ExpertHard1 markMultiple Choice
CPA · Question 49 · Area II: Security
Under the HIPAA Security Rule, 'Encryption' is classified as an 'Addressable' implementation specification. What does 'Addressable' mean?
Under the HIPAA Security Rule, 'Encryption' is classified as an 'Addressable' implementation specification. What does 'Addressable' mean?
Answer options:
A.
It is optional and can be ignored.
B.
It is mandatory in all circumstances.
C.
The entity must implement it if reasonable and appropriate, or implement an equivalent alternative, or document why it is not reasonable.
D.
It applies only to large organizations.
How to approach this question
Recall the HIPAA definition of Addressable vs. Required.
Full Answer
C.The entity must implement it if reasonable and appropriate, or implement an equivalent alternative, or document why it is not reasonable.✓ Correct
The entity must implement it if reasonable and appropriate, or implement an equivalent alternative, or document why it is not reasonable.
Addressable specifications allow flexibility. If encryption isn't feasible, the entity must document why and implement an alternative safeguard that achieves the same protection.
Common mistakes
Thinking Addressable means Optional.
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium