CIIP Healthcare Information Security and Privacy

Question 1

Under HIPAA, which of the following is considered Protected Health Information (PHI) in a radiology context?

Accepted Answer

Patient name combined with a radiological diagnosis

Answer

De-identified DICOM images with all tags removed

Answer

Aggregate statistical reports with no patient identifiers

Answer

Anonymized teaching files approved by IRB

Question 2

Which HIPAA rule specifically governs the technical safeguards for electronic PHI stored in PACS?

Accepted Answer

HIPAA Security Rule

Answer

HIPAA Privacy Rule

Answer

HIPAA Breach Notification Rule

Answer

HIPAA Enforcement Rule

Question 3

A radiology technologist accidentally emails a patient's MRI report to the wrong recipient. Under HIPAA, this is classified as a:

Accepted Answer

Breach of unsecured PHI

Answer

Minor privacy incident with no reporting obligation

Answer

Permitted disclosure for treatment purposes

Answer

Business associate violation only

Question 4

Which encryption standard is recommended by NIST for protecting ePHI at rest in imaging systems?

Accepted Answer

AES-256

Answer

DES-56

Answer

RC4-128

Answer

MD5 hashing

Question 5

In the context of imaging informatics, what is the primary purpose of role-based access control (RBAC)?

Accepted Answer

Ensure users can only access PHI necessary for their job function

Answer

Encrypt all data transmitted between modalities

Answer

Automatically de-identify images before archiving

Answer

Log all system errors to an audit trail

Question 6

Which of the following is a required element of a HIPAA Security Rule risk analysis for an imaging department?

Accepted Answer

Identifying potential threats and vulnerabilities to ePHI

Answer

Publishing all security policies on the department intranet

Answer

Encrypting only images that contain visible patient faces

Answer

Performing annual penetration tests on all workstations