RHIT Domain 1-3

¡Supera tus tareas y exámenes ahora con Quizwiz!

The hospital-acquired infection rate for our hospital is 0.2%, whereas the rate at a similar hospital across town is 0.3%. This is an example of a: a. Benchmark b. Check sheet c. Data abstract d. Run chart

a A benchmark is a systematic comparison of one organization's measurement characteristics to those of another similar organization. When an organization compares its current performance to its own internal historical data, or uses data from similar external organizations, it helps establish an organization benchmark (Foltz et al. 2016, 465).

A patient's birth date and gender documented in the health record are examples of a data ________. a. Element b. Map c. Dictionary d. Definition

a A data element can be a single or individual fact that represents the smallest unique subset of a larger database, sometimes referred to as the raw facts and figures (Brinda 2016, 141).

Which of the following is not true about the Notice of Privacy Practices? a. It must include at least two examples of how information is used for both treatment and operations. b. It must include a description of the right to request restrictions on certain uses and disclosures. c. It must explain the patient's right to inspect and copy PHI. d. It must include a description of the patient's right to amend PHI.

a AHIMA outlines the requirements for the content of the notice of privacy practices. One requirement is that a description (including at least one example) is to be given of the types of uses and disclosures the covered entity is permitted to make for treatment, payment, and healthcare operations (Rinehart-Thompson 2016b, 230-231).

What number is assigned to a case when it is first entered in a cancer registry? a. Accession number b. Patient number c. Health record number d. Medical record number

a Accession number is a number assigned to each case as it is entered in a cancer registry (Sharp 2016, 175).

Specific performance expectations and structures and processes that provide detailed information for each of the Joint Commission standards are called: a. Elements of performance b. Fact sheets c. Ad hoc reports d. Registers

a Elements of performance (EPs) are the Joint Commission's specific performance expectations and structures or processes that must be in place for an organization to provide safe, high-quality care, treatment, and services. Knowledge of EPs pertaining directly to the health record and documentation in the record are critical for HIM professionals working in an accredited facility (Rossiter 2013, 486).

Authentication of a record refers to: a. Establishment of its baseline trustworthiness b. The type of electronic operating system on which it was created c. The identity of the individual who notarized it d. Its relevance

a Even if evidence appears to be relevant, it must also be authenticated. As with health records, the evidence itself must be shown to have a baseline authenticity or trustworthiness (Klaver 2017a, 78-79).

What committee usually oversees the development and approval of new forms for the health record? a. Clinical forms committee b. Executive committee c. Medical staff committee d. Quality review committee

a Every healthcare organization should have a forms or design (for EHR systems) committee. This committee should provide oversight for the development, review, and control of all enterprise-wide information capture tools, including paper forms and design of computer screens (Sayles 2016b, 66).

With regard to training in PHI policies and procedures: a. Every member of the covered entity's workforce must be trained b. Only individuals employed by the covered entity must be trained c. Training only needs to occur when there are material changes to the policies and procedures d. Documentation of training is not required

a Every member of the covered entity's workforce must be trained in PHI policies and procedures to maintain the privacy of patient information, uphold individual rights guaranteed by the Privacy Rule, and report alleged breaches and other Privacy Rule violations (Rinehart- Thompson 2016b, 249).

Which of the following should be considered first when establishing health record retention policies? a. State retention requirements b. Accreditation standards c. AHIMA's retention guidelines d. Federal requirements

a Health record retention policies depend on a number of factors. They must comply with state and federal statutes and regulations. Retention regulations vary by state and possibly by organization type. Health records should be retained for at least the period specified by the state's statute of limitations for malpractice, and other claims must be taken into consideration when determining the length of time to retain records as evidence (Rinehart-Thompson 2016a, 206).

This data set was developed by the National Committee for Quality Assurance to aid consumers with health-related issues with information to compare performance of clinical measures for health plans: a. HEDIS b. UHDDS c. UACDS d. ORYX

a Healthcare Effectiveness Data and Information Set (HEDIS) is overseen by the National Committee for Quality Assurance. HEDIS is a standardized set of performance measures designed to allow purchasers to compare the performance of managed-care plans (Sayles and Trawick 2014, 35).

How do patient care managers use the data documented in the health record? a. Evaluate the performance of employees b. Communicate vital information among departments and across disciplines and settings c. Generate patient bills or third-party payer claims for reimbursement d. Determine the extent and effects of occupational hazards

a It is the role of the patient care managers and support staff to evaluate the performance of employees (Sayles 2016b, 54)

An audit log is an example of: a. Metadata b. Encryption c. Admissibility d. Data integrity

a Metadata are data about data and include information that track actions such as when and by whom a document was accessed or changed, such as in an audit log (Rinehart-Thompson 2016a, 206). 130 Correct0 Wrong0 Unanswered130

Which of the following is true regarding the development of health record destruction policies? a. All applicable laws must be considered b. The organization must find a way not to destroy any health records c. Health records involved in pending or ongoing litigation may be destroyed d. Only state laws must be considered

a Not all information must be kept forever. Just as the HIM professional must consider multiple factors when determining retention, many factors must also be taken into consideration with regard to health record destruction. These include applicable federal and state statutes and regulations; accreditation standards; pending or ongoing litigation; storage capabilities; and cost (Rinehart-Thompson 2016a, 208).

A nurse is responsible for which of the following types of acute-care documentation? a. Medication administration record b. Radiology report c. Operative report d. Therapy assessment

a Nurses maintain chronological records of the patient's vital signs (blood pressure, heart rate, respiration rate, and temperature) and separate logs that show what medications were ordered and when they were administered on the medication administration record (MAR) (Rinehart- Thompson 2016b, 223).

Which of the following is the best definition of system of record (SOR)? a. Authoritative source for data about an entity b. Master entity application c. Exact match logic d. Primary data about an entity

a Once the organization identifies sources, it lists the most trusted ones. Usually these are the sources with the most volume of master data records associated with a specific entity. In some instances, the master data will have their own unique system of record. A system of record is usually a specialized application system and the authoritative source for data about an entity (Johns 2015, 175).

A notation for a diabetic patient in a physician progress note reads: "Occasionally gets hungry. No insulin reactions. She says she is following her diabetic diet." In which part of a problemoriented health record progress note would this be written? a. Subjective b. Objective c. Assessment d. Plan

a Some providers also use a SOAP format for their problem-oriented progress notes. A subjective (S) entry relates significant information in the patient's words or from the patient's point of view (Brickner 2016, 106).

Which of the terms below represents fixed rules that must be followed? a. Standard b. Guidelines c. Forms control program d. Policy

a Standards are fixed rules that must be followed (Sayles 2016b, 66).

The following descriptors about the data element PATIENT_LAST_NAME are included in a data dictionary: definition: legal surname of the patient; field type: numeric; field length: 50; required field: yes; default value: none; input mask: none. Which of the following is true about the definition of this data element? a. The field type should be changed to Character. b. The input mask should be changed from None to Required. c. The field length should be shortened. d. A default value should be Required.

a The data element PATIENT_LAST_NAME must be stored as character data because the data are character-based (Brinda 2016, 141).

To be reliable, statistical data must: a. Have some consistency b. Be applicable to what is being measured c. Be collected from one source only d. Have multiple meanings

a The data used in the statistics must be valid and reliable. Validity answers the question of whether one measured what one intended to measure, and reliability means that there is some consistency of results (Horton 2016a, 3).

Which of the following statements about the directory of patients maintained by a covered entity is true? a. Individuals must be given an opportunity to restrict or deny permission to place information about them in the directory. b. Individuals must provide a written authorization before information about them can be placed in the directory. c. The directory may contain only identifying information such as the patient's name and birth date. d. The directory may contain private information as long as it is kept confidential.

a A patient has the opportunity to agree or disagree with being placed in a patient directory. They must be given the opportunity to determine if they want to be placed in the directory or not, but it does not need to be in writing (Rinehart-Thompson 2016b, 234).

The following descriptors about the data element ADMISSION_DATE are included in a data dictionary: definition: date patient admitted to the hospital; data type: date; field length: 15; required field: yes; default value: none; template: none. For this data element, data integrity would be better assured if: a. The template was defined b. The data type was numeric c. The field was not required d. The field length was longer

a A pattern used in computer-based patient records to capture data in a structured manner is called a template. One benefit of using a template is to ensure data integrity upon data entry (Brinda 2016, 141; Sayles and Gordon 2016, 675).

What format problem is in the following table? Community Hospital Admissions by Sex, 20XX Male 3,546 42.4 Female 4,825 57.6 Total 8,371 100 a. Column headings are missing b. Title of the table is missing c. Column totals are inaccurate d. Variable names are missing

a A table is an orderly arrangement of values that groups data into rows and columns. Almost any type of quantitative information can be organized into tables. Tables are useful for demonstrating patterns and other kinds of relationships. Tables need headings for columns and rows, and they need to be specific and understandable (Watzlaf 2016, 347).

Which of the following is the health record component that addresses the patient's current complaints and symptoms and lists that patient's past medical, personal, and family history? a. Problem list b. Medical history c. Physical examination d. Clinical observation

b A complete medical history documents the patient's current complaints and symptoms and lists his or her past health, personal, and family history. In acute care, the health history is usually the responsibility of the attending physician (Brickner 2016, 90).

When served with a court order directing the release of health records, an individual: a. May ignore it b. Must comply with it c. Must request patient authorization before disclosing the records d. May determine whether or not to comply with it

b A court order is a document issued by a judge that compels a certain action, such as testimony or the production of documents such as health records. If a document requesting the production of health records is determined to be a court order, it must be complied with regardless of the presence or absence of patient authorization (Rinehart-Thompson 2017a, 58-59).

Which specialized type of progress note provides healthcare professionals impressions of patient problems with detailed treatment action steps? a. Flow record b. Vital signs record c. Care plan d. Surgical note

c A care plan is a summary of the patient's problems from the nurse or other professional's perspective with a detailed plan for interventions that may follow the assessment (Brickner 2016, 93).

Which of the following is true about health information retention? a. Retention depends only on accreditation requirements b. Retention periods differ among healthcare facilities c. The operational needs of a healthcare facility cannot be considered d. Retention periods are frequently shorter for health information about minors

b The HIM professional must consider multiple factors when developing health record retention policies that determine how long health records are to be kept. These factors include applicable federal and state statutes and regulations; accreditation standards; operational needs of the organization; and the type of organization, thus retention policies differ among healthcare facilities (Rinehart-Thompson 2016a, 206-207).

Community Hospital discharged 9 patients on April 1. The length of stay for each of the patients was as follows: for patient A, 1 day; for patient B, 5 days; for patient C, 3 days; for patient D, 3 days; for patient E, 8 days; for patient F, 8 days; for patient G, 8 days; for patient H, 9 days; for patient I, 9 days. What was the average length of stay for these nine patients? a. 5 days b. 6 days c. 8 days d. 9 days

b The average length of stay is the mean length of stay of hospital inpatients discharged during a given period of time. Add the total days for each patient (for a total of 54 days) and divide by 9 patients = 6 days (Horton 2016b, 390).

The HIM professional reported to the quality improvement committee at Community Hospital that there were 58 patients with influenza discharged from the hospital in January. Of those, 3 died. What is the case fatality rate for influenza for January? a. 1.60% b. 5.17% c. 0.10% d. 94.8%

b The case fatality rate is the total number of deaths due to a specific illness during a given time period divided by the total number of cases during the same period. (3 ×100) / 58 = 300 / 58 = 5.17% (Horton 2016a, 93).

What is the function of a consultation report? a. Provides a chronological summary of the patient's medical history and illness b. Documents opinions about the patient's condition from the perspective of a physician not previously involved in the patient's care c. Concisely summarizes the patient's treatment and stay in the hospital d. Documents the physician's instructions to other parties involved in providing care to a patient

b The consultation report documents the clinical opinion of a physician other than the primary or attending physician. The consultation is requested by the primary or attending physician. The report is based on the consulting physician's examination of the patient and a review of his or her health record (Brickner 2016, 96).

The attending physician is responsible for which of the following types of acute-care documentation? a. Consultation report b. Discharge summary c. Laboratory report d. Pathology report

b The discharge summary is a concise account of the patient's illness, course of treatment, response to treatment, and condition at the time the patient is discharged (officially released) from the hospital. The summary also includes instructions for follow-up care to be given to the patient or his or her caregiver at the time of discharge. It provides an overview of the entire health encounter. The discharge summary is the responsibility of, and must be signed by, the attending physician (Brickner 2016, 97).

Which type of health record contains information about the means by which the patient arrived at the healthcare setting and documentation of care provided to stabilize the patient? a. Ambulatory care b. Emergency care c. Long-term care d. Rehabilitative care

b The emergency department record is a health record that is generated when a patient visits an emergency department (ED) seeking treatment. Documentation in the emergency department records includes the means by which the patient arrived at the healthcare facility and documentation of care provided to stabilize the patient (Brickner 2016, 100-101).

An RAI/MDS and care plan are found in records of patients in what setting? a. Home healthcare b. Long-term care c. Behavioral healthcare d. Rehabilitative care

b The long-term care health record contains the patient's registration forms, personal property list, RAI/MDS, care plan and discharge or transfer information (Brickner 2016, 102-103).

Which of the following is considered the authoritative key in locating a health record? a. Disease index b. Master patient index c. Patient directory d. Patient registry

b The master patient index (MPI) is the permanent record of all patients treated at a healthcare facility. It is used by the HIM department to look up patient demographics, dates of care, the patient's health record number, and other information (Sayles 2016b, 56-57).

Given the numbers 47, 20, 11, 33, 30, 30, 35, and 50, what is the median? a. 30 b. 31.5 c. 32 d. 35

b The median is the midpoint of a frequency distribution. It is the point at which 50 percent of observations fall above and 50 percent fall below. If an even number of observations is in the frequency distribution, the median is the midpoint between the two middle observations. It is found by averaging the two middle scores, (x + y) / 2. In the example, the median is 31.5: ([30 + 33] / 2) (Watzlaf 2016, 359).

In the relational database shown here, the patient table and the visit table are related by: Patient Table Patient # Patient Last Name Patient First Name Date of Birth 021234 Smith Donna 03/21/1944 022366 Jones William 04/09/1960 034457 Collins Mary 08/21/1977 Visit Table Visit # Date of Visit Practitioner # Patient # 0045678 11/12/2008 456 021234 0045679 11/12/2008 997 021234 0045680 11/12/2008 456 034457 a. Visit number b. Date of visit c. Patient number d. Practitioner number

c Relations are established in a relational database by the primary key of one table becoming a foreign key in another table. In this case, the patient number is the primary key in the patient table and used as the foreign key in the visit table (Johns 2015, 127-128).

The release of information function requires the HIM professional to have knowledge of: a. Clinical coding principles b. Database development c. Federal and state confidentiality laws d. Human resource management

c Release of information (ROI) is the process of providing PHI access to individuals or entities that are deemed to be authorized to either receive or review it. Protecting the security and privacy of patient information is one of a healthcare organization's top priorities, and the HIM department is usually responsible for determining appropriate access to and ROI from patient health records. Knowledge of state and federal confidentiality laws is critical to the ROI function (Rinehart-Thompson 2016b, 243-244).

Data found on sites such as Hospital Compare use aggregated data to describe the experiences of unique types of patients with one or more aspects of their care. This data collection is called: a. Patient-specific b. Aggregated c. Comparative d. Detailed

c Comparative data collection uses aggregate data to describe the experiences of unique types of patients with one or more aspects of their care. Hospital Compare is located on the CMS website and provides aggregate data of hospitals across the country (Shaw and Carter 2015, 428).

Data found on sites such as Hospital Compare use aggregated data to describe the experiences of unique types of patients with one or more aspects of their care. This data collection is called? a. Patient-specific b. Aggregated c. Comparative d. Detailed

c Comparative data uses aggregate data to describe the experiences of unique types of patients with one or more aspects of their care (Shaw and Carter 2015, 428).

A secondary data source includes ________. a. Vital statistics b. The medical record c. The physician's index d. A videotape of a counseling session

c Secondary data sources are data derived from primary sources and may be collected by someone other than the primary user. Secondary data sources are facility specific. The physician index is an example of a secondary data source (Horton 2016a, 5).

What is the biggest threat to the security of healthcare data? a. Natural disasters b. Fires c. Employees d. Equipment malfunctions

c Employees are the biggest threat to the security of healthcare data. Whether it is disgruntled employees destroying computer hardware, snooping employees accessing information without authorization to do so, or employees accessing information for fraudulent purposes, employees are a real threat to data security (Rinehart-Thompson 2016c, 256).

Which of the following is considered a two-factor authentication system? a. User ID with a password b. User ID with voice scan c. Password and swipe card d. Password and PIN

c Strong authentication requires providing information from two of the three different types of authentication information. The three methods are something you know such as a password or PIN; something you have, such as an ATM card, token, swipe card, or smart card; and something you are, such as a biometric fingerprint, voice scan, iris, or retinal scan. An individual who provides something he knows (password) and something he has (swipe card) is called two-factor authentication (Rinehart-Thompson 2016c, 262-263).

Which Joint Commission survey methodology involves an evaluation that follows the hospital experiences of past or current patients? a. Priority focus process review b. Periodic performance review c. Tracer methodology d. Performance improvement

c The Joint Commission uses tracer methodology for on-site surveys. The tracer methodology incorporates the use of the priority focus process (PFP) review, follows the experience of care through the organization's entire healthcare process, and allows the surveyor to identify performance issues (James 2013a, 464).

Which rate is used to compare the number of inpatient deaths to the total number of inpatient deaths and discharges? a. Net hospital death rate b. Fetal/newborn/maternal hospital death rate c. Gross hospital death rate d. Adjusted hospital death rate

c The gross hospital death rate is the proportion of all hospital discharges that ended in death. It is the basic indicator of mortality in a healthcare facility. The gross death rate is calculated by dividing the total number of deaths occurring in a given time period by the total number of discharges, including deaths, for the same time period (Horton 2016b, 392-393).

What type of registry maintains a database on patients injured by an external physical force? a. Implant registry b. Birth defects registry c. Trauma registry d. Transplant registry

c Trauma registries maintain databases on patients with severe traumatic injuries. A traumatic injury is a wound or other injury caused by an external physical force such as an automobile accident, a shooting, a stabbing, or a fall (Sharp 2016, 178).

Susan is completing her required high school community service hours by serving as a volunteer at the local hospital. Relative to the hospital, she is a(n): a. Business associate b. Covered entity c. Employee d. Workforce member

d Covered entities (CEs) are responsible for their workforce, which consists not only of employees but also volunteers, student interns, and trainees. Workforce members are not limited to those who receive wages from the CE (45 CFR 160.103; Rinehart-Thompson 2017c, 210-211).

When all required data elements are included in the health record, the quality characteristic for data ________ is met. a. Security b. Accessibility c. Flexibility d. Comprehensiveness

d Data comprehensiveness means that all the required data elements are included in the health record. In essence, comprehensiveness means that the record is complete. In both paper-based and computer-based systems, having a complete health record is critical to the organization's ability to provide excellent patient care and to meet all regulatory, legal, and reimbursement requirements (Brinda 2016, 158).

Which of the following is not part of data governance? a. Ensuring control and accountability for enterprise data b. Establishing and monitoring data policies c. Assigning data decision rights and accountabilities for data d. Promoting the sale of enterprise data

d Data governance is the enterprise authority that ensures control and accountability for enterprise data through the establishment of decision rights and data policies and standards that are implemented and monitored through a formal structure of assigning roles, responsibilities, and accountabilities. Promoting the sale of data would not be a role of data governance (Johns 2015, 81).

Community Hospital had a total of 3,000 inpatient service days for the month of September. What was the average daily census for the hospital during September? a. 10 patients b. 96.77 patients c. 97 patients d. 100 patients

d The average daily census is the average number of inpatients treated during a given period of time. There are 30 days in September, so 3,000 / 30 = 100 (Horton 2016b, 387).

Community Hospital had 25 inpatient deaths, including newborns, for the month of June. The hospital performed five autopsies for the same period. What was the gross autopsy rate for the hospital for June? a. 0.02% b. 5% c. 20% d. 200%

c The gross autopsy rate is the proportion or percentage of deaths that are followed by the performance of autopsy. In this case, (5 / 25) × 100 = 20% (Horton 2016b, 395-396).

Which of the following individuals would serve as a bridge between information technology and business and clinical areas while managing each key area? a. Data steward b. Systems analyst c. Data scientist d. Systems administrator

a Data stewards serve as the bridge between information technology, and business and clinical areas. They are assigned to manage key data areas and are responsible for tasks such as data definition and information quality activities (Johns 2015, 83).

What are the patient data such as name, age, and address called? a. Demographic data b. Secondary data c. Aggregate data d. Identification data

a Information about a patient is collected during the course of receiving healthcare services. This includes demographic data used to identify an individual (Gordon and Gordon 2016a, 422).

Health departments use the health record to monitor outbreaks of diseases. In this situation what type of use of the health record does this represent? a. Educational b. Public health and research c. Medical review organization d. Patient care

b Public health and research uses data in the health record for many reasons including monitoring disease outbreaks (Sayles 2016b, 53).

A family practitioner in your local physician's clinic saw 150 adults in one week for their annual physical examinations. Sixty-seven received the flu vaccine and three patients received the pneumococcal pneumonia vaccine. What is the rate of the flu vaccine administration for this physician? a. 44.7% b. 67.0% c. 20.0% d. 447%

a A rate is a ratio in which there is a distinct relationship between the numerator and denominator and the denominator often implies a large base population. (67/150) × 100 = 44.66 = 44.7% (Horton 2016a, 23).

Which of the following would be considered a security vulnerability? a. Lack of laptop encryption b. Workforce employees c. Tornado d. Electrical outage

a A security threat is anything that can exploit a security vulnerability. Vulnerability is a weakness or gap in security protection. In this situation the lack of encryption for the laptop would be considered a security vulnerability as the contents could be more easily accessed (Johns 2015, 219).

Which unit of measure is used to indicate the services received by one inpatient in a 24-hour period? a. Inpatient service day b. Volume of services c. Average occupancy charges d. Length of services provided

a A unit of measure that reflects the services received by one inpatient during a 24-hour period is an inpatient service day (IPSD). The number of inpatient service days for a 24-hour period is equal to the daily inpatient census, that is, one service day for each patient treated (Horton 2016b, 386).

To use a data element for aggregation and reporting, that data element must be: a. Abstracted or indexed b. Searched c. Subject to case finding d. Registered

a Abstracting is the process of extracting elements of data from a source document and entering them into an automated system. The purpose of this endeavor is to make those data elements available for later use. After a data element is captured in electronic form, it can be aggregated into a group of data elements to provide information needed by the user (Sayles 2016b, 74).

Which of the following security controls are built into a computer software program? a. Physical safeguards b. Administration safeguards c. Application safeguards d. Media safeguards

c One security strategy is to implement application safeguards. These are controls contained in the application software or computer programs. One common application control is password management. It involves keeping a record of end users' identifications and passwords and then matching the passwords to each end user's privileges (Rinehart-Thompson 2016c, 265).

Placing locks on computer room doors is considered what type of security control? a. Access control b. Workstation control c. Physical safeguard d. Security breach

c Physical safeguards protect physical equipment, media, or facilities. For example, doors leading to the areas that house mainframes and other principal computing equipment should have locks on them (Rinehart-Thompson 2016c, 264).

Which of the following is an example of a physical safeguard that should be provided for in a data security program? a. Using password protection b. Prohibiting the sharing of passwords c. Locking computer rooms d. Annual employee training

c Physical safeguards refer to the physical protection of information resources from physical damage, loss from natural or other disasters, and theft. This includes protection and monitoring of the workplace, computing facilities, and any type of hardware or supporting information system infrastructure such as wiring closets, cables, and telephone and data lines. To protect from intrusion, there should be proper physical separation from the public. Doors, locks, audible alarms, and cameras should be installed to protect particularly sensitive areas such as data centers (Rinehart-Thompson 2016c, 264).

What do the wedges or divisions in a pie graph represent? a. Frequency groups b. Various data c. Percentages d. Classes

c Pie charts are best to use when you want to show each category's percentage of the total. They do not show changes over time. A circle is divided into sections such as wedges or slices. These represent percentages of the total (100 percent) (Horton 2016a, 258).

This type of analytics allows users to prescribe a number of different possible actions: a. Descriptive analytics b. Predictive analytics c. Prescriptive analytics d. Real-time analysis

c Prescriptive analytics is a relatively new field of analytics that allows users to prescribe a number of different possible actions. This type of analytics predicts what will happen, but also provides recommendations that will take advantage of the predictions (Horton 2016a, 325).

The legal term used to describe when a patient has the right to maintain control over certain personal information is referred to as: a. Access b. Confidentiality c. Privacy d. Security

c Privacy is when a patient has the right to maintain control over certain health information (Rinehart-Thompson 2016b, 214).

An individual's right to control access to his or her personal information is known as: a. Security b. Confidentiality c. Privacy d. Access control

c Privacy, confidentiality, and security are related, but distinct, concepts. In the context of healthcare, privacy can be defined as the right of individuals to control access to their personal health information. Confidentiality refers to the expectation that the personal information shared by an individual with a healthcare provider during the course of care will be used only for its intended purpose. Security is the protection of the privacy of individuals and the confidentiality of health records (Johns 2015, 210-211).

A record that fails quantitative analysis is missing the quality criterion of: a. Legibility b. Reliability c. Completeness d. Clarity

c Quantitative analysis is used by health information management professionals as a method to detect whether elements of the patient's health record are missing, or not complete (Sayles and Trawick 2014, 37).

Who owns the health record? a. Patient b. Provider who generated the information c. Insurance company who paid for the care recorded in the record d. No one

b Ownership of the health record has traditionally been granted to the provider who generates the record (Brodnik 2017a, 9).

Patient care managers use the data documented in the health record to: a. Determine the extent and effects of occupational hazards b. Evaluate patterns and trends of patient care c. Generate patient bills and third-party payer claims for reimbursement d. Provide direct patient care

b Patient care managers are responsible for the overall evaluation of services rendered for their particular area of responsibility. To identify patterns and trends, they take details from individual health records and put all the information together in one place (Sayles 2016b, 54).

Which of the following are security safeguards that protect equipment, media, and facilities? a. Administrative controls b. Physical safeguards c. Audit controls d. Role based safeguards

b Physical safeguards protect physical equipment, media, or facilities. For example, doors leading to the areas that house mainframes and other principal computing equipment should have locks on them (Rinehart-Thompson 2016c, 264).

George reviewed the patient record of Mr. Brown and found there was no H&P on the record at seven hours past this patient's admission time. This review process would be an example of: a. Data mining b. Qualitative analysis c. Quantitative analysis d. Data warehousing

c Quantitative analysis is used by health information management technicians as a method to detect whether elements of the patient's health record are missing (Sayles and Trawick 2014, 37).

An outpatient clinic is reviewing the functionality of an EHR it is considering for purchase. Which of the following data sets should the clinic consult to ensure that all the federally recommended data elements for Medicare and Medicaid outpatients are collected by the system? a. DEEDS b. EMEDS c. UACDS d. UHDDS

c The Uniform Ambulatory Care Data Set (UACDS) data characteristics include patient-specific items for outpatient care (Russo 2013a, 295-297).

The advent of the EHR has increased the amount of documentation largely due to: a. Storage capabilities b. Joint Commission requirements c. Ease of entry d. Reporting

c The advent of the electronic health record (EHR) came with improvements as well as challenges related to clinical documentation. Overall, the EHR has increased the amount of documentation based largely on the ease of entry (Hess 2015, 124).

In long-term care, the resident's care plan is based on data collected in the: a. UHDDS b. OASIS-C c. MDS d. HEDIS

c The data collected by the Minimum Data Set (MDS) are used to develop care plans for residents and to document placement at the appropriate level of care. The MDS provides a structured way to organize resident information and develop a resident care plan (James 2013b, 535-537).

Two health information professionals are abstracting data for the same case for a registry. When their work is checked, discrepancies are found. Which data quality component is lacking? a. Completeness b. Validity c. Reliability d. Timeliness

c Reliability refers to the degree to which a selection test produces consistent scores on a test and retest. Reliability is frequently checked by having more than one person abstract data for the same case. The results are then compared to identify any discrepancies (Prater 2016, 573).

David works for an organization that utilizes health record data to prove or disprove the efficacy of a healthcare treatment. What type of organization does David work for? a. Educational b. Policy-making c. Research d. Third-party payer

c Research organizations conduct medical research and include state disease registries such as the cancer registry, research centers, and others who explore diseases and their treatments (Sayles 2016b, 54-55). 133 Correct0 Wrong0 Unanswered133

Which of the following is the goal of the quantitative analysis performed by HIM professionals? a. Ensuring that the health record is legible b. Verifying that health professionals are providing appropriate care c. Identifying deficiencies early so they can be corrected d. Ensuring bills are correct

c Reviewing for deficiencies is an example of quantitative analysis. The goal of quantitative analysis is to make sure there are no missing reports, forms, or required signatures in a patient record. Timely completion of this process ensures a complete health record (Sayles 2016b, 64).

Based on this output table, what is the average coding test score for the beginner coder? Coding Test Score Coder Status Mean N Standard Deviation Advanced 93.0000 3 5.00000 Intermediate 89.5000 2 .70711 Beginner 73.3333 3 6.42910 Total 84.7500 8 10.51190 a. 93 b. 6.4 c. 73 d. 90

c Since the mean is the average and the value next to the "beginner" under coder status is 73.3333, round the value to a whole number and the best answer is 73 (Watzlaf 2016, 359).

Which of the following uniquely identifies each record in a database table? a. Data definition b. Data element c. Foreign key d. Primary key

d Primary keys ensure that each row in a table is unique. A primary key must not change in value. Typically, a primary key is a number that is a one-up counter or a randomly generated number in large databases (Johns 2015, 127-128).

On October 1st, a hurricane hit a small coastal community, which has a community hospital licensed for 50 beds. Hospital staff set up 10 additional beds around the facility and used three labor room beds and two treatment room beds in order to help take care of patients. Which of the following would be the denominator used to determine the percentage of occupancy for October 1st? a. 50 b. 60 c. 63 d. 65

a A bed count, also called an inpatient bed count, is the number of available hospital inpatient beds, both occupied and vacant, on any given day. Temporary beds are not included in the bed count for percentage of occupancy (Horton 2016a, 54).

The statement, "the unique patient identifier must be numeric," is an example of which of the following business rule categories? a. Constraint b. Definition c. Derivation d. Relational

a A constraint is a condition that determines what values an attribute or relationship can or must have which is one of the business rule categories (Johns 2015, 153).

Which of the following administrative safeguards includes policies and procedures for responding to emergencies or failures in systems that contain e-PHI? a. A contingency plan b. Security training c. Workforce security d. Information access management

a A contingency plan is a standard that requires the establishment and implementation of policies and procedures for responding to emergencies or failures in systems that contain e-PHI. It includes a data backup plan, disaster recovery plan, emergency mode of operation plan, testing and revision procedures, and applications and data criticality analysis to prioritize data and determine what must be maintained or restored first in an emergency (Rinehart-Thompson 2016c, 272).

Managing an organization's data and those who enter it is an ongoing challenge requiring active administration and oversight. This can be accomplished by the organization through management of which of the following? a. Data dictionary b. Data warehouse c. Data mapping d. Data set

a A data dictionary is a descriptive list of the data elements to be collected in an information system or database whose purpose is to ensure consistency of terminology (Brinda 2016, 141).

In a database the LAST_NAME column in a table would be considered a: a. Data element b. Record c. Primary key d. Row

a A data element is an individual fact or measurement that is the smallest unique subset of a database (Brinda 2016, 141).

Which of the following data sets would be most useful in developing a grid for identification of components of the legal health record in a hybrid record environment? a. Document name, media type, source system, electronic storage start date, stop printing start date b. Document name, media type c. Document name, medical record number, source system d. Document name, source system

a A definition of what constitutes a record in each hybrid system must be developed. It is also important to regularly update system descriptions to include the location of all care documents so that patient health information remains readily available to users. A matrix that includes the report or document type, media type, source system, electronic storage start date, and stop printing start date should be maintained by the healthcare organization (Russo 2013b, 334-335, 361).

Dr. Jones comes into the HIM department and requests that the HIM director provides a list of his records from the previous year that show a principal diagnosis of myocardial infarction. What would the HIM director use to provide this list? a. A disease index b. A master patient index c. An operative index d. A physician index

a A disease index is a listing in diagnosis code number order for patients discharged from the facility during a particular time period (Sharp 2016, 174).

The admissions director maintains that a notice of privacy practices must be provided to the patient on each admission. How should the HIM director respond? a. Notice of privacy practices is required on the first provision of service. b. Notice of privacy practices is required every time the patient is provided service. c. Notice of privacy practices is only required for inpatient admissions. d. Notice of privacy practices is required on the first inpatient admission but for every outpatient encounter.

a A patient has a right to a notice of privacy practices as defined in the HIPAA Privacy Rule. A healthcare provider has to provide the notice no later than the first service delivery. After that first provision of service, there is no requirement to provide a notice every time a patient receives service (Thomason 2013, 113).

In the community clinic Dr. Simpson, an interventional cardiologist, saw 270 patients last quarter. Of those, he performed stent procedures on 182 patients and angioplasty procedures on 88 patients. What is the proportion of Dr. Simpson's patients who have had stent procedures? a. 0.67 b. 0.45 c. 0.33 d. Unable to determine

a A proportion is a type of ratio in which x is a portion of the whole (x + y ). In a proportion, the numerator is always included in the denominator. 182 / 270 = 0.67 (Horton 2016a, 23).

An individual designated as an inpatient coder may have access to an electronic health record to code the record. Under what access security mechanism is the coder allowed access to the system? a. Role based b. User based c. Context based d. Situation based

a Access to e-PHI can be controlled through the use of the following: user-based access, rolebased access, and context-based access. Role-based access control decisions are based on the roles individual users have as part of an organization. Each user is given various privileges to perform their role or function (Rinehart-Thompson 2016c, 262).

The act of granting approval to a healthcare organization based on whether the organization has met a set of voluntary standards is called: a. Accreditation b. Licensure c. Acceptance d. Approval

a Accreditation is the act of granting approval to a healthcare organization. The approval is based on whether the organization has met a set of voluntary standards that were developed by the accreditation agency. Voluntary reviews are conducted at the request of the healthcare facility seeking accreditation or certification. The Joint Commission is an example of an accreditation agency (Shaw and Carter 2015, 406).

Which of the following is an example of a business associate? a. Contract coder b. Environmental services department c. Hospital security officer d. Employee with access to e-PHI

a Although business associates are not directly regulated by the Privacy Rule, they do come under the Privacy Rule's requirements by virtue of their association with one or more covered entities. Some examples of business associates are contract coder, billing companies, consultants, accounting firms, and the like (Rinehart-Thompson 2017c, 211-212).

Which of the following best represents the definition of the term data? a. Patient's laboratory value is 50. b. Patient's SGOT is higher than 50 and outside of normal limits. c. Patient's resting heartbeat is 70, which is within normal range. d. Patient's laboratory value is consistent with liver disease.

a Although sometimes used interchangeably, the terms data and information do not mean the same thing. Data represent the basic facts about people, processes, measurements, conditions, and so on. They can be collected in the form of dates, numerical measurements and statistics, textual descriptions, checklists, images, and symbols. After data have been collected and analyzed, they are converted into a form that can be used for a specific purpose. This useful form is called information. In other words, data represent facts and information represents meaning (Sayles 2016b, 52).

Physician orders for DNR and DNI should be consistent with: a. Patient's advance directive b. Patient's bill of rights c. Notice of privacy practices d. Authorization for release of information

a An advanced directive is a written document that provides directions about a patient's desires in relation to care decisions for use by health care workers if the patient is incapacitated or not capable of communication. Physician orders for "do not resuscitate" (DNR) and "do not attempt intubation" (DNI) should be consistent with the patient's advanced directives (Russo 2013a, 194, 196).

A tool that identifies when a user logs in and out, what actions he or she takes, and more is called a(n): a. Audit trail b. Facility access control c. Forensic scan d. Security management plan

a An audit trail is a record of system and application activity by users. It can track when an employee has accessed the system, the actions taken, and how long the employee has been logged into a system (Rinehart-Thompson 2016c, 265).

An audit trail may be used to detect which of the following? a. Unauthorized access to a system b. Loss of data c. Presence of a virus d. Successful completion of a backup

a An audit trail is a software program that tracks every single access or attempted access of data in the computer system. It logs the name of the individual who accessed the data, terminal location or IP address, the date and time accessed, the type of data, and the action taken (for example, modifying, reading, or deleting data) (Rinehart-Thompson 2016c, 265).

A hospital HIM department wants to move five years of health records to a remote storage location. The records will be stored in boxes and will be filed on open shelves at the remote location. Which of the following should be done so that record location can be easily identified in the remote storage area? a. Provide a unique identifier for each box and prepare a log of the records that is cross-indexed by box identifier b. Prepare a sequential list of all records sent to remote storage c. Provide a unique box identifier and list the records by health record number on the outside of each box d. File the records in terminal digit order in each box

a An off-site storage company is usually a contracted service that provides long-term storage of health records. For a fee, the company then retrieves and delivers records requested by the healthcare facility's HIM department. For easy record retrieval it would be important to have records labeled. Because the records are filed in boxes, each box needs a unique identifier so it can be located. The records in each box must be identified and cross-indexed to the box in which they are stored (Sayles 2016b, 62).

The HIPAA Security Awareness and Training administrative safeguard requires all of the following addressable implementation programs for an entity's workforce except: a. Disaster recovery plan b. Log-in monitoring c. Password management d. Security reminders

a Another administrative safeguard specification requires that a covered entity implement a security awareness and training program for all members of its workforce. Special protections must be taken to ensure information is not inappropriately released or accessed. These protections include log-in monitoring, password management, and security reminders (Reynolds and Brodnik 2017, 274).

The Medical Staff Executive Committee has requested a report that identifies all medical staff members who have been suspended in the last six months due to delinquent health records. This is an example of what type of report? a. Ad hoc or demand b. Annual report c. Exception d. Periodic scheduled

a As opposed to periodic and exception reports, demand reports, also known as ad hoc reports, are produced as needed, whenever a manager demands or asks for it. Usually, demand reports are produced through report generators or database query languages and are customized by the manager (Johns 2015, 236).

A healthcare provider organization, when defining its legal health record must: a. Assess the legal environment, system limitations, and HIE agreements b. Determine what other healthcare provider organizations are doing c. Determine if a legal health record is needed d. Only include the paper components of the health record

a As part of the process to identify the legal health record, the facility should assess the legal environment, system limitations, and HIE agreements (Brickner 2016, 86-87).

The MPI manager has identified a pattern of duplicate health record numbers from the specimen processing area of the hospital. After spending time merging the patient information and correcting the duplicates in the patient information system, the MPI manager needs to notify which department to correct the source system data? a. Laboratory b. Radiology c. Quality Management d. Registration

a As the HIM department merges two duplicates together, the source system (laboratory) also must be corrected. This creates new challenges for organizations because merge functionality could be different in each system or module, which in turn creates data redundancy. Addressing ongoing errors within the MPI means an established quality measurement and maintenance program is crucial to the future of healthcare (Fahrenholz 2013b, 171).

A coding compliance manager is reviewing a tool that identifies when a user logs in and out, what he or she does, and more. What is the manager reviewing? a. Audit trail b. Facility access control c. Forensics d. Security management plan

a Audit controls are required by HIPAA. One method of monitoring is the use of audit trails. Audit trails are a recording of activities occurring in an information system. Audit trails can monitor system level controls such as login, logout, unsuccessful logins, print, query, and other actions. It also records user-identification information and the date and time of the activity. Audits should be scheduled periodically, but can also be performed when a problem is suspected (Sayles and Trawick 2014, 215).

What type of health records may contain family and caregiver input? a. Behavioral health records b. Ambulatory surgery health records c. Emergency department health records d. Obstetric health record

a Behavioral health records are more commonly referred to as mental health records and contain much of the same content as a non-behavioral health record such as discharge summary, H&P, or physician's orders. Behavioral health records contain a treatment plan that often includes family and caregiver input and information as well as assessments geared toward the transition to outpatient, nonacute treatment (Brickner 2016, 104).

What is the general name for Medicare rules affecting healthcare organizations? a. Conditions of Participation b. Regulations for licensure c. Requirements for service d. Terms of accreditation

a Called the Medicare Conditions of Participation, these rules are set forth by CMS. Facilities that must meet the standards in the Conditions of Participation include hospitals, home health agencies, ambulatory surgical centers, and hospices (Brickner 2016, 84).

Case finding is a method used to: a. Identify patients who have been seen or treated in a facility for a particular disease or condition for inclusion in a registry b. Define which cases are to be included in a registry c. Identify trends and changes in the incidence of disease d. Identify facility-based trends

a Case finding is a method used to identify the patients who have been seen or treated in the facility for the particular disease or condition of interest to the registry. After cases have been identified, extensive information is abstracted from the patients' paper-based health records into the registry database or extracted from other databases and automatically entered into the registry database (Sharp 2016, 176).

Which of the following definitions best describes the concept of confidentiality? a. The expectation that personal information shared by an individual with a healthcare provider during the course of care will be used only for its intended purpose b. The protection of healthcare information from damage, loss, and unauthorized alteration c. The right of individuals to control access to their personal health information d. The expectation that only individuals with the appropriate authority will be allowed to access healthcare information

a Confidentiality refers to the expectation that the personal information shared by an individual with a healthcare provider during the course of care will be used only for its intended purpose (Rinehart-Thompson 2016b, 214).

Bob Smith is a 56-year-old white male. This is an example of what type of data? a. Patient-identifiable b. Primary c. Aggregate d. Secondary

a Data also are categorized as either patient identifiable data, or aggregate data. With patient identifiable data, the patient is identified within the data either by name or number. The health record consists entirely of patient-identified data (Sharp 2016, 173).

Your administrator has asked you to generate a report that gives the number of hypertension patients last year. This is an example of ________. a. Descriptive analytics b. Predictive analytics c. Prescriptive analytics d. Real-time analysis

a Data analytics is the science of examining raw data with the purpose of drawing conclusions about that information. Analytics can be descriptive, predictive, or prescriptive. Descriptive analytics is just the summarization of data (Horton 2016a, 322).

Which of the following Enterprise Information Management (EIM) functions is the overarching authority for managing an organization's data assets? a. Data governance b. Data quality management c. Data security management d. Master data management

a Data governance is the overarching authority that ensures the cohesive operation and integration of all EIM domains. Data governance includes a formal organizational structure with both authority and responsibility for managing an organization's data assets (Johns 2015, 70).

The process of extracting and analyzing large volumes of data from a database for the purpose of identifying hidden and sometimes subtle relationships or patterns and using those relationships to predict behaviors is called: a. Data mining b. Data warehouse c. Data searching d. Big data

a Data mining is the process of extracting and analyzing large volumes of data from a database for the purpose of identifying hidden and sometimes subtle relationships or patterns and using those relationships to predict behaviors (Giannangelo 2016b, 324).

Which of the following is a technique for graphically depicting the structure of a computer database? a. Data model b. Data flow diagram c. Foreign key d. Primary key

a Data models provide a contextual framework and graphical representation that aid in the definition of data elements (Amatayakul 2016, 301).

A hospital's EHR defines the expected values of the gender data element as female, male, and unknown. This type of specificity is known as: a. Data precision b. Data consistency c. Data granularity d. Data comprehensiveness

a Data precision is the term used to describe expected data values. As part of data definition, the acceptable values or value ranges for each data element must be defined. For example, a precise data definition related to gender would include three values: male, female, and unknown (Brinda 2016, 158).

A health data analyst has been asked to abstract patient demographic information into an electronic database. Which of the following would the analyst include in the database? a. Patient date of birth b. Name of attending physician c. Patient room number d. Admitting diagnosis

a Demographics is the study of the statistical characteristics of human populations. In the context of healthcare, demographic information includes the following elements: patient's full name; patient's facility identification or account number; patient's address; patient's telephone number; patient's date and place of birth; patient's gender; patient's race or ethnic origin; patient's marital status; name and address of patient's next of kin; date and time of admission; hospital's name, address, and telephone number (Sayles 2016b, 56-57).

An employee accesses PHI on a computer system that does not relate to her job functions. What security mechanism should have been implemented to minimize this security breach? a. Access controls b. Audit controls c. Contingency controls d. Security incident controls

a Establishing access controls is a fundamental security strategy. Basically, the term access control means being able to identify which employees should have access to what data. The general practice is that employees should have access only to data they need to do their jobs. For example, an admitting clerk and a healthcare provider would not have access to the same kinds of data (Rinehart-Thompson 2016c, 273).

The forms design committee: a. Provides oversight for the development, review, and control of forms and computer screens b. Is responsible for the EHR implementation and maintenance c. Is always a subcommittee of the quality improvement committee d. Is an optional function for the HIM department

a Every healthcare facility should have a clinical forms committee to establish standards for design and to approve new and revised forms. The committee should also have oversight of computer screens and other data capture tools (Sayles 2016b, 66).

Removing health records of patients who have not been treated at the facility for a specific period of time from the storage area is called: a. Purging records b. Assembling records c. Logging records d. Cycling records

a Files of patients who have not been at the facility for a specified period, such as two years, may be purged or removed from the active filing area (Sayles 2016b, 61).

When an individual requests a copy of the PHI or agrees to accept summary or explanatory information, the covered entity may: a. Impose a reasonable cost-based fee b. Not charge the individual c. Impose any fee authorized by state statute d. Charge only for the cost of the paper on which the information is printed

a HIPAA gives individuals the right to request access to their PHI, but the covered entity may require that requests be in writing. HIPAA allows a reasonable cost-based fee when the individual requests a copy of PHI or agrees to accept summary or explanatory information (Rinehart-Thompson 2016b, 225).

Hospital physical documents relating to the delivery of patient care such as health records, x-rays, laboratory reports, and consultation reports are owned: a. By the hospital b. By the patient c. By the attending and consulting physician d. Jointly by the hospital, physician, and patient

a Health records, x-rays, laboratory reports, consultation reports, and other physical documents relating to the delivery of patient care are owned by the healthcare organization (Rinehart-Thompson 2016a, 205).

In healthcare, data sets serve two purposes. The first is to identify data elements to be collected about each patient. The second is to: a. Provide uniform data definitions b. Guide efforts toward computerization c. Determine statistical formulas d. Provide a research database

a Healthcare data sets have two purposes. The first is to identify the data elements that should be collected for each patient. The second is to provide uniform definitions for common terms. The use of uniform definitions ensures that data collected from a variety of healthcare settings will share a standard definition. Standardizing data elements and definitions makes it possible to compare the data collected at different facilities (Brinda 2016, 142).

Certificates, such as those for births and fetal-deaths, are reported by hospitals to the individual state registrars and maintained permanently. State vital statistics registrars then compile the data and report them to which of the following: a. National Center for Health Statistics b. Agency for Healthcare Research and Quality c. Health Services Research d. National Statistics Research

a Healthcare facilities are interested in births and deaths, fetal deaths, and induced terminations of pregnancy; facilities generally are responsible for completing certificates for births, fetal deaths, abortions, and occasionally, deaths. All states have laws that require this data. The certificates are reported to the individual state registrars and maintained permanently. State vital statistics registrars compile the data and report them to the NCHS (Horton 2016a, 4).

What is it called when accrediting bodies, such as the Joint Commission, rather than the government can survey facilities for compliance with the Medicare Conditions of Participation for Hospitals? a. Deemed status b. Licensure c. Subpoena d. Credentialing

a Hospitals accredited through the Joint Commission or another accrediting body may participate in the Medicare program because the accrediting agency has been granted deemed status by the Medicare program. Deemed status means accrediting bodies such as the Joint Commission can survey facilities for compliance with the Medicare Conditions of Participation for Hospitals instead of the government (James 2013a, 447).

In a routine health record quantitative analysis review, it was found that a physician dictated a discharge summary on 1/26/20XX. Because of unexpected complications, however, the patient was discharged two days after the discharge summary was dictated. What would be the best course of action in this case? a. Request that the physician dictate an addendum to the discharge summary b. Have the record analyst note the date discrepancy c. Request that the physician dictate another discharge summary d. File the record as complete because the discharge summary includes all of the pertinent patient information

a If during record analysis, missing or incomplete information is identified, HIM personnel can issue deficiency notification(s) to the appropriate caregiver to assure the completeness of the health record. An addendum is a supplement to a signed report that provides additional health information within the health record. In this type of correction, a previous entry has been made and the addendum provides additional information to address a specific situation or incident (Sayles 2016b, 64-65).

Community Hospital wants to provide transcription services for office notes of the private patients of physicians. All of these physicians have medical staff privileges at the hospital. This will provide an essential service to the physicians as well as provide additional revenue for the hospital. In preparing to launch this service, the HIM director is asked whether a business associate agreement is necessary. Which of the following should the hospital HIM director advise in order to comply with HIPAA regulations? a. Each physician practice should obtain a business associate agreement with the hospital. b. The hospital should obtain a business associate agreement with each physician practice. c. Because the physicians all have medical staff privileges, no business associate agreement is necessary. d. Because the physicians are part of an Organized Health Care Arrangement with the hospital, no business associate agreement is necessary.

a If physicians were to dictate information regarding patients they are treating in the facility, the disclosure of protected health information to the transcriptionists would be considered healthcare operations and, therefore, permitted under the HIPAA Privacy Rule. If physicians, who are separate covered entities, are dictating information on their private patients, however, it would be necessary for physicians to obtain a business associate agreement with the facility. It is permitted by the Privacy Rule for one covered entity to be a business associate of another covered entity (Thomason 2013, 26).

The primary goal of the Hospital Standardization Program, established in 1918 by the American College of Surgeons, was to: a. Establish minimum quality standards for hospitals b. Train physicians and nurses for American hospitals c. Standardize the educational curricula of American medical schools d. Force substandard hospitals to close

a In 1918, the hospital standardization movement was inaugurated by the American College of Surgeons (ACS). The purpose of the Hospital Standardization Program was to raise the standards of surgery by establishing minimum quality standards for hospitals. The ACS realized that one of the most important items in the care of any patient was a complete and accurate report of the care and treatment provided during hospitalization (Sayles 2016a, 4).

The primary purpose of a minimum data set in healthcare is to: a. Recommend common data elements to be collected in health records b. Mandate all data that must be contained in a health record c. Define reportable data for federally funded programs d. Standardize medical vocabulary

a In 1969, a conference on hospital discharge abstract systems was sponsored jointly by NCHS, the National Center for Health Services Research and Development, and Johns Hopkins University. Conference participants recommended that all short-term general hospitals in the United States collect a minimum set of patient-specific data elements. They also recommended that these data elements be included in all databases compiled from hospital discharge abstract systems (Brinda 2016, 142).

Which of the following data sets would be most helpful in developing a hospital trauma data registry? a. DEEDS b. MDS c. OASIS d. UACDS

a In 1997, the Centers for Disease Control and Prevention (CDC), through its National Center for Injury Prevention and Control (NCIPC), published a data set called Data Elements for Emergency Department Systems (DEEDS). The purpose of this data set is to support the uniform collection of data in hospital-based emergency departments and to reduce incompatibilities in emergency department records (Sharp 2016, 178; Giannangelo 2015, 255).

Under the HIPAA Privacy rule, which of the following statements is true? a. An authorization must contain an expiration date or event. b. A consent for use and disclosure of information must be obtained from every patient. c. An authorization must be obtained for uses and disclosures for treatment, payment, and operations. d. A notice of privacy practices must give 10 examples of a use or disclosure for healthcare operations.

a In order for an authorization to be valid, it must contain an expiration date or event that relates to the individual or the purpose of the use or disclosure (Rinehart-Thompson 2016b, 245-246).

Recently, a local professional athlete was admitted to your facility for a procedure. During this patient's hospital stay, access logs may need to be checked daily in order to determine: a. Whether all access by workforce is appropriate b. If the patient is satisfied with their stay c. If it is necessary to order prescriptions for the patient d. Whether the care to the patient meets quality standards

a In order to maintain patient privacy certain audits may need to be completed daily. If a high profile patient is currently in a facility, for example, access logs may need to be checked daily to determine whether all access to this patient's information by workforce is appropriate (Thomason 2013, 173).

Why should the copy and paste function not be used in the electronic health record? a. The content may contain outdated information b. Joint Commission standards prevent this practice c. This feature is never found in the electronic health record d. Medicare has a regulation against this practice

a In the EHR, the user is able to copy and paste free text from one patient or patient encounter to another. This practice is dangerous as inaccurate information can easily be copied and information can be outdated (Sayles 2016b, 69).

Which of the following is an argument against the use of the copy and paste function in the EHR? a. Inability to identify the author b. Inability to print the data out c. The time that it takes to copy and paste the documentation d. The users will not know how to perform the copy and paste function

a In the EHR, the user is able to copy and paste free text from one patient or patient encounter to another. This practice is dangerous as inaccurate information can easily be copied. One of the risks to documentation integrity of using copy functionality includes the inability to identify the author of the documentation (Sayles 2016b, 69).

Information assets are: a. Information considered to add value to an organization b. Data entered into a patient's health record by a provider c. Clearly defined elements required to be documented in the health record d. A list of all data elements added within a record

a Information assets refer to the information collected during day-to-day operations of a healthcare organization that has value within an organization. For example, patient data collected to support patient care is an example of information assets for the organization (Brinda 2016, 155-156).

Which of the following is an institutional user of the health record? a. A third-party payer b. Patient c. Physician d. Employer

a Institutional users of the health record are organizations that need access to health records in order to accomplish their mission. These institutional users include healthcare delivery organizations, third-party payers, medical review organizations, research organizations, educational organizations, accreditation organizations, government licensing agencies, and policy-making bodies (Sayles 2016b, 54-55). 204 Correct0 Wrong0 Unanswered204 Registered Health I

Which events must occur in order to maintain patient identity data integrity? a. The data must be accurately queried b. The data must be accurately analyzed c. The data must be accurately normalized d. The data must be accurately coded

a Maintenance of data integrity is a key aspect of data quality management. When it comes to patient identity and HIE, integrity is of prime importance to linking the patient to the correct information. Three events must occur in order to maintain patient identity data integrity. The data must be accurately collected, entered, and queried (Giannangelo 2016b, 338).

Which of the following statements represents an example of nonmaleficence? a. HITs must ensure that patient-identifiable information is not released to unauthorized parties. b. HITs must apply rules fairly and consistently to every case. c. HITs must ensure that patient-identifiable information is released to the parties who need it to provide services to their patients. d. HITs must ensure that patients themselves, and not other parties, are authorizing access to the patients' individual health information.

a Nonmaleficence would require the HIM professional to ensure that the information is not released to someone who does not have authorization to access it and who might harm the patient if access were permitted (for example, a newspaper seeking information about a famous person) (Gordon and Gordon 2016c, 604).

Which of the following is not an identifier under the Privacy Rule? a. Age 75 b. Vehicle license plate BZ LITYR c. Street address 265 Cherry Valley Road d. Visa account 2773 985 0468

a One of the most fundamental terms in the Privacy Rule is protected health information (PHI), defined by the rule as "individually identifiable health information that is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium" (45 CFR 160.103). To meet the individually identifiable element of PHI, information must meet all three portions of a three-part test. It must either identify the person or provide a reasonable basis to believe the person could be identified from the information given. It must relate to one's past, present, or future physical or mental health condition; the provision of healthcare; or payment for the provision of healthcare. It must be held or transmitted by a covered entity or its business associate (Rinehart-Thompson 2017c, 213).

What types of covered entity health records are subject to the HIPAA privacy regulations? a. Health records in any format b. Only health records in electronic format c. Health records in paper or electronic format d. Only health records in paper format

a One of the most fundamental terms used in the Privacy Rule is protected health information (PHI). The Privacy Rule defines PHI as individually identifiable health information that is transmitted by electronic media, maintained in any electronic medium, or maintained in any other form or medium (Rinehart-Thompson 2016b, 220, 222).

The record custodian typically can testify about which of the following when a party in a legal proceeding is attempting to admit a health record as evidence? a. Identification of the record as the one subpoenaed b. The care provided to the patient c. The qualifications of the treating physician d. Identification of the standard of care used to treat the patient

a Original health records may be required by subpoena to be produced in person and the custodian of records is required to authenticate those records through testimony (Rinehart-Thompson 2016a, 198).

Activities of daily living (ADL) are components of: a. OASIS-C b. UHDDS c. UACDS d. ORYX and RAPs

a Outcomes and Assessment Information Set (OASIS-C) is a standardized data set of more than 30 data elements designed to gather data about Medicare beneficiaries who are receiving services from a home health agency (White 2013, 557-560).

Which of the following is a primary purpose of the health record? a. Document patient care delivery b. Regulation of healthcare facilities c. Aid in education of nurses and physicians d. Assist in process redesign

a Patient care delivery is a primary purpose of the health record. Other primary purposes are patient care management, patient care support processes, financial and other administrative processes, and patient self-management (Sayles 2016b, 52).

Which of the following types of data does not have a natural order? a. Nominal b. Ordinal c. Ratio d. Interval

a Qualitative data are divided into the nominal scale and ordinal scale. Nominal data observations are organized into categories in which there is no recognition of order, and ordinal data are types of data where the values are in ordered categories and the order of the numbers is meaningful, but not the numbers themselves (Horton 2016a, 322-323).

A secretary in the Nursing Office was recently hospitalized with ketoacidosis. She comes to the HIM department and requests to review her health record. Of the options here, what is the best course of action? a. Allow her to review her record after obtaining authorization from her. b. Refer the patient to her physician for the information. c. Tell her to go through her supervisor for the information. d. Tell her that hospital employees cannot access their own medical records.

a Review of records by the patient is permitted after the authorization for use and disclosure is verified. Usually hospital personnel should be present during on-site reviews to assist the requester with the paper record or working with the EHR if necessary. Assistance would not be needed if the people requesting on-site review work for the facility (Rinehart-Thompson 2016b, 225, 244). 130 Correct0 Wrong0 Unanswered130

An electronic health record risk analysis is useful to: a. Identify security threats b. Identify which employees should have access to data c. Establish password controls d. Establish audit controls

a Risk management begins by conducting a risk analysis. Identifying security threats or risks, determining how likely it is that any given threat may occur, and estimating the impact of an untoward event are all parts of a risk assessment (Rinehart-Thompson 2016c, 260-261).

A coding supervisor wants to use a fixed percentage random sample of work output to determine coding quality for each coder. Given the work output for each of the four coders shown here, how many total records will be needed for the audit if a 5 percent random sample is used? Fixed Percentage Random Sample Audit Example Coder Work Output Records for 5% Audit A 500 B 480 C 300 D 360 a. 82 b. 156 c. 820 d. 1,550

a Sampling is the recording of a smaller subset of observations of the characteristic or parameter, making certain, however, that a sufficient number of observations have been made to predict the overall configuration of the data. In this case, 82 records would be a sufficient number to review for coding quality. The calculation is: (500 × 0.05) + (480 × 0.05) + (300 × 0. 05) + (360 × 0.05) = 82 records (Shaw and Carter 2015, 78).

The following data were derived from a comparative discharge database for hip and femur procedures: Comparative Data on Hip and Femur Procedures for Current Year Hospital A Hospital B Hospital C Hospital D Hip procedures 2,300 1,467 2,567 1,100 Femur procedures 988 1,245 1,067 678 a. Aggregate b. Identifiable c. Patient specific d. Primary

a Secondary data are considered aggregate data. Aggregate data include data on groups of people or patients without identifying any particular patient individually. Examples of aggregate data are statistics on the average length of stay (ALOS) for patients discharged within a particular diagnosis-related group (DRG) (Sharp 2016, 173).

Secondary data is used for multiple reasons including: a. Assisting researchers in determining effectiveness of treatments b. Assisting physicians and other healthcare providers in providing patient care c. Billing for services provided to the patient d. Coding diagnoses and procedures treated

a Secondary data is used in research. Data taken from health records and entered into disease-oriented databases can help researchers determine the effectiveness of alternate treatment methods. They also can quickly demonstrate survival rates at different stages of diseases (Sharp 2016, 173).

The Joint Commission and CMS have identified sets of patient care characteristics that they have determined reflect the quality of care an organization can provide for important diagnoses. These sets are called: a. Core measures b. Conditions for coverage c. Case mix d. Cost outliers

a Sets of patient care characteristics that the Joint Commission and CMS have determined to reflect the quality of care an organization can provide for important diagnoses are core measures (Shaw and Carter 2015, 497).

Mary's PHI was breached by her physician office when it was disclosed in error to another patient. Which of the following breach notification statements is correct regarding the physician office's required action? a. It must report the breach to HHS within 60 days after the end of the calendar year in which the breach occurred b. It must report the breach to HHS within 60 days of the breach c. It must notify all local media outlets and HHS immediately d. It is not required to take any action since the breach affected only one person

a Since this breach applies to one patient, it must be reported to HHS within 60 days after the end of the calendar year (Rinehart-Thompson 2016b, 240).

A notation for a hypertensive patient in a physician ambulatory care progress note reads: "Blood pressure adequately controlled." In which part of a problem-oriented health record progress note would this be written? a. Assessment b. Objective c. Plan d. Subjective

a Some providers also use a SOAP format for their problem-oriented progress notes. Professional conclusions reached from evaluation of the subjective or objective information make up the assessment (A) (Brickner 2016, 106).

This private, not-for-profit organization is committed to developing and maintaining practical, customer-focused standards to help organizations measure and improve the quality, value, and outcomes of behavioral health and medical rehabilitation programs. a. Commission on Accreditation of Rehabilitation Facilities b. American Osteopathic Association c. National Committee for Quality Assurance d. The Joint Commission

a The Commission on Accreditation of Rehabilitation Facilities (CARF) is a private, not-for-profit organization committed to developing and maintaining practical, customer-focused standards to help organizations measure and improve the quality, value, and outcomes of behavioral health and medical rehabilitation programs. CARF accreditation is based on an organization's commitment to continually enhance the quality of its services and programs and to focus on customer satisfaction (Shaw and Carter 2015, 408).

A patient requests copies of her medical records in an electronic format. The hospital does not maintain all of the designated records in an electronic format. How should the hospital respond? a. Provide the records in paper format only b. Scan the paper documents so that all records can be sent electronically c. Provide the patient with both paper and electronic copies of the record d. Inform the patient that PHI cannot be sent electronically

a The HIPAA Privacy Rule states that the covered entity must provide individuals with their information in the form that is requested by the individuals, if it is readily producible in the requested format. The covered entity can certainly decide, along with the individual, the easiest and least expensive way to provide the copies they request. Per the request of an individual, a covered entity must provide an electronic copy of any and all health information that the covered entity maintains electronically in a designated record set. If a covered entity does not maintain the entire designated record set electronically, there is not a requirement that the covered entity scan paper documents so the documents can be provided in that format (Thomason 2013, 102).

The link that tracks patient, person, or member activity within healthcare organizations and across patient care settings is known as: a. Master patient index (MPI) b. Audit trail c. Case-mix management d. Electronic document management system (EMDS)

a The MPI is a list or database created or maintained by a healthcare facility to record the name and identification number of every patient and activity that has ever been admitted or treated in the facility (Sayles 2016b, 56).

The HIPAA Privacy Rule requires that covered entities must limit use, access, and disclosure of PHI to only the amount needed to accomplish the intended purpose. What concept is this an example of? a. Minimum necessary b. Notice of privacy practices c. Authorization d. Consent

a The Privacy Rule introduced the standard of minimum necessary to limit the amount of PHI used, disclosed, and requested. This means that healthcare providers and other covered entities must limit uses, disclosures, and requests to only the amount needed to accomplish the intended purpose. For example, for payment purposes, only the minimum amount of information necessary to substantiate a claim for payment should be disclosed (Sharp 2016, 186).

Access to health records based on protected health information within a healthcare facility should be limited to employees who have a: a. Legitimate need for access b. Password c. Report development program d. Signed confidentiality agreement

a The access controls standard requires implementation of technical procedures to control or limit access to health information. The procedures would be executed through some type of software program. This requirement ensures that individuals are given authorization to access only the data they need to perform their respective jobs (Rinehart-Thompson 2016c, 273).

Suppose that five patients stayed in the hospital for a total of 27 days. Which term would be used to describe the result of the calculation 27 divided by 5? a. Average length of stay b. Total length of stay c. Patient length of stay d. Average patient census

a The average length of stay (ALOS) is calculated from the total length of stay (LOS). The total LOS divided by the number of patients discharged is the ALOS (Horton 2016b, 390).

Which of the following is not a component of the data analytics process? a. Software testing b. Dissemination c. Data extraction d. Data preparation

a The components of data analytics are: data extraction, data preparation, descriptive statistics, statistical analyses, dissemination (Kellogg 2016a, 34).

A family practitioner requests the opinion of a physician specialist who reviews the patient's health record and examines the patient. The physician specialist would record findings, impressions, and recommendations in what type of report? a. Consultation b. Medical history c. Physical examination d. Progress notes

a The consultation report documents the clinical opinion of a physician other than the primary or attending physician. The report is based on the consulting physician's examination of the patient and a review of his or her health record (Brickner 2016, 96).

If a patient wants to amend his or her health record, the covered entity may require the individual to: a. Make an amendment request in writing and provide a rationale for the amendment. b. Ask the attending physician for his or her permission to amend their record. c. Require the patient to wait 30 days before their request will be considered and processed. d. Provide a court order requesting the amendment.

a The covered entity may require the individual to make an amendment request in writing and provide a rationale for their amendment request. Such a process must be communicated in advance to the individual (Rinehart-Thompson 2017d, 246-247).

Multiple users entering data may have different definitions or perceptions about what goes into a data field, thereby confounding the data. For example, one department may use the term "PATIENT" while another department my use the term "CLIENT" to define the same entity. Which of the following would be used to provide standardization? a. Data dictionary b. Data mining c. Data model d. Database

a The data dictionary is a central building block that supports communication across business processes. It improves data validity and reliability within, across, and outside the enterprise because it ensures that each piece of data can only mean one thing. For example, the data element "PATIENT" would have the same field length and definition across all applications in the organization (Brinda 2016, 141).

Which of the following is the first step in analyzing data? a. Know your objectives or purpose of the data analysis b. Start with basic types of data analysis and work up to more sophisticated analysis c. Utilize a statistician to analyze the data d. Present your findings to administration

a The first step in analyzing data is to know your objective or the purpose of the data analysis (Watzlaf 2016, 363-364).

Given the information here, which of the following statements is correct? MS DRG MDC Type MS-DRG Title Weight Discharges Geometric Mean Arithmetic Mean 191 04 MED Chronic obstructive pulmonary disease w CC 0.9184 10 3.3 4.0 192 04 MED Chronic obstructive pulmonary disease w/o CC/MCC 0.7234 20 2.7 3.2 193 04 MED Simple pneumonia & pleurisy w MCC 1.3860 10 4.6 5.7 194 04 MED Simple pneumonia & pleurisy w CC 0.9469 20 3.6 4.3 195 04 MED Simple pneumonia & pleurisy w/o CC/MCC 0.7028 10 2.8 3.3 a. In each MS-DRG, the geometric mean is lower than the arithmetic mean. b. In each MS-DRG, the arithmetic mean is lower than the geometric mean. c. The higher the number of patients in each MS-DRG, the greater the geometric mean for that MS-DRG. d. The geometric means are lower in MS-DRGs that are associated with a CC or MCC.

a The geometric mean LOS is defined as the total days of service, excluding any outliers or transfers, divided by the total number of patients. Given the examples, the geometric means are lower than the arithmetic means (Casto and Forrestal 2015, 116).

Which of the following is an example of clinical data? a. Admitting diagnosis b. Date and time of admission c. Insurance information d. Health record number

a The health record generally contains two types of data: clinical and administrative. Clinical data document the patient's health condition, diagnosis, and procedures performed as well as the healthcare treatment provided. Administrative data include demographic and financial information as well as various consents and authorizations related to the provision of care and the handling of confidential patient information (Brickner 2016, 90).

A record is considered a primary data source when it: a. Contains data about a patient and has been documented by the professionals who provided care to the patient b. Contains data abstracted from a patient record c. Includes data stored in a computer system d. Contains data that are entered into a disease-oriented database

a The health record is considered a primary data source because it contains data about a patient that has been documented by the professionals who provided care or services to that patient. Data taken from the primary health record and entered into registries and databases are considered a secondary data source (Sharp 2016, 172).

Identify where the following documentation would be found in the acute-care record: "CBC: WBC 12.0, RBC 4.65, HGB 14.8, HCT 43.3, MCV 93." a. Laboratory report b. Pathology report c. Physical examination d. Physician orders

a The results of all diagnostic and therapeutic procedures become part of the patient's health record. The laboratory report includes tests performed on blood, urine, and other samples from the patient (Brickner 2016, 94).

As the corporate director of HIM services and enterprise privacy officer, you are asked to review a patient's health record in preparation for a legal proceeding for a malpractice case. The lawsuit was brought by the patient 72 days after the procedure. Health information contains a summary of two procedures that were dictated 95 days after the procedure. The physician in question has a longstanding history of being lackadaisical with record completion practices. Previous concerns regarding this physician's record maintenance practices had been reported to the facility's Credentialing Committee. Is this information admissible in court? a. This information could be rejected because the physician dictated the procedure note after the malpractice suit was filed. b. This information will be admissible in court because it is part of the patient's health record. c. This information could be rejected because it is not relevant to the malpractice case. d. This information will be rejected because the patient did not authorize its release.

a The health record may be valuable evidence in a legal proceeding. To be admissible, the court must be confident that the record is: complete, accurate, and timely (recorded at the time the event occurred); was documented in the normal course of business; and was made by healthcare providers who have knowledge of the "acts, events, conditions, opinions, or diagnoses appearing in it" (Klaver 2017a, 78-79).

The patient registration department assists the HIM department in what way? a. Assigning the health record number b. Processing the healthcare claim c. Implementing the information systems used by the HIM department d. Maintaining the information systems used by the HIM department

a The health record typically begins in patient registration with the capture of patient demographic information. The health record is assigned to new patients during the patient registration process. The HIM department works with patient registration to ensure the quality of the data collected and to correct duplicate and other issues with the MPI (Sayles 2016b, 74).

In this experimental study, blood pressure is taken before and after an experimental medication is used as the intervention in a sample of participants that were previously unable to control their blood pressure with other medications. In this example, the independent variable is the ________ and the dependent variable is the________. a. Experimental medication; blood pressure b. Blood pressure; experimental medication c. Blood pressure; heart disease d. Experimental medication; heart disease

a The independent variable in this example is the intervention used (medication) and the dependent variable is the disease that is being assessed (blood pressure) (Watzlaf 2016, 366).

The legal health record (LHR) is a(n): a. Defined subset of all patient-specific data created or accumulated by a healthcare provider that may be released to third parties in response to a legally permissible request for patient information b. Entire set of information created or accumulated by a healthcare provider that may be released to third parties in response to a legally permissible request for patient information c. Set of patient-specific data created or accumulated by a healthcare provider that is defined to be legal by the local, state, or federal authorities d. Set of patient-specific data that is defined to be legal by state or federal statute and that is legally permissible to provide in response to requests for patient information

a The legal health record is a defined subset of all patient-specific data. The legal health record is the record that will be disclosed upon request by third parties. It includes documentation about health services provided and stored on any media (Rinehart-Thompson 2016a, 206).

How long should the MPI be retained? a. Permanently b. 25 years c. 50 years d. 10 years

a The master patient index (MPI) is the permanent record of all patients treated at a healthcare facility. It is used by the HIM department to look up patient demographics, dates of care, the patient's health record number, and other information (Sayles 2016b, 56-57).

Given the numbers 47, 20, 11, 33, 30, 30, 35, and 50, what is the mode? a. 30 b. 32 c. 32.5 d. 35

a The mode is the simplest measure of central tendency. It is used to indicate the most frequent observation in a frequency distribution. The most frequent observation is 30 (Watzlaf 2016, 359).

If an employee produces 2,080 hours of work in the course of one year, how many employees will be required for the coding area if the coding time on average for one record is 30 minutes and there are 12,500 records that must be coded each year? a. 3 b. 6 c. 36 d. 69

a The number of records per FTE is 2 (number of records per hour) × 2,080 = 4,160. Therefore, three employees per year are required: 12,500 / 4,160 = 3.0 (Prater 2016, 585).

Which of the following contains the physician's findings based on an examination of the patient? a. Physical exam b. Discharge summary c. Medical history d. Patient instructions

a The physical examination report represents the attending physician's assessment of the patient's current health status. This report should document data on all the patient's major organ systems (Brickner 2016, 91-92).

The use of the health record by a clinician to facilitate quality patient care is considered: a. A primary purpose of the health record b. Patient care support c. A secondary purpose of the health record d. Patient care effectiveness

a The primary purposes of the health record are related to providing care to the patient. Patient care includes the direct care provided and the day-to-day business of the organization (Sayles 2016a, 52).

The Information Services Department has requested information about the electronic signature system being used in your facility. They would like to know the locations where physicians are accessing the system. Review the information in the table below. What is the percentage of physicians not using the electronic signature system? Community Hospital Electronic Signature System 500 Physicians on Staff; 489 Using the System Site No. of Physicians Using the System at This Site % of Physicians Using the System at This Site Medicine, 2 West 54 11.04% Medicine, 2 East 62 12.68% Pediatrics, 3 West 42 8.59% Obstetrics, 1 West 12 2.45% Physician's lounge 87 17.79% HIM department 65 13.29% Personal mobile device 92 18.81% Physician home 75 15.34% a. 2.2% b. 2.45% c. 18.81% d. 99.99%

a The ratio of a part to the whole is often expressed as a percentage. Percentages are a useful way to make fair comparisons. The percentage of physicians not using the system is 2.2%. (11 physicians not using the system × 100) / 500 = 1,100 / 500 = 2.2% (Horton 2016a, 18).

Patient name, zip code, and health record number are typical: a. Data elements b. Data sources c. Aggregate data d. Data monitors

a The types of data elements that are abstracted, or defined as indexed fields in an automated system, vary from facility to facility. Generally, however, any data elements that are needed for selecting cases for reports must be abstracted or indexed. Some of the typical data fields that can be searched for the purpose of finding and reporting include: patient name, zip code, health record number, patient account number, attending physician, and the like (Brinda 2016, 141).

A health data analyst has been asked to compile a listing of daily blood pressure readings for patients with a diagnosis of hypertension who were treated on the medical unit within a two-week period. What clinical report would be the best source to gather this information? a. Vital signs record b. Initial nursing assessment record c. Physician progress notes d. Admission record

a The vital signs record is comprised of blood pressure readings, temperature, respiration, and pulse, making it the best source to gather this type of information (Brickner 2016, 94).

Which of the following is necessary to ensure that each term used in an EHR has a common meaning to all users? a. Controlled vocabulary b. Data exchange standards c. Encoded vocabulary d. Proprietary standards

a The vocabulary used in an electronic health record (EHR) system should, at a minimum, be a controlled vocabulary, which is essential in ensuring a common meaning for all users. A controlled vocabulary means that a specific set of terms in the EHR's data dictionary may be used and that a central authority approves any additions or changes (Sayles 2016a, 4-7).

Erin is an HIM professional. She is teaching a class to clinicians about proper documentation in the health record. Which of the following is an example of improper teaching? a. Obliterating or deleting errors b. Leaving existing entries intact c. Labeling late entries as being late d. Ensuring the legal signature of an individual making a correction accompanies the correction

a To correct errors or make changes in the paper health record, a single line should be drawn in ink through the incorrect entry. The word error should be printed at the top of the entry along with a legal signature or initials, date, time, and discipline of the person making the change. The existing entry should be left intact and corrections should be entered in chronological order. Late entries should be labeled as such. Error correction in EHR is particularly important because courts have historically viewed their integrity as suspect (Sayles 2016b, 65).

Within the context of the inpatient prospective payment system, how is the case-mix index calculated? a. The sum of all relative weights divided by the total number of discharges b. The total number of inpatient service days divided by the total number of discharges c. The sum of all MDCs divided by the total number of discharges d. The total number of inpatient beds divided by the total number of discharges

a To determine the case-mix index, take the sum of all relative weights and divide by the total number of discharges. The formula for computing case-mix is: The sum of the weights of MS-DRGs for patients discharged during a given period divided by the total number of patients discharged (Horton 2016a, 204).

An employee views a patient's electronic health record. It is a trigger event if: a. The employee and patient have the same last name b. The patient was admitted through the emergency room c. The patient is over 89 years old d. A dietitian views a patient's nutrition care plan

a With appropriate policies and procedures in place, it is the responsibility of the organization and its managers, directors, CSO, and employees with audit responsibilities to review access logs, audit trails, failed logins, and other reports. One type of event that would be a trigger event would include employees viewing records of patients with the same last name or address of the employee (Rinehart-Thompson 2016c, 275).

Within the context of electronic health records, protecting data privacy means defending or safeguarding: a. Access to information b. Data availability c. Health record quality d. System implementation

a Within the context of data security, protecting data privacy means safeguarding access to information. Only those individuals who need to know information should be authorized to access it (Johns 2015, 210-211).

The HIM director is having difficulty with the emergency services on-call physicians completing their health records. Three deficiency notices are sent to the physicians including an initial notice, a second reminder, and a final notification. Which of the following would be the best first step in trying to rectify the current situation? a. Call the Joint Commission b. Consult with the physician in charge of the on-call doctors for suggestions on how to improve response to the current notices c. Post the hospital policy in the emergency department d. Routinely send out a fourth notice

b A coding manager or physician champion should present documentation issues to educate the medical staff. General areas of concern regarding documentation should be included (Brickner 2016, 88-89; Hess 2015, 122).

Which of the following represents documentation of the patient's current and past health status? a. Physical exam b. Medical history c. Physician orders d. Patient consent

b A complete medical history documents the patient's current complaints and symptoms and lists his or her past health, personal, and family history. In acute care, the health history is usually the responsibility of the attending physician (Brickner 2016, 90).

Which of the following is not a characteristic of the common healthcare data sets such as UHDDS and UACDS? a. They define minimum data elements to be collected. b. They provide a complete and exhaustive list of data elements that must be collected. c. They provide a framework for data collection to which an individual facility can add data items. d. The federal government recommends, but does not mandate, implementation of most of the data sets.

b A data set is a list of recommended data elements with uniform definitions that are relevant for a particular use. The contents of data sets vary by their purpose. However, data sets are not meant to limit the number of data elements that can be collected. Most healthcare organizations collect additional data elements that have meaning for their specific administrative and clinical operations. Standardizing data elements and definitions makes it possible to compare the data collected at different facilities. A number of data reporting requirements come from federal initiatives (Brinda 2016, 142).

Which autopsy rate compares the number of autopsies performed on hospital inpatients to the total number of inpatient deaths for the same period of time? a. Net b. Gross c. Hospital d. Average

b A gross autopsy rate is the proportion or percentage of deaths that are followed by the performance of autopsy (Horton 2016b, 395-396).

Community Hospital has compared its admission-type patient-profile data for two consecutive years. From a performance improvement standpoint, which admission types should the hospital examine for possible changes in capacity handling? a. Elective b. Emergency c. Newborn d. Urgent

b A pie chart is used to show the relationship of each part to the whole, in other words, how each part contributes to the total product or process. The 360 degrees of the circle, or pie, represent the total, or 100 percent. The pie is divided into "slices" proportionate to each component's percentage of the whole. Review of the pie chart shows that the emergency department has had significant patient growth over the five-year period. By using this patient profile data for performance improvement, the hospital should examine capacity changes for this department (Shaw and Carter 2015, 91).

At Community Hospital, each full-time employee is required to work 2,080 hours annually. The table below shows the amount of time that five employees were absent from work over the past year. Community Hospital Health Information Management Department Coding Section Absentee Report Annual Statistics, 20XX Employee Name Vacation Hours Used Sick Leave Hours Used A 40 6 B 22 16 C 36 8 D 80 32 E 16 40 a. 0.29% b. 0.98% c. 1.29% d. 1.54%

b A rate is a ratio in which there is a distinct relationship between the numerator and denominator and the denominator often implies a large base population. Add each employee's sick leave hours together to get a total of 102. Multiplying 2,080 (full time equivalent) by 5 (number of employees) equals 10,400. Take the total sick leave hours (102) and multiply by 100, then divide it by the total hours for the 5 full time employees (10,400). Calculations: (6 + 16 + 8 + 32 + 40) = 102 hours total sick leave time; (2,080 × 5) = 10,400 total hours for the 5 coders; (102 × 100) / 10,400 = 10,200 / 10,400 = 0.98% total sick leave rate (Horton 2016a, 23).

A healthcare system wants to map ICD-10-CM to ICD-9-CM. Which of the following would be true about this effort? a. ICD-10-CM would be considered the target system b. This is an example of reverse mapping c. This is an example of forward mapping d. This is an example of bidirectional mapping

b A reverse map links two systems in the opposite direction, from the newer version of a code set to an older version (Johns 2015, 285).

HIM departments may be the hub of identifying, mitigating, and correcting MPI errors, but that information often is not shared with other departments within the healthcare organization. After identifying procedural problems that contribute to the creation of the MPI errors, which department should the MPI manager work with to correct these procedural problems? a. Administration b. Registration c. Risk Management d. Radiology and Laboratory

b A review of the identified duplicates and overlays often reveals procedural problems that contribute to the creation of errors. Although health information management (HIM) departments may be the hub of identifying, mitigating, and correcting master patient index (MPI) errors, that information may never be shared with the registration department. If the registration staff is not aware of the errors, how can they begin to proactively prevent the errors from occurring in the first place? Registration process improvement activities can eventually reduce work for HIM departments. In addition, monitoring new duplicates is a critical process, and tracking reports should be created and implemented. Identifying and reporting MPI errors is important; however, tracking who made the error and why will decrease the number of duplicates (Fahrenholz 2013b, 171).

Which tool is used to display performance data over time? a. Status process control chart b. Run chart c. Benchmark d. Time ladder

b A run chart displays data points over a period of time to provide information about performance. The measured points of a process are plotted on a graph at regular time intervals to help team members see whether there are substantial changes in the numbers over time (Carter and Palmer 2016, 509-510).

The coding department at Community Physician's Clinic developed the following report for the denials committee at the clinic. The billing report shows the following information. How many hours will it take to reconcile these denials if each denial takes 1.5 hours to review and resubmit the bill? Community Physician's Clinic Coding Department Denials - October, 20XX Payment Source Number of Claims Sent Number of Denials Percentage of Denials Medicare 460 43 9.35% Medicaid 345 35 10.14% Tricare/Military 182 14 7.69% Commercial payers 1307 83 6.35% Worker's Compensation 6 1 16.17% Total 2300 176 7.65% a. 11.46 hours b. 264 hours c. 3450 hours d. Unable to determine

b A table is an orderly arrangement of values that groups data into rows and columns. Almost any type of quantitative information can be grouped into tables. Columns allow you to read data up and down, and rows allow you to read data across. The columns and rows should be labeled. In order to determine the amount of time it will take to reconcile all of the denials the number of denials is multiplied by the amount of time it takes to complete each denial (1.5 hours). 1.5 hours × 176 denials = 264 hours (Horton 2016a, 249-250).

Community Hospital had 250 patients in the hospital at midnight on May 1. The hospital admitted 30 patients on May 2. The hospital discharged 40 patients, including deaths, on May 2. Two patients were both admitted and discharged on May 2. What was the total number of inpatient service days for May 2? a. 240 b. 242 c. 280 d. 320

b A unit of measure that reflects the services received by one inpatient during a 24-hour period is called an inpatient service day. The number of inpatient service days for a 24-hour period is equal to the daily inpatient census—that is, one service day for each patient treated. The calculation is: [(250 + 30) − 40] + 2 = 242 (Horton 2016b, 386).

Which of the following are policies and procedures required by HIPAA that address the management of computer resources and security? a. Access controls b. Administrative safeguards c. Audit safeguards d. Role-based controls

b Administrative safeguards include policies and procedures that address the management of computer resources. For example, one such policy might direct users to log off the computer system when they are not using it or employ automatic logoffs after a period of inactivity (Rinehart-Thompson 2016c, 264-265).

You are the director of HIM at Community Hospital. A physician has asked for the total number of appendectomies that he performed at your hospital last year. What type of data will you provide the physician with? a. Patient-specific data b. Aggregate data c. Operating room data d. Nothing—you cannot obtain this data after the fact

b Aggregate data is data extracted from individual health records and combined to form deidentified information about groups of patients that can be compared and analyzed (Sayles 2016b, 53).

Which of the following statements is not true about a business associate agreement? a. It prohibits the business associate from using or disclosing PHI for any purpose other than that described in the contract with the covered entity. b. It allows the business associate to maintain PHI indefinitely. c. It prohibits the business associate from using or disclosing PHI in any way that would violate the HIPAA Privacy Rule. d. It requires the business associate to make available all of its books and records relating to PHI use and disclosure to the Department of Health and Human Services or its agents.

b Agreements between the covered entity and a business associate include: requiring the business associate to make available all of its books and records relating to protected health information (PHI) use and disclosure to the Department of Health and Human Services or its agent; prohibiting the business associate from using or disclosing PHI in any way that would violate the HIPAA Privacy Rule; and prohibiting the business associate from using or disclosing PHI for any purpose other than that described in the contract with the covered entity; and other agreements. But, it does not allow the business associate to maintain PHI indefinitely (Rinehart- Thompson 2016b, 220-222).

To ensure relevancy, an organization's security policies and procedures should be reviewed at least: a. Once every six months b. Once a year c. Every two years d. Every five years

b All data security policies and procedures should be reviewed and evaluated annually to make sure they are up-to-date and still relevant to the organization (Rinehart-Thompson 2016c, 264).

Which of the following is true regarding the reporting of communicable diseases? a. They must be reported by the patient to the health department. b. The diseases to be reported are established by state law. c. The diseases to be reported are established by HIPAA. d. They are never reported because it would violate the patient's privacy.

b All states have a health department with a division that is required to track and record communicable diseases. When a patient is diagnosed with one of the diseases from the health department's communicable disease list, the facility must notify the state public health department (Shaw and Carter 2015, 189).

Jeremy Lykins was required to undergo a physical exam prior to becoming employed by San Fernando Hospital. Jeremy's medical information is: a. Protected by the Privacy Rule because it is individually identifiable b. Not protected by the Privacy Rule because it is part of a personnel record c. Protected by the Privacy Rule because it contains his physical exam results d. Protected by the Privacy Rule because it is in the custody of a covered entity

b Although a person or organization may, by definition, be subject to the Privacy Rule by virtue of the type of organization it is, not all information that it holds or comes into contact with is protected by the Privacy Rule. For example, the Privacy Rule has specifically excluded from its scope employment records held by the covered entity in its role as employer (45 CFR 160.103). Under this exclusion, employee physical examination reports contained within personnel files are specifically exempted from this rule (Rinehart-Thompson 2017c, 215).

Which rate describes the probability or risk of illness in a population over a period of time? a. Mortality b. Incidence c. Morbidity d. Prevalence

b An incidence rate is used to compare the frequency of disease in different populations. Populations are compared using rates instead of raw numbers because rates adjust for differences in population size. The incidence rate is the probability or risk of illness in a population over a period of time (Horton 2016b, 413).

Two patients' records were filed together by mistake. This is an example of: a. Overlap b. Overlay c. Duplicate d. Purge

b Another problem with the question of the quality of the MPI is an overlay, where a patient is erroneously assigned another person's health record number. When this happens, patient information from both patients becomes commingled and care providers may make medical decisions based on erroneous information, increasing the legal risks to the healthcare organization and quality of care risks to the patient as well (Sayles 2016b, 58).

What is the term used most often to describe the individual within an organization who is responsible for protecting health information in conjunction with the court system? a. Administrator of records b. Custodian of records c. Director of records d. Supervisor of records

b Associated with ownership of health records is the legal concept of the custodian of records. The custodian of health records is the individual who has been designated as having responsibility for the care, custody, control, and proper safekeeping and disclosure of health records (Brodnik 2017a, 9).

Burning, shredding, pulping, and pulverizing are all acceptable methods in which process? a. Deidentification of electronic documents b. Destruction of paper-based health records c. Deidentification of records stored on microfilm d. Destruction of computer-based health records

b Because of cost and space limitations, permanently storing paper and microfilm-based health record documents is not an option for most hospitals. Acceptable destruction methods for paper documents include burning, shredding, pulping, and pulverizing (Fahrenholz 2013a, 111).

Which of the following ethical principles is being followed when a health information management professional ensures that patient information is only released to those who have a legal right to access it? a. Autonomy b. Beneficence c. Justice d. Nonmaleficence

b Beneficence would require the HIM professional to ensure that the information is released only to individuals who need it to do something that will benefit the patient (for example, to an insurance company for payment of a claim) (Gordon and Gordon 2016c, 604).

Cancer registries are maintained by hospitals: a. By federal law or state law b. Voluntarily or by state law c. Voluntarily or by federal law d. By mandate from the American College of Surgeons

b Cancer registries are typically maintained by hospitals on a voluntary basis or as mandated by state law. Many states require that hospitals report their data to a central state-wide registry or incidence surveillance program who in turn reports the data to the Centers for Disease Control (CDC) (Sharp 2016, 175-177).

Review of disease indexes, pathology reports, and radiation therapy reports are parts of which function in the cancer registry? a. Case definition b. Case finding c. Follow-up d. Reporting

b Cancer registries were developed as an organized method to collect these data. Case finding is a method used to identify the patients who have been seen or treated in the facility for the particular disease or condition of interest to the registry. After cases have been identified, extensive information is abstracted from the patients' paper-based health records into the registry database or extracted from other databases and automatically entered into the registry database (Sharp 2016, 176).

Which of the following is considered a clinical documentation best practice? a. Allowing clinicians to backdate physician orders b. Restricting use of abbreviations to a list approved by hospital and medical staff bylaws, rules, and regulations c. Allowing clinicians to delete documentation errors in an electronic record d. Prohibiting all verbal orders

b Clinical documentation best practices establish policies and guidelines that ensure uniformity of both content and format of the patient record. One example of a clinical documentation best practice would be to stipulate abbreviations and symbols in the patient record to be permitted only when approved according to hospital and medical staff bylaws, rules, and regulations (Johns 2015, 13).

What is the legal term used to define the protection of health information in a patient-provider relationship? a. Access b. Confidentiality c. Privacy d. Security

b Confidentiality, as recognized by law and professional codes of ethics, stems from a relationship such as physician and patient, and pertains to the information resulting from that relationship. Privileged communication is a legal concept designed to protect the confidentiality between two parties (Brodnik 2017a, 7-8).

At admission, Mrs. Smith's date of birth is recorded as 3/25/1948. An audit of the EHR discovers that the numbers in the date of birth are transposed in reports. This situation reflects a problem in: a. Data comprehensiveness b. Data consistency c. Data currency d. Data granularity

b Consistency means ensuring the patient data is reliable and the same across the entire patient encounter. In other words, patient data within the record should be the same and should not contradict other data also in the patient record (Brinda 2016, 158).

Which of the following would be part of the release of information system? a. Letter asking for additional information on a patient previously treated at the hospital b. Letter notifying the individual that the authorization was invalid c. Letter notifying the physician that he has delinquent health records d. Letter asking the physician to clarify primary diagnosis

b Customized letters are critical to the ROI system. Customized letters and forms may be used to communicate with the requestor for many purposes including a letter notifying the individual making a request that the authorization is invalid (Sayles and Trawick 2014, 114).

Which of the following best describes data accessibility? a. Data are correct. b. Data are easy to obtain. c. Data include all required elements. d. Data are reliable.

b Data accessibility means that the data are easily obtainable. Any organization that maintains health records for individual patients must have systems in place that identify each patient and support efficient access to information on each patient. Authorized users of the health record must be able to access information easily when and where they need it (Brinda 2016, 158).

Mrs. Smith's admitting data indicates that her birth date is March 21, 1948. On the discharge summary, Mrs. Smith's birth date is recorded as July 21, 1948. Which quality element is missing from Mrs. Smith's health record? a. Data completeness b. Data consistency c. Data accessibility d. Data comprehensiveness

b Data consistency means that the data are reliable. Reliable data do not change no matter how many times or in how many ways they are stored, processed, or displayed. Data values are consistent when the value of any given data element is the same across applications and systems. Related data items also should be reliable (Rinehart-Thompson 2016c, 268).

Which of the following documentation must be included in a patient's health record prior to performing a surgical procedure? a. Consent for operative procedure, anesthesia report, surgical report b. Consent for operative procedure, history, physical examination c. History, physical examination, anesthesia report d. Problem list, history, physical examination

b Documentation of health history, consents, and the physical examination must be available in the patient's record before any surgical procedures may be performed (Russo 2013a, 203-207).

A new HIM director has been asked by the hospital CIO to ensure data content standards are identified, understood, implemented, and managed for the hospital's planned EHR system. Which of the following should be the HIM director's first step in carrying out this responsibility? a. Call the EHR vendor and ask to review the system's data dictionary b. Identify data content requirements for all areas of the organization c. Schedule a meeting with all department directors to get their input d. Contact CMS to determine what data sets are required to be collected

b Data content standards allow organizations to collect data once and use it many times in many ways. They also assist in data storage and mining as well as sharing data with external organizations for use in benchmarking and other purposes. The HIM director should identify data content requirements for all areas of the organization to ensure the data content standards are met (Sayles and Trawick 2014, 170).

An audit of a hospital's electronic health system shows that diagnostic codes are not being reported at the correct level of detail. This indicates a problem with data: a. Consistency b. Granularity c. Comprehensiveness d. Relevancy

b Data granularity requires that the attributes and values of data be defined at the correct level of detail for the intended use of the data (Brinda 2016, 158).

Which of the following refers to guarding against improper information modification or destruction? a. Confidentiality b. Integrity c. Privacy d. Security

b Data integrity means that data should be complete, accurate, consistent, and up-to-date. With respect to data security, organizations must put protections in place so that no one may alter or dispose of data in a manner inconsistent with acceptable business and legal rules (Johns 2015, 211).

When a user keys in 10101963, the computer displays it as 10/10/1963. What enables this? a. Toolkit b. Input mask c. Check box d. Radio button

b Data is collected in a number of ways. The information system should have measures in place to control the data entered into the EHR. In this example, the birth date of 10101963 is displayed in the computer as 10/10/1963 because an input mask was used in the information system to show the format in which the data will be displayed (Sayles 2016b, 70).p

When data has been lost in an EHR, which action is taken to remedy this problem? a. Build a firewall b. Data recovery c. Review the audit trail d. Develop data integrity plan

b Data recovery is the process of recouping lost data or reconciling conflicting data after the system fails. These data may be from events that occurred while the system was down or from backed-up data (Sayles and Trawick 2014, 213).

The protection measures and tools for safeguarding information and information systems is a definition of: a. Confidentiality b. Data security c. Informational privacy d. Informational access control

b Data security can be defined as the protection measures and tools for safeguarding information and information systems (Rinehart-Thompson 2016c, 254).

The three elements of a security program are ensuring data availability, protection, and: a. Suitability b. Integrity c. Flexibility d. Robustness

b Data security embodies three basic concepts: protecting the privacy of data, ensuring the integrity of data, ensuring the availability of data (Rinehart-Thompson 2016c, 254).

The evaluation of data collected based on business needs and strategy is part of ________. a. Data ownership b. Data stewardship c. Data quality d. Data modeling

b Data stewardship is the evaluation of the data collection based on business need and strategy to ensure the data meets the requirements of patient care and organizational needs. Data stewardship and data ownership are closely connected (Brinda 2016, 151-152).

Which of the following would be considered a derivation business rule? a. Upon admission a patient must be assigned to a clinical service b. The average length of stay is the sum of inpatient days for a period divided by the number of discharges for a period c. Date of Birth must be documented as DD/MM/YYYY d. The hospital census is taken at midnight each day

b Derivation is an attribute that is derived through a mathematical calculation of inference from other attributes or systems variables (Johns 2015, 153).

A dietary department donated its old microcomputer to a school. Some old patient data were still on the computer. What controls would have minimized this security breach? a. Access controls b. Device and media controls c. Facility access controls d. Workstation controls

b Device and media controls require the facility to specify proper use of electronic media and devices (external drives, backup devices, etc.). Included in this requirement are controls and procedures regarding the receipt and removal of electronic media that contain protected health information and the movement of such data within the facility. The entity must also address procedures for the transfer, removal, or disposal, including reuse or redeployment, of electronic media (Rinehart-Thompson 2016c, 273).

The HIM department is planning to scan paper-based components of the medical record such as consent forms and lab orders from physician offices. Which of the following methods would be best to help HIM professionals monitor the completeness of health records during a patient's hospitalization? a. Ad hoc scanning b. Concurrent scanning c. Retrospective scanning d. Postdischarge scanning

b Digital scanners create images of handwritten and printed documents that are then stored in health record databases as electronic files. The data can be interfaced in the current EHR with the document scanning system. Performing the scanning function concurrently improves the ability for the HIM staff to ensure completeness of the health record (Russo 2013b, 335).

Which of the following is an organization's planned response to protect its information in the case of a natural disaster? a. Administrative controls b. Contingency plan c. Audit trail d. Physical controls

b Disaster planning occurs through a contingency plan—a set of procedures, documented by the organization to be followed when responding to emergencies. It encompasses what an organization and its personnel need to do both during and after events that limit or prevent access to facilities and patient information (Rinehart-Thompson 2016c, 267).

Which of the following would be a discriminating attribute used to disqualify two or more similar records? a. Phone number b. Date of birth c. E-mail address d. Last name

b Discriminating attributes are used to disqualify two or more similar records, rather than match them. These should be static attributes that do not normally change such as date of birth (Sharp 2016, 179).

Which of the following individuals may authorize release of information? a. An 86-year-old patient with a diagnosis of advanced dementia b. A married 15-year-old father c. A 15-year-old minor d. The parents of an 18-year-old student

b Emancipated minors generally may authorize the access and disclosure of their own PHI. If the minor is married or previously married, the minor may authorize the disclosure or use of his or her information. If the minor is under the age of 18 and is the parent of a child, the minor may authorize the access and disclosures of his or her own information as well as that of his or her child (Brodnik 2017b, 343-344).

What term is used for the number of inpatients present at any one time in a healthcare facility? a. Average daily census b. Census c. Inpatient service day d. Length of stay

b Even though much of the data collection process has been automated, an ongoing responsibility of the HIM professional is to verify the census data that are collected daily. The census reports patient activity for a 24-hour reporting period. Included in the census report are the number of inpatients admitted and discharged for the previous 24-hour period and the number of intrahospital transfers. An intrahospital transfer is a patient who is moved from one patient care unit (for example, the intensive care unit) to another (for example, the surgical unit). The usual 24-hour reporting period begins at 12:01 a.m. and ends at 12:00 a.m. (midnight). In the census count, adults and children are reported separately from newborns (Horton 2016b, 386).

Large population-based studies are used to identify the care processes or interventions that achieve the best healthcare outcomes in different types of medical practice. This research concept is called? a. Clinical pathway b. Evidence-based medicine c. Patient-centered care d. Morbidity indicators

b Evidence-based medicine attempts to identify the care processes or interventions that achieve the best outcomes in different types of medical practice. Researchers perform large population-based studies. Such studies are difficult to do without a well developed information infrastructure to provide data for analysis (Shaw and Carter 2015, 174).

A statewide data base is used by your performance improvement department each month to compare other facilities' readmission rates to your facility's rates. This is an example of ________. a. Internal data b. External data c. Ratio data d. Nominal data

b External data sources refers to data collected outside an organization. For example, a census, reports from the Centers for Medicare and Medicaid Services (CMS) or the Centers for Disease Control (CDC), economic databases, journals, even social media have links to outside data (Horton 2016a, 323).

At the time a hospital implemented an electronic health record, the Health Record Committee determined that all records of patients who have not been treated at the facility in the past two years would be moved to an inactive file area. These patient records are considered ________ from the active filing area. a. Inactivated b. Purged c. Cleared d. Reactivated

b Files of patients who have not been at the facility for a specified period, such as two years, may be purged or removed from the active filing area. The time period and frequency of purging depends on the space available, patient readmission rate, and the need for access to the health record (Sayles 2016b, 61).

General documentation guidelines apply to: a. Only electronic health records b. All categories of health records c. Only emergency health records d. Only paper-based health records

b General documentation guidelines apply to all categories of health records (Brickner 2016, 88).

Which of the following statements is true regarding HIPAA security? a. All institutions must implement the same security measures. b. Institutions are allowed flexibility in the way they implement HIPAA standards. c. All institutions must implement all HIPAA specifications. d. A security risk assessment must be performed every year.

b HIPAA allows a covered entity to adopt security protection measures that are appropriate for its organization as long as they meet the minimum HIPAA security standards. Security protections in a large medical facility will be more complex than those implemented in a small group practice (Rinehart-Thompson 2016c, 271).

Which of the following statements is true in regard to responding to requests from individuals for access to their protected health information (PHI)? a. A cost-based fee may be charged for retrieval of the PHI. b. A cost-based fee may be charged for making a copy of the PHI. c. No fees of any type may be charged. d. A minimal fee may be charged for retrieval and copying of PHI.

b HIPAA allows the covered entity to impose a reasonable cost-based fee when the individual requests a copy of PHI or agrees to accept summary or explanatory information. The fee may include the cost of: copying, including supplies, labor, and postage. HIPAA does not permit "retrieval fees" to be charged to patients (Rinehart-Thompson 2016b, 225).

The number of inpatients present in a healthcare facility at any given time is called a ________. a. Survey b. Census c. Sample d. Enumeration

b Healthcare facilities have a census, which is the count of patients present at a specific time and in a particular place (Horton 2016a, 5).

A hospital HIM department receives a subpoena duces tecum for records of a former patient. When the health record technician goes to retrieve the patient's health records, it is discovered that the records being subpoenaed have been purged in accordance with the state retention laws. In this situation, how should the HIM department respond to the subpoena? a. Inform defense and plaintiff lawyers that the records no longer exist b. Submit a certification of destruction in response to the subpoena c. Refuse the subpoena since no records exist d. Contact the clerk of the court and explain the situation

b If the paper health record is destroyed, the imaging record would be the legal health record. This may not be the case if the paper record is retained. State laws typically view the original health record as the legal record when it is available. Those who choose to destroy the original health record may do so within weeks, months, or years of scanning. If the record was destroyed according to guidelines for destruction and no scanned record exists, the certificate of destruction should be presented in lieu of the record (Rinehart-Thompson 2017b, 199-200).

Which of the following is the best definition of a forward map in data mapping? a. Linking of two systems in the opposite direction b. Linking an older version of a code set to a newer version c. Linking a newer version of a code set to an older version d. Linking a source system to a target system

b In a forward map, an older version of a code set is mapped to a newer version (Amatayakul 2016, 285).

A hospital is planning on allowing coding professionals to work at home. The hospital is in the process of identifying strategies to minimize the security risks associated with this practice. Which of the following would be best to ensure that data breaches are minimized when the home computer is unattended? a. User name and password b. Automatic session terminations c. Cable locks d. Encryption

b In the HIPAA Security Rule, one of the technical safeguards standards is access control. This includes automatic log-off, which ensures processes that terminate an electronic session after a predetermined time of inactivity (Reynolds and Brodnik 2017, 277).

Which of the following is not an individual user of the health record? a. Clinical professionals who provide direct patient care b. Insurance companies that cover healthcare expenses c. Billers in the healthcare facility's business office d. Patient care managers

b Individual users are those who depend on the health record in order to complete their job. Documentation in the health record is the basis for reimbursement or payment for the care provided. Patient care providers and the coding and billing staff use patient specific information in their day-to-day work. An insurance company would be considered an institutional user of the health record and only needs access to process the claim (Sayles 2016b, 53-55).

The type of statistics that makes a best guess about a larger group of data by drawing conclusions from a smaller group of data is called: a. Descriptive statistics b. Inferential statistics c. Generalized statistics d. Mathematical statistics

b Inferential statistics help make inferences or guesses about a larger group of data by drawing conclusions from a small group of data (Horton 2016a, 3-4).

Which of the following are data that have been filtered and put into context? a. Data b. Information c. Knowledge d. System

b Information moves beyond data and consists of sets of data that are related and have been placed in context, are filtered, manipulated, or formatted in some way and are useful to a particular task (Johns 2015, 25).

The ability to electronically send data from one EHR to another while maintaining the original meaning is called: a. Data comparability b. Interoperability c. National data exchange d. Data architecture

b Interoperability refers to the use of standard protocols to enable two different computer systems to share data with each other (Brinda 2016, 153).

The facility privacy officer receives a phone call from a patient who is concerned that her former sister-in-law who is a hospital employee has accessed her health record. The privacy officer requests an audit log of activity within the patient's health record. What part of the audit log must be analyzed to determine if this complaint has merit? a. The patient demographic information b. Which employees viewed, created, updated, or deleted information c. The ownership of the record d. Whether the patient had requested to be omitted from the facility patient directory

b It is a requirement of the HIPAA Security Rule to implement ways that document access to information systems that contain electronic PHI. One of the ways to do this is to review the individuals that have viewed, created, updated, or deleted information within a health record. In this instance, the Privacy Officer should review this information to determine if the patient complaint is valid (Thomason 2013, 177).

Which term is used to describe the number of calendar days that a patient is hospitalized? a. Average length of stay b. Length of stay c. Occupancy rate d. Level of service

b Length of stay (LOS) is calculated for each patient after he or she is discharged from the hospital. It is the number of calendar days from the day of patient admission to the day of discharge. When the patient is admitted and discharged in the same month, the LOS is determined by subtracting the date of admission from the date of discharge (Horton 2016b, 390).

City Hospital's HIM department made a decision to discontinue outsourcing its release of information (ROI) function and perform the function in house. Because of HIPAA implementation, the department wanted better control over tracking release of information. Given the graph shown here, how would you evaluate the ROI revenue growth? a. The ROI function continues to cost more than revenue generated. b. Annualized revenue for YR-7 is more than the costs. c. The ROI function costs are inversely related to revenue generated. d. The ROI costs for YR-7 are greater than the revenue.

b Line graphs are used to display time trends in data. A line graph is useful for plotting data to make observations. In analyzing the chart, the revenue exceeds the costs (Watzlaf 2016, 351).

Which of the following specialized patient assessment tools must be used by Medicare-certified home care providers? a. Minimum data set for long-term care b. Outcomes and Assessment Information Set c. Patient assessment instrument d. Resident assessment protocol

b Medicare-certified home healthcare uses a standardized patient assessment instrument called the Outcomes and Assessment Information Set (OASIS-C). OASIS-C items are components of the comprehensive assessment that is the foundation for the plan of care (Giannangelo 2015, 254).

Which of the following is a true statement about the content of the legal health record? a. The legal health record contains only clinical data b. The legal health record may contain metadata c. The legal health record should not include e-mail d. The legal health record should not include diagnostic images

b Organizations should develop and maintain an inventory of all documents and data that could comprise the legal health record, considering all locations in the organization (for example, separate departments or servers) where such information could be housed. Organizations should also carefully consider whether to include data such as pop-up reminders, alerts, and metadata. Metadata are data about data and include information that track actions such as when and by whom a document was accessed or changed (Rinehart-Thompson 2016a, 206).

When creating requirements of documentation for the hospital bylaws, which of the following should be evaluated? a. The personal preferences of the healthcare practitioner b. The documentation needs based on accrediting bodies c. Information taught in the local nursing programs d. The wants of the department chairs in a hospital

b Outside of the medical staff bylaws, hospital bylaws are written documents that govern the staff members who create data within the record for additional support of patient care and reimbursement. Since providers are not the sole authors in the creation of clinical documentation, it is important for hospitals to define who can document within the record, the type of documentation that can occur, and the timeliness and completeness of that documentation. The documentation must also be based on accrediting bodies' expectations (Brinda 2016, 166).

The business office at Community Hospital is looking at software that can help them with decreasing their fraud and abuse cases. The software claims to be able to flag those patients that would most likely be involved in fraud by examining many databases at the same time and finding those patients with demographic discrepancies. This is an example of ________. a. Descriptive analytics b. Predictive analytics c. Inferential statistics d. Descriptive statistics

b Predictive analytics is a branch of data mining concerned with the prediction of future probabilities and trends, also called forecasting (Horton 2016a, 322).

A managed care organization is using a system that examines the past healthcare behaviors of their patients to determine their future costs for their healthcare. This is an example of ________. a. Descriptive analytics b. Predictive modeling c. Prescriptive analytics d. Real-time analysis

b Predictive modeling is a process used in predictive analysis to identify patterns that can be used to determine the odds of a particular outcome based on the observed data. That is, statistics from the past are reviewed to determine what is likely to happen in the future. Predictive modeling is used by many companies that want to predict future trends (Horton 2016a, 324).

Joan reviewed the health record of Sally Williams and found the physician stated on her post-op note, "examined after surgery." This review process would be an example of: a. Quantitative analysis b. Qualitative analysis c. Data mining d. Data warehousing

b Qualitative analysis is a detailed review of a patient's health record for the quality of the documentation contained therein (Sayles and Trawick 2014, 37).

A quality goal for the hospital is that 98 percent of the heart attack patients receive aspirin within 24 hours of arrival at the hospital. In conducting an audit of heart attack patients, the data showed that 94 percent of the patients received aspirin within 24 hours of arriving at the hospital. Given this data, which of the following actions would be best? a. Alert the Joint Commission that the hospital has not met its quality goal b. Determine whether there was a medical or other reason why patients were not given aspirin c. Institute an in-service training program for clinical staff on the importance of administering aspirin within 24 hours d. Determine which physicians did not order aspirin

b Quality measures are identified using ICD-10-CM diagnosis codes. Acute MI is also a Core Measure. These data are monitored, rated, and ultimately compared to nationwide benchmarks to point to areas of potential improvement in patient care outcomes. In this situation is it important to determine whether there was a medical or other reason why patients were not given aspirin within 24 hours of arrival at the hospital. This determination is critical to assess compliance with the quality goal (Shaw and Carter 2015, 182, 184).

The following data has been collected about the HIM department's coding productivity as part of the organization's total quality improvement program. Which of the following is the best assessment of this data? Coder Work Output (All Records Coded) Total Hours Worked Average Work Output per Hour Completed Work Percentage Completed Work Output (Records Coded Accurately) Completed Work per Hour Worked A 500 140 (full time) 3.57 91% 455 3.25 B 475 140 (full time) 3.39 96% 456 3.26 C 300 80 (part time) 3.75 85% 240 3.00 D 350 80 (part time) 4.69 70% 245 3.06 Department Average 3.69 3.17 Work Output: Number of work units as recorded by the employee or the process Total Hours Worked: Number of hours worked by the employee to produce work, which does not include time on meals, breaks, and meetings Average Work Output per Hour: Work output divided by total hours worked Completed Work Percentage: Percentage of records coded accurately Completed Work Output: Work output multiplied by completed work percentage Completed Work per Hour Worked: Completed work output divided by total hours worked a. Part-time coders are more productive than full-time coders. b. Full-time coders are more productive than part-time coders. c. All coders produce more than the departmental average. d. Part-time coders exceed the departmental average.

b Reading this graph, the full-time coder productivity is higher than part-time coder productivity. The cause for this difference must be identified before any solution can be developed to increase the productivity of the part-time coders (Prater 2016, 588).

Which of the following is considered a secondary data source? a. Urinalysis laboratory report b. Cancer registry c. Pathology report d. Patient problem list

b Secondary data sources are data collected or extracted from a primary data source and used for purposes other than their original intended use. Secondary data sources are frequently maintained in registries, databases or indexes, such a cancer registry (Johns 2015, 232).

Under HIPAA rules, when an individual asks to see his or her own health information, a covered entity: a. Must always provide access b. Can deny access to psychotherapy notes c. Can demand that the individual pay to see his or her record d. Can always deny access

b Section 164.524 of the Privacy Rule states that an individual has a right of access to inspect and obtain a copy of his or her own protected health information (PHI) that is contained in a designated record set, such as a health record. The individual's right extends for as long as the PHI is maintained. However, there are exceptions to what PHI may be accessed. For example, psychotherapy notes; information compiled in reasonable anticipation of a civil, criminal, or administrative action or proceeding; or PHI subject to the Clinical Laboratory Improvements Act (CLIA) are all exceptions (Rinehart-Thompson 2016b, 225).

What type of standards provide clear descriptors of data elements to be included in computer-based patient record systems? a. Vocabulary b. Structure and content c. Transaction d. Security

b Structure and content standards establish and provide clear and uniform definitions of the data elements to be included in EHR systems. They specify the type of data to be collected in each data field and the attributes and values of each data field, all of which are captured in data dictionaries (Sayles and Trawick 2014, 32-33).

In designing an input screen for an EHR, which of the following would be best to capture structured data? a. Speech recognition b. Drop-down menus c. Natural language processing d. Document imaging

b Structured data are data that are able to be read and interpreted by a computer. Examples of structured data include check boxes, drop-down boxes, and radio buttons (Brinda 2016, 159-160).

Which of the following would be the best technique to ensure that registration clerks consistently use the correct notation for assigning admission date in an EHR? a. Make admission date a required field b. Provide a template for entering data in the field c. Make admission date a numeric field d. Provide sufficient space for input of data

b Templates are a cross between free text and structured data entry. The user is able to pick and choose data that are entered frequently, thus requiring the entry of data that change from patient to patient. Templates can be customized to meet the needs of the organization as data needs change by physician specialty, patient type (surgical/medical/newborn), disease, and other classification of patients. In this situation a template would provide structured data entry for the admission date (Brinda 2016, 159-160).

Which of the following laws created the HITECH act? a. Health Insurance Portability and Accountability Act b. American Recovery and Reinvestment Act c. Consolidated Omnibus Budget Reconciliation Act d. Healthcare Quality Improvement Act

b The American Recovery and Reinvestment Act of 2009 (ARRA) is considered one of the major health information technology laws that provided stimulus funds to the US economy in the midst of a major economic downturn. A substantial portion of the bill, Title XIII of the Act entitled the Health Information Technology for Economic and Clinical Health (HITECH) Act, was part of ARRA (Kellogg 2016a, 28).

Which of the following provide the objective and scope for the HIPAA Security Rule as a whole? a. Administrative provisions b. General rules c. Physical safeguards d. Technical safeguards

b The General Rules provide the objective and scope for the HIPAA Security Rule as a whole. They specify that covered entities must develop a security program that includes a range of security safeguards that protect individually identifiable health information maintained or transmitted in electronic form (Rinehart-Thompson 2016c, 271).

A medical group practice has contracted with an HIM professional to help define the practice's legal health record. Which of the following should the HIM professional perform first to identify the components of the legal health record? a. Develop a list of all data elements referencing patients that are included in both paper and electronic systems of the practice b. Develop a list of statutes, regulations, rules, and guidelines that contain requirements affecting the release of health records c. Perform a quality check on all health record systems in the practice d. Develop a listing and categorize all information requests for health information over the past two years

b The HIM professional should advise the medical group practice to develop a list of statutes, regulations, rules, and guidelines regarding the release of the health record as the first step in determining the components of the legal health records (Rinehart-Thompson 2017b, 171-172).

Which of the following is a core ethical obligation of health information professionals? a. Coding diseases and operations b. Protecting patients' privacy and confidential communications c. Transcribing health reports d. Performing quantitative analysis on record content

b The HIM professional's core ethical obligations are to protect patient privacy and confidential information and communication and to assure security of that information (Gordon and Gordon 2016c, 609).

The Medical Record Committee is reviewing the privacy policies for a large outpatient clinic. One of the members of the committee remarks that he feels that the clinic's practice of calling out a patient's full name in the waiting room is not in compliance with HIPAA regulations and that only the patient's first name should be used. Other committee members disagree with this assessment. What should the HIM director advise the committee? a. HIPAA does not allow a patient's name to be announced in a waiting room. b. There is no violation of HIPAA in announcing a patient's name, but the committee may want to consider implementing a change that might reduce this practice. c. HIPAA allows only the use of the patient's first name. d. HIPAA requires that patients be given numbers and only the number be announced.

b The HIPAA Privacy Rule allows communications to occur for treatment purposes. The preamble repeatedly states the intent of the rule is to not interfere with customary and necessary communications in the healthcare of the individual. Calling out a patient's name in a waiting room, or even on the facility's paging system, is considered an incidental disclosure, and therefore, allowed in the Privacy Rule (Thomason 2013, 37).

The HIM manager at Community Hospital is responsible for reviewing audit trails detailing potential access issues within the EHR. Which one of the following would be a type of activity that the manager would want to review? a. Every access to every data element or document type that occurred within the facility b. Whether the person viewed, created, updated, or deleted information belonging to a patient with the same last name c. Physical location of the redundant servers used for backup d. Whether all patients setup accounts in the patient portal

b The HIPAA Security Rule requires that access to electronic PHI in information systems is monitored. Included in the same standard is the requirement that covered entities examine the activity using access audit logs. Often they record time stamps that record access and use of the data elements and documents; what was viewed, created, updated, or deleted; the user's identification; the owner of the record; and the physical location on the network where the access occurred. Reviewing the audit trail information would be the first step to identify all employees who have accessed this patient's information (Thomason 2013, 177).

Why is the MEDPAR file limited in terms of being used for research purposes? a. It only provides demographic data about patients b. It only contains Medicare patients c. It uses ICD-10-CM diagnoses and procedure codes d. It breaks charges down by specific type of service

b The MEDPAR file is frequently used for research on topics such as charges for particular types of care and MS-DRGs. The limitation of the MEDPAR data for research purposes is that the file contains only Medicare patients (Sharp 2016, 185).

Which of the following is made up of claims data from Medicare claims submitted by acute-care hospitals and skilled nursing facilities? a. NPDB b. MEDPAR c. HIPDB d. UHDDS

b The Medicare Provider Analysis and Review (MEDPAR) file is made up of acute care hospital and SNF claims data for all Medicare claims. The MEDPAR file is frequently used for research on topics such as charges for particular types of care and DRGs. The limitation of the MEDPAR data for research purposes is that the file contains only Medicare patients (Sharp 2016, 185).

Why is the MEDPAR file limited in terms of being used for research purposes? a. It only provides demographic data about patients. b. It only contains Medicare patients. c. It uses diagnoses and procedure codes. d. It breaks charges down by specific types of service.

b The Medicare Provider Analysis and Review (MEDPAR) file is made up of acute care hospital and skilled nursing facility (SNF) claims data for all Medicare claims. The MEDPAR file is frequently used for research on topics such as charges for particular types of care and MSDRGs. The limitation of the MEDPAR data for research purposes is that the file contains only Medicare patients (Sharp 2016, 185).

The home health prospective payment system uses the ________ data set for patient assessments. a. HEDIS b. OASIS-C c. MDS d. UHDDS

b The Outcomes and Assessment Information Set (OASIS-C) is a standardized data set designed to gather data about Medicare beneficiaries who are receiving services from a home health agency. OASIS-C includes a set of core data items that are collected on all adult home health patients (White 2013, 565-566).

To comply with HIPAA regulations, a hospital would make its membership in an HIE known to its patients through which of the following? a. Press release b. Notice of Privacy Practices c. Consent form d. Website notice

b The Privacy Rule introduced the standard that individuals should be informed how covered entities use or disclose protected health information (PHI). Section 164.520 requires that, except for certain variations or exceptions for health plans and correctional facilities, an individual has the right to a notice explaining how his or her PHI will be used and disclosed. This is the notice of privacy practices (Rinehart-Thompson 2016b, 230-231).

Jennifer's widowed mother is elderly and often confused. She has asked Jennifer to accompany her to the physician office visits because she often forgets to tell the physician vital information. Under the Privacy Rule, the release of her mother's PHI to Jennifer is: a. Never allowed b. Allowed when the information is directly relevant to Jennifer's involvement in her mother's care or treatment c. Allowed only if Jennifer's mother is declared incompetent by a court of law d. Any family member is always allowed access to PHI

b The Privacy Rule lists two circumstances where protected health information (PHI) can be used or disclosed without the individual's authorization (although the individual must be informed in advance and given an opportunity to agree or object). One of these circumstances is disclosing PHI to a family member or a close friend that is directly relevant to his or her involvement with the patient's care or payment. Likewise, a covered entity may disclose PHI, including the patient's location, general condition, or death, to notify or assist in the notification of a family member, personal representative, or some other person responsible for the patient's care (Rinehart-Thompson 2016b, 234-235).

Which of the following is a software program that tracks every access to data in the computer system? a. Access control b. Audit trail c. Edit check d. Risk assessment

b The audit trail is a software program that tracks every single access to data in the computer system. It logs the name of the individual who accessed the data, the date and time, and the action taken (for example, modifying, reading, or deleting data). Review of audit trails can help detect whether a breach of security has occurred (Rinehart-Thompson 2016c, 265).

Which of the following is the best example of a data governance business case? a. Improves processes and productivity by reducing rework b. Data silos and fragmented data inhibit data integration c. Reduces organizational risk by providing better data d. Improves business intelligence by providing consistent data

b The case for data governance is compelling if we look at the degree to which business processes are dependent on access to good data. The best example for a data governance business case is data in silos or fragmented data which inhibit data integration (Johns 2015, 81-82).

A core data set developed by ASTM to communicate a patient's past and current health information as the patient transitions from one care setting to another is: a. Ambulatory Care Data Set b. Continuity of care record c. Minimum Data Set d. Uniform Hospital Discharge Data Set

b The continuity of care record (CCR) standard (ASTM E2369-05) is a core data set of relevant administrative, demographic, and clinical information elements about a patient's health status and healthcare treatment. It was created to help communicate that information from one provider to another for referral, transfer, or discharge of the patient (Amatayakul 2016, 306).

The credentialing process of independent practitioners within a healthcare organization must be defined in: a. Hospital policies and procedures b. Medical staff bylaws c. Accreditation regulations d. Hospital licensure rules

b The credentialing and privileging process for the initial appointment and reappointment of independent practitioners should be defined in the healthcare organization's medical staff bylaws and should be uniformly applied (Shaw and Carter 2015, 345).

In May, 270 women were admitted to the obstetrics service. Of these, 263 women delivered; 33 deliveries were by C-section. What is the denominator for calculating the C-section rate? a. 33 b. 263 c. 270 d. 296

b The denominator (the number of times an event could have occurred) in this case would be 263 as 263 women delivered (Horton 2016b, 384).

How many times each year are healthcare facilities required to practice emergency preparedness plans? a. Once b. Twice c. Three times d. Never

b The emergency operations plan is practiced twice a year in response either to an actual disaster or to a planned drill. Exercises should stress the limits of the organization's emergency management system to assess preparedness capabilities and performance when systems are stressed (Shaw and Carter 2015, 310).

Version control of documents in the EHR requires: a. The deletion of old versions and the retention of the most recent b. Policies and procedures to control which version(s) is displayed c. Signed and unsigned documents not to be considered two versions d. Previous versions to be accessible to administration only

b The health record may have multiple versions of the same document; for example, a signed and an unsigned copy of a document. To address the issues that result from having multiple versions of the same document, policies and procedures addressing version control must be developed (Sayles 2016b, 69).

In which department or unit is the health record number typically assigned? a. HIM b. Patient registration c. Nursing d. Billing

b The health record number is a key data element in the MPI. It is used as a unique personal identifier and is also used in paper-based numerical filing systems to locate records and in electronic systems to link records. Although it is typically assigned at the point of patient registration, the HIM department is usually responsible for the integrity of health record number assignment and for ensuring that no two patients receive the same number (Sayles 2016b, 74).

Which of the following indexes is an important source of patient health record numbers? a. Physician index b. Master patient index c. Operation index d. Disease index

b The master patient index (MPI) is the permanent record of all patients treated at a healthcare facility. It is used by the HIM department to look up patient demographics, dates of care, the patient's health record number, and other information (Sayles 2016b, 56-57).

On the problem list in a problem-oriented health record, problems are organized: a. In alphabetical order b. In numeric order c. In alphabetical order by body system d. By date of onset

b The problem-oriented health record is better suited to serve the patient and the end user of the patient information. The key characteristic of this format is an itemized list of the patient's past and present social, psychological, and health problems. Each problem is indexed with a unique number (Russo 2013b, 303).

The coding manager at Community Hospital is seeing an increased number of physicians failing to document the cause and effect of diabetes and its manifestations. Which of the following will provide the most comprehensive solution to handle this documentation issue? a. Have coders continue to query the attending physician for this documentation. b. Present this information at the next medical staff meeting to inform physicians on documentation standards and guidelines. c. Do nothing because coding compliance guidelines do not allow any action. d. Place all offending physicians on suspension if the documentation issues continue.

b The quality of the documentation entered in the health record by providers can have major impacts on the ability of coding staff to perform their clinical analyses and assign accurate codes. In this situation, the best solution would be to educate the entire medical staff on their roles in the clinical documentation improvement process. Explaining to them the documentation guidelines and what documentation is needed in the record to support the more accurate coding of diabetes and its manifestations will reduce the need for coders to continue to query for this clarification (Foltz et al. 2016, 466).

To comply with the Joint Commission standards, the HIM director wants to be sure that history and physical examinations are documented in the patient's health record no later than 24 hours after admission. Which of the following would be the best way to ensure the completeness of the health record? a. Establish a process to review health records immediately on discharge b. Review each patient's health record concurrently to make sure that history and physicals are present c. Retrospectively review each patient's health record to make sure that history and physicals are present d. Write a memorandum to all physicians relating the Joint Commission requirements for documenting history and physical examinations

b The quantitative analysis or record content review process can be handled in a number of ways. Some acute-care facilities conduct record review on a continuing basis during a patient's hospital stay. Using this method, personnel from the HIM department go to the nursing unit daily (or periodically) to review each patient's record. This type of process is usually referred to as a concurrent review because review occurs concurrently with the patient's stay in the hospital (Sayles 2016b, 64).

In a frequency distribution, the lowest value is 5, and the highest value is 20. What is the range? a. 5 to 20 b. 15 c. 7.5 d. 20 to 5

b The range is the simplest measure of spread. It is the difference between the smallest and largest values in a frequency distribution (Watzlaf 2016, 360).

Results of a urinalysis and all blood tests performed would be found in what part of a healthcare record? a. Autopsy report b. Laboratory findings c. Pathology report d. Surgical report

b The results of all diagnostic and therapeutic procedures become part of the patient's health record. Diagnostic procedures include laboratory tests performed on blood, urine, and other samples from the patient which would be documented in the laboratory findings (Brickner 2016, 94).

What does the term access control mean? a. Identifying the greatest security risks b. Identifying which data employees should have a right to use c. Implementing safeguards that protect physical media d. Restricting access to computer rooms and facilities

b The term access control means being able to identify which employees should have access to what data. The general practice is that employees should have access only to data they need to do their jobs. For example, an admitting clerk and a healthcare provider would not have access to the same kinds of data (Rinehart-Thompson 2016c, 262).

Which of the following elements of coding quality represent the degree to which codes accurately reflect the patient's diagnoses and procedures? a. Reliability b. Validity c. Completeness d. Timeliness

b Validity is the degree to which codes accurately reflect the patient's diagnoses and procedures (Prater 2016, 573).

In a cancer registry, the accession number: a. Identifies all the cases of cancer treated in a given year b. Is the number assigned to each case as it is entered into a cancer registry c. Identifies the pathologic diagnosis of an individual cancer d. Is the number assigned for the diagnosis of a cancer patient that is entered into the cancer registry treatments and at different stages of cancer

b When a case is first entered in the registry, an accession number is assigned. This number consists of the first digits of the year the patient was first seen at the facility, and the remaining digits are assigned sequentially throughout the year. The first case in the year, for example, might be 10-0001. The accession number may be assigned manually or by the automated cancer database used by the organization (Sharp 2016, 176).

A health record with deficiencies that is not completed within the timeframe specified in the medical staff rules and regulations is called a(n): a. Suspended record b. Delinquent record c. Pending record d. Illegal record

b When an incomplete record is not rectified within a specific number of days as indicated in the medical staff rules and regulations, the record is considered to be a delinquent record. The HIM department monitors the delinquent record rate very closely to ensure compliance with accrediting standards (Sayles 2016b, 64-65).

Given the following information, which of the following has the lowest work RVU? Sample RVUs for Selected HCPCS Codes HCPCS Code Description Work RVU Practice Expense RVU Malpractice Expense RVU 99204 Office visit 2.43 1.20 0.23 10080 I&D of pilonidal cyst, simple 1.22 1.58 0.20 45380 Colonoscopy with biopsy 4.43 2.72 0.67 52601 TURP, complete 15.26 8.04 1.50 a. Office visit b. I&D of pilonidal cyst, simple c. Colonoscopy with biopsy d. TURP, complete

b When analyzing this table one is able to determine that 1.22 is the lowest relative value unit (RVU) (Brinda 2016, 150; Watzlaf 2016, 347).

A transition technology used by many hospitals to increase access to health record content is: a. Electronic health record b. Electronic document management system c. Electronic signature authentication d. Electronic data interchange

b When electronic document management systems (EDMSs) are well indexed, certain content within the documents can be uniquely retrieved making EDMS a good transition for the healthcare organization on their way to a fully interactive EHR (Johns 2015, 193).

Mrs. Bolton is an angry patient who resents her physicians "bossing her around." She refuses to take a portion of the medications the nurses bring to her pursuant to physician orders and is verbally abusive to the patient care assistants. Of the following options, the most appropriate way to document Mrs. Bolton's behavior in the patient medical record is: a. Mean b. Noncompliant and hostile toward staff c. Belligerent and out of line d. A pain in the neck

b When entries are made in the health record regarding a patient who is particularly hostile or irritable, general documentation principles apply, such as charting objective facts and avoiding the use of personal opinions, particularly those that are critical of the patient. The degree to which these general principles apply is heightened because a disagreeable patient may cause a provider to use more expressive and inappropriate language. Further, a hostile patient may be more likely to file legal action in the future if the hostility is a personal attribute and not simply a manifestation of his or her medical condition (Rinehart-Thompson 2017b, 179).

Sometimes data do not follow a normal distribution and are pulled toward the tails of the curve. When this occurs, it is referred to as having a skewed distribution. Because the mean is sensitive to extreme values or outliers, it gravitates in the direction of the extreme values thus making a long tail when a distribution is skewed. When the tail is pulled toward the right side, it is called a ________. a. Negatively skewed distribution b. Positively skewed distribution c. Bimodal distribution d. Normal distribution

b When the tail is pulled toward the right side, it is called a positively skewed distribution; when the tail is pulled toward the left side of the curve it is called a negatively skewed distribution (Watzlaf 2016, 361-362).

To comply with HIPAA, under usual circumstances, a covered entity must act on a patient's request to review or copy his or her health information within ________ days. a. 10 b. 20 c. 30 d. 60

c A covered entity must act on an individual's request for review of PHI no later than 30 days after the request is made, extending the response period by no more than 30 additional days if it gave the individual a written statement within the 30-day time period explaining the reasons for the delay and the date by which the covered entity will complete its action on the request. The covered entity may extend the time for action on a request for access only once (Rinehart- Thompson 2016b, 225).

Under HIPAA regulations, how many days does a covered entity have to respond to an individual's request for access to his or her PHI when the PHI is stored off-site? a. 10 days beyond the original requirement b. 30 days c. 60 days d. 90 days

c A covered entity must act on an individual's request for review of protected health information (PHI) no later than 30 days after the request is made, extending the response period by no more than 30 additional days if it gave the individual a written statement within the 30-day time period explaining the reasons for the delay and the date by which the covered entity will complete its action on the request. The covered entity may extend the time for action on a request for access only once. If PHI is not maintained or located on-site, the covered entity is given within 60 days of receipt to respond to a request (Rinehart-Thompson 2016b, 225).

One of the pediatricians at Community Physician's Clinic worked with a software vendor to get a display of the patients she currently has in the hospital on her smart phone that lets her know current information such as lab results, vital signs, medications given. This is called a ________. a. Big data b. Descriptive analytics screen c. Dashboard d. Descriptive tablet

c A dashboard is a visual display of the most important information that a physician would need to see about his patients. These can usually be customized by facility or an individual (Horton 2016a, 326).

Which of the following is the best definition of a data governance framework? a. Lists successive steps of growth to measure a program's progression b. Supports high level business imperatives c. Describes a real or conceptual structure that organizes a system or concept d. Targets an end point to achieve

c A data governance framework is a real or conceptual structure that organizes a system or concept. A framework typically describes and shows the synergy and interrelation among different part of an approach (Johns 2015, 82).

A home health agency plans to implement a computer system whereby its nurses document home care services on a laptop computer taken to the patient's home. The laptops will connect to the agency's computer network. The agency is in the process of identifying strategies to minimize the risks associated with the practice. Which of the following would be the best practice to protect laptop and network data from a virus introduced from an external device? a. Biometrics b. Encryption c. Personal firewall software d. Session terminations

c A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a software program or device that filters information between two networks, usually between a private network like an intranet and a public network like the Internet (Rinehart-Thompson 2016c, 265).

Which of the following statements best describes the difference between a hospital inpatient and a hospital outpatient? a. Outpatients are treated in the emergency department; inpatients receive services in the regular clinical departments of the hospital. b. Inpatients always stay in the hospital overnight; outpatients never do. c. Inpatients receive room, board, and continuous nursing services in areas of the hospital where patients generally stay overnight; outpatients receive ambulatory diagnostic and therapeutic services. d. Outpatients primarily receive diagnostic services; inpatients receive mostly therapeutic services

c A hospital inpatient is a person who is provided room, board, and continuous general nursing service in an area of the hospital where patients generally stay at least overnight. A hospital outpatient is a hospital patient who receives services in one or more of the outpatient facilities when not currently an inpatient or home care patient (Horton 2016b, 385).

Which of the following best describes the function of kiosks? a. A computer station that physicians can use to order medications b. A computer station that unlocks workstations c. A computer station that facilitates integrated communications within the healthcare organization d. A computer station that promotes the healthcare organization's services

c A kiosk is a special form of input device geared to people less familiar with computers that is located in a provider's waiting room allowing patients to have access to some of their health information and other services (Amatayakul 2016, 305).

Suppose that you want to display the number of deaths due to breast cancer for the years 2005 through 2015. What is the best graphic technique to use? a. Table b. Histogram c. Line graph d. Bar chart

c A line graph may be used to display time trends. A line graph is especially useful for plotting a large number of observations. It also allows several sets of data to be presented on one graph (Watzlaf 2016, 351).

The following data fields comprise a database table: patient last name, patient first name, street address, city, state, zip code, patient date of birth. Given this information, which of the following is a true statement about maintaining the data integrity of the database table? a. Patient last name should be used as the primary key for the table. b. Patient date of birth should be used as the primary key for the table. c. None of the data fields are adequate to use as a primary key for the table. d. Patient last and first name should be used as the primary key for the table.

c A primary key must uniquely identify a record. None of the options provided will uniquely identify a record. Multiple individuals may have the same name and birth dates (Johns 2015, 127-128).

Suppose that 6 males and 14 females are in a class of 20 students with the data reported as 3/1. What term could be used to describe the comparison? a. Average b. Percentage c. Proportion d. Rate

c A proportion is a particular type of ratio in which x is a portion of the whole (x + y ) (Horton 2016b, 383).

A secure method of communication between the healthcare provider and the patient is a(n): a. Personal health record b. E-mail c. Patient portal d. Online health information

c A secure patient portal allows for the communication between the provider and the patient and is not just a site for patients to access information. This is part of the effort to engage patients in their care (Sayles and Trawick 2014, 162).

Which document directs an individual to bring originals or copies of records to court? a. Summons b. Subpoena c. Subpoena duces tecum d. Deposition

c A subpoena duces tecum means to bring documents and other records with oneself. Such subpoenas may direct the heath information technology (HIT) professional to bring originals or copies of health records, laboratory reports, x-rays, or other records to a deposition or to court. Each state has different rules governing the production of health records in litigation. Often, the component state HIM association of AHIMA has a legal handbook that outlines the various conditions and how HITs should respond to a subpoena (Rinehart-Thompson 2016b, 215).

The Information Services Department has requested information about the electronic signature system being used in your facility. They would like to know the locations where physicians are accessing the system. Review the information in the table below and determine which site has the highest percentage of use. Community Hospital Electronic Signature System 500 Physicians on Staff; 489 Using the System Site No. of Physicians Using the System at This Site % of Physicians Using the System at This Site Medicine, 2 West 54 11.04% Medicine, 2 East 62 12.68% Pediatrics, 3 West 42 8.59% Obstetrics, 1 West 12 2.45% Physician's lounge 87 17.79% HIM department 65 13.29% Personal mobile device 92 18.81% Physician home 75 15.34% a. HIM department b. Obstetrics, 1 West c. Personal mobile device d. Physician home

c A table is an orderly arrangement of values that groups data into rows and columns. Almost any type of quantitative information can be grouped into tables. Columns allow you to read data up and down, and rows allow you to read data across. The columns and rows should be labeled. In this table, personal mobile device has the highest percent of physicians using the system (Horton 2016a, 249-250).

In data matching which of the following best describes an overlap? a. When one entity in a database has multiple unique identifiers b. When one entity is assigned another entity's unique identifier c. When one entity has different unique identifiers in different databases d. When one database overlaps with another database

c An overlap is when one entity has different unique identifiers in different databases (Johns 2015, 177).

Which of the following should be taken into consideration when designing a health record form? a. Choosing the field type such as radio buttons b. Number of clicks to access data c. Including original and revised dates d. Difference between paper and screen

c One example of effective form design principles is that each form should include original and revised dates for the tracking and purging of obsolete forms (Sayles 2016b, 65).

The coding department at Community Physician's Clinic developed the following report for the denials committee at the clinic. The billing report shows the following information. Using the information below, identify which payment source has the highest denial rate. Community Physician's Clinic Coding Department Denials - October, 20XX Payment Source Number of Claims Sent Number of Denials Percentage of Denials Medicare 460 43 9.35% Medicaid 345 35 10.14% Tricare/Military 182 14 7.69% Commercial payers 1307 83 6.35% Worker's Compensation 6 1 16.17% Total 2300 176 7.65% a. Medicare b. Commercial payers c. Worker's Compensation d. Tricare/Military

c A table is an orderly arrangement of values that groups data into rows and columns. Almost any type of quantitative information can be grouped into tables. Columns allow you to read data up and down, and rows allow you to read data across. The columns and rows should be labeled. In this table, the payment source with the highest denial rate is Worker's Compensation (Horton 2016a, 249-250).

What is (are) the format problem(s) with the following table? Community Hospital Discharges by Sex Sex Number Percentage Male 3,000 37.5% Female 5,000 62.5% Unknown — — Total 8,000 100% a. The title is missing. b. Variable names are missing. c. There are blank cells. d. Row totals are inaccurate.

c A table should contain all the information the user needs to understand the data in it. A table should not have blank cells. When no information is available for a particular cell, the cell should contain a zero (Watzlaf 2016, 347).

Valley High, a skilled nursing facility, wants to become certified to take part in federal government reimbursement programs such as Medicare and Medicaid. What standards must the facility meet to become certified for these programs? a. Minimum Data Set b. National Commission on Correctional Health Care c. Conditions of Participation d. Outcomes and Assessment Information Set

c Administered by the federal government Centers for Medicare and Medicaid Services (CMS), the Medicare Conditions of Participation or Conditions for Coverage apply to a variety of healthcare organizations that participate in the Medicare program. In other words, participating organizations receive federal funds from the Medicare program for services provided to patients and thus must follow the Medicare Conditions of Participation (Brickner 2016, 84, 102).

