The proposed HIPAA Security Rule mandates the protection of the
confidentiality, integrity, and availability of protected health
information (PHI) through three of the following activities. Which of the
activities is NOT included under the proposed HIPAA Security Rule?

A.
Technical services and mechanisms

B.
Physical safeguards

C.
Administrative procedures

D.
Appointment of a Privacy Officer

Explanation:
HIPAA separates the activities of Security and Privacy. HIPAA
Security is mandated under the main categories listed in answers a, b,
and C. The proposed HIPAA Security Rule mandates the appointment
of a Security Officer. The HIPAA Privacy Rule mandates the
appointment of a Privacy Officer. HIPAA Privacy covers individually
identifiable health care information transmitted, stored in electronic or
paper or oral form. PHI may not be disclosed except for the following
reasons:

Disclosure is approved by the individual
Permitted by the legislation
For treatment
Payment
Health care operations
As required by law
Protected Health Information (PHI) is individually identifiable
health information that is:
Transmitted by electronic media
Maintained in any medium described in the definition of
electronic media [under HIPAA]
Transmitted or maintained in any other form or medium