SCENARIO
Please use the following to answer the next QUESTION:
Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse.
Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients' Protected Health Information (PHI).
Therefore, he is thinking carefully about privacy issues.
On the morning of his first day, Declan noticed that the newly hired receptionist handed each patient a HIPAA privacy notice. He wondered if it was necessary to give these privacy notices to returning patients, and if the radiology department
could reduce paper waste through a system of one-time distribution.
He was also curious about the hospital's use of a billing company. He Questioned whether the hospital was doing all it could to protect the privacy of its patients if the billing company had details about patients' care.
On his first day Declan became familiar with all areas of the hospital's large radiology department. As he was organizing equipment left in the halfway, he overheard a conversation between two hospital administrators. He was surprised to
hear that a portable hard drive containing non-encrypted patient information was missing. The administrators expressed relief that the hospital would be able to avoid liability. Declan was surprised, and wondered whether the hospital had
plans to properly report what had happened.
Despite Declan's concern about this issue, he was amazed by the hospital's effort to integrate Electronic Health Records (EHRs) into the everyday care of patients. He thought about the potential for streamlining care even more if they were
accessible to all medical facilities nationwide.
Declan had many positive interactions with patients. At the end of his first day, he spoke to one patient, John, whose father had just been diagnosed with a degenerative muscular disease. John was about to get blood work done, and he feared that the blood work could reveal a genetic predisposition to the disease that could affect his ability to obtain insurance coverage. Declan told John that he did not think that was possible, but the patient was wheeled away before he could explain why. John plans to ask a colleague about this.
In one month, Declan has a paper due for one his classes on a health topic of his choice. By then, he will have had many interactions with patients he can use as examples. He will be pleased to give credit to John by name for inspiring him to
think more carefully about genetic testing.
Although Declan's day ended with many Questions, he was pleased about his new position.
Based on the scenario, what is the most likely way Declan's supervisor would answer his question about the hospital's use of a billing company?
A. By suggesting that Declan look at the hospital's publicly posted privacy policy
B. By assuring Declan that third parties are prevented from seeing Private Health Information (PHI)
C. By pointing out that contracts are in place to help ensure the observance of minimum security standards
D. By describing how the billing system is integrated into the hospital's electronic health records (EHR) system
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?
A. Department of Health and Human Services
B. The affected individuals
C. The local media
D. Medical providers
According to FERPA, when can a school disclose records without a student's consent?
A. If the disclosure is not to be conducted through email to the third party
B. If the disclosure would not reveal a student's student identification number
C. If the disclosure is to practitioners who are involved in a student's health care
D. If the disclosure is to provide transcripts to a school where a student intends to enroll
In 2012, the White House and the FTC both issued reports advocating a new approach to privacy enforcement that can best be described as what?
A. Harm-based.
B. Self-regulatory.
C. Comprehensive.
D. Notice and choice.
What is the main challenge financial institutions face when managing user preferences?
A. Ensuring they are in compliance with numerous complex state and federal privacy laws
B. Developing a mechanism for opting out that is easy for their consumers to navigate
C. Ensuring that preferences are applied consistently across channels and platforms
D. Determining the legal requirements for sharing preferences with their affiliates
Who has rulemaking authority for the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA)?
A. State Attorneys General
B. The Federal Trade Commission
C. The Department of Commerce
D. The Consumer Financial Protection Bureau
SCENARIO
Please use the following to answer the next QUESTION:
Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state's Do Not Call list, as well as the people on it. "If they were really serious about not being bothered," Evan said, "They'd be on the national DNC list. That's the only one we're required to follow. At SunriseLynx, we call until they ask us not to."
Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call "another time." This, to Larry, is a clear indication that they don't want to be called at all. Evan doesn't see it that way.
Larry believes that Evan's arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social media. However, following Evan's political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.
Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan's leadership.
Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker's belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.
Larry wants to take action, but is uncertain how to proceed.
Which act would authorize Evan's undercover investigation?
A. The Whistleblower Protection Act
B. The Stored Communications Act (SCA)
C. The National Labor Relations Act (NLRA)
D. The Fair and Accurate Credit Transactions Act (FACTA)
What is an exception to the Electronic Communications Privacy Act of 1986 ban on interception of wire, oral and electronic communications?
A. Where one of the parties has given consent
B. Where state law permits such interception
C. If an organization intercepts an employee's purely personal call
D. Only if all parties have given consent
What type of material is exempt from an individual's right to disclosure under the Privacy Act?
A. Material requires by statute to be maintained and used solely for research purposes.
B. Material reporting investigative efforts to prevent unlawful persecution of an individual.
C. Material used to determine potential collaboration with foreign governments in negotiation of trade deals.
D. Material reporting investigative efforts pertaining to the enforcement of criminal law.
According to the FTC Report of 2012, what is the main goal of Privacy by Design?
A. Obtaining consumer consent when collecting sensitive data for certain purposes
B. Establishing a system of self-regulatory codes for mobile-related services
C. Incorporating privacy protections throughout the development process
D. Implementing a system of standardization for privacy notices
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-C exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.