Term
Attorneys for healthcare organizations use the health record to:
A) Support claims for medical malpractice
B) Locate missing persons
C) Plan and market services
D) Protect the legal interests of the facility and its healthcare providers |
|
Definition
| Protect the legal interest of the facility and its healthcare providers |
|
|
Term
Under HIPAA, which of the following NOT named as a covered entity?
A) Attending physician
B) Clearinghouse
C) Health plan
D) Outsourced transcription company |
|
Definition
| Outsourced transcription company |
|
|
Term
The HIPAA Privacy Rule:
A) Protects only medical information that is not already specifically protected by state law
B) Supersedes all state laws the conflict with it
C) Is federal common law
D) Sets a minimum (floor) of privacy requirements |
|
Definition
| Sets a minimum (floor) of privacy requirements |
|
|
Term
The ___ provide the objective and scope for the HIPAA Security Rule as a whole:
A) Administrative provisions
B) General rules
C) Physical safeguards
D) Technical safeguards |
|
Definition
|
|
Term
Which of the following is NOT an element that makes information *PHI* (Protected Health Info) under the HIPAA Privacy Rule?
A) Identifies an individual
B) In the custody of a transmitted by a CE or its BA
C) Contained within a personnel file
D) Relates to one's health condition |
|
Definition
| Contained within a personnel file |
|
|
Term
Which of the following is NOT an identifier under the Privacy Rule?
A) Age 75
B) Vehicle license plate BZ LITYR
C) Street address
D) Visa account |
|
Definition
|
|
Term
Central City Clinic has requested that Ghent Hospital send its hospital records for Susan Hall's most recent admission to the clinic for her follow-up appointment. Which of the following statements is true?
A) The Privacy Rule requires that Susan Hall complete a written authorization
B) The hospital may send only discharge summary, history and physical, and operative report
C) The Privacy Rule's minimum necessary requirement does not apply
D) This "public interest and benefit" disclosure does not require the patient's authorization |
|
Definition
| The Privacy Rule's minimum necessary requirements does not apply |
|
|
Term
Susan is completing her required high school community services hours by serving as a volunteer at the local hospital. Relative to the hospital, she is a:
A) Business associate
B) Covered entity
C) Employee
D) Workforce member |
|
Definition
|
|
Term
Lana Hospital has a contract with Ready-Clean, a local company, to come into the hospital to pick up all of the facility's linens for off-site laundering. Ready-Clean is:
A) A business associate because Lane Hospital has a contract with it
B) Not a business associate it is a local company
C) A business associate because its employees may see PHI
D) Not a business associate because it does not use or disclose individually identifiable health information |
|
Definition
| Not a business associate because it does not use or disclose individually identifiable health information |
|
|
Term
For HIPAA implementation specifications that are addressable, which of the following statements is true?
A) The covered entity must implement the specification
B) The covered entity may choose not to implement the specification if implementation is too costly
C) The covered entity must conduct a risk assessment to determine whether the specification is appropriate to its environment
D) If the covered entity is a small hospital, the specification does not have to be implemented |
|
Definition
| The covered entity must conduct a risk assessment to determine whether the specification is appropriate to its environment |
|
|
Term
The HIPAA Security Awareness and Training administrative safeguard require all of the following addressable implementation programs for an entity's workforce EXCEPT:
A) Disaster recovery plan
B) Log-in monitoring
C) Password management
D) Security reminders |
|
Definition
|
|
Term
A competent individual has the following rights in regard to his or her healthcare:
A) Right to consent to treatment and the right to destroy their original health record
B) Right to destroy their original health record and the right to refuse treatment
C) Right to access his or her own PHI and the right to take the original record with them
D) Right to consent to treatment and the right to access his or her own PHI |
|
Definition
| Right to consent to treatment and the right to access his or her own PHI |
|
|
Term
Which of the following data sets would be most useful in developing a grid for identification of components of the legal health record in a hybrid record environment?
A) Document name, media type, source system, electronic storage start date, stop printing start date
B) Document name, media type
C) Document name, medical record number, source system
D) Document name, source system |
|
Definition
| Document name, media type, source system, electronic storage start date, stop printing start date |
|
|
Term
Law enacted by a legislative body is a:
A) Administrative law
B) Statue
C) Regulation
D) Rule |
|
Definition
|
|
Term
Covered entities must do which of the following to comply with HIPAA security provisions?
A) Appoint an individual who has the title of chief security officer who is responsible for security management
B) Conduct employee security training sessions every six months for all employees
C) Establish a contingency plan
D) Conduct technical and nontechnical evaluations every six years |
|
Definition
| Establish a contingency plan |
|
|
Term
Written or spoken permission to proceed with care is classified as:
A) An advanced directive
B) Formal consent
C) Expressed consent
D) Implied consent |
|
Definition
|
|
Term
The medical record of Kathy Smith, the plaintiff, has been subpoenaed for a deposition. The plaintiff's attorney wishes to use the records as evidence to prove his client's case. In this situation, although the record constitutes hearsay, it may be used as evidence based on:
A) Admissibility exception
B) Discovery exception
C) Direct evidence exception
D) Business records exception |
|
Definition
| Business records exception |
|
|
Term
From an evidentiary standpoint, incident reports:
A) Are universally nonadmissible during trial proceedings
B) May be referenced in the patient health record
C) Should not be placed in a patients health record
D) Business records exception |
|
Definition
| Should not be placed in patients health record |
|
|
Term
Jeremy Lykins was required to undergo a physical exam prior to becoming employed by San Fernando Hospital. Jeremy's medical information is:
A) Protected by the Privacy Rule because it is individually identifiable
B) Not protected by the Privacy Rule because it is part of a personnel record
C) Protected by the Privacy Rule because it contains his physical exam results
D) Protected by the Privacy Rule because it is in the custody of a covered entity |
|
Definition
| Not protected by the Privacy Rule because it is part of a personnel record |
|
|
Term
Authentication of a record refers to:
A) Establishment of its baseline trustworthiness
B) The type of electronic operating system on which it was created
C) The identity of the individual who notarized it
D) Its relevance |
|
Definition
| Establishment of its baseline trustworthiness |
|
|
Term
Buring, shredding, pulping, and pulverizing are ALL acceptable methods in which process?
A) Deidentification of electronic documents
B) Destruction of paper-based health records
C) Deidentification of records stored on microfilm
D) Destruction of computer-based health records |
|
Definition
| Destruction of paper-based health records |
|
|
Term
The following step should NOT be included in a health information departments procedure for preparing health records in response to a subpoena:
A) Number the pages
B) Remove pages containing detrimental information
C) Photocopy the record
D) Ensure the patient's name is present on every page |
|
Definition
| Remove pages containing detrimental information |
|
|
Term
The HIPAA Privacy Rule requires that covered entities must limit use, access, and disclosure of PHI to only the amount needed to accomplish the intended purpose. What concept is this an example of"
A) Minimum necessary
B) Notice of privacy practices
C)Authorization
D) Consent |
|
Definition
|
|
Term
To be in compliance with HIPAA regulations, a hospital would make its membership in a RHIO (Regional Health Information Organization) known to its patients through which of the following?
A) Press release
B) Notice of Privacy Practices
C) Consent form
D) Website notice |
|
Definition
| Notice of Privacy Practices |
|
|
Term
Which of the following statements is NOT true about a business associate agreement?
A) It prohibits the business associate from using or disclosing PHI for any purpose other than that described in the contract with the covered entity
B) It allows the business associate to maintain PHI indefinitely
C) It prohibits the business associate from using or disclosing PHI in any way that would violate the HIPAA Privacy Rule
D) It requires the business associate to make available all of its books and records relating to PHI use and disclosure to the Dept of Health and Human Services or its agents |
|
Definition
| It allows the business associate to maintain PHI indefinitely |
|
|
Term
What is the legal term used to describe the physical and electronic protection of health information?
A) Access
B) Confidentiality
C) Privacy
D) Security |
|
Definition
|
|
Term
The *custodian of health records* refers to the individual within an organization who is responsible for all EXCEPT which of the following actions?
A) Authorized to certify records
B) Supervises inspection and copying of record
C) Testifies to the authenticity of records
D) Testifies regarding the care of the pateint |
|
Definition
| Testifies regarding the care of the patient |
|
|
Term
When served with a court order directing the release of health records, an individual:
A) May ignore it
B) Must comply with it
C) Must request patient authorization before disclosing the records
D) May determine whether or not to comply with it |
|
Definition
|
|
Term
The process of releasing health records documentation originally created by a different provider is called:
A) Privileged communication
B) Subpoena
C) Jurisdiction
D) Redisclosure |
|
Definition
|
|
Term
Which of the following is NOT true of Notices of Privacy Practices?
A) Must be made available at the site where the individual is treated
B) Must be posted in a prominent place
C) Must contain content that may not be changed
D) Must be prominently posted on the covered entity's website when the entity has one |
|
Definition
| Must contain content that may not be changed |
|
|
Term
A hospital employee destroyed a health record so that its contents--which would be damaging to the employee--could not be used at trial. In legal term, the employee's action constitutes:
A) Mutilation
B) Destruction
C) Spoliation
D) Spoilage |
|
Definition
|
|
Term
To comply with HIPAA, under usual circumstances, a covered entity must act on a patients request to review or copy his or her health information within ___ days:
A) 10
B) 20
C) 30
D) 40 |
|
Definition
|
|
Term
According to HIPAA, what does the abbreviation PHI stand for?
A) Personal health information
B) Protected health information
C) Primary health information
D) Past health information |
|
Definition
| Protected health information |
|
|
Term
Which of the following statements is false?
A) A notice of privacy practices must be written in plain language
B) A notice of privacy practices must have a statement that other uses and disclosures will be made only with the individuals written authorization and that the individual may revoke such authorization
C) An authorization must be obtained for uses and disclosures for treatment, payment, and operations
D) A notice of privacy practices must give an example of a use or disclosure for health care operations |
|
Definition
| An authorization must be obtained for uses and disclosures for treatment, payment, and operations |
|
|
Term
Who owns the health record?
A) Patient
B) Provider who generated the information
C) Insurance company who paid for the care recorded in the record
D) No one |
|
Definition
| Provider who generated the information |
|
|
Term
What is the legal term used to define the protection of health information in a patient-provider relationship?
A) Access
B) Confidentiality
C) Privacy
D) Privacy
D) Security |
|
Definition
|
|
Term
Which of the following statements represents an example of nonmaleficence?
A) HITs must ensure that patient-identifiable information is not released to unauthorized parties
B) HITs must apply rules fairly and consistently to every case
C) HITs must ensure that patient-identifiable information is released to the parties who need it to provide services to their patients
D) HITs must ensure that patients themselves, and not other parties, are authorizing access to the patient's individual health information |
|
Definition
| HITs must ensure that patient identifiable information is not released to unauthorized parites |
|
|
Term
Under HIPAA regulations, how many days does a covered entity have to respond to an individuals request for access to his or her PHI when the PHI is stored off-site?
A) 10 days beyond the original requirement
B) 30 days
C) 60 days
D) 90 days |
|
Definition
|
|
Term
Written business associate agreements are required with:
A) Any company where work is outsourced
B) Any outside company that handles electronic data
C) Any outside company that handles electronic PHI
D) Every outside company |
|
Definition
| Any outside company that handles electronic PHI |
|
|
Term
Which of the following is an example of a business associate?
A) Contract coder
B) Environmental services department
C) Security officer
D) Every outside company |
|
Definition
|
|
Term
What type of health record policy dictates how long individual health records must remain available for authorized use?
A) Disclosure policies
B) Legal policies
C) Retention policies
D) Redisclosure policies |
|
Definition
|
|
Term
Which document directs an individual to bring originals or copies of records to court?
