business continuity plan - redundancy - an emergency mode plan - a contingency plan |
redundancy |
|
|
Which of the following is a true statement about private key encryption? - the digital certificate shows that the keys are encrypted - public encryption uses a private and public key - public key encryption requires both computers to have the same key - the sending computer uses the public key |
public encryption uses a private and public key |
|
|
The physician office you go to has a data integrity issue. What does this mean? - the user's access has not been defined - there has been unauthorized alteration of patient information - someone in the practice has released information inappropriately - a break-in attempt has been identified |
there has been unauthorized alteration of patient information |
