What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?
A. Make electronic health records (EHRs) part of regular careThe Cable Communications Policy Act of 1984 requires which activity?
A. Delivery of an annual notice detailing how subscriber information is to be usedUnder the Privacy Act, when government institutions collect personal information?
A. Data subject consent is required.If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?
A. The organization will still be in compliance with most sector-specific privacy and security laws.A large online bookseller decides to contract with a vendor to manage Personal Information (PI). What is the least important factor for the company to consider when selecting the vendor?
A. The vendor's reputationOf the key principles in the Personal Information Protection and Electronic Documents Act (PIPEDA), which principle in particular contributes to the increase in privacy policies in recent years?
A. Limiting Use, Disclosure, and Retention.In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer data. Which was NOT one of these principles?
A. Simplifying consumer choice.In which situation could a request for access to one's personal information be denied under the Privacy Act?
A. The personal information was collected by the Royal Canadian Mounted Police while performing policing services for a province or municipality.SCENARIO
Please use the following to answer the next QUESTION:
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules governing access to customer information nor
procedures for purging and destroying outdated data. In her research, Roberta discovered that even low-level employees had access to all of the company's customer data, including financial records, and that the company still retained obsolete customer data dating back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needed-to-know basis, restricting employees’ access to customer information to data relevant to their job responsibilities. Second, create a highly secure database for storing customers’ financial information, such as credit card and bank account numbers, separate from less sensitive information. Third, identify outdated customer information and develop a process for securely disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting, where she presented the recommendations in her report. She explained that because the company had a national customer base, it was required to comply with all applicable state breach notification laws. As a result of Roberta's guidance, the company was able to notify customers promptly and within the timeframes required by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta had recommended. The privacy program is now far more effective because of these changes and because privacy and security are considered the responsibility of every employee.
Based on the problems with the company's privacy and security practices that Roberta identified, what is the most likely cause of the breach?
A. Mishandling of information caused by lack of access controls.SCENARIO
Please use the following to answer the next QUESTION:
You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo's business associate agreement (BAA) with CloudHealth, HealthCo requires
CloudHealth to implement security measures, including industry-standard encryption practices, to adequately protect the data. However, HealthCo did not perform due diligence on CloudHealth before entering the contract and has not conducted audits of CloudHealth's security measures.
A CloudHealth employee has recently become the victim of a phishing attack. When the employee unintentionally clicked on a link from a suspicious email, the PHI of more than 10,000 HealthCo patients was compromised. It has since been published online. The HealthCo cybersecurity team quickly identifies the perpetrator as a known hacker who has launched similar attacks on other hospitals-ones that exposed the PHI of public figures, including celebrities and politicians.
During the course of its investigation, HealthCo discovers that CloudHealth has not encrypted the PHI in accordance with the terms of its contract. In addition, CloudHealth has not provided privacy or security training to its employees. Law enforcement has requested that HealthCo provide its investigative report of the breach and a copy of the PHI of the individuals affected.
A patient affected by the breach then sues HealthCo, claiming that the company did not adequately protect the individual's ePHI and that the patient has suffered substantial harm as a result of the exposed data. The patient's attorney has submitted a discovery request for the ePHI exposed in the breach.
Of the safeguards required by the HIPAA Security Rule, which of the following is NOT at issue due to HealthCo's actions?
A. Administrative SafeguardsNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-C exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.