HIT-001 Chapter 3

Question 1

The divisions of the _____ involved in healthcare are the _____, the _____,
and the _____.

Answer 1

HHS, CMS, ONC, OCR

Question 2

The new standard of medical diagnosis and inpatient procedure coding, called _____, is required to be adopted by October 1, 2013, by ______-compliant facilities.

Answer 2

ICD-10, HIPAA

Question 3

The _____ tests and certifies all _____ solutions to be _____-compliant.

Answer 3

ONC, EMR/EHR, HIPAA

Question 4

The _____ enforces ______ rules to protect ______.

Answer 4

OCR, HIPAA, e-PHI

Question 5

An _____ is used to establish how information is shared and to set expectations for service provided.

Answer 5

SLA

Question 6

Which branch of the HHS controls the electronic standards of transaction for an insurance claim? And what is the current standard?

Answer 6

CMS (Centers for Medicare & Medicaid Services). The current standard is
Version 5010.

Question 7

Which HHS division is responsible for enforcing HIPAA rules?

Answer 7

OCR (Office of Civil Rights)

Question 8

Do federal or state agencies administrate Medicare? Medicaid?

Answer 8

Medicare is administrated at the federal level. Medicaid is administrated by states.

Question 9

What does the HIPAA Enforcement Rule determine?

Answer 9

The Enforcement Rule establishes penalties for violations to HIPAA rules and procedures following a violation, such as investigations and hearings.

Question 10

What are the goals of the meaningful use of technology in healthcare?

Answer 10

The goals of meaningful use are to help healthcare providers know more about their patients, make better decisions, and save money.

Question 11

Why would an eligible provider want to demonstrate the meaningful use of
technology?

Answer 11

Eligible providers who demonstrate meaningful use receive monetary incentives.

Question 12

What are possible breaches of e-PHI?

Answer 12

A breach can be theft, unauthorized access or disclosure, loss, or improper disposal of e-PHI.

Question 13

What is the purpose of a public health record?

Answer 13

A public health record is used for the collection of public health data to be analyzed by researchers.

Question 14

What is the basic rule of thumb of record disposal?

Answer 14

The basic rule of thumb is to make sure the data on an electronic device is unreadable, indecipherable, and cannot be reconstructed.

Question 15

Why are SLAs important and what do they establish?

Answer 15

SLAs establish how e-PHI is shared and used, and an SLA establishes expectations of service provided.

Question 16

The .gov websites are a great resource for HIT professionals. Suppose your boss asks you to develop a contract to be used to establish the SLA with a software vendor to support the software and provide fixes to bugs discovered. Rather than reinventing the wheel by making up your own contract, use an Internet search engine to find templates for contracts and checklists. Find a template on the http://www.hhs.gov website for an SLA/MOU document. Write down the websites where you found the documents.

Answer 16

Answers may vary. The link for the example on the http://www hhs.gov web- site is http://www.hhs.gov/ocio/eplc/Enterprise%20Performance%20Life- cycle%20Artifacts/eplc_artifacts.htmlSimilar.

Question 17

Search online for two case examples and resolution agreements to HIPAA violations. You can find several in news articles, and the http://www.hhs.gov website gives some examples where acceptable resolutions agreements were reached. What was the cause of the breach? What were the consequences of the breach? What was the resolution agreement reached? Were policies implemented to prevent the violation from happening again?

Answer 17

Answers may vary. However, the link to the hhs.gov examples is http://www.
hhs.gov/ocr/privacy/hipaa/enforcement/examples/index.html.

Question 18

While in the waiting room at the free clinic with three other patients, Nurse Jack calls out, “Patti Patient.” Patti Patient begins to walk to Nurse Jack. Before leaving the waiting room, Nurse Jack asks Patti Patient, “Has the herpes cleared up yet?” Is this a HIPAA violation? Why?

Answer 18

Yes, this is a HIPAA violation because Patti Patient’s name and medical condi-
tion were spoken to be heard by anyone in the waiting room

Question 19

breach notification rule

Answer 19

Requires covered entities to notify affected individuals, the HHS secretary, and possibly the media when protected health information (PHI) has been breached.

Question 20

covered entity

Answer 20

are health plans, health clearinghouses, and healthcare providers.

Question 21

The U.S. Department of Health and Human Services (HHS)

Answer 21

The U.S. Department of Health and Human Services (HHS) is tasked with protecting the health of Americans and providing a means to access healthcare by Americans who are least able to help themselves, containing and treating any national health emergencies, and testing and regulating food and drug supplies.

Question 22

The Centers for Medicare & Medicaid Services (CMS)

Answer 22

The Centers for Medicare & Medicaid Services (CMS) is
responsible for
administrating Medicare and Medicaid, as well as regulating standards of elec-
tronic transactions of claims, provider, and diagnostic codes.

Question 23

Version 5010

Answer 23

Version 5010 is the most recent standard format for electronic claims transactions.

Question 24

ICD-10

Answer 24

is the most recent standard format for electronic provider and diagnostic codes.

Question 25

The Office of the National Coordinator for HIT (ONC)

Answer 25

The Office of the National Coordinator for HIT (ONC)

is responsible for certifying EMR/EHR solutions as HIPAA-compliant.

Question 26

The National Institute of Standards and Technology (NIST)

Answer 26

advances HIT security and usefulness of remote healthcare.

Question 27

Medicare

Answer 27

is a social insurance program to provide hospital and medical care for elderly and certain disabled citizens.

Question 28

Medicaid

Answer 28

is a social welfare program to provide health and medical services for certain citizens and families with low incomes and few resources. Medicaid participation by states is voluntary. Medicaid is administrated by states.

Question 29

Health Insurance Portability and Accountability Act (HIPAA)

Answer 29

is a set of rules for protecting e-PHI (electronic protected health information).

Question 30

The Office of Civil Rights (OCR)

Answer 30

The Office of Civil Rights (OCR) enforces the HIPAA rules.

Question 31

HIPAA has four primary rules:

Answer 31

has four primary rules: Privacy Rule, Security Rule, Breach Notification Rule, and Enforcement Rule.

Question 32

The American Recovery and Reinvestment Act (ARRA) called the Recovery Act

Answer 32

aims to help citizens through the economic recession. In healthcare, the Recovery Act provides funding to HHS branches to help preserve and improve affordable healthcare in the United States.

Question 33

The Health Information Technology for Economic and Clinical Health (HI-TECH)

Answer 33

Act creates incentive and opportunity for the advancement of HIT through the ONC.

Question 34

Meaningful use

Answer 34

is the demonstration by healthcare entities to use HIT in a meaningful way.

Question 35

eligible providers

.

Answer 35

Participants in the incentive programs are called eligible providers
.

Question 36

In the event of a violation, or breach, of HIPAA rules, fines may be imposed by the ______.

Answer 36

OCR

Question 37

Covered entities are required to ensure

Answer 37

Covered entities are required to ensure confidentiality, integrity, and availability of e-PHI they create, receive, maintain, or transmit; identify and address risks to e-PHI; and ensure compliance by their workforce.

Question 38

_________ must be obtained before e-PHI may be released or distributed to anyone HIPAA does not allow.

Answer 38

Written permission

Question 39

Covered entities must use _____________ to restrict access to e-PHI by its personnel.

Answer 39

role-based access control

Question 40

The three types of health records are

Answer 40

public, private, and legal.

Question 41

The _________ is the health record created and maintained by an individual.
The ____________is collected and retained for use by the patient or legal services.

Answer 41

private health record

legal health record

Question 42

Health records must be retained for a minimum of _____ years. States may add to the length of time for record retention.

Answer 42

six

Question 43

Waivers of liability

Answer 43

are forms used by healthcare entities to be protected from

being inappropriately responsible for harm or debt.

Question 44

Business associate agreements (BAA)

Answer 44

Business associate agreements (BAA)
are used to ensure a mutual understanding of safeguards of e-PHI between a covered entity and a contracted third
party.

Question 45

Service-level agreements (SLA)

Answer 45

Service-level agreements (SLA) are used to establish how e-PHI is shared and used, as well as expectations of service provided.

Question 46

Memoranda of understanding (MOU)

Answer 46

Memoranda of understanding (MOU) are used within a covered entity to ensure understanding of the safeguards of e-PHI among departments or personnel who may not normally be exposed to sensitive information

Question 47

healthcare clearinghouse

Answer 47

A business that receives healthcare information and
translates that information into a standardized format to be sent to a health plan provider. A healthcare clearinghouse is sometimes called a billing service. Basically, a healthcare clearinghouse is a middle person that processes healthcare information.

Question 48

ICD-9

Answer 48

ICD-9—HIPAA mandated a standard format for electronic provider and diagnostic codes. The current standard has limitations that restrict the full use of EMR/EHR software.