exam questions

Exam CIPP-US All Questions

View all questions & answers for the CIPP-US exam

Exam CIPP-US topic 1 question 44 discussion

Actual exam question from IAPP's CIPP-US
Question #: 44
Topic #: 1
[All CIPP-US Questions]

SCENARIO -
Please use the following to answer the next question:
Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse.
Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients’ Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issues.
On the morning of his first day, Declan noticed that the newly hired receptionist handed each patient a HIPAA privacy notice. He wondered if it was necessary to give these privacy notices to returning patients, and if the radiology department could reduce paper waste through a system of one-time distribution.
He was also curious about the hospital’s use of a billing company. He questioned whether the hospital was doing all it could to protect the privacy of its patients if the billing company had details about patients’ care.
On his first day Declan became familiar with all areas of the hospital’s large radiology department. As he was organizing equipment left in the halfway, he overheard a conversation between two hospital administrators. He was surprised to hear that a portable hard drive containing non-encrypted patient information was missing. The administrators expressed relief that the hospital would be able to avoid liability. Declan was surprised, and wondered whether the hospital had plans to properly report what had happened.
Despite Declan’s concern about this issue, he was amazed by the hospital’s effort to integrate Electronic Health Records (EHRs) into the everyday care of patients. He thought about the potential for streamlining care even more if they were accessible to all medical facilities nationwide.
Declan had many positive interactions with patients. At the end of his first day, he spoke to one patient, John, whose father had just been diagnosed with a degenerative muscular disease. John was about to get blood work done, and he feared that the blood work could reveal a genetic predisposition to the disease that could affect his ability to obtain insurance coverage. Declan told John that he did not think that was possible, but the patient was wheeled away before he could explain why. John plans to ask a colleague about this.
In one month, Declan has a paper due for one his classes on a health topic of his choice. By then, he will have had many interactions with patients he can use as examples. He will be pleased to give credit to John by name for inspiring him to think more carefully about genetic testing.
Although Declan’s day ended with many questions, he was pleased about his new position.
Based on the scenario, what is the most likely way Declan’s supervisor would answer his question about the hospital’s use of a billing company?

  • A. By suggesting that Declan look at the hospital’s publicly posted privacy policy
  • B. By assuring Declan that third parties are prevented from seeing Private Health Information (PHI)
  • C. By pointing out that contracts are in place to help ensure the observance of minimum security standards
  • D. By describing how the billing system is integrated into the hospital’s electronic health records (EHR) system
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
twiny
3 months, 2 weeks ago
Selected Answer: C
The correct answer is C. By pointing out that contracts are in place to help ensure the observance of minimum security standards. Reference: The IAPP textbook, U.S. Private-Sector Privacy, 4th Edition, 2024, Section 8.1.2 The HIPAA Security Rule, "The HIPPA Security Rule was finalized in February 2003 and modified in January 2013. It establishes minimum security requirements for PHI that a covered entity or a business associate receives, creates, maintains, or transmits in electronic form."
upvoted 1 times
...
Bhimesh
8 months, 3 weeks ago
Selected Answer: C
Should be C. By pointing out that contracts are in place to help ensure the observance of minimum security standards The Minimum Information Security Standards is a standard for the minimum information security measures that any institution MUST put in place for sensitive or classified information to protect national security.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago