Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

RHIA Domain 2 > RHIA Domain 2 > Flashcards

RHIA Domain 2 Flashcards

1
Q

You are reviewing your privacy and security policies, procedures, training program, and so on, and comparing them to the HIPAA and ARRA regulations. You are conducting a

  • policy assessment
  • risk assessment
  • compliance audit.
  • risk management
A

risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following can be released without consent or authorization?

  • summary of patient care
  • de-identified health information
  • personal health information
  • protected health information
A

de-identified health information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Kyle, the HIM Director, has received a request to amend a patient’s medical record. The appropriate action for him to take is

  • make the modification because you have received the request.
  • file the request in the chart to document the disagreement with the information contained in the medical record
  • route the request to the physician who wrote the note in question to determine the appropriateness of the amendment.
  • return the notice to the patient because amendments are not allowed.
A

route the request to the physician who wrote the note in question to determine the appropriateness of the amendment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An employee in the admission department took the patient’s name, social security number, and other information and used it to get a charge card in the patient’s name. This is an example of

  • identity theft
  • mitigation
  • disclosure
  • release of information
A

identity theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Patient has submitted an authorization to release information to a physician office for continued care. The release of information clerk wants to limit the information provided because of the minimum necessary rule. What should the supervisor tell the clerk?

  • Good call
  • The patient is an exception to the minimum necessary rule, so proves the request as written
  • The minimum necessary rule was eliminated with ARRA
  • The minimum necessary rule only applies to attorneys.
A

The patient is an exception to the minimum necessary rule, so proves the request as written

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Patricia is processing a request for medical records. The record contains an operative note and a discharge summary from another hospital. The records are going to another physician for patient care. What should Patricia do?

  • Notify the requestor that redisclosure is illegal and so he must get the operative and discharge summary records from the original source hospital.
  • Include the documents from the other hospital
  • Redisclose when necessary for patient care
  • Redisclose when allowed by law
A

Include the documents from the other hospital

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Before a user is allowed to access protected health information, the system confirm that the patient is who he or she says they are. This is known as

  • access control
  • notification
  • authorization
  • authentication
A

authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Contingency planning includes which of the following processes?

  • data quality
  • system analysis
  • disaster planning
  • hiring practices
A

disaster planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following disclosures would require patient authorization?

  • law enforcement activities
  • workers’ compensation
  • release to patient’s family
  • public health activities
A

release to patient’s family

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

I have been asked if I want to be in the directory. The admission clerk explains that if I am in the directory,

  • my friends and family can find out my room number
  • my condition can be discussed with any caller in detail.
  • my condition can be released to the news media
  • my condition can be released to hospital staff only.
A

my friends and family can find out my room number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following techniques would a facility employ for access control?

  1. automatic logoff
  2. authentication
  3. integrity controls
  4. unique user identification
  • 1 and 4 only
  • 1 and 2 only
  • 2 and 4 only
  • 3 and 4 only
A

1 and 4 only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following statement is true about the Privacy Act of 1974?

  • It applies to all organizations that maintain health care data in any form.
  • It applies to all health care organizations.
  • It applies to the federal government.
  • It applies to federal government except for the Veterans Health Administration
A

It applies to the federal government.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following statements is true about a requested restriction?
• ARRA mandates that a CE must comply with a requested restriction.
• ARRA states that a CE does not have to agree to a request restriction
• ARRA mandates that a CE must comply with a requested restriction unless it meets one of the exceptions
• ARRA does not address restrictions to PHI

A

ARRA mandates that a CE must comply with a requested restriction unless it meets one of the exceptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is an example of administrative safeguards under the security rule?

  • encryption
  • monitoring the computer access activity of the user
  • assigning unique identifiers
  • monitoring traffic on the network
A

monitoring the computer access activity of the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Someone accessed the covered entity’s electronic health record and sold the information that was accessed. This person is knows as which of the following?

  • malware
  • a virus
  • a hacker
  • a cracker
A

a cracker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Intentional threats to security could include

  • a natural disaster (flood).
  • equipment failure (software failure).
  • human error (data entry error).
  • data theft (unauthorized downloading of files).
A

data theft (unauthorized downloading of files).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following would be a business associate?

  • release of information company
  • bulk food service provider
  • childbirth class instructor
  • security guards
A

release of information company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following statements demonstrates a violation of protected health information?

  • “Can you help me find Mary Smith’s record?”
  • A member of the physician’s office staff calls centralized scheduling and says, “Dr. Smith wants to perform a bunionectomy on Mary Jones next Tuesday.”
  • “Mary, at work yesterday I saw that Susan had a hysterectomy.”
  • Dr. Jones tells a nurse on the floor to give Ms. Brown Demerol for her pain.
A

“Mary, at work yesterday I saw that Susan had a hysterectomy.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You are a nurse who works on 3West during the day shift. One day, you had to work the night shift because they were shorthanded. However, you were unable to access the EHR. What type of access control (s) are being used?

  • user-based
  • context-based
  • role-based
  • either user- or role-based
A

context-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

In case your system crashes, your facility has defined the policies and procedures necessary to keep your business going. This is known as:

  • core operations
  • business continuity plan
  • data recovery
  • data backup
A

business continuity plan

21
Q

You are defining the designated record set for South Beach Healthcare Center. Which of the following should be included?

  • quality reports
  • psychotherapy notes
  • discharge summary
  • information compiled for use in civil hearing
A

discharge summary

22
Q

You have been asked to provide examples of technical security measures. Which of the following would you include in your list of examples?

  • locked doors
  • automatic logout
  • minimum necessary
  • training
A

automatic logout

23
Q

Which security measure utilizes fingerprints or retina scans?

  • audit trail
  • biometrics
  • authentication
  • encryption
A

biometrics

24
Q

Ms. Thomas was a patient at your facility. She has been told that there are some records that she cannot have access to. These records are most likely

  • psychotherapy notes
  • alcohol and drug records
  • AIDS records
  • mental health assessment
A

psychotherapy notes

25
Q

Your organization is sending confidential patient information across the Internet using technology that will transform the original data into unintelligible code that can be re-created by authorized users. This technique is called.

  • a firewall
  • validity processing
  • a call-back process
  • data encryption
A

data encryption

26
Q

When patients are able to obtain a copy of their health record, this is an example of which of the following?

  • a required standard
  • an addressable requirement
  • a patient right
  • a preemption
A

a patient right

27
Q

Which of the following should the record destruction program include?

  • the method of destruction
  • the name of the supervisor of the person destroying the records
  • citing the laws followed
  • requirement of daily destruction
A

the method of destruction

28
Q

You are looking for potential problems and violations of the privacy rule. What is this security management process called?

  • risk management
  • risk assessment
  • risk aversion
  • business continuity planning
A

risk assessment

29
Q

The surgeon comes out to speak to a patient’s family. He tells them that the patient came through the surgery fine. The mass was benign and they could see the patient in an hour. He talks low so that the other people in the waiting room will not hear but someone walked by and heard. This is called a(N)

  • privacy breach
  • violation of policy
  • incidental disclosure
  • privacy incident.
A

incidental disclosure

30
Q

A patient signed an authorization to release information to a physician but decided not to go see that physician. Can he stop the release?

  • No, once the release is signed, it cannot be reversed
  • Yes - in all circumstances
  • Yes, as long as it has not been released already
  • Yes, as long as the physician agrees
A

Yes, as long as it has not been released already

31
Q

A mechanism to ensure that PHI has not been altered or destroyed inappropriately has been established. This process is called

  • entity authentication
  • audit controls
  • access control
  • integrity
32
Q

Which of the following documents is subject to the HIPAA security rule?

  • document faxed to the facility
  • copy of discharge summary
  • paper medical record
  • scanned operative report stored on CD
A

scanned operative report stored on CD

33
Q

The hospital has received a request for an amendment. How long does the facility have in order to accept or deny the request?

  • 30 days
  • 60 days
  • 14 days
  • 10 days
34
Q

You work for a 60-bed hospital in a rural community. You are conducting research on what you need to do to comply with HIPAA. You are afraid that you will have to implement all of the steps that your friend at a 900-bed teaching hospital is implementing at his facility. You continue reading and learn that you only have to implement what is prudent and reasonable for your facility. This is called.

  • scalable
  • risk assessment
  • technology neutral
  • access control
35
Q

Barbara, a nurse, has been flagged for review because she logged in to the EHR in the evening when she usually works the day shift. Why should this conduct be reviewed?

  • This is a privacy violation
  • This needs to be investigated before a decision is made because there may be a legitimate reason why she logged in at this time.
  • This is not a violation since Barbara, as a nurse, has full access to data in the EHR
  • No Action is required
A

This needs to be investigated before a decision is made because there may be a legitimate reason why she logged in at this time.

36
Q

Alisa has trouble remembering her password. She is trying to come up with a solution that will help her remember. Which one of the following would be the BEST practice?

  • using the word “password” for her password
  • using her daughter’s name for her password
  • writing the complex password on the last page of her calendar
  • creating a password that utilizes a combination of letters and numbers
A

creating a password that utilizes a combination of letters and numbers

37
Q

Which statement is true about when a family member can be provided with PHI?

  • The patient’s mother ca always receive PHI on their child.
  • The family member lives out of town and cannot come to the facility to check on the patient.
  • The family member is a health care professional
  • The family member is directly involved in the patient’s care
A

The family member is directly involved in the patient’s care

38
Q

A covered entity

  • is exempt from the HIPAA privacy and security rules
  • includes all health care providers
  • includes health care providers who perform specified actions electronically.
  • must utilize business associates
A

includes health care providers who perform specified actions electronically.

39
Q

Protected health information includes

  • only electronic individually identifiable health information
  • only paper individually identifiable health information
  • individually identifiable health information in any format stored by a health care provider
  • individually identifiable health information in any format stored by a health care provider or business associate
A

individually identifiable health information in any format stored by a health care provider or business associate

40
Q

To prevent their network from going down, a company has duplicated much of its hardware and cables. This duplication is called

  • an emergency mode plan
  • redundancy
  • a contingency plan
  • a business continuity planning
A

redundancy

41
Q

Richard has asked to view his medical record. Within what time-frame must the facility provide this record to him?

  • 30 days
  • 60 days
  • 14 days
  • 10 days
42
Q

The HIPAA security rule impacts which of the following protected health information?

  • x-ray films stored in radiology
  • paper medical records
  • faxed records
  • clinical data repository
A

clinical data repository

43
Q

To which of the following requesters can a facility release information about a patient without that patient’s authorization?

  • the public health department
  • the nurse caring for the patient
  • a court with a court order
  • a business associate
A

a court with a court order

44
Q

The data on a hard drive were erased by a corrupted file that had been attached to an e-mail message. Which of the following can be used to prevent this?

  • messaging standards
  • acceptance testing
  • virus checker
  • encryption
A

virus checker

45
Q

Which of the following is the term used to identify who made an entry into a health record?

  • access control
  • authentication
  • authorship
  • No answer text provided.
A

authorship

46
Q

When logging into a system, you are instructed to enter a string of characters. These characters appear distorted onscreen, however. What kind of access control is this?

  • CAPCHA
  • biometrics
  • token
  • accessibility
47
Q

Which of the following is an example of two-factor authentication?

  • username and password
  • token and smart card
  • fingerprint and retinal scan
  • password and token
A

password and token

48
Q

The three components of a security program are protecting the privacy of data, ensuring the integrity of data, and ensuring the _________.

  • validity of data
  • availability of data
  • security of hardware
  • security of data
A

availability of data

RHIA Domain 2 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions