Preview Extract
Chapter 12
Question 1
Which of these is accurate about the Health Insurance Portability and Accountability Act
(HIPAA) Security Rule and the use of technology?
1. Does not specify the use of particular technology
2. Refers to the Joint Commission standards for technology
3. Specifies the utilization of HIPAA approved technology
4. Provides a monthly Web-based list of approved technology
Correct Answer: 1
Rationale 1:
HIPAA does not specify the use of particular technologies. It does call for each organization
to determine threats and take appropriate protective measures based on their specific needs.
Rationale 2:
The correct answer is that HIPAA does not specify the use of particular technologies. It does
call for each organization to determine threats and take appropriate protective measures based
on their specific needs.
Rationale 3:
The correct answer is that HIPAA does not specify the use of particular technologies. It does
call for each organization to determine threats and take appropriate protective measures based
on their specific needs.
Rationale 4:
The correct answer is that HIPAA does not specify the use of particular technologies. It does
call for each organization to determine threats and take appropriate protective measures based
on their specific needs.
Question 2
During the course of client care, the 21-year-old client tells the nurse that she had an abortion
last year but that no one in her family knows. Which of these terms best describes the
situation?
1. Consent
2. Privacy
3. Security
4. Confidentiality
Correct Answer: 4
Rationale 1:
Confidentiality is the term that best describes this situation. Confidentiality refers to a
situation in which a relationship has been established and private information is shared.
Confidentiality is essential for the accurate assessment, diagnosis, and treatment of health
problems. Once a client discloses confidential information, control over its redisclosure lies
with the persons who access it. Most breaches of confidentiality occur as a result of
carelessness and can be avoided by not discussing clients in public areas or with persons who
do not have a "need to know" and through tight control of client records.
Rationale 2:
Confidentiality is the term that best describes this situation. Confidentiality refers to a
situation in which a relationship has been established and private information is shared.
Confidentiality is essential for the accurate assessment, diagnosis, and treatment of health
problems. Once a client discloses confidential information, control over its redisclosure lies
with the persons who access it. Most breaches of confidentiality occur as a result of
carelessness and can be avoided by not discussing clients in public areas or with persons who
do not have a "need to know" and through tight control of client records.
Rationale 3:
Confidentiality is the term that best describes this situation. Confidentiality refers to a
situation in which a relationship has been established and private information is shared.
Confidentiality is essential for the accurate assessment, diagnosis, and treatment of health
problems. Once a client discloses confidential information, control over its redisclosure lies
with the persons who access it. Most breaches of confidentiality occur as a result of
carelessness and can be avoided by not discussing clients in public areas or with persons who
do not have a "need to know" and through tight control of client records.
Rationale 4:
Confidentiality is the term that best describes this situation. Confidentiality refers to a
situation in which a relationship has been established and private information is shared.
Confidentiality is essential for the accurate assessment, diagnosis, and treatment of health
problems. Once a client discloses confidential information, control over its redisclosure lies
with the persons who access it. Most breaches of confidentiality occur as a result of
carelessness and can be avoided by not discussing clients in public areas or with persons who
do not have a "need to know" and through tight control of client records.
Question 3
An overlay occurs when one individual is assigned in the master patient index to another
individual's health record. A health care facility has discovered that an overlay has occurred
resulting in invalid data being stored in key identifying fields. Which of the following
information security areas does this breach affect?
1. Survivability
2. Integrity
3. Availability
4. Inadvertent disclosure
Correct Answer: 2
Rationale 1:
The correct answer is integrity. Integrity is concerned with the accuracy of information while
disclosure is part of confidentiality, whereas availability and survivability address accessing
information in a timely manner.
Rationale 2:
The correct answer is integrity. Integrity is concerned with the accuracy of information while
disclosure is part of confidentiality, whereas availability and survivability address accessing
information in a timely manner.
Rationale 3:
The correct answer is integrity. Integrity is concerned with the accuracy of information while
disclosure is part of confidentiality, whereas availability and survivability address accessing
information in a timely manner.
Rationale 4:
The correct answer is integrity. Integrity is concerned with the accuracy of information while
disclosure is part of confidentiality, whereas availability and survivability address accessing
information in a timely manner.
Question 4
Survivability is the capability of a system as a whole to fulfill its mission, in a timely manner,
in the presence of attacks, failures, or accidents. United States Hospitals (USH) is a large
national hospital corporation with processing centralized at their headquarters. USH is
reviewing their information security plan. Part of their mission is to provide emergency
services to each regional area during catastrophic events. Which of the following indicate that
survivability has been specifically considered in the plan?
1. One hospital in each regional area has multiple sources of communication with USH
central processing.
2. Emergency power generators for all associate hospitals are tested and serviced each week
3. Each night the system at USH central processing is backed up and stored in a remote
location.
4. One hospital in each regional area has an emergency protocol in place for communicating
directly with the Department of Homeland Security.
5. One hospital in each regional area is especially prepared to maintain information system
functionality for the emergency, operating room, lab, and pharmacy units.
Correct Answer: 1,4,5
Rationale 1:
The following address USH's mission in terms of survivability: planning for one hospital in
each regional area to maintain communications with USH headquarters; communicating
directly with the Department of Homeland Security when needed; and maintaining
information system functionality for the emergency, operating room, lab, and pharmacy units.
System backup and emergency power generators are important general security issues but do
not specifically address survivability during a catastrophic event.
Rationale 2:
The following address USH's mission in terms of survivability: planning for one hospital in
each regional area to maintain communications with USH headquarters; communicating
directly with the Department of Homeland Security when needed; and maintaining
information system functionality for the emergency, operating room, lab, and pharmacy units.
System backup and emergency power generators are important general security issues but do
not specifically address survivability during a catastrophic event.
Rationale 3:
The following address USH's mission in terms of survivability: planning for one hospital in
each regional area to maintain communications with USH headquarters; communicating
directly with the Department of Homeland Security when needed; and maintaining
information system functionality for the emergency, operating room, lab, and pharmacy units.
System backup and emergency power generators are important general security issues but do
not specifically address survivability during a catastrophic event.
Rationale 4:
The following address USH's mission in terms of survivability: planning for one hospital in
each regional area to maintain communications with USH headquarters; communicating
directly with the Department of Homeland Security when needed; and maintaining
information system functionality for the emergency, operating room, lab, and pharmacy units.
System backup and emergency power generators are important general security issues but do
not specifically address survivability during a catastrophic event.
Rationale 5:
The following address USH's mission in terms of survivability: planning for one hospital in
each regional area to maintain communications with USH headquarters; communicating
directly with the Department of Homeland Security when needed; and maintaining
information system functionality for the emergency, operating room, lab, and pharmacy units.
System backup and emergency power generators are important general security issues but do
not specifically address survivability during a catastrophic event.
Question 5
Which one of the following passwords provides the most information and system security?
1. StJohns3821
2. p#3J24q7
3. p#5N24p7#hN5
4. p#3J24q7?hN5
Correct Answer: 4
Rationale 1:
The correct answer is p#3J24q7?hN5. The best passwords contain twelve characters, avoid
repeated numbers or letters, and have combinations of uppercase and lowercase letters,
numbers, punctuation marks, and symbols. Do not use dates, telephone, license plate, or
Social Security numbers, proper names, initials, words found in the dictionary, account
names, words that are spelled backwards or those with reversed syllables.
Rationale 2:
The correct answer is p#3J24q7?hN5. The best passwords contain twelve characters, avoid
repeated numbers or letters, and have combinations of uppercase and lowercase letters,
numbers, punctuation marks, and symbols. Do not use dates, telephone, license plate, or
Social Security numbers, proper names, initials, words found in the dictionary, account
names, words that are spelled backwards or those with reversed syllables.
Rationale 3:
The correct answer is p#3J24q7?hN5. The best passwords contain twelve characters, avoid
repeated numbers or letters, and have combinations of uppercase and lowercase letters,
numbers, punctuation marks, and symbols. Do not use dates, telephone, license plate, or
Social Security numbers, proper names, initials, words found in the dictionary, account
names, words that are spelled backwards or those with reversed syllables.
Rationale 4:
The best passwords contain twelve characters, avoid repeated numbers or letters, and have
combinations of uppercase and lowercase letters, numbers, punctuation marks, and symbols.
Do not use dates, telephone, license plate, or Social Security numbers, proper names, initials,
words found in the dictionary, account names, words that are spelled backwards or those with
reversed syllables.
Question 6
E-mail is an efficient means of disseminating information quickly and inexpensively.
However, HIPAA regulations affect e-mail use and routing infrastructures. When may
potentially sensitive information be sent via e-mail?
1. Client's consent was obtained to send information via e-mail
2. Recipient is known to the sender
3. E-mail is sent encrypted.
4. Organization's e-mail system has appropriate firewalls
Correct Answer: 3
Rationale 1:
The correct answer is the e-mail is encrypted. This is done so that only the intended receiver
can access the information. Knowing the recipient does not guarantee that the e-mail will not
be intercepted by others. Non-encrypted messages can be read and public e-mail password
protection of mailboxes can be cracked. While having the client's consent is necessary to
share information, it does not protect confidentiality during transmission. Firewalls protect a
system from unwanted access by allowing only approved transactions to pass through them.
Rationale 2:
The correct answer is the e-mail is encrypted. This is done so that only the intended receiver
can access the information. Knowing the recipient does not guarantee that the e-mail will not
be intercepted by others. Non-encrypted messages can be read and public e-mail password
protection of mailboxes can be cracked. While having the client's consent is necessary to
share information, it does not protect confidentiality during transmission. Firewalls protect a
system from unwanted access by allowing only approved transactions to pass through them.
Rationale 3:
Encryption is used so that only the intended recipient can access the information. Knowing
the recipient does not guarantee that the e-mail will not be intercepted by others. Nonencrypted messages can be read and public e-mail password protection of mailboxes can be
cracked. While having the client's consent is necessary to share information, it does not
protect the confidentiality during transmission. Firewalls protect a system from unwanted
access by allowing only approved transactions to pass through them.
Rationale 4:
The correct answer is the e-mail is encrypted. This is done so that only the intended receiver
can access the information. Knowing the recipient does not guarantee that the e-mail will not
be intercepted by others. Non-encrypted messages can be read and public e-mail password
protection of mailboxes can be cracked. While having the client's consent is necessary to
share information, it does not protect confidentiality during transmission. Firewalls protect a
system from unwanted access by allowing only approved transactions to pass through them.
Question 7
A nurse practitioner (NP) approaches a computer terminal at the local health care facility. In
order to gain access to client information, the NP must first slide a smartcard through a card
reader and then place a finger on a scanner. Which authentication measures were used to
verify the NP's authorization to access client data?
1. Appearance of the user's name on a screen
2. Biometric authentication
3. Picture authentication package
4. Proximity radio authentication
5. Encrypted pass key authentication
Correct Answer: 2,5
Rationale 1:
Biometric authentication is based on unique biological traits; thus, the fingerprint
identification is Also correct is encrypted passkey authentication that uses a secret number
verified against a registered digital certificate which would be kept on the smartcard.
Proximity radio authentication requires the radio device be close to the sensing unit but there
is nothing in the scenario to suggest this method was used. The appearance of the user's name
on a screen and picture authentication packages are not indicated in this scenario.
Rationale 2:
Biometric authentication is based on unique biological traits; thus, the fingerprint
identification is Also correct is encrypted passkey authentication that uses a secret number
verified against a registered digital certificate which would be kept on the smartcard.
Proximity radio authentication requires the radio device be close to the sensing unit but there
is nothing in the scenario to suggest this method was used. The appearance of the user's name
on a screen and picture authentication packages are not indicated in this scenario.
Rationale 3:
Biometric authentication is based on unique biological traits; thus, the fingerprint
identification is Also correct is encrypted passkey authentication that uses a secret number
verified against a registered digital certificate which would be kept on the smartcard.
Proximity radio authentication requires the radio device be close to the sensing unit but there
is nothing in the scenario to suggest this method was used. The appearance of the user's name
on a screen and picture authentication packages are not indicated in this scenario.
Rationale 4:
Biometric authentication is based on unique biological traits; thus, the fingerprint
identification is Also correct is encrypted passkey authentication that uses a secret number
verified against a registered digital certificate which would be kept on the smartcard.
Proximity radio authentication requires the radio device be close to the sensing unit but there
is nothing in the scenario to suggest this method was used. The appearance of the user's name
on a screen and picture authentication packages are not indicated in this scenario.
Rationale 5:
Biometric authentication is based on unique biological traits; thus, the fingerprint
identification is Also correct is encrypted passkey authentication that uses a secret number
verified against a registered digital certificate which would be kept on the smartcard.
Proximity radio authentication requires the radio device be close to the sensing unit but there
is nothing in the scenario to suggest this method was used. The appearance of the user's name
on a screen and picture authentication packages are not indicated in this scenario.
Question 8
Software that tracks system access by users, creates a(n) ____ that can reveal unusual activity
or inappropriate use of information.
Correct Answer: audit trail
Rationale:
Software that tracks system access by users, creates a(n) audit trail that can reveal unusual
activity or inappropriate use of information.
Question 9
Why do most breaches of confidentiality occur?
1. Malicious behavior
2. System hacking
3. Intent
4. Carelessness
Correct Answer: 4
Rationale 1:
Carelessness is the most common cause for breaches in confidentiality. Most health care
providers do not intend to share client information or do so maliciously. Breaches can be
avoided by not discussing clients in public areas or with persons who do not have a "need to
know" and through tight control of client records. System hacking has not yet become as
common as simple carelessness with data.
Rationale 2:
Carelessness is the most common cause for breaches in confidentiality. Most health care
providers do not intend to share client information or do so maliciously. Breaches can be
avoided by not discussing clients in public areas or with persons who do not have a "need to
know" and through tight control of client records. System hacking has not yet become as
common as simple carelessness with data.
Rationale 3:
Carelessness is the most common cause for breaches in confidentiality. Most health care
providers do not intend to share client information or do so maliciously. Breaches can be
avoided by not discussing clients in public areas or with persons who do not have a "need to
know" and through tight control of client records. System hacking has not yet become as
common as simple carelessness with data.
Rationale 4:
Carelessness is the most common cause for breaches in confidentiality. Most health care
providers do not intend to share client information or do so maliciously. Breaches can be
avoided by not discussing clients in public areas or with persons who do not have a "need to
know" and through tight control of client records. System hacking has not yet become as
common as simple carelessness with data.
Question 10
A certified nursing assistant (CNA) at a local nursing home logs on to the facility's clinical
information system. The CNA can only see information about the clients that were assigned
by the registered nurse for that day. The CNA cannot see financial data regarding any of the
assigned clients. This situation is an example of which of the following?
1. Password protection
2. Computer forensics
3. Access levels
4. User authentication
Correct Answer: 3
Rationale 1:
The correct answer is access levels. Based on an individual's access level, information will be
restricted on a need-to-know basis. Therefore, the CNA has access to limited information
regarding the assigned clients and is restricted from all financial data. Computer forensics is
the collection of electronic evidence and is not related to this situation.
Rationale 2:
The correct answer is access levels. Based on an individual's access level, information will be
restricted on a need-to-know basis. Therefore, the CNA has access to limited information
regarding the assigned clients and is restricted from all financial data. Computer forensics is
the collection of electronic evidence and is not related to this situation.
Rationale 3:
Based on an individual's access level, information will be restricted on a need-to-know basis.
Therefore, the CNA is limited information regarding the clients for whom he is responsible
and restricted from all financial data. Computer forensics is the collection of electronic
evidence and has nothing to do with this situation.
Rationale 4:
The correct answer is access levels. Based on an individual's access level, information will be
restricted on a need-to-know basis. Therefore, the CNA has access to limited information
regarding the assigned clients and is restricted from all financial data. Computer forensics is
the collection of electronic evidence and is not related to this situation.
Question 11
A(n) ____________________ is one of the greatest threats that may come from inside
sources, namely employees, contractors, consultants, outsourced services, and vendors who
view information inappropriately, disrupt information availability, or corrupt data integrity.
Correct Answer: unauthorized user
Rationale:
An opportunist looks to attack a new, unfamiliar operating system. An unauthorized user is
one of the greatest threats that may come from inside sources, namely employees,
contractors, consultants, outsourced services, and vendors who view information
inappropriately, disrupt information availability, or corrupt data integrity. A hacker is an
individual who has an average, or above average, knowledge of computer technology and
who dislike rules and restrictions.
Question 12
Passwords are a common means to authenticate access to automated records. Which of the
following are recommendations for password selection and use?
1. Using software to test and eliminate easily compromised passwords
2. Using the browser "password save" feature
3. Deleting and replacing all system user passwords when an employee is terminated
4. Storing passwords in a file on the computer
5. Using the same password for access to all sites or systems
Correct Answer: 1,3
Rationale 1:
Using software to test and eliminate easily compromised passwords, deleting and replacing
all system user passwords when an employee is terminated, and frequent and random
changing of password are all recommended. Using the same password for access to all sites
or systems, storing passwords in a file on the computer, and using the browser "password
save" feature are not recommended.
Rationale 2:
Using software to test and eliminate easily compromised passwords, deleting and replacing
all system user passwords when an employee is terminated, and frequent and random
changing of password are all recommended. Using the same password for access to all sites
or systems, storing passwords in a file on the computer, and using the browser "password
save" feature are not recommended.
Rationale 3:
Using software to test and eliminate easily compromised passwords, deleting and replacing
all system user passwords when an employee is terminated, and frequent and random
changing of password are all recommended. Using the same password for access to all sites
or systems, storing passwords in a file on the computer, and using the browser "password
save" feature are not recommended.
Rationale 4:
Using software to test and eliminate easily compromised passwords, deleting and replacing
all system user passwords when an employee is terminated, and frequent and random
changing of password are all recommended. Using the same password for access to all sites
or systems, storing passwords in a file on the computer, and using the browser "password
save" feature are not recommended.
Rationale 5:
Using software to test and eliminate easily compromised passwords, deleting and replacing
all system user passwords when an employee is terminated, and frequent and random
changing of password are all recommended. Using the same password for access to all sites
or systems, storing passwords in a file on the computer, and using the browser "password
save" feature are not recommended.
Question 13
Which of the following measures are recommended for enhancing information security?
1. File deletion software is used to overwrite hard disk files, using meaningless information.
2. Storage media that has been erased is disposed of in the dumpster.
3. Individuals routinely witness and record the destruction of records.
4. Papers such as prescriptions, laboratory specimen labels, and identification bracelets are
disposed of in the dumpster.
5. Each page of output is assigned a serial number and the numbers are recorded when
documents are destroyed.
Correct Answer: 1,3,5
Rationale 1:
All papers containing personal health information (PHI) such as prescriptions, laboratory
specimen labels, identification bracelets, meal descriptions, addressograph plates or any other
items that carry a client's name, address, Social Security number, date of birth, or age must be
destroyed. For tracking purposes, each page of output should have a serial number or other
means of identification so that an audit trail is maintained that identifies what each paper
record is as well as the date and method for destruction and the identity of individuals
witnessing the destruction. Storage media should be destroyed or files electronically written
over to ensure that no information can be retrieved from them. File deletion software
overwrites files with meaningless information so that sensitive information cannot be
accessed. Unauthorized or dormant e-mail accounts should be destroyed.
Rationale 2:
All papers containing personal health information (PHI) such as prescriptions, laboratory
specimen labels, identification bracelets, meal descriptions, addressograph plates or any other
items that carry a client's name, address, Social Security number, date of birth, or age must be
destroyed. For tracking purposes, each page of output should have a serial number or other
means of identification so that an audit trail is maintained that identifies what each paper
record is as well as the date and method for destruction and the identity of individuals
witnessing the destruction. Storage media should be destroyed or files electronically written
over to ensure that no information can be retrieved from them. File deletion software
overwrites files with meaningless information so that sensitive information cannot be
accessed. Unauthorized or dormant e-mail accounts should be destroyed.
Rationale 3:
All papers containing personal health information (PHI) such as prescriptions, laboratory
specimen labels, identification bracelets, meal descriptions, addressograph plates or any other
items that carry a client's name, address, Social Security number, date of birth, or age must be
destroyed. For tracking purposes, each page of output should have a serial number or other
means of identification so that an audit trail is maintained that identifies what each paper
record is as well as the date and method for destruction and the identity of individuals
witnessing the destruction. Storage media should be destroyed or files electronically written
over to ensure that no information can be retrieved from them. File deletion software
overwrites files with meaningless information so that sensitive information cannot be
accessed. Unauthorized or dormant e-mail accounts should be destroyed.
Rationale 4:
All papers containing personal health information (PHI) such as prescriptions, laboratory
specimen labels, identification bracelets, meal descriptions, addressograph plates or any other
items that carry a client's name, address, Social Security number, date of birth, or age must be
destroyed. For tracking purposes, each page of output should have a serial number or other
means of identification so that an audit trail is maintained that identifies what each paper
record is as well as the date and method for destruction and the identity of individuals
witnessing the destruction. Storage media should be destroyed or files electronically written
over to ensure that no information can be retrieved from them. File deletion software
overwrites files with meaningless information so that sensitive information cannot be
accessed. Unauthorized or dormant e-mail accounts should be destroyed.
Rationale 5:
All papers containing personal health information (PHI) such as prescriptions, laboratory
specimen labels, identification bracelets, meal descriptions, addressograph plates or any other
items that carry a client's name, address, Social Security number, date of birth, or age must be
destroyed. For tracking purposes, each page of output should have a serial number or other
means of identification so that an audit trail is maintained that identifies what each paper
record is as well as the date and method for destruction and the identity of individuals
witnessing the destruction. Storage media should be destroyed or files electronically written
over to ensure that no information can be retrieved from them. File deletion software
overwrites files with meaningless information so that sensitive information cannot be
accessed. Unauthorized or dormant e-mail accounts should be destroyed.
Question 14
Which of the following is the protection of information against threats to its integrity,
inadvertent disclosure, or availability?
1. Information security
2. Survivability
3. Confidentiality
4. Privacy
Correct Answer: 1
Rationale 1:
Information security is the protection of information against threats to its integrity,
inadvertent disclosure, or availability.
Rationale 2:
Survivability is the capability of a system as a whole to fulfill its mission, in a timely manner,
in the presence of attacks, failures, or accidents. The primary goals of health care information
system security are the protection of client confidentiality and information integrity and ready
availability of information when it is needed. Availability is necessary in today's informationdriven world and it is dependent upon survivability.
Rationale 3:
Information security is the protection of information against threats to its integrity,
inadvertent disclosure, or availability.
Rationale 4:
Information security is the protection of information against threats to its integrity,
inadvertent disclosure, or availability.
Question 15
During an attempted carjacking, the female victim slams a car door on the male assailant's
hand, possibly causing serious injuries. The assailant runs away. Local police contact the
emergency department of a local hospital to determine if anyone matching the assailant's
description has been treated for a hand injury. The hospital reveals that they currently have
such a patient. The police ask the nurse manager to reveal the identity of the patient. It is
noted that no court order has been issued. The nurse manager asks the patient to sign a
consent form that allows the hospital to reveal his name and does mention the police. If the
patient signs the consent form, what would it be considered?
1. Informed consent
2. Consent
3. HIPAA violation
4. Breech of privacy
Correct Answer: 2
Rationale 1:
Consent is the process by which an individual authorizes health care personnel to process his
or her information based on an informed understanding of how this information will be used.
Obtaining consent should include making the individual aware of any risks that may exist to
privacy as well as measures in place to protect privacy. Prior to signing a consent form, this
patient must be informed that his identity will be revealed to the police.
Rationale 2:
Consent is the process by which an individual authorizes health care personnel to process his
or her information based on an informed understanding of how this information will be used.
Obtaining consent should include making the individual aware of any risks that may exist to
privacy as well as measures in place to protect privacy. Prior to signing a consent form, this
patient must be informed that his identity will be revealed to the police.
Rationale 3:
Consent is the process by which an individual authorizes health care personnel to process his
or her information based on an informed understanding of how this information will be used.
Obtaining consent should include making the individual aware of any risks that may exist to
privacy as well as measures in place to protect privacy. Prior to signing a consent form, this
patient must be informed that his identity will be revealed to the police.
Rationale 4:
Consent is the process by which an individual authorizes health care personnel to process his
or her information based on an informed understanding of how this information will be used.
Obtaining consent should include making the individual aware of any risks that may exist to
privacy as well as measures in place to protect privacy. Prior to signing a consent form, this
patient must be informed that his identity will be revealed to the police.
Question 16
Which of the following is a state of mind, a specific place, freedom from intrusion, or control
over the exposure of self or of personal information?
1. Privacy
2. Confidentiality
3. Security
4. HIPAA
Correct Answer: 1
Rationale 1:
Privacy is defined as a state of mind, a specific place, freedom from intrusion, or control over
the exposure of self or of personal information.
Rationale 2:
Confidentiality refers to a situation in which a relationship has been established and private
information is shared. It is privacy that is defined as a state of mind, a specific place, freedom
from intrusion, or control over the exposure of self or of personal information.
Rationale 3:
Confidentiality refers to a situation in which a relationship has been established and private
information is shared. It is privacy that is defined as a state of mind, a specific place, freedom
from intrusion, or control over the exposure of self or of personal information.
Rationale 4:
Confidentiality refers to a situation in which a relationship has been established and private
information is shared. It is privacy that is defined as a state of mind, a specific place, freedom
from intrusion, or control over the exposure of self or of personal information.
Question 17
Which of the following is not a clue that spyware has infected a computer?
1. Ability to SKYPE
2. Appearance of pop-ups
3. Random error messages
4. Poor system performance
Correct Answer: 1
Rationale 1:
Clues that spyware has infected a computer include the presence of pop-up ads, keys that do
not work, random error messages, and poor system performance. Because of the security
threat to PHI that this represents, spyware detection software should be utilized.
Rationale 2:
Clues that spyware has infected a computer include the presence of pop-up ads, keys that do
not work, random error messages, and poor system performance. Because of the security
threat to PHI that this represents, spyware detection software should be utilized.
Rationale 3:
Clues that spyware has infected a computer include the presence of pop-up ads, keys that do
not work, random error messages, and poor system performance. Because of the security
threat to PHI that this represents, spyware detection software should be utilized.
Rationale 4:
Clues that spyware has infected a computer include the presence of pop-up ads, keys that do
not work, random error messages, and poor system performance. Because of the security
threat to PHI that this represents, spyware detection software should be utilized.
Question 18
The security of any information system is part of the strategic planning process. Information
system security is planned for with the intention of achieving which of the following goals?
1. Patient confidentiality protection
2. Information integrity protection
3. Timely availability protection
4. Cybercrime prevention
5. HIT compliance
Correct Answer: 1,2,3,4
Rationale 1:
Information system security is the continuous protection of both information housed on a
computer system and the system itself from threats or disruption. The primary goals of health
care information system security are the protection of client confidentiality and information
integrity and the timely availability of information when it is needed.
Rationale 2:
Information system security is the continuous protection of both information housed on a
computer system and the system itself from threats or disruption. The primary goals of health
care information system security are the protection of client confidentiality and information
integrity and the timely availability of information when it is needed.
Rationale 3:
Information system security is the continuous protection of both information housed on a
computer system and the system itself from threats or disruption. The primary goals of health
care information system security are the protection of client confidentiality and information
integrity and the timely availability of information when it is needed.
Rationale 4:
Information system security is the continuous protection of both information housed on a
computer system and the system itself from threats or disruption. The primary goals of health
care information system security are the protection of client confidentiality and information
integrity and the timely availability of information when it is needed.
Rationale 5:
Information system security is the continuous protection of both information housed on a
computer system and the system itself from threats or disruption. The primary goals of health
care information system security are the protection of client confidentiality and information
integrity and the timely availability of information when it is needed.
Question 19
Which of the following is true about effective security?
1. Assessment of security resources enables organizational personnel to devise methods to
protect information systems data.
2. Assessment of security resources provides super users with in depth access knowledge.
3. Assessment of security resources enables organizational personnel to alter the flow of
information.
4. Assessment of security resources enables organizational personnel to define terms in the
data dictionary.
Correct Answer: 1
Rationale 1:
Assessment of security resources enables organizational personnel to devise methods to
protect information systems data. Once the system has been thoroughly assessed, planning
and implementation of security measures can minimize threats to the system.
Rationale 2:
Assessment of security resources enables organizational personnel to devise methods to
protect information systems data. Once the system has been thoroughly assessed, planning
and implementation of security measures can minimize threats to the system.
Rationale 3:
Assessment of security resources enables organizational personnel to devise methods to
protect information systems data. Once the system has been thoroughly assessed, planning
and implementation of security measures can minimize threats to the system.
Rationale 4:
Assessment of security resources enables organizational personnel to devise methods to
protect information systems data. Once the system has been thoroughly assessed, planning
and implementation of security measures can minimize threats to the system.
Question 20
______________________________ is the process of determining whether someone is who
he or she professes to be. This usually involves a username and a password, but can include
other methods of proving identity, such as a smart card, retina scan, voice recognition, or
fingerprints.
Correct Answer: Authentication
Rationale:
Authentication is the process of determining whether someone is who he or she professes to
be. This usually involves a username and a password, but can include other methods of
proving identity, such as a smart card, retina scan, voice recognition, or fingerprints.
Question 21
Which of the following best depicts the impact that Internet technology has on the security of
health related information?
1. Health information on the Internet requires the same types of safeguards provided for
information found in private offices and information systems.
2. Health information on the Internet does not require the same types of safeguards provided
for information found in private offices and information systems.
3. Health information on the Internet requires more types of safeguards than what are
provided for information found in private offices and information systems.
4. Health information on the Internet requires fewer safeguards than what are provided for
information found in private offices and information systems.
Correct Answer: 1
Rationale 1:
Health information on the Internet requires the same types of safeguards provided for
information found in private offices and information systems. Any server with Internet is at
risk for a number of security breaches.
Rationale 2:
Health information on the Internet requires the same types of safeguards provided for
information found in private offices and information systems. Any server with Internet is at
risk for a number of security breaches.
Rationale 3:
Health information on the Internet requires the same types of safeguards provided for
information found in private offices and information systems. Any server with Internet is at
risk for a number of security breaches.
Rationale 4:
Health information on the Internet requires the same types of safeguards provided for
information found in private offices and information systems. Any server with Internet is at
risk for a number of security breaches.
Question 22
The Health Insurance Portability and Accountability Act (HIPAA) requires organizations to
determine threats and appropriate protective measures for information, not only in electronic
formats, but in all formats. Which of the following measures cannot be incorporated by
organizations to secure all data?
1. Creation of authentication policies
2. Specific software
3. Spyware
4. Firewall
Correct Answer: 3
Rationale 1:
Authentication is the process of determining whether an individual has access to information.
The process is enhanced by passwords, a username, smart card, retina scan, voice
recognition, or fingerprints.
Rationale 2:
Software has been created to form a barrier between systems, or different parts of a single
system, to protect those systems from unauthorized access.
Rationale 3:
Spyware is a data collection mechanism that installs itself without the user’s permission.
Rationale 4:
A firewall is a component of a computer system or network that is designed to block
unauthorized access while permitting authorized communications. It is a device or set of
devices that is configured to permit or deny network transmissions based upon a set of rules
and other criteria.
Test Bank for Handbook of Informatics for Nurses and Healthcare Professionals
Toni Lee Hebda, Patricia Czar, Theresa Calderone
9780132574952, 9780132959544, 9780134711010, 9780131512627, 9780130311023, 9780805373264, 9780135205433, 9780135043943
