QUESTIONS SET 2 Flashcards
An employee in the physical therapy department arrives early every morning to snoop through the clinical information system for potential information about neighbors and
friends. What security mechanisms should have been implemented that could minimize this security breach?
a. Audit controls
b. Facility access controls
c. Information access controls
d. Workstation security
Information access controls
Which of the following is a factor that affects the cost of release of information?
a. Labor and malpractice insurance
b. Malpractice insurance and copies
c. Labor and postage
d. Postage and hospital charges
Labor and postage
The EMTALA regulations include all of the following except which?
a. Transfers of non-stabilized patients must only occur under certain specific conditions.
b. Every patient arriving at the emergency department must receive an appropriate “medical
screening exam.”
c. If an emergency medical condition exists, the hospital must treat and stabilize that
condition or transfer the patient.
d. Non-Medicare indigent patients must be transferred to the nearest level-1 trauma center
Non-Medicare indigent patients must be transferred to the nearest level-1 trauma center
Of the following disclosures of PHI, which one allows an individual the option to agree or disagree with the disclosure of the information?
a. Information regarding decedents
b. Treatment, payment, and operations
c. Workers’ compensation
d. Facility directory
Facility directory
There are instances under the HIPAA Privacy Rule in which a person can informally agree or object to the release of their protected health information. All of the following are examples except:
a. When releasing information for disaster relief
b. When the patient name is included in a facility directory
c. When releasing information for public health purposes
d. When family and friends are with the patient being treated
When releasing information for public health purposes
What information does not have to be included in a covered entity’s notice of privacy practice?
a. A description with one example of disclosures made for treatment, payment, and healthcare operations
b. A description of all the other purposes for which a covered entity is permitted or required to disclose PHI without consent or authorization
c. A statement of individual’s rights with respect to PHI and how the individual can exercise these rights
d. The signature of the patient and date the notice was given to the patient
The signature of the patient and date the notice was given to the patient.
To help understand the challenges and potential vulnerabilities to the PHI within a Health Information Exchange, an organization should conduct the following:
A. Audit trails
B. Policies and procedures
C. Risk management plan
D. Risk analysis
Risk analysis
The process of reducing or eliminating the risk by implementing a control is known as
__________________________.
A. mitigate the risk
B. transfer the risk
C. accept the risk
D. assume the risk
mitigate the risk
Standards that are mandated and must be implemented as written by the HIPAA Security Rule are called
A. Addressable standards
B. Terminology standards
C. Required standards
D. Privacy standards
Required standards
A patient has the right to request a(n) ______________________, which describes where the covered entity has disclosed patient information for the past 6 years outside of treatment, payment, and healthcare operations.
A. Accounting of Disclosures
B. Disclosure List
C. Designated Record Set
D. Amendment of Medical Recored
Accounting of Disclosures
