MOMETRIX RHIA EXAM 1 Flashcards
Proficiency (138 cards)
1
Q
What is a DRG?
A
Diagnois Related Group
2
Q
What is a SDLC?
A
System Development Life Cycle
3
Q
What is PDCA?
A
Plan, Do, Check, Act
4
Q
In ICD-10-CM, which term is used to describe ‘not included here”?
A
Excludes 2
Excludes 2 means “not included here.” This means that the condition excluded is not a part of the condition represented by the code; however, a patient may have both conditions at the same time. The term see indicates that the coder must seek or refer to an alternate term. Excludes 1 means “not coded here.” This means that the excluded condition should never be coded at the same time as the condition represented by the code. The termn code also means that two codes may be used to fully describe the condition.
5
Q
In assessing the length of time that a faciity is required to maintain its records, which of the following should be the facility’s first concern?
A
The most stringent state or federal regulation
6
Q
According to the Medicare Conditions of Participation, hospital records are required to have a ________-year retention period.
A
5
According to 42 CFR 482.24, the hospital must maintain a medical record for each inpatient and outpatient encounter. Medical records must be retained in their original or legally reporduced form for a period of at least 5 years.
7
Q
What agency creates and maintains standards for laboratory tests and results?
A
LOINC
8
Q
What is SNOWMED CT?
A
A standardized, multilingual vocabulary of clinical terminology used by healthcare providers for the exchange of clinical health information electronically.
9
Q
What is MEDCIN?
A
A clincial terminology with a strong focus on the facilitation of documentation by providing choices that are in line with providers’ clinical thought processes.
10
Q
What is the NDC?
A
The National Drug Code is the univeral product identifier for human drugs.
11
Q
What type of data is entered into registries and databases that allows users to be able to conduct trend analyses, review and establish benchmarks, and execute long-term planning?
A
Secondary
12
Q
What is Primary Data?
A
Data that is documented by the healthcare professionals who provided care, treatment, and services for the patient.
13
Q
What is Aggregate Data?
A
Data on groups of people that do not identify the patients individually.
14
Q
What is an index?
A
A report from a database that allows for the location of diagnoses, procedures, physicians, etc., to be found within the database.
15
Q
What registry records pathological data characterizing site, stage of neoplasm, and type of treatment?
A
Cancer Registry
16
Q
The ________ organization is reponsible for the creation of standards to address healthcare transactions between health partners.
A
ANSI
The American National Standards Institue is responsible for creating standards to address healthcare transactions between health partners.
17
Q
What is the ASTM?
A
The American Society for Testing and Material, which is responsible for creating standards with regard to the EHR.
18
Q
What is HL7?
A
Health Level-7 is responsible for creating standards in regard to the content of the EHR.
19
Q
What is OASIS?
A
The Outcome and Assessment Information Set is a data set that is associated with the home health prospective payment system.
20
Q
When a task requires data for root cause analysis, which type of data is preferred and why?
A
Unstructured Data are preferred because they allow for more granular review.
Unstructured data provide the user the opportunity to review detailed data in its granulatiry. This cannot be done with structured data.
21
Q
A procedure involving the cutting out of solid matter is considered what root operation?
A
Extirpation
22
Q
The root operation Release means?
A
Freeing a body part from an abnormal physical contract by cutting or force
23
Q
The root operation detachment means?
A
Cutting off all or part of the upper or lower extremities
24
Q
The root operation destructions means?
A
Physical eradication of all or a portion of a body part by the direct use of energy, force, or a destructive agent.
25
What is the root operation drainage mean?
The taking or letting out of fluids and/or gases from a body part
26
What is the root operation excision mean?
The cutting off without replacement
Cutting off with replacement has not root operation associated
27
What is the root operation fragmentation mean?
Breaking solid matter into pieces
28
When destroying data in a paper format, which method is the most appropriate?
Shredding
29
If unforeseen scenarios occur such as power outages, fires, natural disasters, etc., what should facilities have in place to ensure that there are procedures to handle emergency response situations with respect to continuing operations?
Business continutity/contingency plan
30
Which act addressed issues with respect to the portability of health insurance after leaving employment?
Health Insurance Portability and Accountability Act (HIPAA)
31
What is the Affordable Care Act?
Requires most US citizens to have healthcare coverage.
32
What is the Omnibus Budget Reconciliation Act?
Mandates the development of a prospective system for hospital-based outpatient services to Medicare beneficiaries
33
What is the HITECH Act?
Focuses on adoption of IT in health care through economic incentives
34
Is Identifing and resolving quality issues a data security function of data governance?
No. Identifying and resolving quality issues are functions of data governance for information intelligences.
35
The process of defining levles of data quality by establishing parameters to ensure the data meet business needs is
Data quality management
36
Qualitative analysis performed after a patient has been discharged and reviewed retrospectively is?
Closed-record review
37
What is an open-record review?
reivew of records while the patient is currently within the facility or while the patient is receiving active treatment.
38
What is the standards development organizations that develops messaging, data content, and document standards to improve the exchange of clinical information?
HL7
39
What is IEEE?
An organization that developed the standards for abbreviated test language.
40
What is the ADA?
Standards set for those with disabilities
41
What is ISO Standards?
International standards composed of various national standards organizations
42
Which entity relationship modeling, what is the process by which entity relationship diagrams are converted into tables?
Schema mapping
Schema mapping is the process by which entity relationship diagrams are converted into tables.
43
A discrepancy is found in which patient's birthdate is listed as 07/12/2008 on one record and a 09/12/2008 on another record. Which characteristic of data quality does this descrepancy represent?
Consistency
The consistency principle is the need for data to be consistent and reliable.
44
What does the data quality characteristic Precision mean?
Speaks to how close to an actual numerical value a measurement is
45
What does the data quality characteristic Granularity mean?
Individual data components that cannot be divided further.
46
What does the data quality characteristic Timeliness mean?
The concept around receiving information when needed in a timely manner
47
A pediatrician would like to report hydrocephalus in a newborn. To which registry would reporting this information be the most relevant?
Birth defect
48
Creating and revising information within a patient's progress note is whose responsibility?
Provider
Progress notes should be completed by the provider. Administrators, HIM professionals, and registration staff should not have access to amend, delete, or alter a progress note in any way.
49
What is the legal document that designates another person to act on behalf of the patient in the event that the patient becomes disabled and/or incapacitated?
Durable Power of Attorney
50
Where are the guidelines for the retention and destruction of healthcare information found?
HIPAA
Accrediatation standards dictate those standards and rules in regard to the retention and destruction of healthcare information. While HIPAA rules contain some specific retention requirements, it is important to note the distinction between HIPAA records and PHI itself. HIPAA records are those that facilities must maintain to demonstrate HIPAA compliance. HIPAA rules only cover HIPAA record retention.
51
The focus of a certifed coder is geared toward what?
Ensure that each claim is coded with accuracy and precision
52
Data found in patient/disease registries are considered financial, clinical, demographic, or accreditation data?
Clinial data
Patient/disease registries are considered clinical data
53
___________ typically occurs when there is a transfer of data between systems. This is most often seen when companies are implementing new systems.
Data migration
54
What is Data mining?
Finding patterns and trends within large data sets.
55
What is Data analysis?
Modeling data with the intent of meeting a goal or to support decision making within an organization
56
What is a Data dictionary analysis?
A data dictionary analysis is a review of the standards and meanings of data within a system
57
Procedures that include the altering of a route of passage of contents of a tubular body part is which of the following root operations?
Bypass
58
What is the root operation Dilation?
Enlargement of a tubular body part or orifice
59
What is the root operation Occlusion?
Completley closing an orifice of the lumen of a tubular body part.
60
What is the overall goal of documenting and maintaining medical records?
To aid in the continuity of care
61
Records arranged in strict chronological order are considered to be?
Source-oriented
Problem-oriented
Integrated health records
Ascending health records
Integrated health records
62
What are source-oriented records?
Records that are recognized according to the source
63
What are problem-oriented medical records?
Involves the problem list being the focal point becasue it is the table of contents for the records
64
Which is NOT considered clincial data?
Medical history
Physical exam
Diagnostic orders
A patient's hospital unique identifier
A patient's hospital unique identifier
Patient identifiers are considered to be part of the financial data category, whereas all of the other answer choices are considered to be clinical data.
65
Who is responsible for setting the strategic direction of the hospital?
Board of directors, which consists of elected members who work together with the CEO to develop a hospital's strategic direction.
66
Which law is considered "unwritten" law originating from previous court decisions?
Common law
67
What is Constitutional law?
Written law that is considered the highest law of the land and takes precedence over state and local laws.
68
What is Administrative law?
Written law that controls a government agency or administrative operations
69
What is Statutory law?
