Facility Policies Flashcards
(17 cards)
About ___ of HIPAA regulations address policies and procedures.
Half
___ are rules. ___ are steps needed to implement those rules.
Policies, Procedures
A policy is best described as how?
A written rule
Training should be repeated and documented every ___, at a minimum
Year
Although it remains a significant risk, HHS has not yet imposed significant fines for failure to develops written policies and procedures.
False
PCI DSS protects___ data
Credit Card
Best way to describe procedures
A detailed list of steps
Technological limitations make it difficult to document attendance at lunch, learns and webinars.
False
Which law or regulation is more specific about passwords?
PCI DSS, Payment Card Industry Data Security Standard
To comply with multiple regulations, you must first do what?
Identify regulations that apply to your organization
Awareness programs can be difficult to document because of what?
Some prompts and reminders are intangible and cannot be saved directly.
Every publicly traded company must comply with what?
SOX, Sarbanes- Oxley Act
In California, a data breach must be reported within ___ days.
5
It is good practice to include the specific HIPAA regulation when documenting procedures.
True
Sarbanes-Oxley Act
Made board members and executives criminally responsible for publicly traded company’s failure to adhere to financial disclosure standards.
The Gramm-Leach-Bliley Act requires financial institutions to protect identifiable financial data including,___,income and credit histories, and Social Security Numbers.
Bank and credit card account numbers
PCI DSS applies to companies that accept, acquire, transmit, process, or store ___ information
Payment card
