Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

RHIA Prep > RHIA Domain II Practice Questions > Flashcards

RHIA Domain II Practice Questions Flashcards

1
Q

A professional basketball player from the local team was admitted to your facility for a procedure. During this patient’s hospital stay, access logs may need to be checked daily in order to determine:

a. Whether access by employees is appropriate

b. If the patient is satisfied with their stay

c. If it is necessary to order prescriptions for the patient

d. Whether the care to the patient meets quality standards

A

a. Whether access by employees is appropriate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A patient has the right to request a(n) ________, which describes where the covered entity has disclosed patient information for the past six years outside of treatment, payment, and healthcare operations.

a. Disclosure list

b. Designated record set

c. Amendment of medical record

d. Accounting of disclosures

A

d. Accounting of disclosures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why could it be difficult for a healthcare entity to respond to pulling an entire, legal health record together for an authorized request for information?

a. It can exist in separate and multiple paper-based or electronic systems.

b. The record is incomplete.

c. Numerous physicians have not given consent to release the record.

d. Risk management will not allow the legal health record to be released.

A

a. It can exist in separate and multiple paper-based or electronic systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Dr. Hansen saw a patient with measles in his office. He directed his office staff to call the local
department of health to report this case of measles. The office manager called right away and
completed the report as instructed. Which of the following provides the correct analysis of the
actions taken by Dr. Hansen’s office?

a. Dr. Hansen’s office followed protocol and reported this case of measles correctly.

b. Dr. Hansen’s office did not need to report this case to the local health department.

c. Dr. Hansen’s office should have mailed a letter to the local health department to report this case.

d. Dr. Hansen’s office should have reported the case to the local hospital and not to the health department.

A

a. Dr. Hansen’s office followed protocol and reported this case of measles correctly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the implication regarding the confidentiality of incident reports in a legal proceeding
when a staff member documents in the health record that an incident report was completed about a specific incident?

a. There is no impact.

b. The person making the entry in the health record may not be called as a witness in trial.

c. The incident report likely becomes discoverable because it is mentioned in a discoverable document.

d. The incident report cannot be discovered even though it is mentioned in a discoverable document.

A

c. The incident report likely becomes discoverable because it is mentioned in a discoverable document.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A hospital receives a valid request from a patient for copies of her medical records. The HIM clerk who is preparing the records removes copies of the patient’s records from another hospital where the patient was previously treated. According to HIPAA regulations, was this action correct?

a. Yes, HIPAA only requires that current records be produced for the patient.

b. Yes, this is hospital policy over which HIPAA has no control.

c. No, the records from the previous hospital are considered to be included in the designated record set and should be given to the patient.

d. No, the records from the previous hospital are not included in the designated record set but should be released anyway.

A

c. No, the records from the previous hospital are considered to be included in the designated record set and should be given to the patient.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

John is the privacy officer at General Hospital and conducts audit log checks as part of his job
duties. What does an audit log check for?

a. Loss of data

b. Presence of a virus

c. Successful completion of a backup

d. Unauthorized access to a system

A

d. Unauthorized access to a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An outpatient laboratory routinely mails the results of health screening exams to its patients. The lab has received numerous complaints from patients who have received another patient’s health information. Even though multiple complaints have been received, no change in process has
occurred because the error rate is low in comparison to the volume of mail that is processed daily for the lab. How should the Privacy Officer for this healthcare entity respond to this situation?

a. Determine why the lab results are being sent to incorrect patients and train the laboratory staff on the HIPAA Privacy Rule

b. Fire the responsible employees

c. Do nothing, as these types of errors occur in every healthcare entity

d. Retrain the entire hospital entity because these types of errors could result in a huge fine from the Office of Inspector General

A

a. Determine why the lab results are being sent to incorrect patients and train the laboratory staff on the HIPAA Privacy Rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Anywhere Hospital’s coding staff will be working remotely. The entity wants to ensure that they are complying with the HIPAA Security Rule. What type of network uses a private tunnel through the Internet as a transport medium that will allow the transmission of ePHI to occur between the coder and the facility securely?

a. Intranet

b. Local area network

c. Virtual private network

d. Wide area network

A

c. Virtual private network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An individual designated as an inpatient coder may have access to an electronic medical record in order to code the record. Under what access security mechanism is the coder allowed access to the system?

a. Context-based

b. Role-based

c. Situation-based

d. User-based

A

b. Role-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The Security Rule leaves the methods for conducting the security risk analysis to the discretion of the healthcare entity. The first consideration for a healthcare facility should be:

a. Its own characteristics and environment

b. The potential threats and vulnerabilities

c. The level of risk

d. An assessment of current security measures

A

a. Its own characteristics and environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Sally Mitchell was treated for kidney stones at Graham Hospital last year. She now wants to review her medical record in person. She has requested to review it by herself in a closed room.

a. Failure to accommodate her wishes will be a violation under the HIPAA Privacy Rule.

b. Sally owns the information in her record, so she must be granted her request.

c. Sally’s request does not have to be granted because the hospital is responsible for the integrity of the medical record.

d. Patients should never be given access to their actual medical records.

A

c. Sally’s request does not have to be granted because the hospital is responsible for the integrity of the medical record.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Linda Wallace is being admitted to the hospital. She is presented with a Notice of Privacy
Practices. In the Notice, it is explained that her PHI will be used and disclosed for treatment,
payment, and operations (TPO) purposes. Linda states that she does not want her PHI used for those purposes. Of the options listed here, what is the best course of action?

a. The hospital must honor her wishes and not use her PHI for TPO.

b. The hospital may decline to treat Linda because of her refusal.

c. The hospital is not required to honor her wishes in this situation, as the Notice of Privacy Practices is informational only.

d. The hospital is not required to honor her wishes for treatment purposes but must honor them
for payment and operations purposes.

A

c. The hospital is not required to honor her wishes in this situation, as the Notice of Privacy Practices is informational only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Jack Mitchell, a patient in Ross Hospital, is being treated for heart failure. He has not opted out of the facility directory. Callers who request information about him may be given:

a. No information due to the highly sensitive nature of his illness

b. Admission date and location in the facility

c. General condition and acknowledgment of admission

d. Location in the facility and diagnosis

A

c. General condition and acknowledgment of admission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A data breach occurred in your organization, and after the investigation it was determined that a total of 785 individuals were impacted by the data breach. What must be completed within 60 days of learning about the data breach?

a. Update the notice of privacy practices and send to all patients

b. Report the incident to the individuals impacted, local media, and the Department of Health and Human Services

c. Conduct privacy training for members of the organization

d. Document a note mentioning the data breach in each of the patients’ charts and tell the local media

A

b. Report the incident to the individuals impacted, local media, and the Department of Health and Human Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The “custodian of health records” refers to the individual within a healthcare entity who is
responsible for which of the following actions?

a. Determining alternative treatment for the patient

b. Preparing physicians to testify

c. Testifying to the authenticity of records

d. Testifying regarding the care of the patient

A

c. Testifying to the authenticity of records

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Dr. Smith, a member of the medical staff, asks to see the medical records of his adult daughter
who was hospitalized in your institution for a tonsillectomy at age 16. The daughter is now 25.
Dr. Jones was the patient’s physician. Of the options listed here, what is the best course of action?

a. Allow Dr. Smith to see the records because he was the daughter’s guardian at the time of the tonsillectomy.

b. Call the hospital administrator for authorization to release the record to Dr. Smith since he is
on the medical staff.

c. Inform Dr. Smith that he cannot access his daughter’s health record without her signed authorization allowing him access to the record.

d. Refer Dr. Smith to Dr. Jones and release the record if Dr. Jones agrees.

A

c. Inform Dr. Smith that he cannot access his daughter’s health record without her signed authorization allowing him access to the record.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

St. Joseph’s Hospital has a psychiatric service on the sixth floor. A 31-year-old male came to the HIM department and requested to see a copy of his health record. He told the clerk he was a
patient of Dr. Schmidt, a psychiatrist, and had been on the sixth floor of St. Joseph’s for the last two months. These records are not psychotherapy notes. The best course of action for you to take as the HIM director is:

a. Prohibit the patient from accessing his record as it contains psychiatric diagnoses that may greatly upset him.

b. Allow the patient to access his record.

c. Allow the patient to access his record if, after contacting his physician, his physician does not feel it will be harmful to the patient.

d. Deny access because HIPAA prevents patients from reviewing their psychiatric records.

A

c. Allow the patient to access his record if, after contacting his physician, his physician does not feel it will be harmful to the patient.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You are a member of the hospital’s Health Information Management Committee. The committee has created a HIPAA-compliant authorization form. Which of the following items does the Privacy Rule require for the form?

a. Signature of the patient’s attending physician

b. Identification of the patient’s next of kin

c. Identification of the person or entity authorized to receive PHI

d. Patient’s insurance information

A

c. Identification of the person or entity authorized to receive PHI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

You are a member of the hospital’s Health Information Management Committee. The committee has created a HIPAA-compliant authorization form. Which of the following items does the Privacy Rule require for the form?

a. Signature of the patient’s attending physician

b. Identification of the patient’s next of kin

c. Identification of the person or entity authorized to receive PHI

d. Patient’s insurance information

A

c. Identification of the person or entity authorized to receive PHI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A hospital health information department receives a subpoena duces tecum for records of a former patient. When the health record professional goes to retrieve the patient’s medical records, it is
discovered that the records being subpoenaed have been purged in accordance with the state
retention laws. In this situation, how should the HIM department respond to the subpoena?

a. Inform defense and plaintiff lawyers that the records no longer exist

b. Submit a certification of destruction in response to the subpoena

c. Refuse the subpoena since no records exist

d. Contact the clerk of the court and explain the situation

A

b. Submit a certification of destruction in response to the subpoena

22
Q

An HIM professional violates privacy protection under the HIPAA Privacy Rule when he or she releases ________ without specific authorization from the patient(s) or patient representative(s).

a. A list of newborns to the local newspaper for publication in the birth announcements section

b. Data about cancer patients to the state health department cancer surveillance program

c. Birth information to the country registrar

d. Information about patients with sexually transmitted infections to the county health department

A

a. A list of newborns to the local newspaper for publication in the birth announcements section

23
Q

What is the implication regarding the confidentiality of incident reports in a legal proceeding
when a staff member documents in the health record that an incident report was completed about
a specific incident?

a. There is no impact.

b. The person making the entry in the health record may not be called as a witness in trial.

c. The incident report likely becomes discoverable because it is mentioned in a discoverable document.

d. The incident report cannot be discovered even though it is mentioned in a discoverable document.

A

c. The incident report likely becomes discoverable because it is mentioned in a discoverable document.

24
Q

Which of the following is a best practice for protecting information that is text messaged?

a. Send a text message to more than one person
b. Enter a person’s telephone number each time a text message is sent
c. Encrypt text messages during transmission
d. Presume that telephone numbers stored in memory remain valid

A

c. Encrypt text messages during transmission

25
Q

Community Hospital wants to provide transcription services for transcription of office notes of the private patients of physicians. All of these physicians have medical staff privileges at the hospital. This will provide an essential service to the physicians as well as provide additional revenue for the hospital. In preparing to launch this service, the HIM director is asked whether a business associate agreement is necessary. Which of the following should the hospital HIM director advise to comply with HIPAA regulations?

a. Each physician practice should obtain a business associate agreement with the hospital.
b. The hospital should obtain a business associate agreement with each physician practice.
c. Because the physicians all have medical staff privileges, no business associate agreement is necessary.
d. Because the physicians are part of an Organized Health Care Arrangement (OHCA) with the hospital, no business associate agreement is necessary.

A

c. Because the physicians all have medical staff privileges, no business associate agreement is necessary.

26
Q

According to the Privacy Rule, which of the following statements must be included in the notice of privacy practices?

a. A description (including at least one example) of the types of uses and disclosures the physician is permitted to make for marketing purposes.
b. A description of each of the other purposes for which the covered entity is permitted or required to use or disclose PHI without the individual’s written consent or authorization.
c. A statement that other uses and disclosures will be made without the individual’s written authorization and that the individual may not revoke such authorization.
d. A statement that all disclosures will be prohibited from future redisclosures.

A

b. A description of each of the other purposes for which the covered entity is permitted or required to use or disclose PHI without the individual’s written consent or authorization.

27
Q

Which of the following is a direct command that requires an individual or a representative of a healthcare entity to appear in court or to present an object to the court?

a. Judicial decision
b. Subpoena
c. Credential
d. Regulation

A

d. Regulation

28
Q

Covered entities must retain documentation of their security policies for at least:
a. Five years
b. Five years from the date of origination
c. Six years from the date when last in effect
d. Six years from the date of the last incident

A

c. Six years from the date when last in effect

29
Q

The Administrative Simplification portion of Title II of HIPAA addresses which of the following?

a. Creating standardized forms for release of information throughout the industry
b. Computer memory requirements for health plans maintaining patient health information
c. Security regulations for personal health records
d. Uniform standards for transactions and code sets

A

c. Security regulations for personal health records

30
Q

Which of the following would be included in an accounting of disclosures?

a Incidental to an otherwise permitted or required use disclosure
b Disclosures to the individual about whom the information pertains
c Disclosures made pursuant to an authorization
d Patient information faxed to the bank

A

c Disclosures made pursuant to an authorization

31
Q

An original goal of HIPAA Administrative Simplification was to standardize:

  • Privacy notices given to patients
  • The electronic transmission of health data
  • Disclosure of information for treatment purposes
  • The definition of PHI
A

The electronic transmission of health data

32
Q

A hospital releases information to an insurance company with proper authorization by the patient. The insurance company forwards the information to a medical data clearinghouse. This process is referred to as:

  • Admissibility
  • Civil release
  • Privileging process
  • Redisclosure
A

Redisclosure

33
Q

A subpoena duces tecum compels the recipient to:
* Serve on a jury
* Answer a complaint
* Testify at a trial
* Bring records to a legal proceeding

A

Bring records to a legal proceeding

34
Q

Mary Jones has been declared legally incompetent by the court. Mrs. Jones’s sister has been appointed her legal guardian. Her sister requested a copy of Mrs. Jones’s health records. Of the options listed here, what is the best course of action?

a. Comply with the sister’s request but first request documentation from the sister that she is Mary Jones’s legal guardian
b. Provide the information as requested by the sister
c. Require that Mary Jones authorize the release of her health information to the sister
d. Refer the sister to Mary Jones’s doctor

A

a. Comply with the sister’s request but first request documentation from the sister that she is Mary Jones’s legal guardian

35
Q

The Latin phrase meaning “let the master answer” that puts responsibility for negligent actions of employees on the employer is called:

  • Res ipsa locquitor
  • Res judicata
  • Respondeat superior
  • Restitutio in integrum
A

Respondeat superior

36
Q

Per HITECH, an accounting of disclosures must include disclosures made during the previous:
* 10 years
* 6 years
* 3 years
* 1 year

A

6 years

37
Q

The technology, along with the policies and procedures for its use, that protects and controls access to ePHI are:
* Administrative safeguards
* Technical safeguards
* Physical safeguards
* Integrity controls

A

Technical safeguards

38
Q

Which landmark legal case established the responsibility of the hospital for the quality of care given by its physicians?

a Roe v. Wade
b Darling v. Charleston Community Memorial Hospital
c Marbury v. Madison
d Brown v. Board of Education

A

b Darling v. Charleston Community Memorial Hospital

39
Q

An employer has contacted the HIM department and requested health information on one of his employees. Of the options listed here, what is the best course of action?
a Provide the information requested
b Refer the request to the attending physician
c Request the employee’s written authorization for release of information
d Request the employer’s written authorization for release of the employee’s information

A

c Request the employee’s written authorization for release of information

40
Q

Which of the following controls external access to a network?
* Access controls
* Alarms
* Encryption
* Firewall

A

Access controls

41
Q

Which of the following is a mechanism that records and examines activity in information systems?
* eSignature laws
* Security audits
* Minimum necessary rules
* Access controls

A

Security audits

42
Q

A ________ helps a healthcare entity proactively ensure that the information they store and maintain is only being accessed in the normal course of business.
a Contingency plan
b Workflow analysis
c Documentation audit
d Security audit

A

d Security audit

43
Q

Community Hospital is planning implementation of various elements of the EHR in the next six months. Physicians have requested the ability to access the EHR from their offices and from home. What advice should the HIM director provide?

a. HIPAA regulations do not allow this type of access.
b. This access would be covered under the release of PHI for treatment purposes and poses no security or confidentiality threats.
c. Access can be permitted providing that appropriate safeguards are put in place to protect against threats to security.
d. Access cannot be permitted because the physicians would not be accessing information for treatment purposes.

A

c. Access can be permitted providing that appropriate safeguards are put in place to protect against threats to security.

44
Q

The confidentiality of incident reports is generally protected in cases when the report is filed in:
a. The nursing notes
b. The patient’s health record
c. The physician’s progress notes
d. The hospital risk manager’s office

A

d. The hospital risk manager’s office

45
Q

A patient requests that disclosures made from her medical record be limited to specific clinical notes and reports. Given HIPAA requirements, how must the hospital respond?

a. The hospital must accept the request but does not have to agree to it.
b. The hospital must honor the request.
c. The hospital must guarantee that the request will be followed.
d. The hospital must agree to the request, providing that state or federal law does not prohibit it.

A

a. The hospital must accept the request but does not have to agree to it.

46
Q

Which of the following is a “public interest and benefit” exception to the authorization requirement?

a Payment
b PHI regarding victims of domestic violence
c Information requested by a patient’s attorney
d Treatment

A

b PHI regarding victims of domestic violence

47
Q

The Privacy Rule establishes that a patient has the right of access to inspect and obtain a copy of his or her PHI:
a For as long as it is maintained
b For six years
c Forever
d For 12 months

A

b For six years

48
Q

What is the most common method for implementing entity authentication?
a Personal identification number
b Biometric identification systems
c Token systems
d Password systems

A

a Personal identification number

49
Q

A federal confidentiality statute specifically addresses confidentiality of health information about ________ patients.

a Developmentally disabled
b Elderly
c Drug and alcohol recovery
d Cancer

A

c Drug and alcohol recovery

50
Q

The health record of Kathy Smith, the plaintiff, has been subpoenaed for a deposition. The plaintiff’s attorney wants to use the records as evidence to prove his client’s case. In this situation, although the record constitutes hearsay, it may be used as evidence based on the:

a Admissibility exception
b Discovery exception
c Direct evidence exception
d Business records exception

A

d Business records exception

51
Q

Generally, policies addressing the confidentiality of quality improvement (QI) committee data (minutes, actions, and so forth) state that this kind of data is:
a Protected from disclosure
b Subject to release with patient authorization
c Generally available to interested parties
d May not be reviewed or released to external reviewers such as the Joint Commission

A

a Protected from disclosure

RHIA Prep (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions