• Question 1

    The Notice of Privacy Practices:

  • Question 3

    Define TPO?

  • Question 4

    Are there any exceptions to the HITECH Act breach standard?

  • Question 5

    What was the key update associated with the HIPAA Final Rule?

  • Question 6

    HIPAA is a federal law which is enforced by:

  • Question 7

    What is the deadline for providing notification of a breach?

  • Question 8

    Covered entities must notify affected individuals following the discovery of a breach of unsecured protected health information in written form by first-class mail:

  • Question 9

    Violating the HIPAA rule can result in:

    a) Civil penalties only
    b) Criminal penalties only
  • Question 10

    Based on the HITECH Act, when is a breach of unsecured PHI considered discovered?

  • Question 11

    The primary federal law pertaining to medical information privacy is:

    a) American Recovery and Reinvestment
    Act (ARRA)

    c) Health Information Technology
    for Economic and Clinical
    Health Act (HITECH)

    d) None of the above
  • Question 12

    If the service was done for a patient, it can be billed, even if it is not documented in the patient's record.

  • Question 13

    Access to PHI is determined by:

  • Question 14

    HIPAA requires passwords be changed at least every:

    a) 30 days

    c) 90 days
  • Question 15

    If an individual authorizes release of protected health information (PHI) that includes psychotherapy notes:

    a) Organization can release this PHI
    b) Organization doesn’t have
    to consult with the patient about
    what information to release

About ecfirst

Established in 1999 ecfirst is an Iowa-based Corporation. ecfirst delivers complete end-to-end compliance and information security services across the United States and worldwide. ecfirst has completed several hundred information security assessments over the last few years for satisfied clients. Our team has managed assessments using various standards including, but not limited, to NIST 800-53, HITRUST, HIPAA, GDPR, ISO-27001, PCI-DSS and others. We are well regarded in the industry as an affordable and high-quality team with well-established expertise in a number of fields. Many clients first engage ecfirst for its flexible services that range from On-Demand Consulting (ODC) to Managed Compliance Services Programs (MCSPs) covering training, policies, remediation, risk assessment, technical vulnerability assessments, penetration testing and much more.


Security means controlling the Confidentiality of electronic Protected Health Information (ePHI), Integrity of ePHI & Availability of electronic information. Focuses on measures a Covered Entity must take to protect PHI, at a “reasonable and appropriate” level, from unauthorized breaches of privacy. Approaches taken to ensure against the loss of integrity of PHI (a patient’s records are lost, changed, or destroyed either accidentally or maliciously). Consists of three types of Safeguards: Administrative, Physical & Technical.

Our mission is to keep your organization compliant with regulations and be prepared for any cybersecurity event at any time. Our Information Security experts are able to recommend and help implement your company’s strategic goals and tactical steps for managing enterprise security.


Copyright © 1999-2018 ecfirst Inc. All rights reserved.