Question

CHAPTER REVIEW (Continued) 4. HIPAA security standards whereby the CE can determine if the standard is reasonable and is known as a. Addressable b. Optional d. Voluntary Administrative safeguards include which of the following? a. Emergency access procedure b. Mechanism to authenticate ePHI c. Security awareness and training d. Audit controls 5. 6. Access controls are classified as something you know, something you have, and something you a. Are b. Choose c. Design d. Develop 7. A username and password is an example of a b. Two-factor authentication C. Call back d. Single sign-on 8. One of the nurses in the quality management department has decided to work a few shifts on the nursing units in order to earn some extra money. When she logs in with her normal sign-in, she has certain functionality; when she logs in differently to work on the nursing unit, she has different functionality. This is known as a. Role-based authentication b. User-based authentication c. Context-based authentication d. Emergency access procedure 9.Identify the true statement about audit logs. a. Audit logs should be stored on a different server than the ePHI. b. Audit logs only capture actions that are outside the norm. c. Audit logs monitor only user actions. d. Audit logs should be available to a wide range of employees to facilitate audits. 10. Firewalls are part of a. Physical security b. Network security c. Administrative safeguards d. Encryption

Answer 1

4a To be in compliance with the rule, the CE must implement the specification as written, implement an alternative or document that the risk does not exist in the organization or exists with little probability of occurrence.

5c

Administrative safeguard include

• Security Management process.
• Assigned security responsibility
• Workforce security
• Information Access Management
• Security Awareness training
• Security incident reporting
• Contigency plan
• Evaluation
• Business Associate Contracts and other arrangements. 6

6a

3types of authentication factors are

Type1_something you know

Type 2 -something you have

Type 3-Something you are.

7b

Two factor authentication is a type of multi-factor authentication and is a method of confirming a users claimed identity by utilizing something they know which is the password and a second factor