What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?
A. Make electronic health records (EHRs) part of regular care
B. Bill the majority of patients electronically for their health care
C. Send health information and appointment reminders to patients electronically
D. Keep electronic updates about the Health Insurance Portability and Accountability Act
All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?
A. Healthcare information clearinghouses
B. Pharmaceutical companies
C. Healthcare providers
D. Health plans
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?
A. Department of Health and Human Services
B. The affected individuals
C. The local media
D. Medical providers
SCENARIO
Please use the following to answer the next question:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your homework?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?"
"It's asking questions about my opinions."
"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."
Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and
the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his
name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and
he decided it was time to report the incident to the proper authorities.
How could the marketer have best changed its privacy management program to meet COPPA "Safe Harbor" requirements?
A. By receiving FTC approval for the content of its emails
B. By making a COPPA privacy notice available on website
C. By participating in an approved self-regulatory program
D. By regularly assessing the security risks to consumer privacy
SCENARIO
Please use the following to answer the next question:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your homework?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?"
"It's asking questions about my opinions."
"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."
Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and
the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his
name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and
he decided it was time to report the incident to the proper authorities.
How does Matt come to the decision to report the marketer's activities?
A. The marketer failed to make an adequate attempt to provide Matt with information
B. The marketer did not provide evidence that the prize books were appropriate for children
C. The marketer seems to have distributed his son's information without Matt's permission
D. The marketer failed to identify himself and indicate the purpose of the messages
SCENARIO
Please use the following to answer the next question:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your homework?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?"
"It's asking questions about my opinions."
"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."
Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and
the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his
name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and
he decided it was time to report the incident to the proper authorities.
Based on the incident, the FTC's enforcement actions against the marketer would most likely include what violation?
A. Intruding upon the privacy of a family with young children.
B. Collecting information from a child under the age of thirteen.
C. Failing to notify of a breach of children's private information.
D. Disregarding the privacy policy of the children's marketing industry.
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?
A. Uses the transferred data for limited purposes
B. Provides the same level of privacy protection as the organization
C. Notifies the organization if it can no longer meet its requirements for proper data handling
D. Enters a contract with the organization that states the third party will process data according to the consent agreement
What was the original purpose of the Federal Trade Commission Act?
A. To ensure privacy rights of U.S. citizens
B. To protect consumers
C. To enforce antitrust laws
D. To negotiate consent decrees with companies violating personal privacy
All of the following are tasks in the "Discover" phase of building an information management program EXCEPT?
A. Facilitating participation across departments and levels
B. Developing a process for review and update of privacy policies
C. Deciding how aggressive to be in the use of personal information
D. Understanding the laws that regulate a company's collection of information
Which of the following describes the most likely risk for a company developing a privacy policy with standards that are much higher than its competitors?
A. Being more closely scrutinized for any breaches of policy
B. Getting accused of discriminatory practices
C. Attracting skepticism from auditors
D. Having a security system failure
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.