Exam Code: HIT-001 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Healthcare IT Technician Exam
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass HIT-001 Exam.
2016 May HIT-001 Study Guide Questions:
Q41. You are working as a privacy officer at a large medical clinic in a town with a population where everyone kind of knows everyone else. You have just finished reviewing the incidents that have been reported to you by the clinic's staff where it is believed that a breach of patient's privacy rights may have occurred. You have to decide which incidents require notifying the patient and HHS. Under the HITECH Act's Breach and Harm Threshold Considerations, which of the following would situations would constitute a reason for notifying the patient.
A. A bill was mailed to the patient's previous address containing information about an STD test, but was returned opened.
B. An email was sent to the wrong billing adjuster in the clinic's business office and contained the patient's PHI.
C. A nurse hands a patient a medical report for a different patient, but quickly realizes it and asks gets it returned.
D. An inter-office fax with the patient's PHI went to a different department than intended, but was promptly returned to the sending office.
Explanation: A bill was mailed to the patient's previous address containing information about an STD test, but was returned opened. The interim final rule under the HITECH Act sets a harm threshold to determine if the impermissible use or disclosure poses a significant risk of "financial, reputational, or other harm" to the patient. In this case, both the fact that the envelope is open and that it contains information that could harm this individual's reputation meet the harm threshold. The patient may ultimately decide that it really doesn't matter that much, but the organization has the responsibility to notify. The HHS has provided examples for low-risk HIPAA violations in the breach notification interim final rule Answer: D is incorrect. This falls under HHS's definition of "Good faith, unintentional acquisition, access or use of PHI by a workforce member of a covered entity or business associate." In other words, it was not only unintended, but it has stayed within the covered entity. Answer: B is incorrect. Similar to option A, this falls under HHS's definition of "Good faith, unintentional acquisition, access or use of PHI by a workforce member of a covered entity or business associate." Answer: C is incorrect. This falls under the HHS guidelines that a "Recipient could not reasonably have retained the data." In this case, the nurse retrieves the information soon after giving it to the wrong patient and can assume that not enough time lapsed for the wrong recipient to review the report and cause harm to the patient.
Q42. You and your department are doing and audit to make sure that you are compliant with HIPAA Security Standards laid out in detail in the Security Rule. Which of the following is NOT a type of security standard you would be responsible for?
A. Administrative Safeguards
B. Physical Safeguards
C. Technical Safeguards
D. Procedural Safeguards
Explanation: The Security Rule specifies a list of Administrative, Technical and Physical safeguards that must be adopted for an organization to be in compliance with the HIPAA Security Rule. There are not "Procedural Safeguards" Answer: A is incorrect. Administrative Safeguards are a key part of the HIPAA Security Rule standards. Administrative safeguards include. developing written policies to prevent, detect and contain privacy and security violations; appointing individuals and a chain of command responsible for oversight of security issues; requiring a policy for appropriate levels of workforce information access and access management; security awareness training procedures; incident reporting; written contingency plans for power failures and natural disasters; a schedule for periodic audits and evaluations and the clear use of business associate contracts for privacy and security. Answer: C is incorrect. Technical Safeguards are another key part of the HIPAA Security rule standards. Technical safeguards include. the use of electronic access control (i.e. passwords, PINs, thumbprint ID device); audit controls to record and examine activity on the network; integrity controls (write access control) to protect from improper alteration of information; entity authentication (procedures to check if individuals are who they say they are) and transmission security. Answer: B is incorrect. Physical Safeguards are another key part of the HIPAA Security rule standards. Physical safeguards include. facility access control (locks and IDs), standards of workstation use, workstation placement, remote device and media controls.
Q43. Which of the following is software that gathers information about a user and violates the user's personal security?
Explanation: Spyware is software that gathers information about a user without his knowledge. Spyware can get into a computer when the user downloads software from the Internet. Spyware can search the contents of a hard disk, address book of an e-mail, or any information about the computer, and transmits the information to the advertisers or other interested parties. Answer: C is incorrect. Adware is software that automatically downloads and display advertisements in the Web browser without user permission. When a user visits a site or downloads software, sometimes a hidden adware software is also downloaded to display advertisement automatically. This can be quite irritating to user. Some adware can also be spyware. Answer: A is incorrect. Spamware is software designed by or for spammers to send out automated spam e-mail. Spamware is used to search for e-mail addresses to build lists of e-mail addresses to be used either for spamming directly or to be sold to spammers. The spamware package also includes an e-mail harvesting tool. Answer: D is incorrect. Malware is a software that is designed to damage or corrupt a system such as a Trojan horse, virus or worm.
Renew comptia hit-001 exam:
Q44. Which of the following ports is used by the Secure File Transfer Protocol (SFTP)?
Explanation: Secure File Transfer Protocol (SFTP) uses port 115. The Secure File Transfer Protocol (SFTP), also called SSH File Transfer Protocol, is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. The SFTP was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols as well. Answer: C is incorrect. Hypertext Transfer Protocol (HTTP) protocol uses port 80. Answer: D is incorrect. Domain Name System (DNS) uses port 53. Answer: B is incorrect. Telnet uses port 23. Telnet is a command-line connectivity tool that starts terminal emulation with a remote host running the Telnet server service. Telnet allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The Telnet utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software to access files. It uses TCP port 23 by default.
Q45. While working on upgrading a system in the Emergency Department, you hear a warning over the PA system for a "Code Blue", followed by what looks like people running everywhere. What's going on?
A. The hospital is being evacuated. You need to leave the building.
B. The hospital is so full that all incoming patients are being diverted to other hospitals for care. You need to stay calm and continue your work.
C. There's a flood in the restroom that's threatening to get out into the hallways. You need to make sure computer equipment is off the floor.
D. A patient is in cardiac arrest and needs immediate resuscitation and critical care services. You need to stay calm and continue your work.
Explanation: Code Blue or Code 99 are most often used to alert all available medical personnel that there is a patient in cardiac arrest who needs immediate and intensive treatment. Do not interfere, stay out of the way and continue your work. Answer: A is incorrect. There are no universal standard "codes" for evacuating the hospital, but each facility will have its own system of alerting staff that an evacuation is needed. It's important to learn those protocols for the facility in which you work. An example would be the Australian Health care system, where "Code Orange" indicated the need to evacuate the building. Answer: C is incorrect. There is no need to call a "code" for flooding, and though it may be a good idea to remove sensitive electrical equipment from the floor, most likely what's needed is someone to call custodial services or facility management. Answer: B is incorrect. A total divert or "bypass" can occur when a hospital, especially an ER trauma center, has reached maximum capacity and cannot safely treat any new patients. Again, learn the protocols for the facility in which you are working. Some hospitals use "Code Purple" or "Code Yellow" for this situation.
Q46. You may see quite a few physical safeguards within the healthcare facility when dealing with areas where protected health information is handled and stored. Which of the following is NOT an example of physical safeguards for PHI in a healthcare facility?
A. Policies for training employees in security protocols
B. ID badges for employees and staff
C. Engraving of equipment
D. Private Security Patrols
Explanation: An administrative safeguard more than a physical safeguard, it is still a requirement for organizations to have training policies regarding security measures, but it is not a physical safeguard to do so. Answer: B is incorrect. ID badges are a well-recognized and useful physical safeguard for the protection of PHI by limiting access in certain areas by certain authorized individuals. Answer: D is incorrect. Private security patrols are one option that's possible to achieve protection of PHI from tampering or theft. Answer: C is incorrect. Engraving equipment like workstations, monitors are physical property controls that can help prevent theft and the potential exposure of PHI.
Validated comptia hit-001 pdf:
Q47. Which of the following statements regarding the Health Insurance Portability and Accountability Act's "Security Rule" is NOT accurate?
A. The Security Rule mandates efforts to protect the security of PHI from anticipated threats and hazards, and anticipated uses and disclosures not permitted by the HIPAA Privacy rule.
B. The Security Rule only covers electronic protected health information (PHI), no other media.
C. The Security Rule mandates a series of administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of protected health information.
D. The HIPAA Security Rule mandates a strict methodology for the implementation of security standards and safeguards
Explanation: Options A, B, C are all important components of the HIPAA Security Rule, whereas Option D is not accurate. The HIPAA Security Rule follows a principle of flexibility, allowing covered entities to develop their own methods and plans for implementing the mandated administrative, physical and technical safeguards depending upon the size, complexity and capabilities of the covered entity. Answer: B is incorrect. Option A is a factual statement. The HIPAA Security Rule and its mandates apply only to the protection of electronic protected health information (ePHI), not paper, film, or other storage media. Answer: C is incorrect. Option B is a factual statement. The key regulations of the Security Rule involve the requirements for administrative, technical and physical safeguards to protect ePHI. Answer: A is incorrect. Option C is a factual statement. It is very important for any organization dealing with the security of ePHI to think about the future of potential physical threats like nature disasters, technical threats like hacking, and anticipate the potential for uses and disclosures in lawsuits or other potentialities.
Q48. CORRECT TEXT
Fill in the blank with the appropriate word. A is a device that controls the movement of the cursor or pointer on the computer screen.A mouseis a device that controls the movement of the cursor or pointer on the computer screen.
Answer: A mouse consists of a metal or plastic
Explanation: casing, a ball that sticks out of the bottom of the casing and is rolled on a flat surface, one or more buttons on the top of the casing, and a cable that connects the mouse to the computer. As the ball is moved over the surface in any direction, a sensor sends impulses to the computer that causes a mouse-responsive program to reposition cursor on the monitor.
Q49. Which of the following is true about the TELNET utility? Each correct answer represents a complete solution. Choose all that apply.
A. It uses TCP port 23.
B. It uses the RDP protocol to connect to a remote computer.
C. It allows users to communicate with a remote computer.
D. It transmits data in clear text.
Explanation: Telnet is a command-line connectivity tool that starts terminal emulation with a remote host running the Telnet server service. Telnet allows users to communicate with a remote computer, offers the ability to run programs remotely, and facilitates remote administration. The Telnet utility uses the Telnet protocol for connecting to a remote computer running the Telnet server software to access files. It uses TCP port 23 by default. Answer: B is incorrect. The TELNET utility uses the Telnet protocol for connecting to a remote computer.
Q50. Your healthcare organization had a hacker break into the patient registry and the information of 547 patients may have been compromised during the attack. What piece of healthcare legislation mandates that your organization inform those patients whose information may have been seen of a breach in your security?
Explanation: ARRA is the American Recovery and Reinvestment Act of 2009. Part of the ARRA is the HITECH Act (Health Information Technology for Economic and Clinical Health) Within the HITECH section of the ARRA, are regulations that require covered entities (healthcare organizations or their business associates) to quickly notify affected individuals of a security breach, as well as the HHS secretary and the media if there is a breach of more than 500 individuals. Answer: B is incorrect. HIPAA does not include regulations for breach notification, and it was one of the important parts of the HITECH act within ARRA that this oversight in the 1996 HIPAA was changed so that patients were notified if their information could have been released. Answer: A is incorrect. The ONC is not a piece of legislation, but is an acronym for the Office of the National Coordinator for Healthcare Information Technology, part of the US Department of Health and Human Services (HHS). They help implement the HITECH Act to ensure that the exchange of healthcare information remains private and secure. Answer: C is incorrect. NIST is the National Institute for Standards and Technology, not a piece of legislation. NIST develops publications on many topics about state of the art standards in technology, and within the HITECH Act the NIST has an assigned role to advance healthcare integration through standards and testing, consult on health IT implementation, and to provide pilot testing of new standards and specifications.
see more CompTIA Healthcare IT Technician Exam