Question 1

A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?

Options :

A : Department of Health and Human Services

B : The affected individuals

C : The local media

D : Medical providers

Answer: D

Question 2

If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an

agent, the organization must ensure the third party does all of the following EXCEPT?

Options :

A : Uses the transferred data for limited purposes

B : Provides the same level of privacy protection as the organization

C : Notifies the organization if it can no longer meet its requirements for proper data handling

D : Enters a contract with the organization that states the third party will process data according to the consent agreement

Answer: D

Question 3

What privacy concept grants a consumer the right to view and correct errors on his or her credit report?

Options :

A : Access.

B : Notice.

C : Action.

D : Choice.

Answer: B

Question 4

Which entities must comply with the Telemarketing Sales Rule?

Options :

A : For-profit organizations and for-profit telefunders regarding charitable solicitations

B : Nonprofit organizations calling on their own behalf

C : For-profit organizations calling businesses when a binding contract exists between them

D : For-profit and not-for-profit organizations when selling additional services to establish customers

Answer: D

Question 5

Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?

Options :

A : To follow the Disposal Rule by having the reports shredded

B : To follow the Red Flags Rule by mailing the reports to customers

C : To follow the Privacy Rule by notifying customers that the reports are being stored

D :

To follow the Safeguards Rule by transferring the reports to a secure electronic file

Answer: C