Cyber security Training

Question 1

What does pci dss stand for

Answer 1

Payment card industry data security standards

Question 2

What is pci dss for

Answer 2

Security standards and safe guards for the protection of card holder data

Question 3

Business associates sign agreements related to phi use and protection in relation to this act

Answer 3

Hitech act

Question 4

What does HITECH stand for?

Answer 4

Health Information Technology for Economic and Clinical Health

Question 5

True or False: The HITECH Act was enacted in 2009.

Answer 5

True

Question 6

What is the primary purpose of the HITECH Act?

Answer 6

To promote the adoption and meaningful use of health information technology.

Question 7

Fill in the blank: The HITECH Act requires breach notifications for _____ of unsecured protected health information.

Answer 7

unauthorized access

Question 8

What is the time frame for notifying affected individuals after a breach under the HITECH Act?

Answer 8

Within 60 days of discovering the breach.

Question 9

Which entities are covered by the HITECH Act’s breach notification requirements?

Answer 9

Covered entities and business associates.

Question 10

True or False: The HITECH Act allows for a single breach notification to be sent to all affected individuals.

Answer 10

False

Question 11

What is the minimum number of individuals that must be notified for a breach to require a media notification?

Answer 11

500 or more.

Question 12

What type of information is protected under the HITECH Act?

Answer 12

Protected Health Information (PHI).

Question 13

Multiple Choice: Which of the following is NOT a requirement under the HITECH Act?

Answer 13

Notifying the press for every breach.

Question 14

What must be included in a breach notification?

Answer 14

A description of the breach, the types of information involved, and steps individuals can take to protect themselves.

Question 15

True or False: The HITECH Act mandates that breaches must be reported to the Department of Health and Human Services (HHS).

Answer 15

True

Question 16

What is the penalty for failing to notify individuals of a breach under the HITECH Act?

Answer 16

Penalties can range from $100 to $50,000 per violation.

Question 17

Fill in the blank: The HITECH Act increases penalties for violations of _____.

Answer 17

HIPAA

Question 18

What is the role of the Office for Civil Rights (OCR) in relation to the HITECH Act?

Answer 18

Enforcement of HIPAA and HITECH Act regulations.

Question 19

True or False: Business associates are not required to notify covered entities of breaches.

Answer 19

False

Question 20

What is considered a ‘breach’ under the HITECH Act?

Answer 20

An unauthorized acquisition, access, use, or disclosure of PHI.

Question 21

Multiple Choice: Which of the following scenarios would NOT constitute a breach?

Answer 21

A patient shares their health information with a family member with consent.

Question 22

What is the significance of the ‘risk of harm’ standard in breach notifications?

Answer 22

It determines whether a breach must be reported based on the potential harm to individuals.

Question 23

Fill in the blank: The HITECH Act requires that breach notifications be sent via _____ methods.

Answer 23

secure

Question 24

What does ‘unsecured PHI’ refer to?

Answer 24

PHI that is not encrypted or otherwise rendered unusable.

Question 25

True or False: Organizations can use email to notify individuals of a breach without any security measures.

Answer 25

False

Question 26

What is a 'business associate' under the HITECH Act?

Answer 26

A person or entity that performs functions on behalf of a covered entity involving the use of PHI.

Question 27

Fill in the blank: The HITECH Act was part of the _____ Act.

Answer 27

American Recovery and Reinvestment

Question 28

What is the enforcement mechanism for breaches under the HITECH Act?

Answer 28

Civil monetary penalties and potential criminal charges.

Question 29

Phi may be collected, shared, and stored via HIT with reasonable security; a few examples of reasonable security

Answer 29

Passwords, encryption, and firewalls

Question 30

A few reasonable securities for physical records are

Answer 30

Locking doors, windows, closets and filling cabinets to limit access

Question 31

UHS auditing requires company related data to be stored in system servers; these are typically known as (hint* h-drive and s-drive)

Answer 31

Network drive and file share

Question 32

Most security breaches involve stolen (blank)

Answer 32

Passwords

Question 33

You can type "Private" in the subject line of emails to ensure (blank)

Answer 33

Auto encryption

Question 34

When sending encrypted information to 3rd parties, refer to these requirements

Answer 34

UHS privacy and security encryption requirements

Question 35

This common email attack requests recipients to update or verify information and may include links or attachments

Answer 35

Phishing scams

Question 36

Mobile device use for UHS purposes, requires appropriate security measures that also meet the encryption and decryption policy, and requires an app to be installed called

Answer 36

AirWatch App

Question 37

This policy prohibits posting phi, photos of patients, and even photos of other employees

Answer 37

Social media corporate policy

Question 38

UHS policy only allowed use of portable (blank) drives that meet encryption policy

Answer 38

Thumb drives

Question 39

UHS compliance officer must be notified of credit card information had been lost or misused n accordance with this standard

Answer 39

Payment card industry data security standards (pci dss)

Question 40

Employees processing credit card information cannot store hand written info, nor can they store electronically. This report does however allow a settlement to be ran daily and balanced, and variances must be reported

Answer 40

A credit card settlement report