A patient's gender, phone number, address, next of kin, and insurance policy holder information would be considered what kind of data? a. Clinical data b. Authorization data c. Administrative data d. Consent data

c Administrative describes patient identification, diagnosis, procedures, and insurance. Patient registration information would be considered administrative data as would patient account information. A significant portion of administrative data is demographic data (Brickner 2016, 90, 97).

Covered entities must do which of the following to comply with HIPAA security provisions? a. Appoint an individual who has the title of chief security officer who is responsible for security management b. Conduct employee security training sessions every six months for all employees c. Establish a contingency plan d. Conduct technical and nontechnical evaluations every six years

c Administrative safeguards are documented, formal practices to manage data security measures throughout the organization. Basically, they require the facility to establish a security management process. The administrative provisions detail how the security program should be managed from the organization's perspective. Administrative safeguards have nine standards, including the development and testing of a contingency plan. This is to ensure that procedures are in place to handle an emergency response in the event of an untoward event such as a power outage (Rinehart-Thompson 2016c, 271-272).

After the types of cases to be included in a trauma registry have been determined, what is the next step in data acquisition? a. Registering b. Defining c. Abstracting d. Finding

c After the cases have been identified, information is abstracted from the health records of the injured patients and entered into the trauma registry database. The data elements collected in the abstracting process vary from registry to registry but usually include: demographic information on the patient; information on the injury; care the patient received before hospitalization (such as care at another transferring hospital or care from an emergency medical technician who provided care at the scene of the accident or in transport from the accident site to the hospital); status of the patient at the time of admission; patient's course in the hospital; and diagnosis and procedure codes (Sharp 2016, 178).

Information that has been taken from the health records of injured patients and entered into the trauma registry database has been: a. Aggregated b. Mapped c. Abstracted d. Queried

c After trauma cases have been identified, information is abstracted from the health records of the injured patients and entered into the trauma registry database (Sharp 2016, 178).

The hospital is revising its policy on health record documentation. Currently, all entries in the health record must be legible, complete, dated, and signed. The committee chairperson wants to add that all entries must have the time noted. However, another clinician suggests that adding the time of notation is difficult and rarely may be correct because personal watches and the hospital clocks may not be coordinated. Another committee member agrees and says that only electronic documentation needs a time stamp. Given this discussion, which of the following might the HIM director suggest? a. Suggest that only hospital clock time be noted in clinical documentation b. Suggest that only electronic documentation have time noted c. Inform the committee that according to the Conditions of Participation, all documentation must include date and time d. Inform the committee that according to the Conditions of Participation, only medication orders must include date and time

c All patient health record entries must be legible, complete, dated, timed, and authenticated in written or electronic form by the person responsible for providing or evaluating the service provided, consistent with hospital policies and procedures (Russo 2013a, 200-201; CMS Conditions of Participation 482.24(c)(1) ).

Which of the following reportable diseases usually requires telephone reporting as opposed to other methods of reporting? a. Chicken pox b. Influenza c. Measles d. Pertussis

c All states have a health department with a division that is required to track and record communicable diseases. When a patient is diagnosed with one of the diseases from the health department's communicable disease list, the healthcare organization must notify the public health department. Measles usually requires immediate notification to the public health department. The other three need to be reported, but not necessarily immediately (Shaw and Carter 2015, 189).

Which of the following technologies would reduce the risk that information is not accessible during a server crash? a. RAID b. Storage area network c. Server redundancy d. Tape or disk backup

c As EHRs are being implemented without paper backup, contingency planning and disaster recovery is becoming increasingly important. Not only must a healthcare organization be able to replace data if a server or storage device is destroyed in some manner, but organizations need to be able to instantaneously failover to another server during a server crash. Back up of stored data has been routinely performed by most healthcare organizations. To reduce the risk of downtime, healthcare organizations now must also have server redundancy with server failover (Sayles and Trawick 2014, 212-213).

Which of the following is not a true statement about a hybrid health record system? a. Development of processes for both manual and computer processes is a challenge. b. Creation of a definition of what constitutes a health record in manual and electronic format must be developed. c. Version control is easy to implement. d. Security safeguards must be developed for both paper and electronic processes.

c As the electronic system develops, different versions of documents may exist, and these also must be monitored and logged for both legal and practice purposes. Version control in a hybrid record environment is challenging as both the paper and electronic documents must be controlled (Sayles 2016b, 69, 72).

On review of the audit trail for an EHR system, the HIM director discovers that a departmental employee who has authorized access to patient records is printing far more records than the average user. In this case, what should the supervisor do? a. Reprimand the employee b. Fire the employee c. Determine what information was printed and why d. Revoke the employee's access privileges

c Audit trails are usually examined by system administrators who use special analysis software to identify suspicious or abnormal system events or behavior. Because the audit trail maintains a complete log of system activity, it can also be used to help reconstruct how and when an adverse event or failure occurred (Rinehart-Thompson 2016c, 273).

What resource should be consulted in terms of who may authorize access, use, or disclose the health records of minors? a. HIPAA because it has strict rules regarding minors b. Hospital attorneys because they know the rules of the hospital c. State law because HIPAA defers to state laws on matters related to minors d. Federal law because HIPAA overrides state laws on matters related to minors

c Because HIPAA defers to state laws on the issue of minors, applicable state laws should be consulted regarding appropriate authorization. In general, the age of maturity is 18 years or older. This is the legal recognition that an individual is considered responsible for, and has control over, his or her actions (Klaver 2017b, 160).

What is the key piece of data needed to link a patient who is seen in a variety of care settings? a. Facility medical record number b. Facility identification number c. Identity matching algorithm d. Patient birth date

c Because the United States does not have a national patient identifier, an identity matching algorithm process must be used by organizations to identify any patient for whom data are to be exchanged. This algorithm uses sophisticated probability equations to identify patients (Amatayakul 2016, 306-307).

Which of the following elements is not a component of most patient health records? a. Patient identification b. Clinical history c. Invoice for services d. Test results

c Besides storage of patient care documentation, the health record has other equally important functions. These include helping physicians, nurses, and other caregivers make diagnoses and choose treatment options. Invoices for services would not be part of the patient health record (Fahrenholz and Russo 2013, xxv).

Which of the following is a characteristic of breach notification? a. It is only required when 500 or more individuals are affected b. It applies to both secured and unsecured PHI c. It applies when one person's PHI is breached d. Is only applies when 20 or more individuals are affected

c Breaches by covered entities and BAs (both governed by HHS breach notification regulations) are deemed discovered when the breach is first known or reasonably should have been known. All individuals whose information has been breached must be notified without unreasonable delay, and within 60 days, by first-class mail or a faster method, such as by telephone, if there is the potential for imminent misuse (Rinehart-Thompson 2016b, 240).

Using the information in the table below, calculate the C-section rate at University Hospital for the semiannual period. University Hospital Obstetrics Service Semiannual Statistics July-December, 20XX Admissions 672 Discharges and Deaths: Delivered 504 Not Delivered 147 Aborted 21 Vaginal deliveries 403 C-sections 101 a. 15.03% b. 19.24% c. 20.04% d. 25.06%

c C-section rate: (101 × 100) / 504 = 10,100 / 504 = 20.039 = 20.04% (Horton 2016a, 155).

A health data analyst has been asked to compile a report of the percentage of patients who had a baseline partial thromboplastin time (PTT) test performed prior to receiving heparin. What clinical reports in the health record would the health data analyst need to consult in order to prepare this report? a. Physician progress notes and medication record b. Nursing and physician progress notes c. Medication administration record and clinical laboratory reports d. Physician orders and clinical laboratory reports

c Clinical laboratory reports should be reviewed to determine if a partial thromboplastin time (PTT) test was performed. Medication Administration Records (MAR) should be reviewed to determine if heparin was given after the PTT test was performed (Brickner 2016, 94).

Before healthcare organizations can provide services, they usually must obtain ________ by government entities such as the state or county in which they are located. a. Accreditation b. Certification c. Licensure d. Permission

c Compliance with state licensing laws is required in order for healthcare organizations to begin or remain in operation within their states. To continue licensure, organizations must demonstrate their knowledge of, and compliance with, documentation regulations (Fahrenholz 2013a, 84).

Which of the following has access to personally identifiable data without authorization or subpoena? a. Insurance company for life insurance eligibility b. The patient's attorney c. Public health department for disease reporting purposes d. Workers' compensation for disability claim settlement

c Covered entities may disclose PHI to public health entities even if the law does not specifically require the disclosure is for the purpose of preventing or controlling disease; injury; or disability; including, but not limited to, the reporting of disease; injury; vital events such as birth or death; and the conduct of public health surveillance (Brodnik 2017c, 411).

Written business associate agreements are required with: a. Any company where work is outsourced b. Any outside company that handles electronic data c. Any outside company that handles electronic PHI d. Every outside company

c Covered entities must obtain a written contract with business associates or other entities who handle e-PHI. The written contract must stipulate that the business associate will implement HIPAA administrative, physical, and technical safeguards and procedures and documentation requirements that safeguard the confidentiality, integrity, and availability of the e-PHI that it creates, receives, maintains, or transmits on behalf of the covered entity (Rinehart-Thompson 2016b, 220).

Data elements collected on large populations of individuals and stored in databases are referred to as: a. Statistics b. Information c. Aggregate data d. Standard

c Data about patients can be extracted from individual health records and combined as aggregate data. Aggregate data are used to develop information about groups of patients. For example, data about all patients who suffered an acute myocardial infarction during a specific time period could be collected in a database (Sharp 2016, 173).

In which of the following examples does the gender of the patient constitute information rather than a data element? a. As an entry to be completed on the face sheet of the health record b. In the note "50-year-old white male" in the patient history c. In a study comparing the incidence of myocardial infarctions in black males as compared to white females d. In a study of the age distribution of lung cancer patients

c Data are the raw elements that make up our communications. Humans have the innate ability to combine data they collect and, through all their senses, produce information (which is data that have been combined to produce value) and enhance that information with experience and trial-and-error that produces knowledge. In this example, the gender is tied to race in the data collection that constitutes information and not a data element (Fahrenholz 2013a, 73).

Which of the following best describes data comprehensiveness? a. Data are correct. b. Data are easy to obtain. c. Data include all required elements. d. Data are reliable.

c Data comprehensiveness means that all the required data elements are included in the health record. In essence, comprehensiveness means that the record is complete. In both paper-based and computer-based systems, having a complete health record is critical to the organization's ability to provide excellent patient care and to meet all regulatory, legal, and reimbursement requirements (Brinda 2016, 158).

Which of the following data quality characteristics means all data items are included within the information collected? a. Accuracy b. Consistency c. Comprehensiveness d. Relevancy

c Data comprehensiveness means that all the required data elements are included in the health record. In essence, comprehensiveness means that the record is complete. In both paper-based and computer-based systems, having a complete health record is critical to the organization's ability to provide excellent patient care and to meet all regulatory, legal, and reimbursement requirements (Brinda 2016, 158).

Dr. Jones entered a progress note in a patient's health record 24 hours after he visited the patient. Which quality element is missing from the progress note? a. Data completeness b. Data relevancy c. Data currency d. Data precision

c Data currency and data timeliness mean that healthcare data should be up-to-date and recorded at or near the time of the event or observation. Because care and treatment rely on accurate and current data, an essential characteristic of data quality is the timeliness of the documentation or data entry (Brinda 2016, 158).

Which of the following represents an example of data granularity? a. A progress note recorded at or near the time of the observation b. An acceptable range of values defined for a clinical characteristic c. A numerical measurement carried out to the appropriate decimal place d. A health record that includes all of the required components

c Data granularity requires that the attributes and values of data be defined at the correct level of detail for the intended use of the data. For example, numerical values for laboratory results should be recorded to the appropriate decimal place as required for the meaningful interpretation of test results—or in the collection of demographic data, data elements should be defined appropriately to determine the differences in outcomes of care among various populations (Brinda 2016, 158).

Which of the following is not a recommended guideline for maintaining integrity in the health record? a. Specifying consequences for the falsification of information b. Requiring periodic training covering the falsification of information and information security c. Assuring documentation that is being changed is permanently deleted from the record d. Prohibiting the entry of false information into any of the organization's records

c Data integrity is the assurance that the data entered into an electronic system or maintained on paper are only accessed and amended by individuals with the authority to do so. Data integrity includes data governance, patient identification, authorship validation, amendments and record correction, and audit validation for reimbursement purposes. These functions ensure that the data is protected and altered by authorized individuals as per policy. Assuring documentation that is being changed is permanently deleted from the record would not be a guideline for maintaining the integrity of the health record (Brinda 2016, 152).

Which of the following is an example of data security? a. Contingency planning b. Fire protection c. Automatic logoff after inactivity d. Card key for access to data center

c Data security includes insuring that workstations are protected from unauthorized access. If a workstation is inactive for a period of time specified by the organization, it should log itself off automatically. The automatic log off helps prevent unauthorized users from accessing e-PHI when an authorized user walks away from the computer without logging out of the system (Sayles and Trawick 2014, 223-224).

The following is documented in an acute-care record: "Atrial fibrillation with rapid ventricular response, left axis deviation, left bundle branch block." In which of the following would this documentation appear? a. Admission order b. Laboratory report c. ECG report d. Radiology report

c Documentation of these results would typically be found in the ECG report (Russo 2013a, 232, 235).

The function used to provide access controls, authentication, and audit logging in an HIE is: a. Patient identification b. Record location service c. Identity management d. Consent management

c Identity management provides security functionality, including determining who (or what information system) is authorized to access information, authentication services, audit logging, encryption, and transmission controls (Amatayakul 2016, 307).

Dr. Hall is an orthopedic surgeon performing a knee replacement on Mary. Mary was seen in Dr. Hall's office 2 months before the surgery and Dr. Hall documented her history and physical (H&P) at that point. Does this H&P meet documentation requirements for the surgery? a. No, the first H&P must be documented within 60 days before admission, and another H&P must be documented within 48 hours after admission to the hospital b. Yes, there are no requirements on when an H&P must be performed c. No, the H&P must be documented within 30 days before admission with an update within 24 hours after admission d. Yes, because the H&P was documented within 60 days

c Dr. Hall must document a new history and physical for Mary because the last history and physical was completed 60 days ago. A history and physical must be completed within 30 days of admission or within 24 hours after admission. If a history and physical is completed within 30 days of a surgery, an updated exam must be documented within 24 hours of admission and prior to the surgery or procedure (Brickner 2016, 84).

A coding analyst consistently enters the wrong code for patient gender in the computer billing system. What measures should be in place to minimize this data entry error? a. Access controls b. Audit trail c. Edit checks d. Password controls

c Edit checks assist in ensuring data integrity by allowing only reasonable and predetermined values to be entered into the computer (Rinehart-Thompson 2016c, 265).

The following table compares Community Hospital's pneumonia length of stay (observed LOS) to the pneumonia LOS of similar hospitals (expected LOS). Given this data, where might Community Hospital want to focus attention on its pneumonia LOS? LOS Summary for Pneumonia by Clinical Specialty Clinical Specialty Cases Observed LOS Expected LOS Savings Opportunity Cardiology 1 6 6.36 0 Family Practice 17 8.47 6.26 38 Internal Medicine 34 3.82 4.89 -36 Endocrinology 1 3 3.93 -1 Pediatrics 7 3.43 3.55 -1 a. Cardiology b. Endocrinology c. Family practice d. Internal medicine

c Family practice has the largest variance with the potential for the most savings (Shaw and Carter 2015, 95-97).

The HIM department recently performed an audit of health records. The audit showed that for the 10,000 records filed there was a 7 percent error rate. Given that the national average labor cost of each misfile is $200, what is the labor cost for the department for handling these misfiled records? a. $1,400 b. $14,000 c. $140,000 d. $285,714

c Filing accuracy can be checked by conducting a random audit of the storage area. To conduct a study, a section of the permanent file room can be checked for misfiles. Any files found are noted, and a filing accuracy rate can be determined and compared against the established standard. In this scenario, there was a 7 percent error rate for the 10,000 records filed in the sample. If the cost of each misfile is $200, this would cost the facility $140,000: (10,000 × 0.07) × $200 = $140,000 (Sayles 2016b, 66-67).

Given the following information, in which city is the GPCI the highest for practice expense? Sample Geographical Practice Cost Indices (GPCI) for Selected Cities City Work GPCI Practice Expense GPCI Malpractice Expense GPCI St. Louis 1.000 0.968 1.064 Dallas 1.009 1.001 0.969 Seattle 1.020 1.098 0.785 Philadelphia 1.015 1.084 1.619 a. St. Louis b. Dallas c. Seattle d. Philadelphia

c Geographic practice cost index (GPCI) is the number used to multiply each RVU so that it better reflects a geographical area's relative costs. The practice expense GPCI is higher in Seattle at 1.098 (Casto and Forrestal 2015, 152).

Which of the following is not true of good electronic forms design? a. Minimizes keystrokes by using pop-up menus b. Performs completeness check for all required data c. Uses radio buttons to select multiple items from a set of options d. Uses text boxes to enter text

c Good forms design is needed within an EHR to create ease of use. The use of a selection box allows the user to select a value from a predefined list. Check boxes are used for multiple selections and radio buttons are used for single selections (Sayles 2016b, 70-71).

For research purposes, an advantage of the Healthcare Cost and Utilization Project (HCUP) is that it: a. Contains only Medicare data b. Is used to determine pay for performance c. Contains data on all payer types d. Contains bibliographic listings from medical journals

c Healthcare Cost and Utilization Project (HCUP) consists of a set of databases that are unique because they include data on inpatients whose care is paid for by all types of payers, including Medicare, Medicaid, private insurance, self-paying, and uninsured patients. Data elements include demographic information, information on diagnoses and procedures, admission and discharge status, payment sources, total charges, length of stay, and information on the hospital or freestanding ambulatory surgery center (Sharp 2016, 188).

Which of the following is a secondary purpose of the health record? a. Support for provider reimbursement b. Support for patient self-management activities c. Support for research d. Support for patient care delivery

c Healthcare is a sophisticated industry and information from the health record is used for many purposes not related specifically to patient care. These secondary purposes include support for public health and research (Sayles 2016b, 52-53).

Which of the following is not true of Notices of Privacy Practices? a. Must be made available at the site where the individual is treated b. Must be posted in a prominent place c. Must contain content that may not be changed d. Must be prominently posted on the covered entity's website when the entity has one

c Healthcare providers with a direct treatment relationship with an individual must provide the notice of privacy practices no later than the date of the first service delivery (for example, first visit to a physician's office, first admission to a hospital, or first encounter at a clinic), including service delivered electronically. Notices must be available at the site where the individual is treated and must be posted in a prominent place where patients can reasonably be expected to read it. If the facility has a website with information on the covered entity's services or benefits, the notice of privacy practices must be prominently posted to it (Rinehart-Thompson 2016b, 230-231).

What type of health record policy dictates how long individual health records must remain available for authorized use? a. Disclosure policies b. Legal policies c. Retention policies d. Redisclosure policies

c Hospitals and other healthcare facilities develop health record retention policies to ensure that health records comply with all applicable state and federal regulations, accreditation standards, as well as meet future patient care needs. Most states have established regulations that address how long health records and other healthcare-related documents must be maintained before they can be destroyed (Fahrenholz 2013a, 109).

For HIPAA implementation specifications that are addressable, which of the following statements is true? a. The covered entity must implement the specification. b. The covered entity may choose not to implement the specification if implementation is too costly. c. The covered entity must conduct a risk assessment to determine whether the specification is appropriate to its environment. d. If the covered entity is a small hospital, the specification does not have to be implemented.

c Implementation specifications define how standards are to be implemented. Implementation specifications are either "required" or "addressable." Covered entities must implement all implementation specifications that are "required." For those implementation specifications that are labeled addressable, the covered entity must conduct a risk assessment and evaluate whether the specification is appropriate to its environment (Rinehart-Thompson 2016c, 271).

Which of the following is a risk of copy and pasting? a. Reduction in the time required to document b. System may not save data c. Copying the note in the wrong patient's record d. System thinking that the information belongs to the patient from whom the content is being copied

c In the EHR, the user is able to copy and paste free text from one patient or patient encounter to another. This practice is dangerous as inaccurate information can easily be copied. One of the risks to documentation integrity of using copy functionality includes propagation of false information in the record (Sayles 2016b, 69).

The right of an individual to keep personal health information from being disclosed to anyone is a definition of: a. Confidentiality b. Integrity c. Privacy d. Security

c In the context of healthcare, privacy can be defined as the right of individuals to control access to their personal health information (Rinehart-Thompson 2016b, 214).

Which of the following is an individual user of the health record? a. Public health department b. State data bank c. Coding and billing staff d. Third-party payer

c Individual users are those who depend on the health record in order to complete their job. Documentation in the health record is the basis for reimbursement or payment for the care provided. The coding and billing staff use patient specific information in their day-to-day work (Sayles 2016b, 53-55).

The term used to describe controlling information is ________. a. Information power b. Information authority c. Information governance d. Information policy

c Information governance is the accountability framework and decision rights to achieve enterprise information management (Sayles 2016a, 6).

Which of the following materials is not documented in an emergency care record? a. Patient's instructions at discharge b. Time and means of the patient's arrival c. Patient's complete medical history d. Emergency care administered before arrival at the facility

c Information typically included in the patient's health record for an emergency visit includes: patient's instructions at discharge, time and means of patient's arrival, emergency care administered before arrival at the facility, clinical observations, and the like. The patient's complete health history would not be included in the record (Brickner 2016, 100-101).

Mr. Jones was admitted to the hospital on March 21 and discharged on April 1. What was the length of stay for Mr. Jones? a. 5 days b. 10 days c. 11 days d. 15 days

c Length of stay (LOS) is calculated for each patient after he or she is discharged from the hospital. It is the number of calendar days from the day of patient admission to the day of discharge (31 - 21) + 1 = 11 days (Horton 2016b, 390).

Sally has requested an accounting of PHI disclosures from Community Hospital. Which of the following must be included in an accounting of disclosures to comply with this request? a. PHI related to treatment, payment, and operations b. PHI provided to meet national security or intelligence requirements c. PHI sent to a physician who has not treated Sally d. PHI released to Sally's attorney upon her request

c Maintaining some type of accounting procedure for monitoring and tracking PHI disclosures has been a common practice in departments that manage health information. However, the Privacy Rule has a specific standard with respect to such record keeping. Disclosures for which an accounting is not required and which are therefore exempt include some of the following examples: TPO disclosures, pursuant to an authorization, and to meet national security or intelligence requirements. PHI sent to a physician that has not treated the patient would need to be accounted for (Rinehart-Thompson 2017d, 247-248).

The hospital currently has a hybrid health record. Nurses and clinicians are recording bedside documentation electronically in a clinical documentation system, while most other documentation, such as physician progress notes and orders, are paper based and stored in a paper health record, making retrieval of the complete record after discharge difficult and risking the record's integrity. Given these circumstances, which of the following should the HIM director implement to alleviate these problems and preserve the efficiencies of an electronic record? a. Print out all electronic data postdischarge and file with the rest of the paper record b. Microfilm all electronic data and link to the paper record c. Digitally scan all paper records postdischarge, and integrate and index these into the existing electronic document management system d. Do not scan any of the paper records

c Many hospitals incorporate documents into their EHR systems. Digital scanners create images of handwritten and printed documents that are then stored in health record databases as electronic files in their electronic document management system (EDMS). Using scanned images solves many of the problems associated with traditional paper-based health records and hybrid records (Russo 2013a, 335).

