QUESTION $5$

The use of healthIT is regulated and documented via guidelines and laws. The following are correct statements to ensure safe and secure use of patient health information:

Conditions under which providers can share patient data with third parties are described in a fully executed Business Associate Agreement that is legally binding

The specific amount and type of patient information that can be shared is legally described in the Information Access Management policy

The Covered entity is typically the organization that generates patient information while the Business Associate is an entity that uses patient information for a particular heath related purpose

The policy pertaining to "security incident procedures" includes a provision that the entity is obligated to notify the affected parties $($in some cases patients$),$ document the incident, and deploy mitigation efforts

$1,3,$ and $4$ are correct

all are correct

$1$ and $4$ are correct

$3$ and $4$ are correct