ExpertHard1 markMultiple Choice
CPA · Question 36 · Area II: Security
Which of the following is a key requirement of the HIPAA Security Rule but NOT the Privacy Rule?
Which of the following is a key requirement of the HIPAA Security Rule but NOT the Privacy Rule?
Answer options:
A.
Notice of Privacy Practices
B.
Technical safeguards for ePHI (encryption, audit controls)
C.
Authorization for disclosure
D.
Minimum Necessary standard
How to approach this question
Privacy = Rules for use/disclosure (Paper & Electronic). Security = Rules for protecting the bits and bytes (Electronic only).
Full Answer
B.Technical safeguards for ePHI (encryption, audit controls)✓ Correct
B
The HIPAA Security Rule specifically operationalizes the protections for *electronic* PHI (ePHI) through administrative, physical, and technical safeguards. The Privacy Rule covers all forms of PHI (paper, oral, electronic) and focuses on rights and usage.
Common mistakes
Thinking Encryption is mandated by the Privacy Rule.
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium