Fundamentals of HIPPA

Question 1

Medical Savings Account (now Health Savings Account) is a means to shelter funds from taxes to pay for

Answer 1

medical expenses.

Question 2

COBRA (Consolidated Omnibus Budget Reconciliation Act of 1985) helps workers who have coverage with a

Answer 2

group health plan.

Question 3

Industry-wide standards for health claims bring simplification because

Answer 3

all transactions are the same format and any payer will accept claims.

Question 4

Health care professionals have generally found that HIPAA has simplified claims submissions.
True
False

Answer 4

True

Question 5

Choose the correct acronym for Public Law 104-91.
HIPO
HIPPA
HIPAA
HIPPO

Answer 5

HIPAA

Question 6

Which group is the focus of Title I of HIPAA ruling?

Answer 6

Health plans

Question 7

What type of health information does the Security Rule address?

Answer 7

Electronic PHI held by a covered entity

Question 8

Which is the most efficient means to store PHI?
Audiotapes

Answer 8

Electronic storage

Question 9

Which department would need to help the Security Officer most?

Answer 9

Information Services and Technology

Question 10

Under HIPAA, providers may choose to submit claims either on paper or electronically.

Answer 10

It depends whether they are a small or large provider

Question 11

The Department of Health and Human Services (DHHS) is responsible to notify all health care providers of changes in the HIPAA rulings.

True

False

Answer 11

False

Question 12

The HIPAA Security Officer is responsible for
Group of answer choices

seeing that all facility doors are locked at night.

seeing that there is safe storage for paper medical records.

hiring security guards for the facility.

safeguarding all electronic patient health information.

Answer 12

safeguarding all electronic patient health information.

Question 13

T or F with the passage of HIPAA, large health care providers would be treated with faster service since their volume of claims is larger than small rural providers

Answer 13

False

Question 14

True or False: Privacy of PHI and security of PHI are the same thing.

Answer 14

False

Question 15

Which group isnotone of the three covered entities?
Group of answer choices

Patients

Health care plans

Health care clearinghouses

Health care providers

Answer 15

Patients

Question 16

The HIPAA Privacy Rule gives patients assurance that their personal health information will be treated the same no matter which state or organization receives their medical information.
Group of answer choices

True

False

Answer 16

True

Question 17

During an investigation by the Office for Civil Rights, each provider is expected to have the following EXCEPT
Group of answer choices

business associate contracts with vendors to protect privacy of PHI.

written policy and procedures.

a designated privacy official.

a workforce trained in state law.

Answer 17

a workforce trained in state law.

Question 18

The Privacy Rule
Group of answer choices

applies only to protected health information (PHI).

establishes policies for covered entities.

details when authorization to release PHI is needed.

No answers are correct.

applies only to protected health information (PHI) and details when authorization to release PHI is needed.

Answer 18

applies only to protected health information (PHI) and details when authorization to release PHI is needed.

Question 19

Use and disclosure of PHI is permitted without authorization with the EXCEPTION of which of the following?
Group of answer choices

When incidental to a permitted use and disclosure

When releasing process or psychotherapy notes

For public interest and to benefit the public

When releasing to the individual whose health information it is

Answer 19

When releasing process or psychotherapy notes

Question 19

When there is an alleged violation to HIPAA Privacy Rule
Group of answer choices

an individual may sue the offending health care provider.

an individual may join a class action lawsuit against the provider.

the individual should report the provider to the local county sheriff.

there is no option to sue a health care provider for HIPAA violations.

Answer 19

there is no option to sue a health care provider for HIPAA violations.

Question 20

Who in the health care organization is responsible to know where the written policies are located regarding HIPAA compliance?
Group of answer choices

Only the HIPAA Officer

Office workers who send electronic PHI

All staff members, paid or not paid

All clinical staff members

Answer 20

All staff members, paid or not paid

Question 21

A hospital or other inpatient facility may include patients in their published directory
Group of answer choices

for any advertising purpose

only when the patient or family has not chosen to “opt-out” of the published directory.

to announce on a radio station who has been admitted.

so that pharmaceutical organizations may offer the patients special offers on their drugs.

Answer 21

only when the patient or family has not chosen to “opt-out” of the published directory.

Question 22

The Regional Offices of the Centers for Medicare and Medicaid Services (CMS) is the only way to contact the government about HIPAA questions and complaints.
Group of answer choices

True

False

Answer 22

False

Question 22

The minimum penalty per incidence for violations that the Office for Civil Rights finds for noncompliance to the Privacy Rule is
Group of answer choices

$100.

$500.

$1,000.

$5,000.

Answer 22

$100

Question 23

Nursing notes are not considered PHI since they are not physician’s notes and therefore are not protected by HIPAA.
Group of answer choices

True

False

Answer 23

false

Question 24

Requesting to amend a medical record was a feature included in HIPAA because of
Group of answer choices

increase in theft of medical information for criminal purposes.

possible difference in opinion between patient and physician regarding the diagnosis and treatment.

ease of human entry error when posting patient information.

All answers are correct.

Answer 24

possible difference in opinion between patient and physician regarding the diagnosis and treatment.

Question 25

Protected health information is an association between a(n)
Group of answer choices

diagnosis and a payer.

individual and a physician.

health care provider and a patient or two businesses.

diagnosis and an individual.

Answer 25

diagnosis and an individual.

Question 26

According to AHIMA report, the most common problem that health care providers face in relation to PHI is
Group of answer choices

complying with BA provisions.

confusion about the NOPP provisions.

releasing information to relatives of patients.

lack of a standardized process to release PHI.

Answer 26

lack of a standardized process to release PHI.

Question 27

Insurance companies who provide automobile and life insurance come under the HIPAA ruling as covered entities.
Group of answer choices

True

False

Answer 27

False

Question 27

Consent as defined by HIPAA is for
Group of answer choices

permission to reveal PHI for payment of services provided to a patient.

permission to reveal PHI for comprehensive treatment of a patient.

permission to reveal PHI for normal business operations of the provider’s facility.

All answers are correct.

Answer 27

All answers are correct.

Question 28

A covered entity does not have to disclose PHI to the Office for Civil Rights if they come to investigate a complaint. That is not allowed by HIPAA law.
Group of answer choices

True

False

Answer 28

False

Question 29

If a medical office does not use electronic means to send its insurance claims, it is considered a covered entity.
Group of answer choices

True

False

Answer 29

False

Question 30

An emancipated minor is
Group of answer choices

a person younger than 21 who lives independently and is self-supporting.

a person younger than 18 who is married or divorced and possesses decision-making rights.

a person younger than 16 who lives independently and is self-supporting.

a person younger than 18 who is totally self-supporting and possesses decision-making rights.

Answer 30

a person younger than 18 who is totally self-supporting and possesses decision-making rights.

Question 31

What specific government agency receives complaints about the HIPAA Privacy ruling?
Group of answer choices

Centers for Medicare and Medicaid Services

Department of Health and Human Services

Department of Justice

Office for Civil Rights

Answer 31

Office for Civil Rights

Question 32

It is possible for a first name and zip code to be considered individually identifiable health information (IIHI).
Group of answer choices

True

False

Answer 32

False

Question 33

For individuals requesting to amend their medical record
Group of answer choices

the replaced portion of the record is destroyed.

the provider has the option to reject the amendment.

there is a new file made just for the amendment.

it is not possible without a court order.

Answer 33

the provider has the option to reject the amendment.

Question 34

Financial records fall outside the scope of HIPAA.
Group of answer choices

True

False

Answer 34

False

Question 35

In HIPAA usage, TPO stands for treatment, payment, and optional care.
Group of answer choices

True

False

Answer 35

false

Question 36

The Office for Civil Rights receives complaints regarding the Privacy Rule. About what percentage of these complaints have been ruled either no violation or the entity is working toward compliance?
Group of answer choices

About 25%

About 50%

About 75%

About 90%

Answer 36

About 75%

Question 37

A signed receipt of the facility’s Notice of Privacy Practices (NOPP) is mandated by the Privacy Rule in order for a patient to receive services from a health care provider.
Group of answer choices

True

False

Answer 37

False

Question 38

During an investigation by the Office for Civil Rights, the inspector will depend upon the HIPAA Officer to know the details of the written policies of the organization.
Group of answer choices

True

False

Answer 38

True

Question 39

Written policies and procedures relating to the HIPAA Privacy Rule
Group of answer choices

are kept by the HIPAA officer only.

must be only in electronic format.

are not necessary.

must be available to all employees.

Answer 39

must be available to all employees.

Question 40

Typical Business Associate individuals are
Group of answer choices

in-house lab technicians, transcriptionists, and billing specialists.

health plan agents, in-house transcriptionists, and office billing specialists.

biometric device repairmen, legal counsel to a clinic, and outside coding service.

nonclinical staff such as the hospital billing office, housekeeping staff, and maintenance workers.

Answer 40

biometric device repairmen, legal counsel to a clinic, and outside coding service.

Question 41

Security and privacy of protected health information really cover the same issues.
True
False

Answer 41

False

Question 42

HIPAA Security Rule applies to data contained in

Answer 42

any computer storage media.

Question 43

Integrity of e-PHI requires confirmation that the data

Answer 43

is accurate and has not been altered, lost, or destroyed in an unauthorized manner.

Question 44

Risk management for the HIPAA Security Officer is a “one-time” task.
True
False

Answer 44

False

Question 44

The Office of HIPAA Standards seeks voluntary compliance to the Security Rule.
True
False

Answer 44

True

Question 45

Business Associate contracts must include

Answer 45

implementation of safeguards to ensure data integrity.
only items as related to the Privacy Rule.

Question 46

What step is part of reporting of security incidents?

Answer 46

Change passwords to protect from further invasion.

Question 47

Which are the five areas the DHHS has mandated each covered entity to address so that e-PHI is maintained securely?

Answer 47

Organization requirements; policies, procedures, and documentation; technical safeguards; administrative safeguards; and physical safeguards

Question 48

Compliance to the Security Rule is solely the responsibility of the Security Officer.
True
False

Answer 48

False

Question 49

HIPAA training must be provided to

Answer 49

all workforce employees and nonemployees.

Question 50

Strengthened restrictions on security redefineed the subcontractors of business associates who might have even incidental exposure to Personal Health Information (PHI) as

Answer 50

Business associates.

Question 51

After a patient downloads personal health information, all the Security and Privacy measures of HIPAA are gone.
Group of answer choices

True

False

Answer 51

True

Question 52

Meaningful Use program included incentives for physicians to begin using which of the following?

Check all that apply.

Group of answer choices

E-prescribing

Computerized order entry

Voice mail messages

Instant messaging to patients

Patient portal

Cellphone texting

Answer 52

E-prescribing
Computerized order entry
Instant messaging to patients
Patient portal

Question 53

The Personal Health Record (PHR) is the legal medical record.
Group of answer choices

True

False

Answer 53

False

Question 54

HIPAA in 1996 enacted security measures that do not need updating and are valid today as written.
Group of answer choices

True

False

Answer 54

False

Question 55

The Health Information Technology for Economic and Clinical Health (HITECH) is part of
Group of answer choices

American Recovery and Reinvestment Act (ARRA) of 2009.

Affordable Care Act (ACA) of 2010.

Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Omnibus Rule of 2013.

Answer 55

American Recovery and Reinvestment Act (ARRA) of 2009.

Question 56

What is the name of the format that allows other providers to access another physician’s record of a patient?
Group of answer choices

Patient Portal

Electronic Medical Record (EMR)

Personal Health Record (PHR)

Health Information Exchange (HIE)

Answer 56

Health Information Exchange (HIE)

Question 57

When there is a difference in state law and HIPAA, HIPAA will always supersede the local or state law.
Group of answer choices

True

False

Answer 57

False

Question 58

What information is not to be stored in a Personal Health Record (PHR)?
Group of answer choices

Operative reports

Immunization records

List of allergies to medications

Financial payments to providers

Tax return information

List of prescriptions

Answer 58

Tax return information

Question 59

What is the difference between Personal Health Record (PHR) and Electronic Medical Record (EMR)?
Group of answer choices

PHR is in paper format; EMR is electronic

PHR is not password protected; EMR is password protected

PHR is the legal medical record; EMR is just physician notes

PHR can be modified by the patient; EMR is the legal medical record

Answer 59

PHR can be modified by the patient; EMR is the legal medical record

Question 60

Which department would need to help the Security Officer most?
Group of answer choices

Nursing staff

Maintenance Department

Medical Records

Information Services and Technology

Answer 60

Information Services and Technology

Question 61

The HIPAA Privacy Officer is responsible for
Group of answer choices

keeping staff names secret.

tracking who has access to PHI.

checking that passwords are changed weekly.checking that passwords are changed weekly.

securing the computer server room from outside visitors.

Answer 61

tracking who has access to PHI.

Question 62

Information access is a required administrative safeguard under HIPAA Security Rule. It is defined as
Group of answer choices

access to the medical record for treatment purposes.

limiting access to the minimum necessary for the particular job assigned to the particular login.

restricting access to only clinical staff for treatment purposes, medical records department for coding purposes, and the billing department for purposes of claim submission.

only allowing patients access to their medical records if it is court ordered.

Answer 62

limiting access to the minimum necessary for the particular job assigned to the particular login.

Question 63

Only a serious security incident is to be documented and measures taken to limit further disclosure.
Group of answer choices

True

False

Answer 63

FALSE

Question 64

Investigation of complaints of violations to the Security Rule are under the direction of the
Group of answer choices

Department of Justice.

Department of Health and Human Services.

Office of HIPAA Standards.

Office of Inspector General.

Answer 64

Office of HIPAA Standards.

Question 65

The Centers for Medicare and Medicaid Services (CMS) set up the ICD-9-CM Coordination and maintenance Committee to
Group of answer choices

Maintain a crosswalk between ICD-9-CM and ICD-10-CM.

Ensure the Patient Portal rule is enforced.

Define who are covered entities.

Oversee implementation of Health Plan Identifiers (HPID).

Answer 65

Maintain a crosswalk between ICD-9-CM and ICD-10-CM.

Question 66

The Medicare Electronic Health Record Incentive Program is part of Affordable Care Act (ACA) and is under the direction of
Group of answer choices

Department of Health and Human Services (DHHS).

Centers for Medicare and Medicaid Services (CMS).

Affordable Care Act (ACA) of 2009.

Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Answer 66

Centers for Medicare and Medicaid Services (CMS).