Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Certensure Logo
  1. Home
  2. ISC
  3. ISC 2 Credentials
  4. HCISPP - HealthCare Information Security and Privacy Practitioner

ISC HCISPP HealthCare Information Security and Privacy Practitioner Exam Practice Test

Demo: 45 questions
Total 305 questions
Get HCISPP Full Access Download HCISPP PDF

HealthCare Information Security and Privacy Practitioner Questions and Answers

Question 1

PHI stands for Private Health Information.

Options:

A.

True

B.

False

Question 2

Which racial/ethnic group is growing the fastest?

Options:

A.

White

B.

Black or African American

C.

Asian or Pacific Islander

D.

Hispanic

Question 3

All of the following items should be included in a Business Impact Analysis (BIA) QUESTION NO:naire EXCEPT QUESTION NO:s that

Options:

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Question 4

The competitive approach to health insurance financing is aimed to.

Options:

A.

Encourage businesses to be more aggressive when negotiating premiums

B.

Make employees more cost-aware by limiting the amount of the premium that the employer will pay

C.

Encourage employers to offer a fixed amount of insurance subsidy and compel employees who select more costly plans to pay the extra amount

D.

All of the above

Question 5

What kind of personally identifiable health information is protected by HIPAA privacy rule?

Options:

A.

Paper

B.

Electronic

C.

The spoken word

D.

All of the above

E.

None of the above

Question 6

Network forms of managed care organization have been referred to as "virtual integration" because.

Options:

A.

The network is under one ownership.

B.

The network includes hospitals and pharmacies, but not home health agencies.

C.

The network is based on contractual relationships.

D.

None of the above.

Question 7

The titles of CEO, CFO, CIO and COO can be found here.

Options:

A.

Board of Trustees

B.

Medical Staff

C.

Administration

Question 8

What mandates all privacy in hospital administration?

Options:

A.

HIPPA

B.

JCAH

C.

Medicare

Question 9

He discovered Penicillin.

Options:

A.

Flemming

B.

Koch

C.

Your Mother

Question 10

True or False? In a single-payer system, the primary payer usually is an insurance company.

Options:

A.

True

B.

False

Question 11

Which is NOT one of the three major categories of Security Safeguards identified by HIPAA in the regulations?

Options:

A.

Administrative

B.

Professional

C.

Physical

D.

Technical

Question 12

Which central agency manages the health care delivery system in the United States?

Options:

A.

Centers for Disease Control and Prevention

B.

Department of Health and Human Services

C.

Department of Commerce

D.

NONE

Question 13

What is impact of the HITECH Act in relation to HIPAA requirements and maintaining client records electronically?

Options:

A.

There is a push toward paper records to prevent the hacking and electronic violation of electronic records, which is easily done without detection

B.

Providers must now maintain client records electronically, but may continue to provide clients a paper copy when access is requested

C.

There is no requirement to maintain client records electronically, but clients have the right to insist on electronic access to an electronic health record, if it exists

D.

Electronic records now face intensified scrutiny, requiring practitioners to implement more sophisticated software and detailed accounting of records

Your answer: Electronic records now face intensified scrutiny, requiring practitioners to implement more sophisticated software and detailed accounting of records

Question 14

An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third-party information technology (IT) systems. During the due diligence process, the third party provides previous audit report on its IT system.

Which of the following MUST be considered by the organization in order for the audit reports to be acceptable?

Options:

A.

The audit assessment has been conducted by an independent assessor.

B.

The audit reports have been signed by the third-party senior management.

C.

The audit reports have been issued in the last six months.

D.

The audit assessment has been conducted by an international audit firm.

Question 15

Among women, which racial/ethnic group has the highest percentage distribution of AIDS?

Options:

A.

White, non-Hispanic

B.

Black, non-Hispanic

C.

Hispanic

D.

American Indian

Question 16

They examine cost of claims to determine whether it is a reasonable or necessary, according to diagnosis.

Options:

A.

Coders

B.

Billers

C.

Health Insurance Specialist

Question 17

Clients need to receive a copy of Notice of Privacy Practices.

Options:

A.

True

B.

False

Question 18

Which one of the following is NOT a fundamental component of a Regulatory Security Policy?

Options:

A.

What is to be done.

B.

When it is to be done.

C.

Who is to do it.

D.

Why is it to be done

Question 19

In the preindustrial era, _____ often functioned as surgeons.

Options:

A.

butchers

B.

tailors

C.

clergymen

D.

barbers

Question 20

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.

Options:

Question 21

A Governing board is also known as the___________.

Options:

A.

Medical Staff

B.

Administration

C.

Board of Trustees

Question 22

Medicaid is primarily for people who meet the following eligibility requirement:

Options:

A.

Elderly

B.

Low-income

C.

Children

D.

Disabled

Question 23

Was an early expression of medical ethics and reflected high ideals.

Options:

A.

Cannon of Medicine

B.

Hippocratic Oath

Question 24

For most privately insured Americans, health insurance is:

Options:

A.

employer based

B.

financed by the government

C.

privately purchased

D.

none of the above

Question 25

According to private sector data classification levels, how would salary levels and medical information be classified?

Options:

A.

Public

B.

Sensitive

C.

Private

D.

Confidential

Question 26

What time period was the polio vaccine licensed?

Options:

A.

Ancient

B.

Modern

C.

Medieval

Question 27

Employers often advocate on behalf of their employees in benefit disputes and appeals, answer QUESTION NO:s with regard to the health plan, and generally help them navigate their health benefits. Is this type of assistance allowed under the regulation?

Options:

A.

The final rule does nothing to hinder or prohibit plan sponsors from advocating on behalf of group health plan participants or providing assistance in understanding their health plans.

B.

The final rule prohibits plan sponsors from advocating on behalf of group health plan participants or providing assistance in understanding their health plans

C.

The final rule does hinder but does not prohibit plan sponsors from advocating on behalf of group health plan participants or providing assistance in understanding their health plans

D.

The final rule does no advocating on behalf of group health plan participants or provide assistance in understanding their health plan.

Question 28

What data-related concept identifies or characterizes entities and events in a manner that facilitates an administrative process?

Options:

A.

Non-medical or Administrative Code Sets

B.

Data Mapping

C.

Medical or Clinical Code Sets

D.

Data Elements

Question 29

What time period was the Cannon of Medicine in?

Options:

A.

Ancient

B.

Modern

C.

Medieval

D.

Prehistoric

Question 30

Data collected without identifiers, never coded, that was never tied to an individual, thereby fully protecting health information is considered what form of data?

Options:

A.

Data aggregation

B.

Anonymous

C.

Non-disclosed

D.

Anonymized

Question 31

A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

Options:

A.

The inherent risk is greater than the residual risk.

B.

The Annualized Loss Expectancy (ALE) approaches zero.

C.

The expected loss from the risk exceeds mitigation costs.

D.

The infrastructure budget can easily cover the upgrade costs.

Question 32

They are responsible for developing a strategic plan for supporting the mission and goals of the organization.

Options:

A.

Board of Trustees

B.

Medical Staff

C.

Administration

Question 33

Health Information Rights although your health record is the physical property of the healthcare practitioner or facility that compiled it, the information belongs to you. You do not have the right to:

Options:

A.

obtain a paper copy of the notice of information practices upon request inspect and obtain a copy of your health record as provided for in 45 CFR 164.524

B.

request a restriction on certain uses and disclosures of your information outside the terms as provided by 45 CFR 164.522

C.

amend your health record as provided in 45 CFR 164.528 obtain an accounting of disclosures of your health information as provided in 45 CFR 164.528

D.

revoke your authorization to use or disclose health information except to the extent that action has already been taken

Question 34

Business Associates

Options:

A.

are entities that perform services that require the use of Protected Health Information on behalf of Covered Entities. One covered entity may be a business partner of another covered entity

B.

are entities that do not perform services that require the use of Protected Health Information on behalf of Covered Entities. One covered entity may be a business partner of another covered entity

C.

are entities that perform services that require the use of Encrypted Insurance Information on behalf of Covered Entities. One covered entity may be a business partner of another covered entity

D.

are entities that perform services that require the use of Protected Health Information on behalf of Covered Entities. One covered entity cannot be a business partner of another covered entity.

Question 35

Which racial/ethnic group has the highest rate of uninsurance?

Options:

A.

White

B.

Hispanic

C.

Asian or pacific islander

D.

Black or African American

Question 36

Which of the following is the BEST reason for writing an information security policy?

Options:

A.

To support information security governance

B.

To reduce the number of audit findings

C.

To deter attackers

D.

To implement effective information security controls

Question 37

What is the standard for accessing patient information?

Options:

A.

A need to know for the performance of your job.

B.

If a physician asks you the diagnosis of a patient.

C.

Just because you are curious.

D.

You are a relative of the patient.

Question 38

Which of the following statements is NOT correct?

Options:

A.

Staff should have access to and use only the minimum necessary to perform their duties

B.

Other laws and regulations never take precedence or preempt HIPAA

C.

PHI includes a long list of individually identifiable data

Question 39

You are approached by an individual who tells you that he is here to work on the computers and wants you to open a door for him or point the way to a workstation. How do you respond to this request?

Options:

A.

Provide him with the information or access he needs.

B.

Ask him who at the facility has hired him and refer him to that person for assistance.

C.

Call the police.

Question 40

Which of the following is a dimension of social health?

Options:

A.

Sociability

B.

Community involvement

C.

Marital satisfaction

D.

All of the above

Question 41

In its historical context, which of the following has played a major role in revolutionizing health care delivery?

Options:

A.

Beliefs and values

B.

Science and technology

C.

Medical education

D.

Economic growth

Question 42

Clinical practice guidelines are often ineffective in improving quality of care because.

Options:

A.

they are not appropriate for many clinical situations

B.

they may conflict with patient preferences

C.

they are unsuccessful in influencing physicians' practices

D.

all of the above

Question 43

Drag the following Security Engineering terms on the left to the BEST definition on the right.

Options:

Question 44

A patient is admitted into the E.R with 3rd degree burns through out their body. The physician on staff sends them to a burn center. What type of care are they in?

Options:

A.

Primary

B.

Tertiary

C.

Secondary

Question 45

The intent of patient cost sharing at the point of receiving health care services is to.

Options:

A.

Discourage the overuse of services among patients.

B.

Discourage physicians from overcharging patients.

C.

Encourage patients to utilize more health care services.

D.

Encourage physicians to provide more effective health care services.

Load More HCISPP Questions
Demo: 45 questions
Total 305 questions
Get HCISPP Full Access Download HCISPP PDF