It is more faster and easier to pass the CompTIA HIT-001 exam by using Vivid CompTIA CompTIA Healthcare IT Technician Exam questuins and answers. Immediate access to the Updated HIT-001 Exam and find the same core area HIT-001 questions with professionally verified answers, then PASS your exam with a high score now.

2021 Dec HIT-001 exam

Q61. Your medical practice is being audited by a physician reviewer of a PPO with whom your practice has a contract. In order to determine the medical competency of all the physicians at your practice, the partners of the practice wish to review five charts from your patient files to review provider performance regarding the newer associate doctors. In this situation what do you need to do comply with HIPAA? 

A. Ensure that the patients have signed an authorization to allow for their information to be reviewed by doctors other than their own doctor. 

B. Copy the files and remove or black-out identifying information 

C. The associate doctors are required to sign a Business Associate agreement. 

D. Simply make sure that the patients had signed the HIPAA privacy notification. 

Answer:

Explanation: Under HIPAA, as long as patients receive a privacy notification prior to treatment, they are informed that their information may be shared for the entity to carry out healthcare operations. HIPAA includes reviewing physician competency under healthcare operations. 

Answer: A is incorrect. Authorizations are signed only in certain instances that usually fall outside of the treatment, healthcare operations, and payment functions of an entity. Answer: B is incorrect. It is unnecessary under HIPAA since healthcare operations allow for this sharing of information. 

Answer: C is incorrect. Business Associates are those individuals or entities outside a covered entity. In this case, the physicians are within the covered entity. 


Q62. You are a network administrator of a large TCP/IP network. You are training network users on secure access methods. Which of the following is the MOST secure access method? 

A. SNMPv1 

B. TELNET 

C. RCP 

D. SFTP 

E. RSH 

Answer:

Explanation: Among the given choices, SFTP is the most secure access method. The Secure File Transfer Protocol (SFTP), also called SSH File Transfer Protocol, is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. The SFTP was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols as well. Answer: B, E, A, and C are incorrect. These are unsecure access methods. 


Q63. For what period of time do all records containing HIPPA information be retained? 

A. 4 years 

B. 6 years 

C. 30 years 

D. 10 years 

Answer:

Explanation: All material containing HIPAA information must be retained for a period of 6 years after the materials were last in effect. This rule also pertains to any authorizations or business associated materials that may contain protected information. 


Q64. A helpdesk technician received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account on UNIX servers and asked for it. Although the technician didn't know any administrator at the branch office, the guy sounded really friendly and since he knew the root password himself, he supplied the caller with the password. What type of attack has just occurred? 

A. War dialing attack 

B. Social Engineering attack 

C. Replay attack 

D. Brute Force attack 

Answer:

Explanation: Any process whereby the attacker attempts to get a person to divulge security information is called social engineering attack. This is a very common tactic. 


Q65. In establishing the IT logistics between two universities engaged in joint medical research, you are most likely going to be governed by an MOU (Memorandum of Understanding) rather than an SLA. In addition to protecting the EPHI, what is the ultimate goal of the MOU? 

A. Engenders a mutual commitment to maintaining the highest level of medical care. 

B. Provides NIST with annual review method. 

C. Enables rapid transfer of data. 

D. Fulfills governing auspices need for institutional contractual language. 

Answer:

Explanation: The point of the MOU is to create a state of high trust between the signatories so that the research can occur unencumbered by concerns of EPHI leaks. An MOU is usually reserved for use between governmental agencies or educational institutions whereas an SLA governs business or individual entities. Answer: A is incorrect. MOU's don't discuss the level of medical care, though the ability to protect and communicate sensitive EPHI can aid that goal. Answer: D is incorrect. While an MOU does fit more the style of non-business entities like governmental agencies or educational organizations, it's "ultimate goal" is not it's language but its result. the ability to transfer data unencumbered by concerns about privacy leaks. Answer: B is incorrect. Though an MOU may fulfill certain recommendations provided by NIST, especially regarding security and contingency provisos, there is no such thing as a NIST annual review method. NIST recommends standards and guidelines in its publications based on HIPAA but is a non-regulatory agency that does not typically review individual organizations. 


Far out HIT-001 test questions:

Q66. Which of the following SCSI IDs is generally recommended for the CD-ROM drive? 

A. 3 

B. 0 

C. 1 

D. 7 

Answer:

Explanation: SCSI ID 3 is generally recommended for the CD-ROM drive. Small Computer System Interface (SCSI) is the second most popular drive interface in use today after the Integrated Drive Electronics (IDE) interface. SCSI is faster than IDE and supports more devices. SCSI devices, such as hard disk drive and CD-ROM drive, are better suited in a network environment in which many users access shared drives simultaneously. SCSI has three standards. SCSI-1, SCSI-2, and SCSI-3. Answer: B is incorrect. By default, SCSI ID 0 is used for the drive containing the operating system. Answer: D is incorrect. By default, SCSI ID 7 is generally assigned to the SCSI controller card. 


Q67. As a healthcare IT specialist, you are asked to ensure that all images obtained from an echocardiography unit are automatically transmitted to a remote area for interpretation. Which of the following tasks are you being asked to perform? 

A. Device Capture 

B. Document Archiving 

C. Document Imaging 

D. Clinical Imaging 

Answer:

Explanation: Device capture is the act of transmitting medical information directly from a medical device such as electrocardiogram. All medical information transmitted via device capture must be review and validated by a physician. Answer: C is incorrect. Document imaging is incorrect as this action involves involves prepping, scanning, indexing and performing quality control on paper documents that are entered into a computerized system. Answer: D is incorrect. Clinical imaging refers to medical information that is obtained by the use of photographs or other medical imaging devices that need to be a part of the patient's permanent medical record. Answer: B is incorrect. Document archiving is the act of ensuring the documents of a patient's medical record are sufficiently stored for the appropriate length of time in a private location. 


Q68. There are a number of computers containing Electronic PHI (EPHR) in your covered entity that have become really sluggish and chock full of stuff that slows them down. You are trying to decide how to replace them or fix them so that they can run faster because staff morale is really starting 

to sink over frustrations with the machines. You have several options, except. 

A. Lease better machines, expose the old machines to a destructive magnetic field, and take them to the recycler. 

B. Buy new machines and throw these dinosaurs in the dumpster out back. 

C. Completely erase and reformat the drives so that they run faster. 

D. Melt, shred, incinerate or pulverize the hard drives and replace them with new, faster hard drives. 

Answer:

Explanation: HIPAA prohibits dumping machines that contain PHI without first destroying the information or the ability to get the information. The ways that the information can be destroyed are listed in the other three answers. Answer: A is incorrect. A magnetic field can reduce the data on the machines to an unrecoverable state and then allow for the machines to be recycled or dumped. Recycling an old computer may be legally required in some states, but if the drive information is still accessible, this is a violation of HIPAA. Before it is put into the recycling process, the drives that contain its information must be destroyed, written over, magnetically disrupted or erased in such a way that there is no possibility for further PHI access. Some recycling centers offer these services. Answer: D is incorrect. This option lists ways that HIPAA prescribes for eliminating the risk of accessing the EPHI. Answer: C is incorrect. HIPAA also allows for the drives to be written over or erased in such a way that ensures that the original EPHI cannot be retrieved or recovered. 


Q69. The HIPAA compliance act requires no restrictions on the use of which type of health information? 

A. Archived Health Information 

B. Electronic Health Information 

C. Paper Health Information 

D. De-Identified Health Information 

Answer:

Explanation: The HIPAA act requires no restrictions on de-identified health information. De-identified health information refers to health records, x-rays, lab results or any part of the patients permanent health record in which pertinent information has been removed so the patient cannot be identified. Pertinent identifiers include patient's name, social security number, date of birth or address. De-identified health information is usually used for research and training purposes. Answer: B is incorrect. Electronic Health Information is incorrect as all patient records stored in any hospital computer is regulated by the HIPPA Act. 


Q70. Which of the following are the features of SSH? Each correct answer represents a complete solution. Choose all that apply. 

A. SSH uses the client-server model. 

B. SSH is used primarily on Linux and UNIX based systems. 

C. SSH and Telnet can be configured simultaneously. 

D. SSH uses public-key cryptography to authenticate the remote computer. 

Answer: ABD 

Explanation: Following are the basic features of Secure Shell (SSH):SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols. SSH uses the client-server model. The standard TCP port 22 has been assigned for contacting SSH servers. An SSH client program is typically used for establishing connections to an SSH daemon accepting remote connections. Both are commonly present on most modern operating systems, including Mac OS X, Linux, FreeBSD, Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist. SSH is used primarily on Linux and UNIX based systems. Answer: C is incorrect. Telnet and SSH cannot be configured simultaneously.