Determine your need for HIPAA compliance.
0 of 38 Questions completed
Questions:
|
You must fill out this field. |
|
|
You must fill out this field. |
|
|
You must fill out this field. |
|
|
You must fill out this field. |
|
|
You must fill out this field. |
You have already completed the knowledge assessment before. Hence you can not start it again.
Knowledge Assessment is loading…
You must sign in or sign up to start the knowledge assessment.
You must first complete the following:
0 of 38 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
When did you last conduct a review of security policies and procedures?
Privacy Policies and Procedures – Have you created and do you regularly review and update written privacy policies and procedures as required by law?
Information Management and Security Program – Do you have written policies and procedures for information management and security?*
Confidentiality Agreements – Do you have signed confidentiality agreements with employees, partners, and other businesses with access to confidential information (such as “business associate agreements”) and do you keep copies of these agreements?
Notice of Privacy Policy and Procedures – If you are a health care practitioner, do you obtain a signed acknowledgement of receipt of your privacy policies and procedures when required?
Risk Assessment – Have you conducted an information security risk assessment?*
When did you last conduct an information security risk assessment?
Annual Review – Do you annually review your information security policy and procedures to ensure the suitability and effectiveness of information security?
Forms Review – Do you annually review your standard forms for compliance with state and federal regulations?
When did you last review or update your practice forms?
Authorization – Do you obtain proper authorization for disclosure of personal information when needed and maintain a record of these authorizations?
Authorization – Do you obtain proper authorization for disclosure of personal information when needed and maintain a record of these authorizations?
Complaints – Do you have a privacy complaint form that you provide when someone has a problem related to your use or disclosure of information?
Information Privacy and Security Training – Do you provide annual training to all employees that covers information privacy and security requirements and consequences of legal and policy violations?
When did you last conduct training?
Access Limits – Do you have procedures for limiting the disclosure of information to the minimum necessary needed for each job function?
Access Termination – Do you have a written checklist that you follow to restrict a person’s access to information and the facility (keys, passwords) when the person leaves or changes their employment role?
Personnel Screening – Do you request and verify employee background and work history for employees who will have access to confidential or personal information?
Physical Assessment – Have you conducted a review of your facility’s physical and environmental security, such as building entry controls, alarms, fire detection, and temperature controls?
When did you last conduct this review?
For example, do you have recorded video surveillance or electronic access that logs user access to the facility?
Environmental Controls – Do you maintain systems for backup power for an orderly computer shutdown process, fire detection, temperature and humidity controls and water damage detection?
Disaster Recovery Plan – Check each of the following disaster recovery options you have to support your ability to continue your business in the event of a catastrophic loss of information:
(Select ALL Correct Answers)
Monitoring – Do you maintain an unalterable computer system log and routinely audit logs, security events and system use?
Data Classification – Do you maintain policies and procedures to classify information by its value, sensitivity, and critical need to your business?
Access Controls – Check each of the following procedures you use to limit or prevent access to information:
(Select ALL Correct Answers)
Data Storage and Portable Media Protection – Do you follow written policies and procedures to protect data on electronic storage media, including CDs and DVDs, USB storage devices and portable hard drives?
Lock-Out for Inactive Computing Devices – Do you configure devices to automatically lock after a period of inactivity is enforced?
Anti-Virus Protection – Do you regularly use and update security software to protect against computer viruses and malware?
Software Changes – Is your software and systems designed to detect and protect against unauthorized changes to software and information?
Information Input – Do you have policies and procedures to verify information for accuracy, completeness, and validity?
Information Correction – Do you have a policy and procedure for identification, reporting, and correction of information errors?
Software Usage Restrictions – Do you have procedures to comply with software usage restrictions in accordance with contact agreements and copyright laws?
User Installed Software – Do you have an explicit policy governing the downloading and installation of software by users?
Outsourced Information Services – Do you ensure that third-party providers of information system services employ adequate security controls in accordance with applicable laws, your policies and service agreements?
Device Security – Do you apply operating system and application updates, patches, and fixes as soon as they become available?
Incident Response – Do you have and follow a written information breach notification process and incident response policy and procedure?
Breach Assessment – Do you have a procedure and guidelines for conducting a breach assessment to determine whether you must provide breach notification under state or federal law?
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.