Content Area IX, RHIT Exam: Health Information Privacy and Security

¡Supera tus tareas y exámenes ahora con Quizwiz!

The administrator states that he should not have to participate in privacy and security training as he does not use PHI. How should you respond?

"All employees are required to participate in training, including top administration"

Which of the following statements demonstrates a violation of protected health information?

"Mary, at work yesterday I saw that Susan had a hysterectomy"

The hospital has received a request for an amendment. How long does the facility have in order to accept or deny the request?

30 days

Which of the following statements is true about a requested restriction?

ARRA mandates that a CE must comply with a requested restriction unless it meets one of the exceptions

Mountain Hospital has discovered a security breach. Someone hacked into the system and viewed 50 medical records. According to ARRA, what is the responsibility of the covered entity?

All individuals must be notified within 60 days

Which of the following techniques would a facility employ for access control?

Automatic log-off Unique user identification

Which security measure utilizes fingerprints or retina scans?

Biometrics

A patient's medical record was breached. The written notification that goes out to the patient should contain only a message to call the hospital

False statement - the patient should receive a brief description of the breach, what the covered entity is doing about the breach, what the patient should do, and whom to contact

Dr. Brown has just approved the patient's request to amend the medical record. Dr. Brown has routed the request with his approval to the HIM Department. What should the HIM Department do?

File the request where the erroneous information is located and send a copy of the amendment to anyone who has a copy of the erroneous information plus anyone the patient requests

Which of the following statements is true about the Privacy Act of 1974?

It applies to the federal government

Margaret looked up PHI on her ex-sister-in-law. A routine audit discovered the violation. Which statement is true under ARRA?

Margaret cannot be prosecuted since she is not a covered entity

Mark, a patient of Schnering Hospital, has asked for an electronic copy of his medical record to go to his physician. According to ARRA, what is the CE's obligation to Mark?

Mark has a right to an electronic copy or to have it sent to someone else

Mary processed a request for information and mailed it out last week. Today, the requestor, an attorney, called and said that all of the requested information was not provided. Mary pulls the documentation, including the authorization and what was sent. She believes that she sent everything that was required. She confirms this with her supervisor. The requestor still believes that some extra documentation is required. Given the above information, which of the following statements is true?

Mary is not required to release the extra documentation because the facility has the right to interpret a request and apply the minimum standard rule

Which of the following disclosures would require patient authorization?

Release to patient's attorney

You are looking for potential problems and violations of the privacy rule. What is this security management process called?

Risk assessment

Which of the following should the record destruction program include?

The method of destruction

A patient has submitted an authorization to release information to a physician office for continued care. The release of information clerk wants to limit the information provided because of the minimum necessary rule. What should the supervisor tell the clerk?

The patient is an exception to the minimum necessary rule, so process the request as written

Barbara, a nurse, has been flagged for review because she logged in to the EHR in the evening when she usually works the day shift. Why should this conduct be reviewed?

This needs to be investigated before a decision is made because there may be a legitimate reason why she logged in at this time

Physical safeguards include:

Tools to control access to computer systems Fire protection

Nicole is developing an agreement that will be used between the hospital and the health care clearing house. This agreement will require the two parties to protect the privacy of data exchanged. This is called

a business associate agreement

You have been asked to provide examples of technical security measures. Which of the following would you include in your list of examples?

automatic logout

The computer system containing the electronic health record was located in a room that was flooded. As a result, the system is inoperable. Which of the following would be implemented?

business continuity processes

Alisa has trouble remembering her password. She is trying to come up with a solution that will help her remember. Which one of the following would be the BEST practice?

creating a password that utilizes a combination of letters and numbers

Your organization is sending confidential patient information across the Internet using technology that will transform the original data into unintelligible code that can be re-created by authorized users. This technique is called

data encryption

Intentional threats to security could include

data theft

As Chief Privacy Officer for Premier Medical Center, you are responsible for which of the following?

developing a plan for reporting privacy complaints

Contingency planning includes which of the following processes?

disaster planning

You are defining the designated record set for South Beach Healthcare Center. Which of the following would be included?

discharge summary

You are writing a policy on how to document the amendment process. What information should be required by the policy?

documentation of a request, a refusal, and a patient's right to write a statement of disagreement

The surgeon comes out to speak to a patient's family. He tells them that the patient came through the surgery fine. The mass was benign and they could see the patient in an hour. He talks low so that the other people in the waiting room will not hear but someone walked by and heard. This is called a (n)

incidental disclosure

Patricia is processing a request for medical records. The record contains an operative note and a discharge summary from another hospital. The records are going to another physician for patient care. What should Patricia do?

include the documents from the other hospital

A mechanism to ensure that PHI has not been altered or destroyed inappropriately has been established. This process is called

integrity

I have been asked if I want to be in the directory. The admission clerk explains that if I am in the directory

my friends and family can find out my room number

Facility access controls, workstation use, workstation security, and device/media controls are all part of

physical safeguards

America LTD has developed a PHR. According to ARRA, the health information that they store is

protected

Ms. Thomas was a patient at your facility. She has been told that there are some records that she cannot have access to. These records are most likely Selected Answer: Incorrect

psychotherapy notes

Which of the following would be a business associate?

release of information company

You are writing a policy for the release of information area. This policy will include the requirements for a valid authorization. Which of the following would not be included?

request for an accounting of disclosure

You are reviewing your privacy and security policies, procedures, training programs, and so on, and comparing them to the HIPAA and ARRA regulations. You are conducting a

risk assessment

Kyle, the HIM Director, has received a request to amend a patient's medical record. The appropriate action for him to take is

route the request to the physician who wrote the note in question to determine the appropriateness of the amendment

You work for a 60-bed hospital in a rural community. You are conducting research on what you need to do to comply with HIPAA. You are afraid that you will have to implement all of the steps that your friend at a 900-bed teaching hospital is implementing at his facility. You continue reading and learn that you only have to implement what is prudent and reasonable for your facility. This is called

scalable

Encryption, access control, emergency access to records, and biometrics are examples of

technical security

The HIPAA security rule does not require specific technologies to be used but rather provides direction on the outcome. The term used to describe this philosophy is

technology neutral

Which of the following situations violate a patient's privacy?

the hospital provides patient names and addresses to a pharmaceutical company to be used in a mass mailing of free drug samples

Which statement is true about when a family member can be provided with PHI?

the patient's mother can always receive PHI on her child

Your department was unable to provide a patient with a copy of his record within the 30-day limitation. What should you do?

write the patient and tell him that you will need a 30-day extension

Margaret has signed an authorization to release information regarding her ER visit for a fractured finger to her attorney. Specifically, she says to release the ER history and physical, x-rays, and any procedure notes related to a finger fracture with laceration. Which of the following violates her privacy if released based on this authorization?

x-ray of chest


Conjuntos de estudio relacionados

EPHE 487: Strength & Power Training to Improve Sport (Part 1)

View Set

220-1101 & 220-1102 Quiz Q&A part 1

View Set

Quiz - What is an Operating System

View Set

Practice Questions - Ch 22, 23 ,25

View Set

bio test 3 chapter 13 connect questions

View Set

Peds: Ch. 42 - Alteration in Bowel Elimination/GI Disorder

View Set

World History Cumulative Exam Review

View Set

Chapter Review: Chapter 13 Two-Factor Analysis of Variance

View Set

Eng 9 - 2023-24 S1 Final Exam Review

View Set