Privacy Law and Data Protection Coursera Quiz Answers

All Weeks Privacy Law and Data Protection Coursera Quiz Answers

Privacy Law and Data Protection Week 1 Quiz Answers

Q1. T​rue or False: Privacy concerns first arose when newspapers began publishing photographs of well-known people without their consent, a practice criticized by Warren and Brandeis. 

  • T​rue
  • F​alse

Q2. T​rue or False: In the 1960 Supreme Court case Reporters Committee for Freedom of the Press vs. the U.S. Department of Justice, the Court held that the fact that criminal records were compiled in a single online clearinghouse had no bearing on the privacy concerns surrounding those records.

  • T​rue
  • False

Q1. Which of the following was NOT one of the fair information principles set forth by the HEW report in 1973?

  • An individual must be able to correct or amend a record of identifiable information about him.
  • An individual may bring a complaint against an organization that misuses his personal information.
  • An organization may not develop a personal data recordkeeping system and keep its existence a secret.
  • An individual must be able to find out what information about him is in a record and how that record is used.

Q2. The National Directory of New Hires allows the government to use information collected by employers to locate parents for child support purposes. Which of the following fair information principles does this program reflect?

  • M​itigation
  • Individual Choice
  • S​ecurity
  • A​ppropriate Uses

Q1. What was the impetus for passing the Privacy Act and Fair Credit Reporting Act in the 1960s?

  • Congress became aware of concerning anecdotes involving privacy abuses by the federal government and credit bureaus. 
  • Congress wanted to increase the ease of sharing data among certain entities. 
  • At the time, the federal government and credit bureaus were the two sectors that had accumulated lots of data on millions of people. 

Q2. True or False: Rather than adhering strictly to the list set forth by the 1973 HEW report, people and organizations today tend to develop their own interpretation of what fair information principles are.

  • T​rue
  • F​alse

Q3. According to the HEW report, the purpose of fair information principles is to:

  • Protect corporations from the privacy threats carried by computerization.
  • Protect the government from allegations that it misuses personal information.
  • Prevent organizations from keeping personal data record keeping systems a secret. 
  • Protect individuals from the privacy threats spurred by computerization.

Q4. True or False: A data subject who has the choice to “opt-in” will not have his data shared for a particular purpose unless he gives the organization permission. 

  • T​rue
  • F​alse

Q5. T​rue or False: While the United States’ Constitution contains an explicit right to privacy, the European Convention of Human Rights does not.

  • T​rue
  • F​alse

Q6. W​hy does the marketing industry generally use “opt-out” as its form of choice?

  • F​or security reasons
  • Because o​pt-out rates are low, avoiding damages to marketers’ bottom line
  • T​o promote transparency
  • T​o promote self-reflection into organization practices

Q7. Which of the following was not an impetus for enacting privacy laws in the United States?

  • L​awmaking by anecdote
  • S​pecial harm / concern
  • M​inimization
  • P​rivacy law as part of some other data sharing initiative

Privacy Law and Data Protection Week 2 Quiz Answers

Quiz 1: Implementing HIPAA: Notice and Access

Q1. True or False: HIPAA allows covered entities to decide what is important to include in their notice of privacy practices.

  • T​rue
  • F​alse

Q2. Which of the following is NOT provided for in HIPAA’s policy surrounding access to records?

  • The specific information a patient is entitled to receive
  • The timeframes for responding to access requests
  • Strict limits on the fees a patient can be charged 
  • A patient’s ability to review all information a covered entity has about him or her.

Q1. T​rue or False: A covered entity should ensure that every member of the workforce has been trained in detail on the proper uses and disclosures of protected health information. 

  • T​rue
  • F​alse

Q2. T​rue or False: Covered entities are permitted to share health information with authorized public health authorities, like the Center for Disease Control, withoutpatients’ consent. 

  • T​rue
  • F​alse

Q1. A healthcare clinic has long provided free services to the community but has recently begun offering certain services for a fee. What is the first  the clinic’s compliance officer should ask?

  • What is the scope of HIPAA? Does it apply to us? 
  • Are we adhering to HIPAA’s “minimum necessary” requirement? 
  • Is the clinic sharing protected health information with public health authorities?
  • Who should be part of the oversight group we convene to implement the requirements of HIPAA? 

Q2. Which of the following is not mandated by HIPAA?

  • A patient has the right to access information about her contained in a designated record set. 
  • If a police officer asks for health information, a covered entity must provide it.
  • A covered entity must adopt procedures that limit employee access to patient information to what is “reasonably necessary” for their role. 
  • Patients must sign that they acknowledge receipt of HIPAA’s Privacy Notice, and if they refuse, the covered entity must document that this is the case. 

Q3. A patient authorizes a hospital to share her health records with her employer. Is the employer then bound by HIPAA?

  • Yes, because the employer is in possession of protected health information. 
  • Yes, because the employer received the information from the hospital, a covered entity.
  • No, because the employer is not a covered entity under HIPAA. 
  • No, because the patient authorized the records to be shared with the employer.

Q4. What explains the detail with which HIPAA sets forth timeframes, procedures, and other details to ensure patients can access their information and correct inaccurate information?

  • Warren and Brandeis’s concern with protecting the right to privacy
  • Modern medicine’s embrace of patient awareness and involvement in their own care 
  • Historically-rooted fears regarding the assembly of secret records
  • O​ptions 2 and 3

Q5. H​IPAA regulates healthcare clearinghouses, which are:

  • ​healthcare providers that bill electronically.
  • healthcare providers that offer free services.
  • health insurance companies.
  • e​ntities that engage in facilitating electronic billing.

Q6. W​hich of the following could a covered entity use to implement HIPAA’s Minimum Necessary requirement? Hint: There are 3 correct answers.

  • S​et up role-based access in information systems.
  • T​rain employees on how to handle information requests in an emergency.
  • U​se a gatekeeper for certain types of large data requests.
  • T​rain individuals on what is sensitive data and ensure strict “need to know” access and disclosure.

Q7. T​rue or False: Patient portals help entities “bake” privacy into their systems.

  • T​rue
  • F​alse

Privacy Law and Data Protection Week 3 Quiz Answers

Quiz 1: Data Security Rules

Q1. T​rue or False: HIPAA’s Security Rule explicitly requires covered entities to protect patients’ “privacy,” meaning that their e-PHI is not available or disclosed to unauthorized persons.

  • T​rue
  • F​alse

Q2. T​rue or False: HIPAA’s Security Rule mandates that all covered entities conduct a risk assessment and respond to identified risks with mitigation and continued review.

  • T​rue
  • F​alse

Q3. True or False: The Gramm Leach Bliley Act requires entities to implement administrative, physical, and technical safeguards to ensure individuals’ data security.

  • T​rue
  • F​alse

Q1. States’ breach notification laws generally:

  • Provide a private right of action
  • Require that the media be notified upon breach 
  • Define “personal information,” which triggers breach, in differing ways
  • Provide a precise timeframe for notification 

Q2. Which of the following is not a physical safeguard that covered entities must comply with under HIPAA’s Security Rule?

  • Facility Access and Control 
  • Workstation Security 
  • Device Security 
  • Security Personnel 

Q3. True or False: HIPAA and the Gramm Leach Bliley Act force an outcome rather than a process.

  • T​rue
  • F​alse

Q4. Which of the following statements is false?

  • Many in the business community support a federal law on privacy. 
  • If you follow information security standards, your organization will not have data breaches.
  • Under HIPAA, a covered entity must designate a security official who is responsible for developing and implementing its security policies and procedures. 
  • Information security professionals regularly rely on guidelines set forth by bodies like the International Standards Organization regarding how to keep information secure.

Q5. T​rue or False: You can have security without privacy, but you cannot have privacy without security.

  • T​rue
  • F​alse

Q6. W​hich of the following is true about the FIP of Minimization as it relates to privacy and security?

  • S​ecurity advocates would likely want less information to be collected than privacy advocates.
  • P​rivacy and security advocates would be more or less aligned in their views on Minimization.
  • A​ privacy advocate would be concerned with obtaining enough information with which to track a user.
  • A​ privacy advocate would seek to limit the collection of information to what is needed for the purpose at hand.

Q7. Under the Gramm Leach Bliley Act, a covered entity must conduct a risk assessment that:

  • c​onsiders the risks in each relevant area of the entity’s operations.
  • i​s disseminated to all of the entity’s vendors.
  • m​ust adhere to a long list of specific requirements.
  • i​s published for public review.

Privacy Law and Data Protection Week 4 Quiz Answers

Quiz 1: International Law & the GDPR

Q1. T​rue or False: Though Europe’s current privacy regime imposes extensive requirements on organizations, EU authorities do not enforce privacy laws as aggressiely as the United States.

  • T​rue
  • F​alse

Q2. T​rue or False: The “Right to be Forgotten,” expressed in the GDPR, does not have a functional equivalent in U.S. federal statutory privacy law.

  • T​rue
  • F​alse

Get All Course Quiz Answers of Regulatory Compliance Specialization

What is Compliance? Coursera Quiz Answers

Effective Compliance Programs Coursera Quiz Answers

Privacy Law and Data Protection Coursera Quiz Answers

What is Corruption: Anti-Corruption and Compliance Quiz Answers

Share your love

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *