COE IT Management Questions and Answers

Question 1

An ophthalmic practice manager discovers that a technician has been using a personal, unencrypted USB drive to transfer patient diagnostic images between the testing room and a physician's review station. According to HIPAA incident response protocols, what is the MOST critical and immediate action required?

Accepted Answer

Confiscate the drive, secure the device, and perform a formal risk assessment to determine if a breach of Protected Health Information (PHI) occurred.

Answer

The first step in any potential breach situation is containment and assessment. Securing the device prevents further unauthorized disclosure. A formal risk assessment is then required under the HIPAA Breach Notification Rule to determine the probability that PHI was compromised, which dictates all subsequent actions, including whether patient and HHS notification is necessary.

Question 2

In the context of IT management for an ophthalmic practice, which of the following best distinguishes a Business Continuity Plan (BCP) from a Disaster Recovery (DR) Plan?

Accepted Answer

A BCP is a comprehensive strategy to keep the entire practice operational during a disruption, whereas a DR plan is a subset of the BCP focused specifically on restoring IT systems and data.

Answer

A Business Continuity Plan (BCP) is a broad, strategic framework for maintaining essential practice functions (like patient care, billing, and scheduling) during a crisis. A Disaster Recovery (DR) plan is a more tactical, IT-focused component of the BCP that outlines the specific procedures for recovering IT infrastructure, applications, and data after an incident.

Question 3

An ophthalmic practice is selecting a new Electronic Health Record (EHR) system. To ensure the practice can successfully participate in the Merit-based Incentive Payment System (MIPS), which of the following is the most critical feature the EHR must possess?

Accepted Answer

Certification from the Office of the National Coordinator for Health Information Technology (ONC-HIT).

Answer

To participate in MIPS and attest to the Promoting Interoperability category, CMS requires that practices use an EHR that is certified by the ONC-HIT. This certification ensures the system meets federal standards for functionality, security, and interoperability necessary for required data capture and reporting.

Question 4

The practice's front desk coordinator receives an email that appears to be from the lead physician, urgently requesting a password to access a file on the server for a 'telehealth consultation.' This is a classic example of which type of cybersecurity threat?

Accepted Answer

Spear Phishing

Answer

Spear phishing is a targeted form of phishing that uses specific, personalized information (like the lead physician's name and a plausible scenario) to trick a specific individual into revealing confidential information, such as passwords. Unlike general phishing which is sent broadly, spear phishing is tailored to the target to appear more legitimate.

Question 5

A practice is implementing a new OCT device that generates very large image files. To ensure fast and reliable access to these images from all exam rooms and review stations, which network infrastructure component is most critical to evaluate and potentially upgrade?

Accepted Answer

The Local Area Network (LAN), including switches and cabling.

Answer

The Local Area Network (LAN) is the internal network that connects all devices within the office. The speed of transferring large files like OCT scans between internal computers depends on the bandwidth of the LAN, which is determined by components like high-speed (e.g., Gigabit) switches and appropriate cabling (e.g., Cat6). The internet connection affects external communication, not internal file sharing speed.

COE - Certified Ophthalmic Executive Practice Test

COE - Certified Ophthalmic Executive Practice Test

COE IT Management Questions and Answers