Skill Assessment Questions
Question set 1: Level 1
Some examples of e-PHI that can be considered privacy data under HIPAA privacy laws are:
A home health nurse collecting and accessing patient data using a PDA or laptop during a home health visit
A physician accessing an e-prescribing application on a PDA, while out of the office, to respond to patient requests for refills
A health plan employee transporting backup enrollee data on a media storage device, to an offsite facility.
Question set 2: level 1
Quantitative vs Qualitative risk assessments in an IT infrastructure
Quantitative risk assessment comes into play when you have the ability to map a specific dollar amount to a specific risk. For example, 1,000 records of confidential patient data at a medical center on a database. This database is accessed directly by a web server which resides in a semi-trusted or DMZ environment. A compromise of the method in which the web server communicates with the database could result in the exposure of all 1,000 records of patient data.
Qualitative risk assessment speaks about the qualities of the risk. Some additional factors and threat vectors into our example above. We now find out that the database that once held only 1,000 records is now going to hold a range of 10,000 records to 500,000 records.
Questions set 3: level 1
Four major parts of an ISS policy are: Purpose, Scope, Responsibilities and Compliance
Purpose includes the objectives of the program, such as: Improved recovery times, reduced costs of data and management of overall confidentiality, integrity, and availability
Scope provides guidance on whom and what are covered by the policy. Coverage may include: facilities, technology and process
Responsibilities for the implementation and management of the policy are assigned in this section.
Compliance provides for the policy's enforcement. Describes oversight activities and disciplinary considerations clearly.
Questions set 4: level 1