Guaranteed of HIT-001 book materials and testing material for CompTIA certification for consumer, Real Success Guaranteed with Updated HIT-001 pdf dumps vce Materials. 100% PASS CompTIA Healthcare IT Technician Exam exam Today!
2016 Apr HIT-001 Study Guide Questions:
Q316. While installing a printer in a newly remodeled office at a large physician's practice, you consider what the best placement for the printer might be in order to protect patient's health information. Which of the following is a good guideline for printer/fax/copier policy?
A. PHI should never be printed on a shared or networked printer.
B. PHI in hardcopy form should be disposed of as soon as possible.
C. Printers and copiers used for printing of PHI should be in a secure, non-public location. If the equipment is in a public location, the information being printed or copied is required to be strictly monitored.
D. Physical access to the printer should be restricted only to providers.
Explanation: Ideally, printers, faxes and copiers in a healthcare facility should only be placed in secure, non-public locations. However, there are some high traffic areas where healthcare personnel interact with the publiA, C printer may be required for receipts, patient instructions and other documentation. A printer in this location should be strictly monitored, any hardcopies should be picked up promptly and given to the correct recipient, filed or disposed of as needed. Answer: D is incorrect. Many employees require access to printers, faxes and copiers, and access cannot be limited to one type of employee. There are many employees that will need access to PHI to carry out the functions of a healthcare facility, not just for treatment, but for the business operations of the facility. Printing access must be managed wisely and monitored closely to protect PHI, but this kind of extreme restriction would not allow the facility to function properly. Answer: A is incorrect. Many facilities have multiple workstations and mobile devices connected to a shared printer. Although extra care needs to be exercised both in the network security of the printer as well as the physical security of hardcopy documents printed out, it is possible to protect PHI and still use a shared printer. Often, one individual in physical proximity to the shared printer is assigned responsibility for the security of the hardcopy printouts and that they are promptly picked up so that no PHI exposure is risked. Answer: B is incorrect. Destroying hardcopies as a means of protecting PHI may actually cause some information to be lost. It is important to always observe the policies of record retention and disposal that the healthcare organization has set up in order to make sure that key information is properly filed and eventually disposed of in an approved manner.
Q317. Which of the following devices is used to read smart cards for user authentication?
A. PunchCard reader
B. Key fob
C. Biometric reader
D. Smart card reader
Explanation: A smart card reader is an interface device, which is used to read information from or write information to a smart card. Answer: B is incorrect. Key fobs are security devices used by telecommuters to provide one part of a three way match for a user to log on to a secured network.
These are display-only devices that algorithmically generate security codes as part of a challenge/response authentication system. This code usually changes very quickly and is used with the PIN for authentication. Answer: C is incorrect. Biometric devices are used for reading physical appearances. Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user. Nowadays, the usage of biometric devices such as hand scanners and retinal scanners is becoming more common in the business environment. Answer: A is incorrect. PunchCard readers are used for reading punch cards.
Q318. Which of the following is a networking protocol that provides centralized Authentication, Authorization, and Accounting management for computers to connect and use a network service?
D. MS-CHAP v2
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, Web servers, etc. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server, are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. The RADIUS server is usually a background process running on a UNIX or Windows NT machine. RADIUS serves three functions: To authenticate users or devices before granting them access to a network To authorize those users or devices for certain network services To account for usage of those services Answer: D is incorrect. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is the new version of MS-CHAP. MS-CHAP v2 provides the highest level of security and encryption for dial-up connection in the environment consisting of both Windows NT and Windows 2000/XP dial-up clients. It provides mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving data. Answer: A is incorrect. PEAP (Protected Extensible Authentication Protocol) is a method to securely transmit authentication information over wired or wireless networks. It was jointly developed by Cisco Systems, Microsoft, and RSA Security. PEAP is not an encryption protocol; as with other EAP protocols, it only authenticates a client into a network. PEAP uses server-side public key certificates to authenticate the server. It creates an encrypted SSL/TLS (Secure sockets layer/Transport layer security) tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key. The resultant exchange of authentication information inside the tunnel to authenticate the client is then encrypted and the user credentials are thus safe and secure. Answer: B is incorrect. Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos builds on symmetric key cryptography and requires a trusted third party. Kerberos uses as its basis the Needham-Schroeder protocol. It makes use of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts. Authentication Server (AS) Ticket Granting Server (TGS) Kerberos works on the basis of tickets, which serve to prove the identity of users. The KDC maintains a database of secret keys; each entity on the network, whether a client or a server, shares a secret key known only to itself and to the KDC. Knowledge of this key serves to prove an entity's identity. For communication between two entities, the KDC generates a session key, which they can use to secure their interactions.
Q319. The virtualization technology is used to permit the several virtual machines to run on a single hardware platform, and allows each virtual machine to run its separate operating system in the virtualized environment. Which of the following are the pros of the virtualization technology? Each correct answer represents a complete solution. Choose all that apply.
A. Power reduction
B. Reduced infrastructure cost
C. Decreased administrative overhead
D. Low initial investment
Explanation: The various pros of the virtualization technology are as follows: 1.Power reduction 2.Reduced infrastructure cost 3.Centralization of computing resources 4.Centralized administration 5.Enhanced disaster recovery 6.Faster deployment 7.Maximize hardware utilization 8.Reduced power and cooling consumption The various cons of the virtualization technology are as follows: 1.Potential single point of failure 2.Increased administrative overhead 3.More complex administration 4.High initial investment 5.High training personnel costs 6.Resource contention 7.Increased network traffic within a single node
Q320. You have to undergo a surgical procedure in which will required a five day hospital stay. To which of the following types of healthcare facilities will you be admitted?
A. Ambulatory Care Facility
B. Nonacute Care Facililty
C. Subacute Care Facility
D. Acute Care Facility
Explanation: An acute care facility is to a facility that offers a wide range of medical, surgical, pediatric and obstetric services that require a hospital stay of less than 30 days. Answer: A is incorrect. Ambulatory care facility is incorrect as this facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.
Most up-to-date HIT-001 exam cost:
Q321. Your responsibilities as a healthcare information technologist is to ensure that all scheduling, patient registration and payroll procedures can be performed in the most efficient manner. Which of the following types of information technology are you responsible for?
A. Financial IT
B. Infrastructure IT
C. Clinical IT
D. Administrative IT
Explanation: Administrative IT applications are used to make staff scheduling, patient registration and payroll procedures more efficient? Answer: C is incorrect. Clinical IT is incorrect as these applications are used for prescription of drugs and ordering of laboratory tests and medical procedures. Answer: A is incorrect. Financial IT is incorrect as these applications are used to improve the efficiency of billing and accounting practices. Answer: B is incorrect. Infrastructure IT is incorrect as these applications support the infrastructure of the health care facility. These applications include voice recognition for medical records and medical transcription as well as bar coding applications for medical devices and drugs.
Q322. A member of your family is suffering from Alzheimer's Disease and is unable to care for themselves at home. To which of the following healthcare facilities would you contact for long term care of this individual?
A. Subacute Care Facility
B. Nonacute Care Facililty
C. Ambulatory Care Facility
D. Acute Care Facility
Explanation: A non acute care facility, often referred to as a long term care facility, is a type of facility is used for individuals who suffer from long term illnesses that required hospital stays of longer than 30 days. Answer: C is incorrect. Ambulatory care facility is incorrect as this facility offers a variety of outpatient services which is directly overseen by a hospital, but patients to do not require a stay in the hospital.
Q323. Which of the following payment terms is based on the patient's ability to pay?
B. Fee for Services
C. Sliding Scale Fee
D. Customary Charges
Explanation: Sliding scale fee is a payment term which is common in low income areas and is based on the patient's ability to pay. Answer: B is incorrect. Fee for Services in incorrect as this term of payment is dependent on the cost of the provider to provide services such as lab tests, x-rays etc. Hospitals or other facilities receiving fee for service are paid for each individual service that is provided. Answer: D is incorrect. Customary charges is incorrect as this type of payment term is based on what is normally charged or what is reasonable for the service provided. Answer: A is incorrect. Capitation is incorrect as this payment term is a pre-paid amount based on a per-person or per-capita amount.
Q324. A electronic patient database has reached end-of-life according to the policies of your healthcare facility, and it has been tagged for destruction to keep patient data confidential. Which method of destruction is NOT appropriate for this data?
A. Physically destroying storage media like CDs and DVDs with a shredder.
B. Deleting all files and programs that used those files on the server.
C. Using Department of Defense-accepted software to overwrite hard drives and replace previously stored information with a meaningless pattern.
D. Magnetically erasing or degaussing hard drives
Explanation: Option B is NOT an appropriate method of destroying records. It is not sufficient to delete a file, as often the file can still be accessed from the hard drive or reconstituted from storage media. True disposal of electronic records must be permanent and be written over, shredded or magnetically erased. Answer: A is incorrect. Physical destroying storage media like CDs and DVDs with a special shredder is a viable option for destroying electronic records. Answer: C is incorrect. Using specialized software to overwrite files with a meaningless pattern so that the original file cannot be accessed is a viable means of record disposal. Answer: D is incorrect. Magnetically erasing hard drives or magnetic tapes is another viable method of deleting files and destroying records so that the protected health information cannot be accessed by unauthorized persons.
Q325. You are the privacy officer for a mid-size ophthalmology practice that does its own in-house billing and insurance verification. You are reviewing the Physical Safeguards in the office and notice that the computer monitors at the patient check-in counter are completely visible to patients who stand at the check-out window. What is the minimum you are required to do?
A. Remove the monitors completely to a different office.
B. Implement filtering screens over the monitors so that only the operators using them can read the information.
C. Have patients sign a second Non-Disclosure agreement in their check-out forms.
D. Do in-house reconstruction so that the check-in counter is not in sight view of the check-out counter.
Explanation: A filtering screen that only allows the practice's check-in staff to see the information can ameliorate the situation because HIPAA requires that monitors not be "in direct view of the public." Answer: A, D are incorrect. These are great options, but not the "minimum." And neither option may be practical. Answer: C is incorrect. Patients are never to have access to other patients' information even if they "agree" not to disclose it.
Verified HIT-001 questions pool:
Q326. You are the responsible for the medical records of a high profile, well known, adult patient. Which of the following do not require a disclosure of information form in order for medical records be released?
A. News Media
B. Patient's Attorney
C. Physician other than Primary Care Physician
D. Patient's Parents
Explanation: It is not required, but is generally discouraged, for a disclosure of patient information form to be signed in order for a health care facility to release health information to the news media. This is true even thought the patient's privacy may be compromised with release of patient health information that is of public interest and right to know. Answer: B is incorrect. It is required by law for a disclosure of patient information to be signed in order for protected health information to be released to the patient's attorney. Answer: D is incorrect. It is required by law for a disclosure of patient information to be signed in order for protected health information to be released to the parents of an adult child. Answer: C is incorrect. It is required by law for a disclosure of patient information to be signed in order for protected health information to be released to another physician.
Q327. What is the function of TRACERT utility?
A. Trace the path taken by TCP/IP packets to a remote computer.
B. Provide DNS server address.
C. Provide the host name of the routing device.
D. Trace the MAC address of the target host's network adapter.
Explanation: TRACERT utility is used to trace the path taken by TCP/IP packets to a remote computer. It traces and reports each router or gateway crossed by a TCP/IP packet on its way to the remote host. The TRACERT utility can be used with the target computer's name or IP address. It is used to detect and resolve network connection problems.
Q328. Which of the following items are configured on a user workstation for wireless networking? Each correct answer represents a complete solution. Choose two.
A. MAC Address Filtering
C. Service Set Identifier (SSID)
D. Security Set Identifier (SSID)
Explanation: SSID (Service Set Identifier) and encryption are part of the end user configuration.
Keep in mind, encryption is not required but is a common requirement in today's networking world.
Q329. It is time for your medical practice's annual spring cleaning. Your employer has instructed you that all medical records belonging to patients who haven't been a part of the practice for at least five years need to be destroyed. Many of those patients were charted using paper medical records, before the practice adopted its current EMR system. Under the privacy laws, what can you do?
A. Dump them in the dumpster behind the practice.
B. Both B, C.
C. Securing the records until an outside vendor who has a BAA with you can pick them up to destroy them.
D. Shredding them yourself.
Explanation: HIPAA's main concern is that the public or those unauthorized to review PHI will access disposed records and both these options achieve that. Answer: A is incorrect. Simply putting them in the outdoors dumpster is not enough because the public and unauthorized people may be able to access the records. HIPAA requires that if you do place them in dumpster, all PHI must be rendered completely unreadable or indecipherable first. Answer: D is incorrect. You could shred them yourself, since you work for the entity and are charge of this work; this prevents the public from accessing the records. This is one correct option Answer: C is incorrect. HIPAA allows the record destruction to take place off-premises as long as the records are secured from any possible violation or theft until the shredding vendor picks them up. The practice should also have a BAA with the vendor since they are now a 3rd party with access to the PHI. But patients do not need to know about this process as long as they received a Privacy Notice initially when they came into the practice explaining that access to their PHI would be occur as part of the normal operations of the business.
Q330. Which of the following terms is described in the statement below? "It is a way of grouping Web servers to handle heavy traffic."
B. Network Load Balancing
Explanation: Clustering is a way of grouping multiple Web servers to handle heavy traffic. A cluster is a group of two or more servers working together as a single system. All the computers in a cluster are grouped under a common name i.e., a virtual server name, which is used to access and manage the cluster. Each member server of the cluster is called a node. A cluster provides redundant operations in the event of hardware or application failure. Answer: D is incorrect. Failover is a term associated with cluster services. It refers to the ability of a server to immediately start servicing the requests if a primary server fails. If the application services in a cluster-node fail, the Cluster Service generally tries to restart them on the same node. If the services do not start, then it moves the services to another node in the cluster and restarts them on that node. Answer: B is incorrect. Network Load Balancing is a Windows Server 2003 clustering technology. It runs as a driver in Microsoft Windows and distributes incoming requests across each node included in the cluster. Its primary purpose is to load-balance by distributing TCP/IP traffic among the server nodes in a cluster. For load balancing-aware applications, such as Exchange Server 2003, when one of the nodes fails or becomes offline, the load is automatically distributed to other nodes in the cluster. A cluster using Network Load Balancing can have 2 to 32 nodes. Administrators can configure it through the Network Load Balancing Manager, which is located in the Administrative Tools program menu. Answer: C is incorrect. Bottleneck is a situation caused by excessive demand on scarce system resources. Bottlenecks occur because of the following reasons: Insufficient resources Incorrect distribution of workload amongst the resources Incorrectly configured resources Malfunctioning of resources