MOMETRIX RHIA EXAM 1

Question 1

What is a DRG?

Answer 1

Diagnois Related Group

Question 2

What is a SDLC?

Answer 2

System Development Life Cycle

Question 3

What is PDCA?

Answer 3

Plan, Do, Check, Act

Question 4

In ICD-10-CM, which term is used to describe ‘not included here”?

Answer 4

Excludes 2

Excludes 2 means “not included here.” This means that the condition excluded is not a part of the condition represented by the code; however, a patient may have both conditions at the same time. The term see indicates that the coder must seek or refer to an alternate term. Excludes 1 means “not coded here.” This means that the excluded condition should never be coded at the same time as the condition represented by the code. The termn code also means that two codes may be used to fully describe the condition.

Question 5

In assessing the length of time that a faciity is required to maintain its records, which of the following should be the facility’s first concern?

Answer 5

The most stringent state or federal regulation

Question 6

According to the Medicare Conditions of Participation, hospital records are required to have a ________-year retention period.

Answer 6

5

According to 42 CFR 482.24, the hospital must maintain a medical record for each inpatient and outpatient encounter. Medical records must be retained in their original or legally reporduced form for a period of at least 5 years.

Question 7

What agency creates and maintains standards for laboratory tests and results?

Answer 7

LOINC

Question 8

What is SNOWMED CT?

Answer 8

A standardized, multilingual vocabulary of clinical terminology used by healthcare providers for the exchange of clinical health information electronically.

Question 9

What is MEDCIN?

Answer 9

A clincial terminology with a strong focus on the facilitation of documentation by providing choices that are in line with providers’ clinical thought processes.

Question 10

What is the NDC?

Answer 10

The National Drug Code is the univeral product identifier for human drugs.

Question 11

What type of data is entered into registries and databases that allows users to be able to conduct trend analyses, review and establish benchmarks, and execute long-term planning?

Answer 11

Secondary

Question 12

What is Primary Data?

Answer 12

Data that is documented by the healthcare professionals who provided care, treatment, and services for the patient.

Question 13

What is Aggregate Data?

Answer 13

Data on groups of people that do not identify the patients individually.

Question 14

What is an index?

Answer 14

A report from a database that allows for the location of diagnoses, procedures, physicians, etc., to be found within the database.

Question 15

What registry records pathological data characterizing site, stage of neoplasm, and type of treatment?

Answer 15

Cancer Registry

Question 16

The ________ organization is reponsible for the creation of standards to address healthcare transactions between health partners.

Answer 16

ANSI

The American National Standards Institue is responsible for creating standards to address healthcare transactions between health partners.

Question 17

What is the ASTM?

Answer 17

The American Society for Testing and Material, which is responsible for creating standards with regard to the EHR.

Question 18

What is HL7?

Answer 18

Health Level-7 is responsible for creating standards in regard to the content of the EHR.

Question 19

What is OASIS?

Answer 19

The Outcome and Assessment Information Set is a data set that is associated with the home health prospective payment system.

Question 20

When a task requires data for root cause analysis, which type of data is preferred and why?

Answer 20

Unstructured Data are preferred because they allow for more granular review.

Unstructured data provide the user the opportunity to review detailed data in its granulatiry. This cannot be done with structured data.

Question 21

A procedure involving the cutting out of solid matter is considered what root operation?

Answer 21

Extirpation

Question 22

The root operation Release means?

Answer 22

Freeing a body part from an abnormal physical contract by cutting or force

Question 23

The root operation detachment means?

Answer 23

Cutting off all or part of the upper or lower extremities

Question 24

The root operation destructions means?

Answer 24

Physical eradication of all or a portion of a body part by the direct use of energy, force, or a destructive agent.

Question 25

What is the root operation drainage mean?

Answer 25

The taking or letting out of fluids and/or gases from a body part

Question 26

What is the root operation excision mean?

Answer 26

The cutting off without replacement

Cutting off with replacement has not root operation associated

Question 27

What is the root operation fragmentation mean?

Answer 27

Breaking solid matter into pieces

Question 28

When destroying data in a paper format, which method is the most appropriate?

