Healthcare Information Security and Privacy Quiz

PHI refers to sensitive patient data protected by privacy laws.

Physical security measures are protective, not threats.

Firewalls act as barriers against unauthorized network traffic.

They encrypt messages to ensure confidentiality.

Access controls limit data access to authorized personnel.

Biometrics authenticate users based on unique physical traits.

It outlines steps to address breaches and minimize damage.

Sharing passwords compromises security and violates best practices.

RBAC limits data access based on users' roles within an organization.

It educates staff to recognize and prevent security threats.

HIPAA regulates the protection of health information.

AES (Advanced Encryption Standard) is widely adopted for its robust security.

It helps prioritize security measures based on risks.

OCR enforces HIPAA compliance.

Encryption protects data from unauthorized access.

It sets standards to safeguard health information.

Audit trails provide a record of system activity for analysis.

HIPAA doesn't mandate online diagnosis provision due to privacy concerns.

They handle security breaches and minimize their impact.

Authorization determines who can access resources, not a component of the CIA triad.

It limits user access to only essential resources, reducing potential risks.

CISOs oversee and implement security policies.

Unauthorized access violates patient privacy and security.

BAAs establish security obligations for business partners handling PHI.

Penetration testing evaluates system vulnerabilities and strengths through simulated attacks.