Written law established by federal and state legislatures
70
Who does ownership of health records ultimately belong to?
The organization that created and maintained the physicial record
71
Managing the input of data is defined as?
Data governance
72
What is Information governance?
Involves the oversight of data outputs
73
What is Data Quality Management?
reviewing data to review its quality level based on the goal or parameters set
74
What is data enterprise management?
the process of defining, integrating, and retrieving data for internal and external communication
75
If more than _________ individuals have been affected by a breach, the media as well as the HHS must be notified.
500
When more than 500 individuals have been affected by a breach, this requires that the media as well as HSS must be notified. Anything less than 500 requires notification only to HHS
76
The HIPAA Security Rule contains two standards. One standard is mandated, and organizations must adhere to the standard as written under the HIPAA Security Rule; the other standard provides flexibility to covered entities.
mandatory, addressable
77
Which type of safeguard included encryption, decryption, and automatic logoff?
Technical
Technical Safeguards invovle the protection of access and control of electronic protected health information.
78
What is Administartive Safeguards?
Manages actions, policies, and procedures to detect and correct violations.
79
What are Physical Safeguard?
Used to identify measures to protect systems and equipment, such as identification badges, from natural and environmental hazards.
80
What are Organizational Safeguards?
Organizational safeguards include arrangements made between organizations to protect ePHI, suchs as BAAs.
81
In instances in which federal and state laws conflict, what law takes precedence?
The most stringent of the laws is what prevails
82
All of the following and identifiers under the HIPAA Privacy Rule EXCEPT:
Social Security Numbers
Gender
Admission date
Birth Date
Gender
83
Which federal law provides standards related to physician peer review and also provides legal immunity to other physicians who participatee in peer review activity?
The Healthcare Quality Improvement Act
HQIA
84
Dominique is a director exploring the causes and effects associated with opening up a new clinic for psychiatric services. Which visual tool will best represent Dominique's need?
Pareto Chart
Fishbone Diagram
Flow Chart
Bar Graph
Fishbone diagram
85
What is a Pareto Chart?
Most helpful when reviewing data that contain different categories with a focus on frequency.
86
What are Flowcharts?
Best used when documenting current processes
87
What are Bar Graphs?
Optimal when reviewing data changes over long periods of time
88
Cassidy is participating in a research study. She is asked to sign an informed consent form in order to go through with the treatment in the study. Cassidy has agreed tosign the form. Per HIPAA requirements, is the investigator missing anything?
No. The investigator has completed his or her due diligence in receiving the informed consent document from Cassidy
89
What is Stark Law?
Stark Law states that a physician may not refer a patient to a facility in which he or she has financial interest including ownership, compensation agreements, and/or investments
90
By law, what are the parameters around a patients' ability to receive their records?
As long as the records are being maintained by the facility, patients should have teh right to access. The length of time specified for maintaining records may vary from facility to facility
91
A patient has been deemed mentally incompetent, and her niece has requested her medical records on her behalf. The patient's niece has not been identified as the legal guardian for the patient nor has she provided any legal documentation in support of her efforts. A fully compliant facility will handle this scenario how?
Inform the niece that they will not be releasing medical records to her at this time, and advise her to seek legal mean if she is now the guardian of her aunt
Patient incompetency is one exception to the written authoriation rule provided by the patient; however, legal documentation has to be presented to a facility in order to be fully compliant with medical record release
92
What is considered to be the legal age of majority?
18 and over- however, this may vary from state to state
93
A 13-year-old child has been seen by a neurology practice in the month of December. the child's parents are divorced, and the mother has requested that the father not have any access to the child's records at any time. Is the facility able to honor this request?
No, with no legal documentation stating that the biological father cannot have access or involvement in medical decision making for the child, the mother has no rights to eliminate the father from being able to request medical documentation on the child
Biological paretns of children each have equal rights to medical decision-making as well as release of information on their children, unless there is a court document stating otherwise. One parent may not exclude the other without this document
94
True or False:
NPPs must be reasonably placed in prominent areas of the facilities and must be signed on new-patient visits, as well as sent to established patients when changes are made to the document.
True
95
A Urology Clinic often refers its patietns to a main hospital for further evaluations in the transferring of care. Both facilities are governed by HIPAA regulations and are considered to be which of the following:
Managed-care entities
Regulated parties
Covered entitites
Third-party covered agents
Managed-care entitites
Although both facilities may participate in contracts with managed care, the fact that they are governed by HIPAA makes them covered entitites in the eyes of the law.
96
A practice does not require its employess to lock file cabinets that contain patient PHI This could potentially be an issue for the practice and cause issues with violating HIPAA regulations. This is an example of which of the following?
Vulnerability
Threat
Breach
Indicident
Vulnerability
97
Why is the role of the database administrator significant in respect to user access?
Database administrators grant user access using role-based methodology within a facility to protect unauthorized users from accessing information that is not required by their roles
User access is handled by an IT professional. More often than not, this person is the databse administrator. User access is granted based on the role of the employee. If additional acces is found to be needed, managers may submit a request for additional access at the review and approval of the database administrator
98
How is the Medicare Conditions of Participaton: Confidentiality of patient records, related to the HIPAA Privacy Rule?
Medicare Conditions of Participation: confidentiality of patient records consists of two parts:
-patient right to confidentiality
-patient right to access their records in a reasonable time frame
These same components are illustrated within the HIPAA Privacy Rule, hense the consistent message
99
In review of the disclosures and redisclosures of confidential health information, an HIM employee states taht both should be handled in the same manner according to regulatory guidelines. Do you agree or disagree with the employee? How would you outline your repsonse to the employee?
Disagree. Disclosures and redisclosures consist of different elements; therefore, they are governed by different regulatory guidelines
Discloving health inforamtion involves information that was originated by that facility. Redisclosure is the process of disclosing information that orginiated by a different provider. Because of this difference, disclosures and redisclosures aregoverned by different federal and state guidelines.
100
What is the correlaton between retention rates of records and the statute of limitations?
Retention rates are established by each state; however, if a state does not have a specific retention rate, the state's statue of limitations may be used as law.
If a state has an established retention rate, this shall be upheld as the measure of standard. It is only in scenarios in which a retention rate is not present that the statue of limitations would take effect. Retention rate and statue of limitations are not synonymous terms, nor does the statute of limitations supersede established retention rates.
101
Per the HIPAA Security Rule, there are three safeguards: administrative, physical, and technical. What information would an HIM employee need to make a decision about whether or not a medical center had sufficient phsycial safeguards?
Review of policies and procedures to address authorized and unauthorized facility access to electronic information systems and facilities where the information is being stored
Physical safeguards are those that protect buildings and equipment from natural disasters and unauthorized intrusion
102
An audit is performed to review a medical center's destruction of records. Employees inform the auditor that they currently have issues finding effective ways of documenting the destruction of records. They also explain that when they do document , they keep their documentation on file for 7 years. This mirrors their retention policy. From the viewpoint of the auditor, what recommendations would you give the medical center?
To keep destruction-of-records documentation in the form of destruction certificates and to keep them documentation permanently
Destruction certificates are considered best practices in these instances. It is important to note that this documentation should be permanently kept and should never be discarded for any reason
103
A HIM department would like to speak to the revenue manager about a trend found within the documentation comming ouf of the Cardiology Department. The HIM Department sent patient examples to the Revenue Manager's work email with four patient identifying factors within the example. The email was not sent securely, nor was it encrypted. Were there any issues with the way the documentation was sent?
Yes, issues were found with the documentaton not being sent securely. It is better to be conservative and send PHI only when necessary and always send securely no matter if the recipient is internal or external
PHI should only be sent over a secured medium. PHI should be sent by following the minimum necessary rule, and the communication should only contain the PHI necessary for the participant to complete the task at hand.
104
ROI has a quick-release functionality in the EHR system that allows the user to release a patient's medical record at a click of a button. However, there is no way to specify which documentation is to be released, so this functionality submits the patient's entire record each time is is used. There have been no complaints, and productivity is at an all-time high. Based on AHIMA standards, should this functionality continue to be used?
No, the minimum necessary rule is being violated here becasue the entire patietn record is being sent over, even in the event that only a specific date of service or procedure is being requested.
The fact that the system is sending an entire records when there may be a possibility that only part of the record was requested is a violation of the minimum necessary rule in respect to the review of PHI
105
An orthopedic practic incorrectly faxes a patient's records to a different hospital. What should the next steps the privacy officer should make?
Call and notfiy/confirm receipt of the documentation by the incorrect facility, request that the documentation be destroyed, and document the action as an incident
It is vital to contact the facility in which information has been incorrectly sent and verify what has happened with the documentation since its receipt. This is key, especially in cases in which the action is considered to be a breach; notation within the HHS site database is required.
106
It was found that a facility had a 30% error rate involving issues with the transfer of PHI through fax and front-desk handoffs through observation rounds of the facility for a week by the compliance staff. With a problem of this magnitute, which would be the best way to ensure that this is addressed and monitored?
Include this within the risk management intiatives for the year and set up a 3 to 6 month corrective action plan
107
A laptop from the billing department at a medical center was stolen. The laptop included 478 patients whose PHI was unprotected. The compliance department was notified, and the director of HIM was contacted for a review of the next steps. What is the next step?
Notification to the patients identified, internal report of incident, and documentation to the HHS as a breach. Medial notification is not needed due to the patient counts of PHI not exceeding 500 patients
The governing body over reported breaches would be HHS. Due to the fact that the breach involved fewer than 500 individulas, the medial would not require notification
108
On 3/17/19, a patient calls to inform the hospital that she received the record of another patient on 2/21/19. She states that she forgot to notify the hospital; however, as of today, she has shredded the documentation. Would this scenario represent a breach or an incident?
Breach. Although the patient reported the information as well as stated the proper means of discarding the records, she had the information for weeks, and this documentation could have been viewed by anyone.
Once a patient leaves the premises with PHI that does not belong to them, the scenario goes from incident to breach status. There is no way to quantify how many individuals outside of the patient have reviewed the PHI. Although the patient agreed to discard/shred the documentation, which is important for reporting to HHS, this does not alter the fact taht this scenario is a breach
109
Becca's sister Abby, 15, is scheduled for an appointment at the dental clinic where Becca is working. Becca wanted to kow the outcome of her sister's lab visit, so she reviews her record for that date of service. What do you think about Becca's actions?
Becca's actions are improper; she shold have treated her sister as she would any other patient and only access charts when necessary
When an employee has a family member that is a patient of the facility, access tothat patient's records should follow the process for all patients of the facility with respect to requesting medical records regardless of the patient's age
110
During an interview with a HIPAA auditor, members of the office personnel of a small chiropractic office stated that all policies and procedures are kept electronically by the compliance officer. All policies are maintained for a minimum 5 years after creation, but they may be updated periodically. With this said, are there any flaws in the office personnel's response?
Yes, policies and procedures should be kepts for a minimum of 6 years after teh later of the date of the policies' creation and the last effective date. The practice should keep records after the last update to the policies
According to regulation, these records should be held for a minimum of 6 years. This 6-year requirement starts from the last effective date of the policy, meaning that any updates should be accounted for and retention dates should be updated to reflect this. Any policies that are kept based on the date of creation when known updates have taken place are not in compliance.
111
A nurse who is now teaching at a community college uses de-identifiable data in an example for her class. The de-identifiable information included gender, birth month and day, and five-digit zipcode. With your knowledge of HIPAA, what is significant, if anything, about this scenario?
The nurse was out of compliance by using the example in her class. The use of the five-digit ZIP Code is not considered de-identifiable information.
The patient's gender, birth month, and birth day are considered de-identifiable. However, five-digit ZIP Codes are not considered de-identifiable, especially when used with gender, birth month, and birth day. For example, the ZIP Code associated with a small town, along with the patient's gender and birth information may easily identify a patient.
112
Business associate agreements (BAAs) were created out of which act?
HIPAA. Regulation to modernize the flow of information, protect PHI, and providel imitation on insurance
BAAs were created out of HIPAA to provide contacts between a covered entity and a vendor with the protection of the PHI at the forefront
113
Within a hospital, a patient comes in who has been a victim of domestic violence. An employee immediatley calls the police and releases the patient's records to them without the patient's consent. Do you agree or disagree with the employee's actions?
Agree. The employee has the legal right to release the information to the police without consent according to the HIPAA Privacy Rule.
When a threat to a person or group is identified when reporting to the police, this is covered per the regulatory guidelines within the HIPAA Privacy Rule
114
A given EHR system does not allow the customer service team to access progress notes on patients. However, there are a few times when customer service would need to review progress nots, and this use has been approved by senior leadership. In order to execute this, which of the following would yield optimal results while adhering to guidelines?
Creation of a "breaking-the-glass" task that allows the user to be required toenter credentials and reasoning as to why access is needed
Breaking the galss is an important feature that allows those who need periodic acces to records for a specific reason to do so without having access granted permanently. The feature also allows for an audit trail and a review of the response provided as to why access is needed.
115
A request is made for the records of a patient with a history of alcohol and drug abuse. The normal release of information workflow is executed by the patient signing a release form. Are there any significant factors that the facility must consider in this scenario?
From the confidentiality perspective, the facility maintaining the record must provide with the disclosure due to the patient having a history or alcohol and drug abuse. This is mandatory by HHS.
116
Within a hospital emergency room, there are two patients who have the same first and last name. In order for the front desk staff to identify the appropriate patient to start the payment process for services rendered, the first and last name of the patient is called along it the patient's birthdate. As a result, several of the patients within the waiting room have written the hospital to say this was a HIPAA violation. What information can you present for or against the patients' concerns?
This is not a HIPAA violation; although the patient's first name, last name, and birthdate are identfiers, due to the need to use all three to appropriately identify the correct patient for payment purposes, no violation has been made.
HIPAA guidelines explain the use of patient identifiers including name and date of birth to identify patients in common areas. Important factors here are that the guidelines outlined certain instances in which this is appropriate and that the payment for services falls within the acceptable purview.
117
Steven has been attending Onslow Neurology Clinic since he was 7 years old. Steven, who has turned 18 today, is taken to hisappointment by his mother, Ellen. At the conclusion of the appointment, Ellen requests information from the doctor regarding information taht was provided to Steven during the appointment. The doctor proceeds to give Ellen a summary of the information given when Steven interrupts stating that his rights have been violated. Is this true?
Yes, his rights have been violated because he is now 18 and therefore has to provide consent for other to hear any information regarding his visit.
As a minor patietn, the legal guardian of the patient are able to receive information on the patient's behalf. Once that patient turns 18, thoserights of the legal guardian are no longer applicable because the patient is deemed to be an adult andis legally able to make their own decisions regarding their care, who is allowed to be contacted/informed of their care, and so forth.
118
A hospital is performing fundraising activities for a local stroke prevention foundation. The foundation has a BAA with the hospital on file. In an effort to aid in fund generation, the hospital agrees to provide patient demographic data, health insurance status, and dates of services without patient authorization. Based on this scenario, what conclusions can be made about the hospital's actions?
The hospital is well within its rights becasue patient demographic data, health insurance status, and dates of service have been approved for use without patient authorization for fundraising purposes.
HIPAA guidelines are specific with regard to fundraising activities. In this scenario, the use of patient demographic data, health insurance status, and dates of service without patient authorization is in comliance because the fundraising parter has a BAA agreement with the hospital.
119
A provider is given a new laptop during a facility-wide initiative to update laptops. Her old laptop contains PHI that has been saved to the hard drive. In the process of receiving the new laptop, the provider deletes information from the old laptop and begins use with the new one. What should be the provider's next step?
The provider should give the old laptop to the IT technician for proper wiping/cleaning of the laptop as well as proper disposal of the laptop. Deleting the information stored is not sufficient.
It is imperative that any device that contained PHI at any point is reviewed and wiped by the IT department to ensure the protection of that data. The IT department may also properly discard of the device if necessary.
120
A patient requests seven copies of his medical record. He is told that there will be a 10.00 fee associated with this. The patient threatens to have legal counsel involved because he has a right to access his medical records at any time free of charge according to HIPAA guidelines. The facility disagrees. Are you for or against the patient?
Against the patient. A facility has the right to charge for any copies of PHI as long as the associated costs are reasonable.
"Reasonable" is left to the interpretation of each facility, but it must be logically proven if requested within a court of law.
121
This is Henry's first visit to a family practice facility. At registration, he is given a notice of privacy practices (NPP) form to fill out. Henry refuses to sign the form. With no signature on the form, what effects does this have on the facility?
The facility must keep record on file of the patient's refusal to sign the document. This does not affect the provider's ability to use the health information as HIPAA permits.
Patients have a right to refuse to sign and NPP or any other docmentation, as stated by HHS.
122
A certified public accounting (CPA) firm is hired by a medical center to provide accounting services. The firm is asked to sign a BAA in which the firm stated that because of the company not performing any repricing information, practice management actions, or utilization review services, a BAA is not required. Are the statements provided by the CPA firm true or false and why?
False, accounting services fall under the purview stated within the HIPAA Privacy Rule; therefore, a BAA is needed.
Accounting services fall under the category for needed BAAs due to the nature of those services. The HIPAA Privacy Rule outlines those services in which a BAA is required.
123
A subpoena was provided to the HIM department to provide legal health record information for a patient. An HIM employee submitted the requst and included statistical reports, incident reports, and quality indicators. Did the HIM employee accurately complete this request?
Although the employee completed the request, the statistical reports, incident reports, and quality indicators should have been omitted because they are not considered as part of the legal health record.
There are guidelines that outline the contents of a patient's legal health record. Among those listed, statistical reports, incident reports, and quality indicators are not included in the that list. Their inlusion could pose an issue with regard to the minimum necessary rule.
124
Is a hospital legally permitted to hire a third-party vendor for the disposal of PHI?
A third-party vendor is permitted to be hired for the disposal of PHI as long as a BAA is in place.
PHI may be disposed by a third party as long as there is a BAA in place. Currently, there are no requirements stating that only certain number of records containing PHI may be disposed of by a third party.
125
The minimum necessary rule was created to add emphasis on protecting PHI. Does this rule apply for those instances in which the use or disclosure of the information is authorized by the patient?
No, the minimum necessary rule does not apply in instances that are authorized by the patient.
Patient authorizations supersede the minimum-necessary rule.
126
The HIPAA Security Rule was created to mandate regulation around the electronic and cybersecurity sectors. Is this statement valid?
No, the HIPAA Security Rule includes not only electronic and cybersecurity components but also administrative, technical, and physical safeguard components as well.
HHS is the governing body over the HIPAA Security Rule. The rule contains regulations for the electronic and cybersecurity sectors; it also includes adminstrative, technical, and physical safeguards.
127
The HIM department realizes that John Smith at ABC Hospital has multiple health record numbers. The term used to describe this scenario is what?
Duplicate.
Duplicate records are handled by HIM personnel. It is here that the records would be combined, and the duplicate record would be deleted.
128
The ________ is the committee resonsible for protecting the rights of human research studies who participate in research activities.
Institutional Review Board
The Institutional Review Board is the governing body over all human research study participants taht protects their rights.
129
In the example SELECT patient name FROM patient WHERE gender = m, which term describes what data to get?
SELECT
The SELECT function explains what data to retrieve. FROM explains where to get the data, and WHERE serves as a filtering category.
130
Within a data model, the current format of the patient's admit date is as follows: DD_MM_YY. However, the agreed upon format was determined to be DD_MM_YYYY. To accurately display the agreed-upon format, at which level does the change need to occur?
Data Dictionary
Data Dictionaries serve as a blueprint for the formatting of data. Any changes from what was originally set within the dictionary will need to be updated in the dictionary for accuracy and consistency.
131
Phases of the systems development life cycle (SDLC) include what?
Planning, analysis, design, and implementation
132
Which quality management function performs the evaluation of medical necessity and effective and efficient use of healthcare services and procedures?
Utilization management
Utilization management teams are used to review the appropriateness of services provided to patietns and associated costs. This review uses medical necessity, policies, and historical data for parameters when reviewing a case.
133
____________ events are monitored by the Joint Commission and are defined as events that are unforeseen within the healthcare setting that lead t odeath or injury (physical or psychological).
Sentinel.
Sentinel events are unforseen events within the healthcare setting that lead to death or injury (physical or psychologicial). These events are closely monitored by the Joint Commission as well as hospital administration because many of these events are preventable.
134
Tina's manager asked her to calculate the range of length-of-stay (LOS) days in the month of August in FY19. In order to do this, Tina must do what?
Subtract the lowest number of LOS days from the highest number of LOS days.
To calculate the range, the formula is the highest number minus the lowest number.
135
Healthcare information systems' ability to communicate and work with each other in different organizations, demographic areas, and settings is defined as what?
Interoperability
Interoperability is a goal of health informatics that impacts the continuity of care for patients by allowing systems to be able to communicate and work with each other in different organizations, demographic areas, and settings.
136
Which one of the following presents teh most secure way of communicating with a patient in regard to their questions, issues, and concerns with a given health provider?
Patient Portal
Patient portals allow for results, PHI, and other data to be transmitted back and forth from patient to provider through secure means. Text messaging and personal email do not allow for transmission of data securely. PHRs are for the patient to update and track their own health; however, these do not interface wit hteh provider's systems, and therefore the transmission of data is limited or often nonexistent.
137
What is an example of data security?
The use of encryption during the saving and transmission of data.
138
