Legal & Ethics Exam 4
Which of the following is not an example of a red flag for a healthcare provider?
A question from a patient about scheduled surgery
The capture of data by a hospital's data security system that shows multiple invalid attempts to access the patients' database is an example of __________.
Audit trail
Which of the following generally describes a coroner?
Coroner is appointed or elected and may or may not be a physician
Reporting of births by state law is allowable for which of the following reasons?
Data are necessary to identify trends
Which of the following is not a HIPAA individual right?
Import PHR content into the provider's health record
What is the most common type of security threat to a health information system?
Internal to the organziation
The adoptive parents of Susan, a minor, wish to access her health record. What is the best way for them to obtain a copy of Susan's operative report?
Present an authorization that at least the mom or dad signed
Trauma registry data is used for all of the following purposes except _____.
Prosecution of drunk drivers
With regard to seclusion and restraint, federal laws
Restrict their use
Medicare requirements pertaining to seclusion and restraint_____.
restrict their use
General Hospital is a facility that benefitted from the Hill-Burton Act. As a result it_________.
was required to provide a reasonable volume of free or reduced-cost care
Vulnerabilities and threats are terms that can be used interchangeably
False
Employees in the hospital business office may have legitimate access to patient health information without patient authorization based on what HIPAA standard/principle?
Minimum necessary
Patient responsibilities generally include all of the following except:
Pay in advance for treatment rendered
Who is responsible for signing a death certificate in most states?
Physician
Healthcare facilities are required to report vital statistics to which of the following authority?
State department of health
Red flags are used to help a healthcare provider detect medical identity theft.
True
Which of the following actions are included about a physician in the National Practitioner Data Bank?
- Malpractice lawsuits - Disciplinary actions - Credentialing information from other facilities
Mia is a 16 year old pregnant female who plans on having an abortion. Mia has the right to choose who her health information may be released to. What other healthcare situations exist that give Mia the right to authorize release of her healthcare information?
- Mental health - Substance abuse - Veneral diseases
Cultural competence takes into account_________.
- Religion - Gender identity - Ethnicity
What rights does a competent individual have in regard to his or her healthcare?
- Right to consent to treatment - Right to access his or her own PHI - Right to refuse treatment
Which of the following is(are) true regarding the reporting of communicable diseases?
- The usual reporting time is 24 hours - The disease to be reported are established by state law - Reporting is required because of the public health threat they present
In the situation of behavioral healthcare information a healthcare provider may disclose health information on a patient without the patient's authorization in which of the following circumstances?
-Court order -Duty to warn -Involuntary commitment proceedings
Substance abuse patient information is afforded federal protection through HIPAA and Alcohol and Drug Abuse Regulations. If a minor wishes to authorize release of his or her health information he or she may do so if _____.
-State statute allows the minor to authorize release - State statutes allows minor and parent to authorize release
Medical device reporting is allowable without patient authorization under HIPAA for which of the following?
-Tracking product recalls - Conducting post marketing surveillance - Collecting or reporting of adverse events
Jackie has been transported to the emergency room. She has refused life-saving treatment. Which of the following options is true?
A court may decide there is a compelling state interest in preserving her life
A young child is killed by a hit-and-run driver. The case is reported to the medical examiner for all of the following reasons except _____.
Age of child
When the HIM professional is considering the major departmental functions to include in a disaster plan for emergency operations, which of the following would be the least important?
Billing
Elaine has moved to a new state to assume the director of HIM in a large community hospital. In her previous position, reporting of trauma injuries was required by state law. However, in her new position it is apparent that the hospital is not reporting traumatic injuries. Which of the following is the most appropriate action for Elaine to take?
Check state law to determine if reporting of trauma injuries is required
Which of the following defines the study of encryption and decryption techniques?
Cryptography
Key components to a contingency or disaster plan, mandated by the HIPAA Security Rule include __________.
Data back-up, data recovery and emergency mode of operations
What statement best addresses disclosure of information about abortions?
Disclosed based on required reporting statutes
Tarasoff v. The Regents of the University of California is a landmark case related to the release of psychiatric patient information without patient authorization. The healthcare provider must release such information based on what circumstance?
Duty to warn
Eleanor has refused life-saving treatment. Which of the following is true?
Eleanor has the right of self-determination to refuse treatment
The Safe Medical Devices Act requires the reporting of medical device injuries to which agency?
FDA
The predetermined time for an automatic log-off from the system is mandated by
Facility policy
A patient must allow their health information to be shared with a health information exchange.
False
Abuse of the elderly is limited to physical neglect of an elder person.
False
Billing advocates work for healthcare providers to ensure that patients pay their medical bills in full.
False
CLIA prohibits a patient from accessing lab results directly for the laboratory conducting the test.
False
Compliance with the HIPAA Security Rule is the only standards that should be considered when developing a security plan and performing a risk assessment.
False
Disaster recovery and contingency plans related to ePHI are nice to have but not necessary.
False
E-mail related to patient care should be kept separate from the patient medical record
False
It is best policy to provide a special mark or notice on an HIV/AIDS patient health record in order to ensure extra privacy precautions on the record.
False
It is best practice to select a very strong password and use it for all accounts.
False
Psychotherapy notes are always part of the behavioral health record.
False
Regardless of the type of request made, if the request is from the patient, a formal authorization form is required per the HIPAA Privacy Rule.
False
The Affordable Care Act generally permits lifetime limits on health insurance benefits.
False
The responsibility for notifying individuals who have had contact with an individual with an infected communicable disease is the person who has the disease.
False
When an employee is injured at work he must authorization disclosure of his PHI before it can be reported to OSHA.
False
With whom may patients file a complaint if they suspect medical identity theft violations?
Federal Trade Commission
Dr. Jordan, a member of the medical staff, asks to see the medical records of his adult daughter who was hospitalized in your institution for a tonsillectomy at age 16. The daughter is now 25. Dr. Smith was the patient's physician. Of the options below what is the best course of action?
Inform Dr. Jordan that he cannot access his daughter's health record without her signed authorization allowing him access to the record
Dr. Williams is on the medical staff of Sutter Hospital, and he has asked to see the health record of his wife, who was recently hospitalized. Dr. Jones was the patient's physician. Of the options below, which is the best course of action?
Inform Dr. Williams that he cannot access his wife's health information unless she authorizes access through a written release of information
Which of the following is a public interest and benefit exception to the HIPAA authorization requirement?
Information on domestic violence
Sally uses a patient health information portal.
It increases her 24/7 access to her health information
The following reporting exceptions to the doctrine of preemption are allowable except for which of the following?
Marketing
Which of the following pieces of information is not typically mandated by state law child abuse reporting requirements?
Name of siblings
Which of the following is not an access control commonly utilized by covered entities for compliance with the HIPAA security rule?
Palm scanners
Which of the following would be considered a two-factor authentication system?
Password and swipe card
What is the most common method for implementing entity authentication?
Password systems
Which of the following statements is the least likely reason a state would require the reporting of a gunshot wound and subsequent death of a 16-year-old involved in a drive-by shooting?
Patient was a minor
Which of the following information is not included about a physician in the National Practitioner Data Bank?
Personal bankruptcy
A wife who is legally authorized to make healthcare decisions and act on behalf of her husband, who is a patient, is acting in what capacity?
Personal representative
The HIPAA Security Rule requires which of the following to achieve compliance?
Protecting ePHI
The release of information manager at Hope Hospital has received a request to obtain copies of an individual's recent hospitalization for spousal abuse. Upon reviewing the request, the manager notices that the signature on the request does not look like the patient's signature on the informed consent in the patient's medical record. What would be the best course of action?
Refer the request to the hospital's medical identity theft committee to ascertain if this is indeed the patient requesting the information
Which of the following health information handlers are required to provide authorization for access and disclosure of PHI.
Release of information Contractor
Select the best response to complete this statement: Natural (birth) parents of a child who has been adopted by adoptive parents _____.
Relinquish the right to inspect their child's health records once their parental rights have been terminated
An employer has contacted the Health Information Management Department and requested health information on one of his employees. Of the options below, what is the best course of action?
Request employee's written authorization for release of information
Elements to include in a security system risk analysis program include all but which of the following?
Restricting remote access to users
The Uniform Health-Care Decision Act (UHCDA) refers to _____.
Selecting an individual to make healthcare decisions for a competent adult
Minors are basically deemed legally incompetent to access, use, or disclose their health information. What resource should be consulted in terms of who may authorize access, use, or disclose the health records of minors?
State law because HIPPA defers to state laws on matters related to minors
Examples of reportable deaths include which of the following?
Sudden, unexpected, violent, suspicious
Which of the following is the best option for password management?
System auto-assigns password
An audit trail is a record that shows when a particular user accessed a computer system.
True
Assignment of patient medical record numbers is one of the priorities of the HIM professional during system downtime during a disaster.
True
Data encryption ensures that data transferred from one location on a network to another are secure from eavesdropping or data interception.
True
Depending on state law, an individual may access his or her PHI housed in an immunization registry.
True
Employee nondisclosure agreements are particularly important for employees who work in remote locations or telecommute.
True
Employees directly involved in patient care do not require authorization to access the patient's record.
True
For a substance abuse program to be in compliance with the Privacy Rule, the authorization of disclosure of information should include specific elements required by the Privacy Rule.
True
Health organizations and providers may charge a reasonable fee as set by state law for copying health records in response to a request for patient information.
True
In absence of a legal executor or administrator of an estate, states may follow the UHCDA to allow access to the health records of a deceased patient.
True
Information reported without patient authorization under federal laws should be included in the Notice of Privacy Practices.
True
Patient portals are hosted by healthcare providers.
True
The American Hospital Association's Patient Bill of Rights is now the Patient Care Partnership, which focuses on patient expectations, rights, and responsibilities.
True
The FDA does not regulate electronic health records but it does regulate a number of health IT applications that may pose a risk to the health or safety of a patient.
True
Transplant registries may include data about organ donors as well as organ recipients.
True
All of the following are examples of unusual events that healthcare facilities typically must report except _____.
Worker's compensation cases
Which computer virus stores and replicates itself?
Worm
Which of the following has the right to consent to treatment?
an 88 year old woman
Which of the following is not a mechanism to detect external medical identity theft?
conduct a background check on prospective employees
Esther is an 86-year-old patient of Dr. Brooks. When taking into consideration that Esther views the physician-patient relationship differently because of her age, Dr. Brooks is exhibiting_________.
cultural competence
A clinical registry is a collection of secondary data derived from a patient's health record, which may be used for all of the following except _____.
enforcing HIPPA violations
The greatest threats to organizational security stem from __________.
internal threats
The community benefit standard_________.
is required for tax-exempt status
"Against medical advice" discharges_________.
may result, if prohibited by the provider, in a battery claim against the provider
Disclosure regarding reportable conditions under state laws and regulations _____.
must be included in the AOD maintained by the facility
When a patient is an organ donor whose death is imminent, notifying the family members that the organ procurement organization will be contacted is _____.
not-required
If a healthcare facility sustains physical damage caused by a tornado, the disaster recovery mechanism which provides the greatest protection of the data is __________.
off-site data storage
The purpose of the trauma registry is for all of the following except _____.
prosecute those that cause trauma to others
