Domain 2 Access, Disclosure, Privacy, And Security Flashcards
1
Q
- A hospital HIM department wants to move five years of health records to a remote storage location. The records will be stored in boxes and will be filed on open shelves at the remote location. Which of the following should be done so that record location Can be easily identified in the remote storage area?
A. Provide a unique identifier for each box and prepare a log of the records that is cross indexed by box identifier
B. Prepare a sequential list of all records sent to remote storage
C. Provide a unique box identifier and list the records by health record number on the outside of each box
D. File the records in terminal digit order in each box
A
A. Provide a unique identifier for each box and prepare a log of the records that is cross indexed by box identifier
2
Q
38. A dietary department donated its old microcomputer to a school. Some old patient data were still on the computer. What controls would have minimized this security breach? A. Access controls B. Device and media controls C. Facility access controls D. Workstation controls
A
B. Device and media controls
3
Q
- Which of the following would be part of the release of information system?
A. Letter asking for additional information on a patient previously treated at the hospital
B. Letter notifying the individual that the authorization was invalid
C. Letter notifying the physician that he has a delinquent health records
D. Letter asking the physician to clarify primary diagnosis
A
B. Letter notifying the individual that the authorization was invalid
4
Q
40. A coding compliance manager is reviewing a tool that identifies when a user logs in and out, what he or she does, and more. What is the manager reviewing? A. Audit trail B. Facility access control C. Forensics D. Security management plan
A
A. Audit trail
5
Q
41. Which of the following should be considered first when establishing health record retention policies? A. State retention requirements B. Accreditation standards C. AHIMA’s retention guidelines D. Federal requirements
A
A. State retention requirements
6
Q
42. A hospital is planning on allowing coding professionals to work at home. The hospital is in the process of identifying strategies to minimize the security risks associated with this practice. Which of the following would be best to ensure that data breaches are minimized when the home computer is unattended? A. User name and password B. Automatic session terminations C. Cable locks C. Encryption
A
B. Automatic session terminations
7
Q
43. The three elements of a security program are ensuring data availability, protection and: A. Suitability B. Integrity C. Flexibility D. Robustness
A
B. Integrity
8
Q
- Community hospital is planning implementation of various elements of the EHR in the next six months. Physicians have requested the ability to access the EHR from their offices and from home. What advice should the HIM director provide?
A. HIPAA regulations do not allow this type of access
B. This access would be covered under the release of PHI for treatment purposes and poses no security or confidentiality threats.
C. Access can be permitted providing that appropriate safeguards are put in place to protect against threats to security
D. Access can be permitted because the physicians are on the medical staff of the hospital and are covered by HIPAA as employees
A
C. Access can be permitted providing that appropriate safeguards are put in place to protect against threats to security
9
Q
45. What is the term used most often to describe the individual within an organization who is responsible for protecting health information in conjunction with the court system? A. Administrator of records B. Custodian of records C. Director of records C. Supervisor of records
A
B. Custodian of records
10
Q
- A hospital HIM department receives a subpoena duces recumbent for records of a former patient. When the health record technician goes to retrieve the patient’s records, it is discovered that the records being subpoenaed have been purged in accordance with the state retention laws. In this situation, how should the HIM department respond to the subpoena?
A. Inform defense and plaintiff lawyers that the records no longer exist
B. Submit a certification of destruction in response to the subpoena
C. Refuse the subpoena since no records exist
D. Contact the clerk of the court and explain the situation
A
B. Submit a certification of destruction in response to the subpoena
11
Q
47. A home health agency plans to implement a computer system whereby its nurses document home care services on a laptop computer taken to the patient’s home. The laptops will connect to the agency’s computer network. The agency is in the process of identifying strategies to minimize the risks associated with the practice. Which of the following would be the best practice to protect laptop and network data from a virus introduced from an external device? A. Biometrics B. Encryption C. Personal firewall software D. Session terminations
A
C. Personal firewall software
12
Q
48. A subpoena duces recumbent compels the recipient to: A. Serve on a jury B. Answer a complaint C. Testify at trial D. Bring records to a legal proceeding
A
D. Bring records to a legal proceeding
13
Q
- Which of the following is a core ethical obligation of health information professionals?
A. Coding diseases and operations
B. Protecting patients privacy and confidential communications
C. Transcribing health reports
D. Performant quantitative analysis on record content
A
B. Protecting patients privacy and confidential communications
14
Q
50. Which of the following ethical principles is being followed when a health information management professional ensures that patient information is only released to those who have a legal right to access it? A. Autonomy B. Beneficence C. Justice D. Nonmaleficence
A
B. Beneficence
15
Q
51. An individual’s right to control access to his or her personal information is known as: A. Security B. Confidentiality C. Privacy D. Access control
A
C. Privacy