Answer 28

Shredding

Question 29

If unforeseen scenarios occur such as power outages, fires, natural disasters, etc., what should facilities have in place to ensure that there are procedures to handle emergency response situations with respect to continuing operations?

Answer 29

Business continutity/contingency plan

Question 30

Which act addressed issues with respect to the portability of health insurance after leaving employment?

Answer 30

Health Insurance Portability and Accountability Act (HIPAA)

Question 31

What is the Affordable Care Act?

Answer 31

Requires most US citizens to have healthcare coverage.

Question 32

What is the Omnibus Budget Reconciliation Act?

Answer 32

Mandates the development of a prospective system for hospital-based outpatient services to Medicare beneficiaries

Question 33

What is the HITECH Act?

Answer 33

Focuses on adoption of IT in health care through economic incentives

Question 34

Is Identifing and resolving quality issues a data security function of data governance?

Answer 34

No. Identifying and resolving quality issues are functions of data governance for information intelligences.

Question 35

The process of defining levles of data quality by establishing parameters to ensure the data meet business needs is

Answer 35

Data quality management

Question 36

Qualitative analysis performed after a patient has been discharged and reviewed retrospectively is?

Answer 36

Closed-record review

Question 37

What is an open-record review?

Answer 37

reivew of records while the patient is currently within the facility or while the patient is receiving active treatment.

Question 38

What is the standards development organizations that develops messaging, data content, and document standards to improve the exchange of clinical information?

Answer 38

HL7

Question 39

What is IEEE?

Answer 39

An organization that developed the standards for abbreviated test language.

Question 40

What is the ADA?

Answer 40

Standards set for those with disabilities

Question 41

What is ISO Standards?

Answer 41

International standards composed of various national standards organizations

Question 42

Which entity relationship modeling, what is the process by which entity relationship diagrams are converted into tables?

Answer 42

Schema mapping

Schema mapping is the process by which entity relationship diagrams are converted into tables.

Question 43

A discrepancy is found in which patient’s birthdate is listed as 07/12/2008 on one record and a 09/12/2008 on another record. Which characteristic of data quality does this descrepancy represent?

Answer 43

Consistency

The consistency principle is the need for data to be consistent and reliable.

Question 44

What does the data quality characteristic Precision mean?

Answer 44

Speaks to how close to an actual numerical value a measurement is

Question 45

What does the data quality characteristic Granularity mean?

Answer 45

Individual data components that cannot be divided further.

Question 46

What does the data quality characteristic Timeliness mean?

Answer 46

The concept around receiving information when needed in a timely manner

Question 47

A pediatrician would like to report hydrocephalus in a newborn. To which registry would reporting this information be the most relevant?

Answer 47

Birth defect

Question 48

Creating and revising information within a patient’s progress note is whose responsibility?

Answer 48

Provider

Progress notes should be completed by the provider. Administrators, HIM professionals, and registration staff should not have access to amend, delete, or alter a progress note in any way.

Question 49

What is the legal document that designates another person to act on behalf of the patient in the event that the patient becomes disabled and/or incapacitated?

Answer 49

Durable Power of Attorney

Question 50

Where are the guidelines for the retention and destruction of healthcare information found?

Answer 50

HIPAA

Accrediatation standards dictate those standards and rules in regard to the retention and destruction of healthcare information. While HIPAA rules contain some specific retention requirements, it is important to note the distinction between HIPAA records and PHI itself. HIPAA records are those that facilities must maintain to demonstrate HIPAA compliance. HIPAA rules only cover HIPAA record retention.

Question 51

The focus of a certifed coder is geared toward what?

Answer 51

Ensure that each claim is coded with accuracy and precision

Question 52

Data found in patient/disease registries are considered financial, clinical, demographic, or accreditation data?

Answer 52

Clinial data

Patient/disease registries are considered clinical data

Question 53

___________ typically occurs when there is a transfer of data between systems. This is most often seen when companies are implementing new systems.

Answer 53

Data migration

Question 54

What is Data mining?

Answer 54

Finding patterns and trends within large data sets.

Question 55

What is Data analysis?

Answer 55

Modeling data with the intent of meeting a goal or to support decision making within an organization

Question 56

What is a Data dictionary analysis?

Answer 56

A data dictionary analysis is a review of the standards and meanings of data within a system

Question 57

Procedures that include the altering of a route of passage of contents of a tubular body part is which of the following root operations?

Answer 57

Bypass

Question 58

What is the root operation Dilation?

Answer 58

Enlargement of a tubular body part or orifice

Question 59

What is the root operation Occlusion?

Answer 59

Completley closing an orifice of the lumen of a tubular body part.

Question 60

What is the overall goal of documenting and maintaining medical records?

Answer 60

To aid in the continuity of care

Question 61

Records arranged in strict chronological order are considered to be?

Source-oriented
Problem-oriented
Integrated health records
Ascending health records

Answer 61

Integrated health records

Question 62

What are source-oriented records?

Answer 62

Records that are recognized according to the source

Question 63

What are problem-oriented medical records?

Answer 63

Involves the problem list being the focal point becasue it is the table of contents for the records

Question 64

Which is NOT considered clincial data?

Medical history
Physical exam
Diagnostic orders
A patient’s hospital unique identifier

Answer 64

A patient’s hospital unique identifier

Patient identifiers are considered to be part of the financial data category, whereas all of the other answer choices are considered to be clinical data.

Question 65

Who is responsible for setting the strategic direction of the hospital?

Answer 65

Board of directors, which consists of elected members who work together with the CEO to develop a hospital’s strategic direction.

Question 66

Which law is considered “unwritten” law originating from previous court decisions?

Answer 66

Common law

Question 67

What is Constitutional law?

Answer 67

Written law that is considered the highest law of the land and takes precedence over state and local laws.

Question 68

What is Administrative law?

Answer 68

Written law that controls a government agency or administrative operations

Question 69

What is Statutory law?

Answer 69

Written law established by federal and state legislatures

Question 70

Who does ownership of health records ultimately belong to?

Answer 70

The organization that created and maintained the physicial record

Question 71

Managing the input of data is defined as?

Answer 71

Data governance

Question 72

What is Information governance?

Answer 72

Involves the oversight of data outputs

Question 73

What is Data Quality Management?

Answer 73

reviewing data to review its quality level based on the goal or parameters set

Question 74

What is data enterprise management?

Answer 74

the process of defining, integrating, and retrieving data for internal and external communication

Question 75

If more than _________ individuals have been affected by a breach, the media as well as the HHS must be notified.

Answer 75

500

When more than 500 individuals have been affected by a breach, this requires that the media as well as HSS must be notified. Anything less than 500 requires notification only to HHS

Question 76

The HIPAA Security Rule contains two standards. One standard is mandated, and organizations must adhere to the standard as written under the HIPAA Security Rule; the other standard provides flexibility to covered entities.

Answer 76

mandatory, addressable

Question 77

Which type of safeguard included encryption, decryption, and automatic logoff?

Answer 77

Technical

Technical Safeguards invovle the protection of access and control of electronic protected health information.

Question 78

What is Administartive Safeguards?

Answer 78

Manages actions, policies, and procedures to detect and correct violations.

Question 79

What are Physical Safeguard?

Answer 79

Used to identify measures to protect systems and equipment, such as identification badges, from natural and environmental hazards.

Question 80

What are Organizational Safeguards?

Answer 80

Organizational safeguards include arrangements made between organizations to protect ePHI, suchs as BAAs.

Question 81

In instances in which federal and state laws conflict, what law takes precedence?

Answer 81

The most stringent of the laws is what prevails

Question 82

All of the following and identifiers under the HIPAA Privacy Rule EXCEPT:

Social Security Numbers
Gender
Admission date
Birth Date

Answer 82

Gender

Question 83

Which federal law provides standards related to physician peer review and also provides legal immunity to other physicians who participatee in peer review activity?

Answer 83

The Healthcare Quality Improvement Act

HQIA

Question 84

Dominique is a director exploring the causes and effects associated with opening up a new clinic for psychiatric services. Which visual tool will best represent Dominique’s need?

Pareto Chart
Fishbone Diagram
Flow Chart
Bar Graph

Answer 84

Fishbone diagram

Question 85

What is a Pareto Chart?

Answer 85

Most helpful when reviewing data that contain different categories with a focus on frequency.

Question 86

What are Flowcharts?

Answer 86

Best used when documenting current processes

Question 87

What are Bar Graphs?

Answer 87

Optimal when reviewing data changes over long periods of time

Question 88

Cassidy is participating in a research study. She is asked to sign an informed consent form in order to go through with the treatment in the study. Cassidy has agreed tosign the form. Per HIPAA requirements, is the investigator missing anything?

Answer 88

No. The investigator has completed his or her due diligence in receiving the informed consent document from Cassidy

Question 89

What is Stark Law?

Answer 89

Stark Law states that a physician may not refer a patient to a facility in which he or she has financial interest including ownership, compensation agreements, and/or investments

Question 90

By law, what are the parameters around a patients’ ability to receive their records?

Answer 90

As long as the records are being maintained by the facility, patients should have teh right to access. The length of time specified for maintaining records may vary from facility to facility

Question 91

A patient has been deemed mentally incompetent, and her niece has requested her medical records on her behalf. The patient’s niece has not been identified as the legal guardian for the patient nor has she provided any legal documentation in support of her efforts. A fully compliant facility will handle this scenario how?

Answer 91

Inform the niece that they will not be releasing medical records to her at this time, and advise her to seek legal mean if she is now the guardian of her aunt

Patient incompetency is one exception to the written authoriation rule provided by the patient; however, legal documentation has to be presented to a facility in order to be fully compliant with medical record release

Question 92

What is considered to be the legal age of majority?

Answer 92

18 and over- however, this may vary from state to state

Question 93

A 13-year-old child has been seen by a neurology practice in the month of December. the child’s parents are divorced, and the mother has requested that the father not have any access to the child’s records at any time. Is the facility able to honor this request?

Answer 93

No, with no legal documentation stating that the biological father cannot have access or involvement in medical decision making for the child, the mother has no rights to eliminate the father from being able to request medical documentation on the child

Biological paretns of children each have equal rights to medical decision-making as well as release of information on their children, unless there is a court document stating otherwise. One parent may not exclude the other without this document

Question 94

True or False:

NPPs must be reasonably placed in prominent areas of the facilities and must be signed on new-patient visits, as well as sent to established patients when changes are made to the document.

Answer 94

True

Question 95

A Urology Clinic often refers its patietns to a main hospital for further evaluations in the transferring of care. Both facilities are governed by HIPAA regulations and are considered to be which of the following:

Managed-care entities
Regulated parties
Covered entitites
Third-party covered agents

Answer 95

Managed-care entitites

Although both facilities may participate in contracts with managed care, the fact that they are governed by HIPAA makes them covered entitites in the eyes of the law.

Question 96

A practice does not require its employess to lock file cabinets that contain patient PHI This could potentially be an issue for the practice and cause issues with violating HIPAA regulations. This is an example of which of the following?

Vulnerability
Threat
Breach
Indicident

Answer 96

Vulnerability

Question 97

Why is the role of the database administrator significant in respect to user access?

Answer 97

Database administrators grant user access using role-based methodology within a facility to protect unauthorized users from accessing information that is not required by their roles

User access is handled by an IT professional. More often than not, this person is the databse administrator. User access is granted based on the role of the employee. If additional acces is found to be needed, managers may submit a request for additional access at the review and approval of the database administrator

Question 98

How is the Medicare Conditions of Participaton: Confidentiality of patient records, related to the HIPAA Privacy Rule?

Answer 98

Medicare Conditions of Participation: confidentiality of patient records consists of two parts:
-patient right to confidentiality
-patient right to access their records in a reasonable time frame

These same components are illustrated within the HIPAA Privacy Rule, hense the consistent message

Question 99

In review of the disclosures and redisclosures of confidential health information, an HIM employee states taht both should be handled in the same manner according to regulatory guidelines. Do you agree or disagree with the employee? How would you outline your repsonse to the employee?

Answer 99

Disagree. Disclosures and redisclosures consist of different elements; therefore, they are governed by different regulatory guidelines

Discloving health inforamtion involves information that was originated by that facility. Redisclosure is the process of disclosing information that orginiated by a different provider. Because of this difference, disclosures and redisclosures aregoverned by different federal and state guidelines.

Question 100

What is the correlaton between retention rates of records and the statute of limitations?

Answer 100

Retention rates are established by each state; however, if a state does not have a specific retention rate, the state’s statue of limitations may be used as law.

If a state has an established retention rate, this shall be upheld as the measure of standard. It is only in scenarios in which a retention rate is not present that the statue of limitations would take effect. Retention rate and statue of limitations are not synonymous terms, nor does the statute of limitations supersede established retention rates.

Question 101

Per the HIPAA Security Rule, there are three safeguards: administrative, physical, and technical. What information would an HIM employee need to make a decision about whether or not a medical center had sufficient phsycial safeguards?

Answer 101

Review of policies and procedures to address authorized and unauthorized facility access to electronic information systems and facilities where the information is being stored

Physical safeguards are those that protect buildings and equipment from natural disasters and unauthorized intrusion

Question 102

An audit is performed to review a medical center’s destruction of records. Employees inform the auditor that they currently have issues finding effective ways of documenting the destruction of records. They also explain that when they do document , they keep their documentation on file for 7 years. This mirrors their retention policy. From the viewpoint of the auditor, what recommendations would you give the medical center?

Answer 102

To keep destruction-of-records documentation in the form of destruction certificates and to keep them documentation permanently

Destruction certificates are considered best practices in these instances. It is important to note that this documentation should be permanently kept and should never be discarded for any reason

Question 103

A HIM department would like to speak to the revenue manager about a trend found within the documentation comming ouf of the Cardiology Department. The HIM Department sent patient examples to the Revenue Manager’s work email with four patient identifying factors within the example. The email was not sent securely, nor was it encrypted. Were there any issues with the way the documentation was sent?

Answer 103

Yes, issues were found with the documentaton not being sent securely. It is better to be conservative and send PHI only when necessary and always send securely no matter if the recipient is internal or external

PHI should only be sent over a secured medium. PHI should be sent by following the minimum necessary rule, and the communication should only contain the PHI necessary for the participant to complete the task at hand.

Question 104

ROI has a quick-release functionality in the EHR system that allows the user to release a patient’s medical record at a click of a button. However, there is no way to specify which documentation is to be released, so this functionality submits the patient’s entire record each time is is used. There have been no complaints, and productivity is at an all-time high. Based on AHIMA standards, should this functionality continue to be used?

Answer 104

No, the minimum necessary rule is being violated here becasue the entire patietn record is being sent over, even in the event that only a specific date of service or procedure is being requested.

The fact that the system is sending an entire records when there may be a possibility that only part of the record was requested is a violation of the minimum necessary rule in respect to the review of PHI

Question 105

An orthopedic practic incorrectly faxes a patient’s records to a different hospital. What should the next steps the privacy officer should make?

Answer 105

Call and notfiy/confirm receipt of the documentation by the incorrect facility, request that the documentation be destroyed, and document the action as an incident

It is vital to contact the facility in which information has been incorrectly sent and verify what has happened with the documentation since its receipt. This is key, especially in cases in which the action is considered to be a breach; notation within the HHS site database is required.

Question 106

It was found that a facility had a 30% error rate involving issues with the transfer of PHI through fax and front-desk handoffs through observation rounds of the facility for a week by the compliance staff. With a problem of this magnitute, which would be the best way to ensure that this is addressed and monitored?

Answer 106

Include this within the risk management intiatives for the year and set up a 3 to 6 month corrective action plan

Question 107

A laptop from the billing department at a medical center was stolen. The laptop included 478 patients whose PHI was unprotected. The compliance department was notified, and the director of HIM was contacted for a review of the next steps. What is the next step?

Answer 107

Notification to the patients identified, internal report of incident, and documentation to the HHS as a breach. Medial notification is not needed due to the patient counts of PHI not exceeding 500 patients

The governing body over reported breaches would be HHS. Due to the fact that the breach involved fewer than 500 individulas, the medial would not require notification

Question 108

On 3/17/19, a patient calls to inform the hospital that she received the record of another patient on 2/21/19. She states that she forgot to notify the hospital; however, as of today, she has shredded the documentation. Would this scenario represent a breach or an incident?

Answer 108

Breach. Although the patient reported the information as well as stated the proper means of discarding the records, she had the information for weeks, and this documentation could have been viewed by anyone.

Once a patient leaves the premises with PHI that does not belong to them, the scenario goes from incident to breach status. There is no way to quantify how many individuals outside of the patient have reviewed the PHI. Although the patient agreed to discard/shred the documentation, which is important for reporting to HHS, this does not alter the fact taht this scenario is a breach

Question 109

Becca’s sister Abby, 15, is scheduled for an appointment at the dental clinic where Becca is working. Becca wanted to kow the outcome of her sister’s lab visit, so she reviews her record for that date of service. What do you think about Becca’s actions?

Answer 109

Becca’s actions are improper; she shold have treated her sister as she would any other patient and only access charts when necessary

When an employee has a family member that is a patient of the facility, access tothat patient’s records should follow the process for all patients of the facility with respect to requesting medical records regardless of the patient’s age

Question 110

During an interview with a HIPAA auditor, members of the office personnel of a small chiropractic office stated that all policies and procedures are kept electronically by the compliance officer. All policies are maintained for a minimum 5 years after creation, but they may be updated periodically. With this said, are there any flaws in the office personnel’s response?

Answer 110

Yes, policies and procedures should be kepts for a minimum of 6 years after teh later of the date of the policies’ creation and the last effective date. The practice should keep records after the last update to the policies

According to regulation, these records should be held for a minimum of 6 years. This 6-year requirement starts from the last effective date of the policy, meaning that any updates should be accounted for and retention dates should be updated to reflect this. Any policies that are kept based on the date of creation when known updates have taken place are not in compliance.

Question 111

A nurse who is now teaching at a community college uses de-identifiable data in an example for her class. The de-identifiable information included gender, birth month and day, and five-digit zipcode. With your knowledge of HIPAA, what is significant, if anything, about this scenario?

Answer 111

The nurse was out of compliance by using the example in her class. The use of the five-digit ZIP Code is not considered de-identifiable information.

The patient’s gender, birth month, and birth day are considered de-identifiable. However, five-digit ZIP Codes are not considered de-identifiable, especially when used with gender, birth month, and birth day. For example, the ZIP Code associated with a small town, along with the patient’s gender and birth information may easily identify a patient.

Question 112

Business associate agreements (BAAs) were created out of which act?

Answer 112

HIPAA. Regulation to modernize the flow of information, protect PHI, and providel imitation on insurance

BAAs were created out of HIPAA to provide contacts between a covered entity and a vendor with the protection of the PHI at the forefront

Question 113

Within a hospital, a patient comes in who has been a victim of domestic violence. An employee immediatley calls the police and releases the patient’s records to them without the patient’s consent. Do you agree or disagree with the employee’s actions?

Answer 113

Agree. The employee has the legal right to release the information to the police without consent according to the HIPAA Privacy Rule.

When a threat to a person or group is identified when reporting to the police, this is covered per the regulatory guidelines within the HIPAA Privacy Rule

Question 114

A given EHR system does not allow the customer service team to access progress notes on patients. However, there are a few times when customer service would need to review progress nots, and this use has been approved by senior leadership. In order to execute this, which of the following would yield optimal results while adhering to guidelines?

Answer 114

Creation of a “breaking-the-glass” task that allows the user to be required toenter credentials and reasoning as to why access is needed

Breaking the galss is an important feature that allows those who need periodic acces to records for a specific reason to do so without having access granted permanently. The feature also allows for an audit trail and a review of the response provided as to why access is needed.

Question 115

A request is made for the records of a patient with a history of alcohol and drug abuse. The normal release of information workflow is executed by the patient signing a release form. Are there any significant factors that the facility must consider in this scenario?

Answer 115

From the confidentiality perspective, the facility maintaining the record must provide with the disclosure due to the patient having a history or alcohol and drug abuse. This is mandatory by HHS.

Question 116

Within a hospital emergency room, there are two patients who have the same first and last name. In order for the front desk staff to identify the appropriate patient to start the payment process for services rendered, the first and last name of the patient is called along it the patient’s birthdate. As a result, several of the patients within the waiting room have written the hospital to say this was a HIPAA violation. What information can you present for or against the patients’ concerns?

Answer 116

This is not a HIPAA violation; although the patient’s first name, last name, and birthdate are identfiers, due to the need to use all three to appropriately identify the correct patient for payment purposes, no violation has been made.

HIPAA guidelines explain the use of patient identifiers including name and date of birth to identify patients in common areas. Important factors here are that the guidelines outlined certain instances in which this is appropriate and that the payment for services falls within the acceptable purview.

Question 117

Steven has been attending Onslow Neurology Clinic since he was 7 years old. Steven, who has turned 18 today, is taken to hisappointment by his mother, Ellen. At the conclusion of the appointment, Ellen requests information from the doctor regarding information taht was provided to Steven during the appointment. The doctor proceeds to give Ellen a summary of the information given when Steven interrupts stating that his rights have been violated. Is this true?

Answer 117

Yes, his rights have been violated because he is now 18 and therefore has to provide consent for other to hear any information regarding his visit.

As a minor patietn, the legal guardian of the patient are able to receive information on the patient’s behalf. Once that patient turns 18, thoserights of the legal guardian are no longer applicable because the patient is deemed to be an adult andis legally able to make their own decisions regarding their care, who is allowed to be contacted/informed of their care, and so forth.

Question 118

A hospital is performing fundraising activities for a local stroke prevention foundation. The foundation has a BAA with the hospital on file. In an effort to aid in fund generation, the hospital agrees to provide patient demographic data, health insurance status, and dates of services without patient authorization. Based on this scenario, what conclusions can be made about the hospital’s actions?

Answer 118

The hospital is well within its rights becasue patient demographic data, health insurance status, and dates of service have been approved for use without patient authorization for fundraising purposes.

HIPAA guidelines are specific with regard to fundraising activities. In this scenario, the use of patient demographic data, health insurance status, and dates of service without patient authorization is in comliance because the fundraising parter has a BAA agreement with the hospital.

Question 119

A provider is given a new laptop during a facility-wide initiative to update laptops. Her old laptop contains PHI that has been saved to the hard drive. In the process of receiving the new laptop, the provider deletes information from the old laptop and begins use with the new one. What should be the provider’s next step?

Answer 119

The provider should give the old laptop to the IT technician for proper wiping/cleaning of the laptop as well as proper disposal of the laptop. Deleting the information stored is not sufficient.

It is imperative that any device that contained PHI at any point is reviewed and wiped by the IT department to ensure the protection of that data. The IT department may also properly discard of the device if necessary.

Question 120

A patient requests seven copies of his medical record. He is told that there will be a 10.00 fee associated with this. The patient threatens to have legal counsel involved because he has a right to access his medical records at any time free of charge according to HIPAA guidelines. The facility disagrees. Are you for or against the patient?

Answer 120

Against the patient. A facility has the right to charge for any copies of PHI as long as the associated costs are reasonable.

“Reasonable” is left to the interpretation of each facility, but it must be logically proven if requested within a court of law.

Question 121

This is Henry’s first visit to a family practice facility. At registration, he is given a notice of privacy practices (NPP) form to fill out. Henry refuses to sign the form. With no signature on the form, what effects does this have on the facility?

Answer 121

The facility must keep record on file of the patient’s refusal to sign the document. This does not affect the provider’s ability to use the health information as HIPAA permits.

Patients have a right to refuse to sign and NPP or any other docmentation, as stated by HHS.

Question 122

A certified public accounting (CPA) firm is hired by a medical center to provide accounting services. The firm is asked to sign a BAA in which the firm stated that because of the company not performing any repricing information, practice management actions, or utilization review services, a BAA is not required. Are the statements provided by the CPA firm true or false and why?

Answer 122

False, accounting services fall under the purview stated within the HIPAA Privacy Rule; therefore, a BAA is needed.

Accounting services fall under the category for needed BAAs due to the nature of those services. The HIPAA Privacy Rule outlines those services in which a BAA is required.

Question 123

A subpoena was provided to the HIM department to provide legal health record information for a patient. An HIM employee submitted the requst and included statistical reports, incident reports, and quality indicators. Did the HIM employee accurately complete this request?

Answer 123

Although the employee completed the request, the statistical reports, incident reports, and quality indicators should have been omitted because they are not considered as part of the legal health record.

There are guidelines that outline the contents of a patient’s legal health record. Among those listed, statistical reports, incident reports, and quality indicators are not included in the that list. Their inlusion could pose an issue with regard to the minimum necessary rule.

Question 124

Is a hospital legally permitted to hire a third-party vendor for the disposal of PHI?

Answer 124

A third-party vendor is permitted to be hired for the disposal of PHI as long as a BAA is in place.

PHI may be disposed by a third party as long as there is a BAA in place. Currently, there are no requirements stating that only certain number of records containing PHI may be disposed of by a third party.

Question 125

The minimum necessary rule was created to add emphasis on protecting PHI. Does this rule apply for those instances in which the use or disclosure of the information is authorized by the patient?

Answer 125

No, the minimum necessary rule does not apply in instances that are authorized by the patient.

Patient authorizations supersede the minimum-necessary rule.

Question 126

The HIPAA Security Rule was created to mandate regulation around the electronic and cybersecurity sectors. Is this statement valid?

Answer 126

No, the HIPAA Security Rule includes not only electronic and cybersecurity components but also administrative, technical, and physical safeguard components as well.

HHS is the governing body over the HIPAA Security Rule. The rule contains regulations for the electronic and cybersecurity sectors; it also includes adminstrative, technical, and physical safeguards.

Question 127

The HIM department realizes that John Smith at ABC Hospital has multiple health record numbers. The term used to describe this scenario is what?

Answer 127

Duplicate.

Duplicate records are handled by HIM personnel. It is here that the records would be combined, and the duplicate record would be deleted.

Question 128

The ________ is the committee resonsible for protecting the rights of human research studies who participate in research activities.

Answer 128

Institutional Review Board

The Institutional Review Board is the governing body over all human research study participants taht protects their rights.

Question 129

In the example SELECT patient name FROM patient WHERE gender = m, which term describes what data to get?

Answer 129

SELECT

The SELECT function explains what data to retrieve. FROM explains where to get the data, and WHERE serves as a filtering category.

Question 130

Within a data model, the current format of the patient’s admit date is as follows: DD_MM_YY. However, the agreed upon format was determined to be DD_MM_YYYY. To accurately display the agreed-upon format, at which level does the change need to occur?

Answer 130

Data Dictionary

Data Dictionaries serve as a blueprint for the formatting of data. Any changes from what was originally set within the dictionary will need to be updated in the dictionary for accuracy and consistency.

Question 131

Phases of the systems development life cycle (SDLC) include what?

Answer 131

Planning, analysis, design, and implementation

Question 132

Which quality management function performs the evaluation of medical necessity and effective and efficient use of healthcare services and procedures?

Answer 132

Utilization management

Utilization management teams are used to review the appropriateness of services provided to patietns and associated costs. This review uses medical necessity, policies, and historical data for parameters when reviewing a case.

Question 133

____________ events are monitored by the Joint Commission and are defined as events that are unforeseen within the healthcare setting that lead t odeath or injury (physical or psychological).

Answer 133

Sentinel.

Sentinel events are unforseen events within the healthcare setting that lead to death or injury (physical or psychologicial). These events are closely monitored by the Joint Commission as well as hospital administration because many of these events are preventable.

Question 134

Tina’s manager asked her to calculate the range of length-of-stay (LOS) days in the month of August in FY19. In order to do this, Tina must do what?

Answer 134

Subtract the lowest number of LOS days from the highest number of LOS days.

To calculate the range, the formula is the highest number minus the lowest number.

Question 135

Healthcare information systems’ ability to communicate and work with each other in different organizations, demographic areas, and settings is defined as what?

Answer 135

Interoperability

Interoperability is a goal of health informatics that impacts the continuity of care for patients by allowing systems to be able to communicate and work with each other in different organizations, demographic areas, and settings.

Question 136

Which one of the following presents teh most secure way of communicating with a patient in regard to their questions, issues, and concerns with a given health provider?

Answer 136

Patient Portal

Patient portals allow for results, PHI, and other data to be transmitted back and forth from patient to provider through secure means. Text messaging and personal email do not allow for transmission of data securely. PHRs are for the patient to update and track their own health; however, these do not interface wit hteh provider’s systems, and therefore the transmission of data is limited or often nonexistent.

Question 137

What is an example of data security?

Answer 137

The use of encryption during the saving and transmission of data.