HCISPP Exam Questions
311 real HCISPP exam questions with expert-verified answers and explanations. Page 1 of 7.
- Question #1Regulatory and Standards Environment
The HIPPA task force must first:
HIPAA ComplianceAsset InventorySystem DiscoveryCompliance Assessment - Question #2Privacy and Security in Healthcare
The confidentiality of alcohol and drug abuse patient records maintained by this program is protected by federal law and regulations. Generally, the program may not say to a person...
42 CFR Part 2Patient confidentialitySubstance abuse recordsMedical emergency exceptions - Question #3Regulatory and Standards Environment
Group Health Plans sponsored or maintained by employers, however,
HIPAA covered entitiesGroup Health PlansEmployer-sponsored plans - Question #4Regulatory and Standards Environment
Employers often advocate on behalf of their employees in benefit disputes and appeals, answer Question:s with regard to the health plan, and generally help them navigate their heal...
Health Plan Sponsor AdvocacyHIPAA ComplianceEmployee BenefitsBenefit Dispute Resolution - Question #5Regulatory and Standards Environment
HIPPA does not call for:
HIPAAHealth IdentifiersAdministrative SimplificationData Standards - Question #6Information Governance in Healthcare
A gap analysis for the Transactions set refer to the practice of identifying the data content you currently have available
Gap AnalysisData InventoryMedical SoftwareHealthcare Systems - Question #7Regulatory and Standards Environment
A gap analysis for the Transactions set does not refer to
HIPAA gap analysisTransaction setsHIPAA complianceHealthcare transactions - Question #8Privacy and Security in Healthcare
Health Information Rights although your health record is the physical property of the healthcare practitioner or facility that compiled it, the information belongs to you. You do n...
HIPAA Patient RightsHealth Information PrivacyPatient RestrictionsInformation Disclosure - Question #9Privacy and Security in Healthcare
Employers often advocate on behalf of their employees in benefit disputes and appeals, answer Question:s with regard to the health plan, and generally help them navigate their heal...
Individual AuthorizationHealth Benefits AdministrationHIPAA ConsentEmployee Privacy - Question #10Regulatory and Standards Environment
Who enforces HIPPA?
HIPAAOCRHHSEnforcement - Question #11Risk Management and Risk Assessment
Gap analysis does not apply to
gap analysisHIPAA compliancecontrols assessmentavailability - Question #12Regulatory and Standards Environment
Which one of the following is NOT a fundamental component of a Regulatory Security Policy?
Regulatory Security PolicyPolicy StructureHealthcare ComplianceGovernance - Question #13Privacy and Security in Healthcare
According to private sector data classification levels, how would salary levels and medical information be classified?
Data ClassificationPrivacySensitive Information - Question #14Information Governance in Healthcare
Which of the following embodies all the detailed actions that personnel are required to follow?
ProceduresInformation GovernancePersonnel CompliancePolicy Framework - Question #15Risk Management and Risk Assessment
All of the following items should be included in a Business Impact Analysis (BIA) Question:naire EXCEPT Question:s that
Business Impact AnalysisBusiness Continuity PlanningRisk AssessmentDisaster Recovery - Question #16Risk Management and Risk Assessment
Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
credential rotationaccess controlmobile securitytravel security - Question #17Risk Management and Risk Assessment
Which of the following represents the GREATEST risk to data confidentiality?
Data EncryptionBackup SecurityConfidentialityData at Rest - Question #18Risk Management and Risk Assessment
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
Facility Relocation SecurityGap AnalysisRisk AssessmentCompliance Requirements - Question #19Risk Management and Risk Assessment
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the foll...
Tier 4 Data CenterBusiness Continuity PlanningInfrastructure ResiliencePower Redundancy - Question #20Information Governance in Healthcare
When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management...
ISO 27001Asset ManagementManagement ResponsibilitiesInformation Governance - Question #21Risk Management and Risk Assessment
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
Physical securityReactive controlsPersonnel protectionCost-effectiveness - Question #22Privacy and Security in Healthcare
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
Defense in DepthSecurity PillarsPeople-Technology-Operations - Question #23Information Governance in Healthcare
Intellectual property rights are PRIMARY concerned with which of the following?
Intellectual Property RightsIP ControlInformation GovernanceCopyright - Question #24Privacy and Security in Healthcare
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
Security Testing ReportsStakeholder CommunicationSecurity AssessmentRisk Reporting - Question #25Risk Management and Risk Assessment
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
Business Continuity TestingDisaster RecoveryResilience TestingParallel Testing - Question #26Risk Management and Risk Assessment
A continuous information security monitoring program can BEST reduce risk through which of the following?
User Account MonitoringActivity VisibilityRisk ReductionContinuous Monitoring - Question #27Risk Management and Risk Assessment
Which of the following is the PRIMARY risk with using open source software in a commercial software construction?
open source softwarevendor supportsoftware supply chaincommercial development - Question #28Risk Management and Risk Assessment
Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?
Physical SecurityFacility SitingRisk AssessmentEnvironmental Threats - Question #29Privacy and Security in Healthcare
Multi-threaded applications are more at risk than single-threaded applications to
race conditionsmulti-threadingconcurrent accessthread safety - Question #30Privacy and Security in Healthcare
Which of the following is a potential risk when a program runs in privileged mode?
Privileged mode executionMalware injectionAccess controlSecure coding - Question #32Risk Management and Risk Assessment
Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?
Disaster Recovery TestingRisk AssessmentBusiness ContinuityTest Methods - Question #33Regulatory and Standards Environment
Which of the following BEST describes the purpose of performing security certification?
Security CertificationCompliance ConfirmationSecurity StandardsPolicy Compliance - Question #34Privacy and Security in Healthcare
The BEST method to mitigate the risk of a dictionary attack on a system is to
Dictionary attack mitigationHardware tokensAuthentication securityMulti-factor authentication - Question #35Privacy and Security in Healthcare
In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?
DMZNetwork SegmentationPerimeter SecurityFirewall Architecture - Question #36Information Governance in Healthcare
Which of the following is the BEST reason for the use of security metrics?
Security MetricsIT GovernanceSecurity Processes - Question #37Regulatory and Standards Environment
An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to...
GDPR Data TransferClinical Trial DataThird-Party ProcessingHealthcare Authorization - Question #38Third-Party Risk Management
Which of the following is the MOST significant benefit to implementing a third-party federated identity architecture?
Federated IdentityThird-Party IdentityOperational CostsIdentity Management - Question #39Information Technologies in Healthcare
Which of the following methods MOST efficiently manages user accounts when using a third- party cloud-based application and directory solution?
Directory synchronizationIdentity managementCloud user provisioningThird-party cloud integration - Question #40Third-Party Risk Management
An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third- party information technology (IT) systems. During the due diligence proces...
Third-party auditsDue diligenceOutsourcing governanceManagement sign-off - Question #41Third-Party Risk Management
Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider's customers...
Trust Services PrinciplesAccess ControlsThird-Party RiskAICPA TSP - Question #43Healthcare Industry
The primary objectives of a healthcare system include all of the following except:
Healthcare system objectivesCost-effectivenessQuality standardsHealthcare delivery - Question #44Healthcare Industry
The U.S. healthcare system can best be described as:
U.S. Healthcare System CharacteristicsHealthcare FragmentationHealthcare Market StructureHealthcare Economics - Question #45Healthcare Industry
For most privately insured Americans, health insurance is:
Employer-based InsuranceHealth Insurance CoverageUS Healthcare System - Question #46Healthcare Industry
What is the meaning of the term 'Access'?
Healthcare AccessCare DeliveryHealth Services - Question #47Regulatory and Standards Environment
True or False? The government health coverage program for the elderly and certain people with disabilities is called Medicaid.
MedicareMedicaidGovernment Health Programs - Question #48Healthcare Industry
Which of the following forces remains relatively stable, and major shifts in this area would be necessary to bring about any fundamental change in the US health care delivery syste...
Healthcare system fundamentalsOrganizational cultureSystem transformation drivers - Question #49Healthcare Industry
In its historical context, which of the following has played a major role in revolutionizing health care delivery?
Healthcare deliveryMedical technologyHealthcare transformation - Question #50Healthcare Industry
In the preindustrial era, _____ often functioned as surgeons.
Healthcare HistoryMedical ProfessionsBarber-surgeonsPreindustrial Medicine - Question #51Healthcare Industry
Hospitals in the United States evolved from
Hospital HistoryHealthcare Industry OriginsUS Healthcare Infrastructure - Question #52Healthcare Industry
What was the function of a pest house in the preindustrial period?
Disease quarantineContagious disease managementHealthcare history