HCISPP Regulatory and Standards Environment Questions and Answers

Question 1

A healthcare organization is conducting a risk analysis as part of its security management process.
According to the HIPAA Security Rule, which of the following safeguard categories would this activity primarily fall under?

Accepted Answer

Administrative Safeguards

Answer

Physical Safeguards

Answer

Technical Safeguards

Answer

Organizational Safeguards

Question 2

A U.S.-based employer with 50 employees is concerned about potential discrimination lawsuits. Which federal law prohibits this employer from using an individual's family medical history to make decisions about hiring, firing, or promotion?

Accepted Answer

Genetic Information Nondiscrimination Act (GINA)

Answer

Health Insurance Portability and Accountability Act (HIPAA)

Answer

Health Information Technology for Economic and Clinical Health (HITECH) Act

Answer

Americans with Disabilities Act (ADA)

Question 3

The HITECH Act was enacted to promote the adoption and meaningful use of health information technology. What was the primary mechanism used by the HITECH Act to encourage providers to adopt certified Electronic Health Record (EHR) technology?

Accepted Answer

Financial incentives for early adoption and penalties for non-adoption

Answer

Mandatory government reporting of quality measures

Answer

Grants for developing open-source EHR platforms

Answer

Stricter breach notification rules for paper-based records

Question 4

A hospital is implementing the NIST Risk Management Framework (RMF) to strengthen its cybersecurity posture. In which step of the RMF would the hospital classify its information systems based on the potential impact of a loss of confidentiality, integrity, and availability?

Accepted Answer

Categorize

Answer

Prepare

Answer

Select

Answer

Monitor

Question 5

Which international standard provides specific guidance and best practices for information security management within a healthcare context, acting as a sector-specific extension to the ISO/IEC 27002 standard?

Accepted Answer

ISO 27799

Answer

ISO/IEC 27001

Answer

ISO/IEC 27701

Answer

ISO 9001

Question 6

A medical device manufacturer wants to have its new networked infusion pump certified to an international standard that provides a framework for evaluating IT product security. The evaluation involves defining a Protection Profile (PP) and an Evaluation Assurance Level (EAL). Which standard is being described?

Accepted Answer

Common Criteria (ISO/IEC 15408)

Answer

NIST Cybersecurity Framework

Answer

HITRUST Common Security Framework (CSF)

Answer

ISO 13485