All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?

• A.Healthcare information clearinghouses
• B.Pharmaceutical companies
• C.Healthcare providers
• D.Health plans

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an example of federal preemption?

• A.The Payment Card Industry's (PCI) ability to self-regulate and enforce data security standards for payment card data.
• B.The U.S. Federal Trade Commission's (FTC) ability to enforce against unfair and deceptive trade practices across sectors and industries.
• C.The U.S. Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act prohibiting states from passing laws that impose greater obligations on senders of email marketing.
• D.The California Consumer Privacy Act (CCPA) regulating businesses that have no physical brick-and-mortal presence in California, but which do business there.

Comment: *

Name: *

Email: *

Verification: *

Which federal act does NOT contain provisions for preempting stricter state laws?

• A.The Telemarketing Consumer Protection and Fraud Prevention Act
• B.The Fair and Accurate Credit Transactions Act (FACTA)
• C.The Children's Online Privacy Protection Act (COPPA)
• D.The CAN-SPAM Act

Comment: *

Name: *

Email: *

Verification: *

Smith Memorial Healthcare (SMH) is a hospital network headquartered in New York and operating in 7 other states. SMH uses an electronic medical record to enter and track information about its patients. Recently, SMH suffered a data breach where a third-party hacker was able to gain access to the SMH internal network.
Because it is a HIPPA-covered entity, SMH made a notification to the Office of Civil Rights at the U.S. Department of Health and Human Services about the breach.
Which statement accurately describes SMH's notification responsibilities?

• A.If SMH is compliant with HIPAA, it will not have to make a separate notification to individuals in the state of New York.
• B.If SMH has more than 500 patients in the state of New York, it will need to make separate notifications to these patients.
• C.If SMH must make a notification in any other state in which it operates, it must also make a notification to individuals in New York.
• D.If SMH makes credit monitoring available to individuals who inquire, it will not have to make a separate

Comment: *

Name: *

Email: *

Verification: *

Which federal agency plays a role in privacy policy, but does NOT have regulatory authority?

• A.The Department of Commerce.
• B.The Federal Communications Commission.
• C.The Office of the Comptroller of the Currency.
• D.The Department of Transportation.

Comment: *

Name: *

Email: *

Verification: *