Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPP-US All Questions

View all questions & answers for the CIPP-US exam
Go to Exam

Exam CIPP-US topic 1 question 106 discussion

Actual exam question from IAPP's CIPP-US
Question #: 106
Topic #: 1
[All CIPP-US Questions]

Smith Memorial Healthcare (SMH) is a hospital network headquartered in New York and operating in 7 other states. SMH uses an electronic medical record to enter and track information about its patients. Recently, SMH suffered a data breach where a third-party hacker was able to gain access to the SMH internal network. Because it is a HIPPA-covered entity, SMH made a notification to the Office of Civil Rights at the U.S. Department of Health and Human Services about the breach.
Which statement accurately describes SMH’s notification responsibilities?

  • A. If SMH is compliant with HIPAA, it will not have to make a separate notification to individuals in the state of New York.
  • B. If SMH has more than 500 patients in the state of New York, it will need to make separate notifications to these patients.
  • C. If SMH must make a notification in any other state in which it operates, it must also make a notification to individuals in New York.
  • D. If SMH makes credit monitoring available to individuals who inquire, it will not have to make a separate notification to individuals in the state of New York.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by smp175 at July 6, 2023, 1:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bhimesh
7 months, 2 weeks ago
Selected Answer: A
Notice of Breach A breach applies only to “unsecured” information, and a covered entity can avoid liability if it utilizes encryption software to secure information (HIPAA Compliant). In the event of unauthorized acquisition, access, use or disclosure of information, a breach is presumed to have occurred, “unless the covered entity demonstrates through a risk assessment that there is a low probability that the security or privacy of the information has been compromised (HIPAA Compliant). If there is a high probability that the security or privacy of the information (financial, reputational or other) has been compromised, a covered entity must notify individuals within 60 days of discovery. If the breach affects more than 500 people, the covered entity must notify HHS immediately, and If the breach affects 500 or more in the “same jurisdiction”, it must notify the media. All breaches requiring notice must be reported to HHS at least annually.
upvoted 1 times
Bhimesh
7 months, 2 weeks ago
The HIPAA Security Rule The HIPAA Security Rule was finalized in February 2003 and modified in January 2013. It establishes minimum security requirements for PHI that a covered entity receives, creates, maintains or transmits in electronic form. The Security Rule is designed to require covered entities to implement “reasonable” security measures in a technology-neutral manner. The goal is for all covered entities to implement “policies and procedures to prevent, detect, contain, and correct security violations.”
upvoted 1 times
...
...
Romeokton
9 months, 4 weeks ago
Selected Answer: A
Exception: Compliance with Other Laws. If notice of the breach of the security of the system is made pursuant to any of the following laws, nothing in this statute shall require separate notice to affected individuals, but notice must still be provided to the regulators noted above and the consumer reporting agencies. HIPAA
upvoted 1 times
...
smp175
1 year, 4 months ago
Selected Answer: A
Most state statutes have carve-outs for entities subject to federal privacy laws. NY is no exception. A is the correct answer. https://www.perkinscoie.com/en/news-insights/security-breach-notification-chart-new-york.html
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel