Health Information Compliance Alert
Security 101: Do You Know The Basics Of HIPAA's Security Rule?
PDF
From password functions to server vulnerabilities, conference attendees at the most recent HIPAA Summit in Baltimore were polled to determine their security rule awareness. Although there could be more than one correct answer to some questions, John Parmigiani, National Practice Director, CTG HealthCare Solutions, Inc. and moderator for this particular session of the summit, tells Eli that there are "preferred" answers - answers that each panel member agreed to be correct - for each question. a. Permit access to pro grams and files a. 30 days a. Change passwords at least once a year a. No a. At a level equal to the CIO a. Ensure that floppy disks are write protected when not in use a. Servers are not properly configured a. Intentional outsider actions 3) B 4) D 5) D 6) B 7) A 8) D
Question 1. The primary function of a password is to:
b. Identify the user
c. Authenticate the user
d. Authorize the user
e. Frustrate doctors
Question 2. Passwords should be changed every ...
b. 60 days
c. 90 days
d. 180 days
e. At least once a year
Question 3. Which of the following password management methods would you consider to be the weakest practice?
b. Have users select their own passwords
c. Use a minimum length of seven alpha-numeric characters
d. Periodically run a password crack program
Question 4. E-mail containing ePHI can be sent over the Internet.
b. Yes
c. Yes, if the e-mail is encrypted
d. Yes, if the covered entity conducted a risk analysis and determined it is okay to send ePHI by e-mail
e. I'm not sure and that's why I'm here
Question 5. The person who has been designated with the responsibility for security (Information Security Officer) should report:
b. To the CIO
c. To Internal Audit
d. To Corporate Compliance
e. To any department except IT
Question 6. The most effective control for diminishing the risk of electronic media based disclosure of data is to:
b. Require every file be individually encrypted when not in use
c. Disable or remove floppy drives and CD-ROM writer drives
d. Mandate that people caught using floppy disks receive a verbal warning
Question 7. The greatest vulnerability to servers that process and store sensitive and/or ePHI is:
b. Too many users have generic logons
c. Audit trails are not being used
d. The variations of hardware and operating systems make it difficult to maintain an accurate inventory of systems.
Question 8. The majority of security incidents are caused by:
b. Unintentional outsider actions
c. Intentional employee actions
d. Unintentional employee actions.
ANSWERS:
1) C 2) D
Health Information Compliance Alert
- Compliance Tool:
Perform Regular Audits Before The Feds Audit You
Preempt potential privacy violations with these 8 tips
Civil money penalty for violating HIPAA: $100 [...] - Security:
With Sanctions Policies, 'Shame On You' Just Won't Do
From warnings to termination, you must show determination
Like a strict nun packing a sturdy ruler, [...] - Sample Document
- Conferences:
Conference Calendar Corner
Happy HIPAA New Year, everyone! As this year comes to a close and a new [...] - Security Rule Quiz:
Security 101: Do You Know The Basics Of HIPAA's Security Rule?
From password functions to server vulnerabilities, conference attendees at the most recent HIPAA Summit in [...] - Transactions Tip:
Is Your Practice Management System Ready For The Transactions Rule?
Use the handy online PMS directory to find out
The word on the street regarding the [...] - The Third Degree:
Reader Questions Answered
Each month you submit your questions to Eli, and each month we do our best [...] - Health Information News
Teen Santa 'Scrooged' By HIPAA
The Children's Hospital of Wisconsin will not allow Robin Krawchuk to [...]