Under what conditions will personal data processing be subject to the Virginia Consumer Data Protection Act (VCDPA) requirements for a documented data protection assessment?
A. If the data subject is younger than 13 years of age and the data is processed after January 1, 2023.
B. If the data processor processes personal data beyond the controller's instructions.
C. If the personal data is stored by a California-based third-party service provider.
D. If the personal data is processed for purposes of targeted advertising.
SCENARIO
Please use the following to answer the next question:
Miraculous Healthcare is a large medical practice with multiple locations in California and Nevada. Miraculous normally treats patients in person, but has recently decided to start offering telehealth appointments, where patients can have
virtual appointments with on-site doctors via a phone app.
For this new initiative, Miraculous is considering a product built by MedApps, a company that makes quality telehealth apps for healthcare practices and licenses them to be used with the practices’ branding. MedApps provides technical
support for the app, which it hosts in the cloud. MedApps also offers an optional benchmarking service for providers who wish to compare their practice to others using the service.
Riya is the Privacy Officer at Miraculous, responsible for the practice's compliance with HIPAA and other applicable laws, and she works with the Miraculous procurement team to get vendor agreements in place. She occasionally assists
procurement in vetting vendors and inquiring about their own compliance practices, as well as negotiating the terms of vendor agreements. Riya is currently reviewing the suitability of the MedApps app from a privacy perspective.
Riya has also been asked by the Miraculous Healthcare business operations team to review the MedApps’ optional benchmarking service. Of particular concern is the requirement that Miraculous Healthcare upload information about the
appointments to a portal hosted by MedApps.
What HIPAA compliance issue would Miraculous have to consider before using the telehealth app?
A. HIPAA does not permit healthcare providers to use cloud hosting services.
B. HIPAA does not permit in-person appointment data to be hosted in the cloud.
C. HIPAA would require Miraculous and MedApps to enter into a Business Associate Agreement.
D. HIPAA would require Miraculous to obtain patient consent before in-person appointment data can be shared with third parties.
SCENARIO
Please use the following to answer the next question:
Miraculous Healthcare is a large medical practice with multiple locations in California and Nevada. Miraculous normally treats patients in person, but has recently decided to start offering telehealth appointments, where patients can have
virtual appointments with on-site doctors via a phone app.
For this new initiative, Miraculous is considering a product built by MedApps, a company that makes quality telehealth apps for healthcare practices and licenses them to be used with the practices’ branding. MedApps provides technical
support for the app, which it hosts in the cloud. MedApps also offers an optional benchmarking service for providers who wish to compare their practice to others using the service.
Riya is the Privacy Officer at Miraculous, responsible for the practice's compliance with HIPAA and other applicable laws, and she works with the Miraculous procurement team to get vendor agreements in place. She occasionally assists
procurement in vetting vendors and inquiring about their own compliance practices, as well as negotiating the terms of vendor agreements. Riya is currently reviewing the suitability of the MedApps app from a privacy perspective.
Riya has also been asked by the Miraculous Healthcare business operations team to review the MedApps’ optional benchmarking service. Of particular concern is the requirement that Miraculous Healthcare upload information about the
appointments to a portal hosted by MedApps.
If MedApps receives an access request under CCPA from a California-based app user, how should it handle the request?
A. MedApps should decline the request because Protected Health Information is not subject to CCPA.
B. MedApps should promptly verify the user's identity and provide the requested information.
C. MedApps should promptly forward the request to Miraculous for instructions on handling.
D. MedApps should decline the request because MedApps is not based in California.
SCENARIO
Please use the following to answer the next question:
Miraculous Healthcare is a large medical practice with multiple locations in California and Nevada. Miraculous normally treats patients in person, but has recently decided to start offering telehealth appointments, where patients can have
virtual appointments with on-site doctors via a phone app.
For this new initiative, Miraculous is considering a product built by MedApps, a company that makes quality telehealth apps for healthcare practices and licenses them to be used with the practices’ branding. MedApps provides technical
support for the app, which it hosts in the cloud. MedApps also offers an optional benchmarking service for providers who wish to compare their practice to others using the service.
Riya is the Privacy Officer at Miraculous, responsible for the practice's compliance with HIPAA and other applicable laws, and she works with the Miraculous procurement team to get vendor agreements in place. She occasionally assists
procurement in vetting vendors and inquiring about their own compliance practices, as well as negotiating the terms of vendor agreements. Riya is currently reviewing the suitability of the MedApps app from a privacy perspective.
Riya has also been asked by the Miraculous Healthcare business operations team to review the MedApps’ optional benchmarking service. Of particular concern is the requirement that Miraculous Healthcare upload information about the
appointments to a portal hosted by MedApps.
What can Riya do to most effectively minimize the privacy risks of using an app for telehealth appointments?
A. Require MedApps to de-identity all patient data.
B. Prohibit MedApps from using subcontractors.
C. Require MedApps to submit a SOC2 report.
D. Engage in active oversight of MedApps.
SCENARIO
Please use the following to answer the next question:
Miraculous Healthcare is a large medical practice with multiple locations in California and Nevada. Miraculous normally treats patients in person, but has recently decided to start offering telehealth appointments, where patients can have
virtual appointments with on-site doctors via a phone app.
For this new initiative, Miraculous is considering a product built by MedApps, a company that makes quality telehealth apps for healthcare practices and licenses them to be used with the practices’ branding. MedApps provides technical
support for the app, which it hosts in the cloud. MedApps also offers an optional benchmarking service for providers who wish to compare their practice to others using the service.
Riya is the Privacy Officer at Miraculous, responsible for the practice's compliance with HIPAA and other applicable laws, and she works with the Miraculous procurement team to get vendor agreements in place. She occasionally assists
procurement in vetting vendors and inquiring about their own compliance practices, as well as negotiating the terms of vendor agreements. Riya is currently reviewing the suitability of the MedApps app from a privacy perspective.
Riya has also been asked by the Miraculous Healthcare business operations team to review the MedApps’ optional benchmarking service. Of particular concern is the requirement that Miraculous Healthcare upload information about the appointments to a portal hosted by MedApps.
Which of the following would accurately describe the relationship of the parties if they enter into a contract for use of the app?
A. Miraculous Healthcare would be the covered entity because its name and branding are on the app; MedApps would be a business associate because it is hosting the data that supports the app.
B. MedApps would be the covered entity because it built and hosts the app and all the data; Miraculous Healthcare would be a business associate because it only provides its brand on the app.
C. Miraculous Healthcare would be a covered entity because it is the healthcare provider; MedApps would also be a covered entity because the data in the app is being shared with it.
D. Miraculous Healthcare would be the covered entity because it is the healthcare provider; MedApps would be a business associate because it is providing a service to support Miraculous.
Which of the following scenarios would be most likely to violate the Fourth Amendment of the U.S. Constitution with regard to contact tracing?
A. A private employer conducting a voluntary contact-tracing program with its employees.
B. An employer asking employees if they have been diagnosed with or tested for COVID-19 before allowing them to physically enter the workplace.
C. A government program that installs a contact-tracing app on an individual's phone and collects data after providing notice and obtaining the individual's consent.
D. A government program that automatically installs a contact-tracing app on an individual's phone and collects data without obtaining the individual's consent.
The Family Educational Rights and Privacy Act (FERPA) requires schools to do all of the following EXCEPT?
A. Verify the identity of students who make requests for access to their records.
B. Provide students with access to their records within a specified amount of time.
C. Respond to all reasonable student requests regarding explanation of their records.
D. Obtain student authorization before releasing directory information in their records.
Chanel Hair Studio is a busy high-end hair salon. In an effort to maximize efficiency of its operations and reduce wait times for appointments, Chanel decides to implement artificial intelligence software that will use client profiles and history to predict which clients will likely be late for their appointments. Information used to create the client profile included appointment history, distance from the salon, and any references to being tardy pulled from the client's social media accounts. If a client is predicted to be late, their appointment will be cancelled within 5 minutes.
Based on the details, what is the biggest potential privacy concern related to Chanel's use of this new software?
A. Scanning a client's social media accounts to use in a client profile without notice to the client.
B. Calculating client profile address distance from the salon to determine location from salon to help predict if the client will be late.
C. Using client profile information for any purpose other than setting up an appointment.
D. Assessing client tardiness history with the salon for predictive purposes.
Which of the following laws is NOT involved in the regulation of employee background checks?
A. The Civil Rights Act.
B. The Gramm-Leach-Bliley Act (GLBA).
C. The U.S. Fair Credit Reporting Act (FCRA).
D. The California Investigative Consumer Reporting Agencies Act (ICRAA).
The FTC often negotiates consent decrees with companies found to be in violation of privacy principles. How does this benefit both parties involved?
A. It standardizes the amount of fines.
B. It simplifies the audit requirements.
C. It avoids potentially harmful publicity.
D. It spares the expense of going to trial.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.