A) Summons
B) Subpoena
C) Subpoena duces tecum
D) Deposition |
|
Definition
|
|
Term
Which of the following statements about the directory of patients maintained by a covered entity is true:
A) Individuals must be given an opportunity to restrict or deny permission to place information about them in the directory
B) Individuals must provide a written authorization before information about them can be placed in the directory
C) The directory may contain only identifying information such as the patient's name, and birth date
D) The directory may contain private information as long as it is kept confidential |
|
Definition
| Individuals must be given an opportunity to restrict or deny permission to place information about them in the directory |
|
|
Term
While auditing health records for incomplete documentation, the HIM specialist identifies written progress notes by Dr. Doe that she cannot read. She reports this to the hospital's risk manager. What is the best method to determine the scope of the documentation problem by Dr. Doe?
A) A HIM professional should conduct a more detailed audit of Dr. Doe's patient records
B) Suspend Dr. Doe for illegible documentation
C) Report Dr. Doe to the medical director
D) Contact the compliance hotline and revoke Dr. Doe's privileges |
|
Definition
| An HIM professional should conduct a more detailed audit of Dr. Does patients records |
|
|
Term
The legal health record (LHR) is a:
A) Defined subset of all patient specific data created or accumulated by a healthcare provider that may be released to third parties in response to a legally permissible request for patient information
B) Entire sets of information created or accumulated by a healthcare provider that may be released to third parties in response to a legally permissible request for patient information
C) Set of patient-specific data created or accumulated by a healthcare provider that is defined to be legal by the local, state, or federal authorities
D) Set of patient-specific data that is defined to be legal by state or federal statute and that is legally permissible to provide in response to requests for patient information |
|
Definition
| Defined subset of all patient specific data created or accumulated by a healthcare provider that may be released to third parties in response to a legally permissible request for patient information |
|
|
Term
The legal term used to describe when a patient has the right to maintain control over certain personal information is referred to as:
A) Access
B) Confidentiality
C) Privacy
D) Security |
|
Definition
|
|
Term
Which of the following has access to personally identifiable data without authorization or subpoena?
A) Insurance company for life insurance eligibility
B) The patient's attorney
C) Public health department for disease reporting purposes
D) Workers comp for disability claim settlement |
|
Definition
| Public health department for disease reporting purposes |
|
|
Term
Jennifer's widowed mother is elderly and often confused. She has asked Jennifer to accompany her to the physician office visits because she often forgets to tell the physician vital information. Under the Privacy Rule, the release of her mother's PHI to Jennifer is:
A) Never allowed
B) Allowed when the information is directly relevant to Jennifer's involvement in her mother's care or treatment
C) Allowed only if Jennifer's mother is declared incompetent by a court of law
D) Any family member is always allowed access to PHI |
|
Definition
| Allowed when the information is directly relevant to Jennifers involvement in her mothers care or treatment |
|
|
Term
An organization is served with a subpoena. An appropriate response to the reasonable anticipation of litigation would be to"
A) Destroy all records associated with the anticipated litigation
B) Distribute copies of records associated with the anticipation litigation to all parties involved
C) Make a copy of the paper based record associated with the anticipated litigation and give the original paper based record to the organizations, legal counsel, to be secured in a locked file
D) Give all records associated with the anticipated litigation to the organization's legal counsel to be secured in a locked file |
|
Definition
| Make a copy of the paper-based record associated with the anticipated litigation and give the original paper-based record to the organization's legal counsel to be secured in a locked file |
|
|
Term
Which organization issues and maintains ethical standards for the health information management profession?
A) AMA
B) American Health Information Management Association
C) American College of Surgeons
D) American Hospital Association |
|
Definition
| American Health Information Management Association |
|
|
Term
If a patient wants to amend his or her health record, the covered entity may require the individual to:
A) Make an amendment request in writing and provide a rationale for the amendment
B) Ask the attending physician for his or her permission to amend their record
C) Require the patient to wait 30 days before 30 days before their request will be considered and processed
D) Provide a court order requestion the amendment |
|
Definition
| Make an amendment request in writing and provide a rationale for the amendment |
|
|
Term
Community Hospital is discussing restricting the access that physicians have to electronic clinical records. The medical records committee is divided on how to approach this issue. Some committee members maintain that all information should be available, whereas others maintain that HIPAA restricts access. The HIM director is part of the committee. Which of the following should the director advise the committee?
A) HIPAA restricts the access of physicians to all information
B) The "minimum necessary" concept does not apply to disclosures made for treatment purposes, therefore, physician access should not be restricted
C) The "minimum necessary" concept does not apply to disclosures made for treatment purposes, but the organization must define what physicians need as part of their treatment note
D) The "minimum necessary" concept applies only to attending physicians, and therefore, restriction of access must be implemented
C) The "minimum necessary " concept does not apply to disclosures made for treatment purposes, but the organization must define what physicians need as part of their treatment note |
|
Definition
| The "minimum necessary" concept does not apply to disclosures made for treatment purposes, but the organization must define what physicians need as part of their treatment note |
|
|
Term
When a patient revokes authorization for release of information after a healthcare facility has already released the information, the facility in this case:
A) May be prosecuted for invasion of privacy
B) Has become subject to civil action
C) Has violated the security regulations of HIPAA
D) Is protected by the Privacy Act |
|
Definition
| Is protected by the Privacy Act |
|
|
Term
Mrs. Bolton is an angry patient who resents her physicians "bossing her around". She refuses to take a portion of her medications the nurse brings to her pursuant to physician orders and is verbally abusive to the patient care assistants. Of the following options, the most appropriate way to document Mrs. Bolton's behavior in the patient medical record is:
A) Mean
B) Non-compliant and hostile toward staff
C) Belligerent and out of line
D) A pain in the neck
B) Non-compliant and hostile toward staff |
|
Definition
| Noncompliant and hostile towards staff |
|
|
Term
As the corporate director of HIM services and enterprise privacy officer, you are asked to review a patient's health record in preparation for a legal proceeding for a malpractice case. The lawsuit was brought by the patient 72 days after the procedure. Health information contains a summary of two procedures that were dictated 95 days after the procedure. The physician in question has a longstanding history of being lackadaisical with record completion practices. Previous concerns regarding this physician's record maintenance practices had been reported to the facility's Credentialing Committee. Is this information admissible in court?
A) The information could be rejected because the physician dictated the procedure note after the malpractice suit was filed
B) This information will be admissible in court because it is part of the patient's health record
C) This information could be rejected because it is not relevant to the malpractice case
D) This information will be rejected because the patient did not authorize its release
A) This information could be rejected because the physician dictated the procedure note after the malpractice suit was filed |
|
Definition
| The information could be rejected because the physician dictated the procedure note after the malpractice suit was filed |
|
|
Term
The sister of a patient requests the HIM department to release copies of her brother's health record to her. She states that because the doctor documented her name as her brother's caregiver that HIPAA regulations apply and that she may receive copies of her brother's health record. In this case, how should the HIM department proceed?
A) Provide the copies as requested since the sister was a caregiver
B) Provide only copies of the reports where the sister's name is mentioned
C) Refuse the request
D) Refer the individual to legal consent |
|
Definition
|
|
Term
Per HITECH (Health Information Technology for Economic and Clinical Health) breach notification requirements, what is the threshold for the immediate notification of each individual?
A) 1000 individual affected
B) 500 individuals affected
C) 250 individuals affected
D) Any number of individuals affected requires individual notification |
|
Definition
|
|
Term
A physician takes the medical records of a group of HIV positive patients out of the hospital to complete research tasks at home. The physician mistakenly leaves the records in a restaurant, where they are read by a newspaper reporter who publishes an article that identifies the patients. The physician can be sued for:
A) Slander
B) Willful infliction of mental distress
C) Libel
D) Invasion of privacy |
|
Definition
|
|
