HIPS Series > Overview of Federal and State Data Security Requirements > Quiz

The correct answers, and explanations for why we believe them to be correct, are provided here.

•  •  •  •  •

1. Which of these statements is/are correct?

A. HIPAA's Security Rule adds a federal floor (minimum level) of health data requirements to existing state laws.

B. HIPAA's security requirements replace those of private certification organizations.

C. HIPAA's security regulations are divided into three types of safeguards -- administrative, technical and physical.

D. All HIPAA's safeguards are mandatory.

•  •  •  •  •

2. Which of these statements is/are correct?

A. HIPAA's Security Rule applies to identifiable health data in "any form or medium"

B. HIPAA's Security Rule applies only to electronic health data.

C. The reach of HIPAA's Security Rule depends on the state in which the covered entity is operating.

D. The reach of HIPAA's Security Rule depends on whether the covered entity receives federal funds.

•  •  •  •  •

3. With respect to the technical requirements of the Security Rule, which of these is/are correct?

A. Specific technical measures for security are mandated, regardless of an entity's size.

B. The Rule is "technology neutral" to allow for changes as technologies evolve.

C. A covered entity can implement any technology it feels is appropriate, as long as there is a business justification.

D. Technical measures must be "reasonable and appropriate" for the circumstances.

•  •  •  •  •

4. Which of these is the most important goal of the Security Rule?

A. Confidentiality of health data.

B. Integrity of health data.

C. Availability of health data.

D. All are important; it is difficult to say which is most important.

•  •  •  •  •

5. Which of these are required by the Security Rule?

A. Periodic assessment of "potential risks and vulnerabilities" to health information.

B. Development of appropriate security measures, given those anticipated risks.

C. Documentation of measures taken (or not taken).

D. Workforce training.

•  •  •  •  •

6. The two most-commonly used adjectives in the Security Rule, used to describe its requirements, are:

A. Cost-effective and efficient.

B. Cutting-edge and out-of-the-box.

C. Kinder and gentler.

D. Reasonable and appropriate.

•  •  •  •  •

The correct answers, and explanations for why we believe them to be correct, are provided here.

•  •  •  •  •