Community Hospital has been collecting quarterly data on the average monthly health record delinquency rate for the hospital. This graph depicts the trend in the delinquency rate. The hospital has established a 35 percent benchmark. Given this data, what should the hospital's Performance Improvement Council recommend? a. Continue tracking the delinquency rate to see if the last two quarters' trend continues b. Establish a higher benchmark to accommodate an increase in delinquent records c. Further analyze the data to determine why the benchmark is not being met d. Take an average of all the data points to arrive at a new benchmark

c Once a benchmark for each performance measure is determined, analyzing data collection results becomes more meaningful. Often, further study or more focused data collection on a performance measure is triggered when data collection results fall outside the established benchmark. When variation is discovered or when unexpected events suggest performance problems, members of the organization may decide there is an opportunity for improvement (Shaw and Carter 2015, 29).

During user acceptance testing of a new EHR system, physicians are complaining that they have to use multiple log-on screens to access all the system modules. For example, they have to use one log-on for CPOE and another log-on to view laboratory results. One physician suggests having a single sign-on that would provide access to all the EHR system components. However, the hospital administrator thinks that one log-on would be a security issue. What information should the HIM director provide? a. Single sign-on is not supported by HIPAA security measures. b. Single sign-on is discouraged by the Joint Commission. c. Single sign-on is less frustrating for the end user and can provide better security. d. Single sign-on is not possible given today's technology.

c Single sign-on allows sign-on to multiple related, but independent, software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems (Rinehart-Thompson 2016c, 263).

A health information technician receives a subpoena ad testificandum. To respond to the subpoena, which of the following should the technician do? a. Review the subpoena to determine what documents must be produced b. Review the subpoena and notify the hospital administrator c. Review the subpoena and appear at the time and place supplied to give testimony d. Review the subpoena and alert the hospital's risk management department

c Sometimes HIM professionals are subpoenaed to testify as to the authenticity of the health records by confirming that they were compiled in the normal course of business and have not been altered in any way. A subpoena that is issued to elicit testimony is a subpoena ad testificandum (Rinehart-Thompson 2016b, 215).

Which of the following would be the best technique to ensure nurses do not omit any essential information on the nursing intake assessment in an EHR? a. Add validation edits on all essential fields b. Provide an input mask for essential data fields c. Make all essential data fields required d. Provide sufficient space for all essential fields

c Standardization of the collection of patient data is essential to collect the proper information and reach data quality levels needed to support the enhancement of patient care and the healthcare industry. Templates can be created for common types of notes, visits, and procedures (Brinda 2016, 159).

What is the primary purpose of structured data entry? a. Provide providers with as many options as possible b. Speed up data entry c. Reduce documentation variability d. Comply with regulatory rules

c Structured data entry techniques constrain data capture into a common format or vocabulary. A purpose of structured data entry is to reduce variability in terminology, allowing for standardization (Johns 2015, 231).

The HIM supervisor suspects that a departmental employee is accessing the EHR for personal reasons, but has no specific data to support this suspicion. In this case, what should the supervisor do? a. Confront the employee. b. Send out a memorandum to all department employees reminding them of the hospital policy on Internet use. c. Ask the security officer for audit trail data to confirm or disprove the suspicion. d. Transfer the employee to another job that does not require computer usage.

c The HIM supervisor should determine if a breach has occurred before action is taken. This can be done using an audit trail, which is a software program that tracks access to data in the EHR. It logs the name of the individual who accessed the data, the date and time, and the action taken (for example, modifying, reading, or deleting data) (Rinehart-Thompson 2016c, 265).

Community Hospital is discussing restricting the access that physicians have to electronic health records. The medical record committee is divided on how to approach this issue. Some committee members maintain that all information should be available, whereas others maintain that HIPAA restricts access. The HIM director is part of the committee. Which of the following should the director advise the committee? a. HIPAA restricts the access of physicians to all information. b. The "minimum necessary" concept does not apply to disclosures made for treatment purposes; therefore, physician access should not be restricted. c. The "minimum necessary" concept does not apply to disclosures made for treatment purposes, but the organization must define what physicians need as part of their treatment role. d. The "minimum necessary" concept applies only to attending physicians, and therefore, restriction of access must be implemented.

c The HIPAA Privacy Rule concept of "minimum necessary" does not apply to disclosures made for treatment purposes. However, the covered entity must define, within the organization, what information physicians need as part of their treatment role (Thomason 2013, 5).

Community Hospital is planning implementation of various elements of the EHR in the next six months. Physicians have requested the ability to access the EHR from their offices and from home. What advice should the HIM director provide? a. HIPAA regulations do not allow this type of access. b. This access would be covered under the release of PHI for treatment purposes and poses no security or confidentiality threats. c. Access can be permitted providing that appropriate safeguards are put in place to protect against threats to security. d. Access can be permitted because the physicians are on the medical staff of the hospital and are covered by HIPAA as employees.

c The HIPAA Privacy Rule permits healthcare providers to access protected health information for treatment purposes. However, there is also a requirement that the covered entity provide reasonable safeguards to protect the information. These requirements are not easy to meet when the access is from an unsecured location, although policies, medical staff bylaws, confidentiality or other agreements, and a careful use of new technology can mitigate some risks (Thomason 2013, 46).

St. Joseph's Hospital has a psychiatric service on the sixth floor of the hospital. A 31-year-old male has come to the HIM department and requested to see a copy of his medical record. He indicated he was a patient of Dr. Schmidt, a psychiatrist, and that he was on the sixth floor of St. Joseph's for the last two months. These records are not psychotherapy notes. Of the options here, what is the best course of action? a. Prohibit the patient from accessing his record, as it contains psychiatric diagnoses that may greatly upset him. b. Allow the patient to access his record. c. Allow the patient to access his record if, after contacting his physician, his physician does not think it will be harmful to the patient. d. Deny access because HIPAA prevents patients from reviewing their psychiatric records.

c The HIPAA Privacy Rule provides patients with significant rights that allow them to have some measure of control over their health information. As long as state laws or regulations or the physician do not state otherwise, competent adult patients have the right to access their health record (Rinehart-Thompson 2017d, 243-244).

In which of the following situations must a covered entity provide an appeals process for denials to requests from individuals to see their own health information? a. Any time access is requested b. When the covered entity is a correctional institution c. When a licensed healthcare professional has determined that access to PHI would likely endanger the life or safety of the individual d. When the covered entity is unable to produce the health record

c The HIPAA Privacy Rule provides patients with significant rights that allow them to have some measure of control over their health information. As long as state laws or regulations or the physician does not state otherwise (such as when a licensed healthcare professional has determined that access would likely endanger the life or safety of the individual) competent adult patients have the right to access their health record (Rinehart-Thompson 2017d, 243-244).

Community Hospital is terminating its business associate relationship with a medical transcription company. The transcription company has no further need for any identifiable information that it may have obtained in the course of its business with the hospital. The CFO of the hospital believes that to be HIPAA compliant, all that is necessary is for the termination to be in a formal letter signed by the CEO. In this case, how should the director of HIM advise the CFO? a. Determine that a formal letter of termination meets HIPAA requirements and no further action is required. b. Confirm that a formal letter of termination meets HIPAA requirements and no further action is required except that the termination notice needs to be retained for seven years. c. Confirm that a formal letter of termination is required and that the transcription company must provide the hospital with a certification that all PHI that it had in its possession has been destroyed or returned. d. Inform the CFO that business associate agreements cannot be terminated.

c The HIPAA Privacy Rule requires the covered entity to have business associate agreements in place with each business associate. This agreement must always include provisions regarding destruction or return of protected health information (PHI) upon termination of a business associate's services. Upon notice of the termination, the covered entity needs to contact the business associate and determine if the entity still retains any protected health information from, or created for, the covered entity. The PHI must be destroyed, returned to the covered entity, or transferred to another business associate. Once the PHI is transferred or destroyed, it is recommended that the covered entity obtain a certification from the business associate that either it has no PHI, or all PHI it had has been destroyed or returned to the covered entity (Thomason 2013, 18).

Which of the following has been responsible for accrediting healthcare organizations since the mid-1950s and determines whether the organization is continually monitoring and improving the quality of care provided? a. Commission on Accreditation of Rehabilitation Facilities b. American Osteopathic Association c. National Committee for Quality Assurance d. The Joint Commission

c The Joint Commission has been the most visible organization responsible for accrediting healthcare organizations since the mid-1950s. The primary focus of the Joint Commission at this time is to determine whether organizations seeking accreditation are continually monitoring the quality of the care they provide. The Joint Commission requires that this continual improvement process be in place throughout the entire organization, from the governing body down, as well as across all department lines (Shaw and Carter 2015, 406).

Community Hospital wants to compare its hospital-acquired urinary tract infection (UTI) rate for Medicare patients with the national average. The hospital is using the MEDPAR database for its comparison. The MEDPAR database contains 13,000,000 discharges. Of these individuals, 200,000 were admitted with a principal diagnosis of UTI; another 300,000 were admitted with a principal diagnosis of infectious disease, and 700,000 had a diagnosis of hypertension. Given this information, which of the following would provide the best comparison data for Community Hospital? a. All individuals in the MEDPAR database b. All individuals in the MEDPAR database except those admitted with a principal diagnosis of UTI c. All individuals in the MEDPAR database except those admitted with a principal diagnosis of UTI or infectious disease d. All individuals in the MEDPAR database except those admitted with a diagnosis of hypertension

c The Medicare Provider Analysis and Review (MEDPAR) file is made up of acute care hospital and skilled nursing facility (SNF) claims data for all Medicare claims. The MEDPAR file is frequently used for research on topics such as charges for particular types of care and DRGs. The limitation of the MEDPAR data for research purposes is that the file contains only Medicare patients. Community Hospital is excluding MEDPAR data of those patients with a principal diagnosis of UTI or infectious disease because these would not represent a hospital acquired condition (HAC) because the patients were admitted with those diagnoses. Community Hospital is looking for comparative secondary diagnosis data of Medicare patients from the MEDPAR file to compare their HAC rate for UTIs to the national average from the MEDPAR data (Gordon and Gordon 2016a, 437; Sharp 2016, 185).

OASIS-C data are used to assess the ________ of home health services. a. Core measure b. Financial performance c. Outcome d. Utilization

c The Outcomes and Assessment Information Set (OASIS-C) consists of data elements that represent core items for the comprehensive assessment of an adult home care patient and form the basis for measuring patient outcomes for the purpose of outcome-based quality improvement (White 2013, 565-566; Giannangelo 2015, 254).

The sister of a patient requests the HIM department to release copies of her brother's health record to her. She states that because the doctor documented her name as her brother's caregiver that HIPAA regulations apply and that she may receive copies of her brother's health record. In this case, how should the HIM department proceed? a. Provide the copies as requested since the sister was a caregiver. b. Provide only copies of the reports where the sister's name is mentioned. c. Refuse the request. d. Refer the individual to legal counsel.

c The Privacy Rule addresses the issue of personal representatives. Personal representatives are those who are legally authorized to make healthcare decisions on an individual's behalf or to act on behalf of a deceased individual or that individual's estate. Under the Privacy Rule, then, a personal representative must be treated the same as the individual regarding the use and disclosure of the individual's PHI. In this instance, the fact that the sister is listed in the health record as the caregiver does not make her legally authorized as a personal representative under the Privacy Rule. Her request should be refused (Rinehart-Thompson 2017c, 215-216).

What is the first step an organization should take when developing a data dictionary? a. Develop an approvals process b. Integrate common data elements c. Design a plan d. Ensure consistency

c The data dictionary should be designed to accommodate changes resulting from clinical or technical advances and regulatory changes. There should be a plan for future expansion, such as expanding a data field from one element to multiple elements. This becomes problematic when comparing data across time if the meaning of a particular element has changed while its name or representation has not (Russo 2013b, 322).

Community Hospital performed a cost-savings analysis between its current paper-based, on-site coding processes and an e-WebCoding telecommuting model. Given the graph here, what does the cost analysis show? a. The current system saves more than the e-WebCoding system would. b. The current system reduces DNFB significantly. c. Cost comparison reflects a net reduction in overall expenses on a monthly basis for the e-WebCoding system. d. There is not enough information to make a determination.

c The data on the graph show there is a net reduction in overall expenses on a monthly basis for the e-WebCoding system. Learning to use data analysis tools and data aggregation techniques is important for improvement decisions. Making decisions based on actual experience and aggregate data is much better than making decisions based on intuition or gut feelings (Shaw and Carter 2015, 95-97).

Which one of the following indexes contains a list maintained in diagnosis code number order for patients who are discharged from a facility during a particular time period? a. Physician b. Master patient c. Disease d. Operation

c The disease index is a listing in diagnosis code number order for patients discharged from the facility during a particular time period. Each patient's diagnosis is converted from a verbal description to a numerical code, usually using the International Classification of Diseases . The patient's diagnosis codes are entered into the facility's health information system as part of the discharge processing of the patient's health record (Brinda 2016, 147).

Community Memorial Hospital had 25 inpatient deaths, including newborns, during the month of June. The hospital had a total of 500 discharges for the same period, including deaths of adults, children, and newborns. The hospital's gross death rate for the month of June was: a. 0.05% b. 2% c. 5% d. 20%

c The gross death rate is the proportion of all hospital discharges that ended in death. It is the basic indicator of mortality in a healthcare facility. The gross death rate is calculated by dividing the total number of deaths occurring in a given time period by the total number of discharges, including deaths, for the same time period: 25/500 = 0.05 × 100 = 5% (Horton 2016b, 392-393).

The HIM department at Community Hospital has three full time coders. One is considered the lead coder and his salary is $20.35 per hour. One coder is a new graduate who makes $15.50 per hour and the third coder is an experienced employee who earns $18.90 per hour. The lead coder codes four records per hour; the new coder codes three records per hour and their experienced coder codes six records per hour. Using a 7.5-hour productive day, what is the unit cost for the lead coder? a. $3.36 per record b. $4.49 per record c. $5.43 per record d. $5.51 per record

c The lead coder's annual salary is $20.35 × 2,080 (hours per year) = $42,328. The lead coder's productivity is 7.5 hours per day × 4 records per hour = 30 records per day. 30 records per day × 5 days per week × 52 weeks per year = 7,800 records per year. Yearly salary of $42,328 / 7,800 records per year = $2.556 = $5.43 per record (Horton 2016a, 174-175).

Which of the following is characteristic of the legal health record? a. It must be electronic b. It includes the designated record set c. It is the record disclosed upon request d. It includes a patient's personal health record

c The legal health record distinction is important for several reasons. First, it is important to an organization's business and legal processes. Second, because the legal health record is the record that is produced upon request, including legal requests, it becomes important to ensure that the legal health record is legally sound and defensible as a valid document in legal situations (Rinehart-Thompson 2016a, 206).

Which of the following systems is the key to identifying a patient's multiple hospitalizations? a. CDR b. CPOE c. MPI d. R-ADT

c The master patient index assigns a unique patient identifier to a patient. This facilitates managing a patient's multiple encounters as a "unit" over the course of a lifetime (Johns 2015, 55).

What is the mean for the following frequency distribution: 10, 15, 20, 25, 25? a. 47.5 b. 20 c. 19 d. 95

c The mean is the arithmetic average of frequency distribution. Put simply, it is the sum of all the values in a frequency distribution divided by the frequency: (10 + 15 + 20 + 25 + 25) / 5 = 19 (Watzlaf 2016, 359).

Community Hospital discharged nine patients on April 1. The length of stay for each of the patients was as follows: for patient A, 1 day; for patient B, 5 days; for patient C, 3 days; for patient D, 3 days; for patient E, 8 days; for patient F, 8 days; for patient G, 8 days; for patient H, 9 days; patient I, 9 days. What was the median length of stay? a. 5 days b. 6 days c. 8 days d. 9 days

c The median is the midpoint of a frequency distribution. It is the point at which 50 percent of observations fall above and 50 percent fall below. Eight is the mid-point of the distribution where 50 percent of the observations fall above and below eight (Watzlaf 2016, 359).

A report that lists the ICD-10-CM codes associated with each physician in a healthcare facility can be used to assess the quality of the physician's services before he or she is: a. Scheduled for a coding audit b. Subjected to corrective action c. Recommended for staff reappointment d. Involved in an in-house training program

c The medical staff department is particularly interested in the ICD-10-CM codes associated with each physician. Because diagnostic codes can identify untoward events that occur during hospitalization, the quality of a physician's services can be identified through reports called physician reappointment summaries. These summaries outline the number of cases by diagnosis and procedure type, LOS, and infection and mortality statistics. At reappointment to a facility's medical staff, code-based reports are required. The medical staff department accumulates these reports and works with the elected or appointed medical staff leadership to ensure that a thorough analysis of each physician's activities takes place before he or she is reappointed to the staff (Schraffenberger and Kuehn 2011, 443).

Which of the following reports includes names of the surgeon and assistants, date, duration, and description of the procedure and any specimens removed? a. Anesthesia report b. Laboratory report c. Operative report d. Pathology report

c The operative report describes the surgical procedures performed on the patient. Each report typically includes the name of the surgeon and assistants; date, duration, and description of the procedure; preoperative and postoperative diagnosis; estimated blood loss; descriptions of any unusual or unique events during the course of the surgery, normal and abnormal findings, as well as any specimens that were removed (Brickner 2016, 95).

Identify where the following information would be found in the acute-care record: "Following induction of an adequate general anesthesia, and with the patient supine on the padded table, the left upper extremity was prepped and draped in the standard fashion." a. Anesthesia report b. Physician progress notes c. Operative report d. Recovery room record

c The operative report describes the surgical procedures performed on the patient. The operative report should be written or dictated by the surgeon immediately after surgery and become part of the health record (Brickner 2016, 95).

What is the official count of inpatients taken at midnight called? a. Average daily census b. Census c. Daily inpatient census d. Inpatient service days

c The result of the official count taken at midnight is the daily inpatient census (Horton 2016b, 386).

In the scatter chart below what can be concluded about the relationship between age and income. a. There is a strong negative relationship between age and income b. There is no relationship between age and income c. There is a strong positive relationship between age and income d. There is not enough information to determine the relationship

c The scatter chart is showing a strong positive relationship between age and income because as age increases so does income. A negative relationship would show that as age increases income decreases, and that is not the case in this scatter chart example (Watzlaf 2016, 353).

A secondary purpose of the health record is to provide support for which of the following? a. Provider reimbursement b. Patient self-management activities c. Research d. Patient care delivery

c The secondary purposes of the health record are not associated with specific encounters between patient and healthcare professional. Rather, they are related to the environment in which patient care is provided. Some secondary purposes are: support for research, to serve as evidence in litigation, to allocate resources, to plan market strategy, and the like (Sayles 2016b, 52-53).

Central City Clinic has requested that Ghent Hospital send its hospital records for Susan Hall's most recent admission to the clinic for her follow-up appointment. Which of the following statements is true? a. The Privacy Rule requires that Susan Hall complete a written authorization. b. The hospital may send only the discharge summary, history and physical, and operative report. c. The Privacy Rule's minimum necessary requirement does not apply. d. This "public interest and benefit" disclosure does not require the patient's authorization.

c There are certain circumstances where the minimum necessary requirement does not apply, such as to healthcare providers for treatment; to the individual or his personal representative; pursuant to the individual's authorization to the secretary of the HHS for investigations, compliance review, or enforcement; as required by law; or to meet other Privacy Rule compliance requirements (164.502(b)(2); Rinehart-Thompson 2017c, 234).

Release of birth and death information to public health authorities: a. Is prohibited without patient consent b. Is prohibited without patient authorization c. Is a public interest and benefit disclosure that does not require patient authorization d. Requires both patient consent and authorization

c There are circumstances where PHI can be used or disclosed without the individual's authorization and without granting the individual the opportunity to agree or object. Some of these circumstances include preventing or controlling diseases, injuries, and disabilities, and reporting disease, injury, and vital events such as births and deaths (Rinehart-Thompson 2016b, 235).

Which of the following is not an element that makes information "PHI" under the HIPAA Privacy Rule? a. Identifies an individual b. In the custody of or transmitted by a CE or its BA c. Contained within a personnel file d. Relates to one's health condition

c To meet the individually identifiable element of PHI, the information must meet all three portions of a three-part test: it must either identify the person or provide a reasonable basis to believe the person could be identified from the information given; it must relate to one's past, present, or future physical or mental health condition, the provision of healthcare, or payment for the provision of healthcare; and it must be held or transmitted by a covered entity or its business associate (Rinehart-Thompson 2017c, 213).

Spoliation can be defined as which of the following? a. It is required after a legal hold is imposed b. It is the negligent destruction or changing of information c. It is destroying, changing, or hiding evidence intentionally d. It can only be performed on records that are involved in a court proceeding

c To preserve discoverable data, they must also ensure that records involved in litigation or potential litigation are preserved through a legal hold, which is generally a court order to preserve a health record if there is concern about destruction. A legal hold supersedes routine destruction procedures. It also prevents spoliation—the act of destroying, changing, or hiding evidence intentionally (Rinehart-Thompson 2016b, 216).

Which of the following statements is false with regard to the HIPAA Privacy Rule? a. A notice of privacy practices must be written in plain language. b. A notice of privacy practices must have a statement that other uses and disclosures will be made only with the individual's written authorization and that the individual may revoke such authorization. c. An authorization must be obtained for uses and disclosures for treatment, payment, and operations. d. A notice of privacy practices must give an example of a use or disclosure for healthcare operations.

c Under the Privacy Rule, healthcare providers are not required to obtain patient consent to use or disclose personal identifiable information for treatment, payment, and healthcare operations (Rinehart-Thompson 2016b, 223).

Hospital A discharges 10,000 patients per year. Hospital B is located in the same town and discharges 5,000 patients per year. At Hospital B's medical staff committee meeting, a physician reports that he is concerned about the quality of care at Hospital B because the hospital has double the number of deaths per year than Hospital A. The HIM director is attending the meeting in a staff position. Which of the following actions should the director take? a. Make no comment since this is a medical staff meeting. b. Agree with the physician that the data suggest a quality issue. c. Suggest that the data be adjusted for possible differences in type and volume of patients treated. d. Suggest that an audit be done immediately to determine the cause of deaths within the hospital.

c When doing external benchmarking, the other organizations need not be in the same region of the country, but they should be comparable in terms of patient mix and size. The data from the two hospitals are not comparable because Hospital A discharges more patients than Hospital B. In addition, data on the comparability of severity of illness between the two hospitals is lacking and an informed decision cannot be made (Shaw and Carter 2015, 46).

External security threats can be caused by which of the following? a. Employees who steal data during work time b. A facility's water pipes bursting c. Tornadoes d. The failure of a facility's software

c All threats can be categorized as either internal threats (threats that originate within an organization) or external threats (threats that originate outside an organization). People are not the only threats to data security. Natural disasters such as earthquakes, tornadoes, floods, and hurricanes can demolish physical facilities and electrical utilities (Rinehart-Thompson 2016c, 256-257).

Community Hospital's HIM department conducted a random sample of 200 inpatient health records to determine the timeliness of the history and physicals completion. Nine records were found to be out of compliance with the 24-hour requirement. Which of the following percentages represents the H&P timeliness rate at Community Hospital? a. 4.5% b. 21.2% c. 66.7% d. 95.5%

d A complete history and physical report represents the attending physician's assessment of the patient's current health status, and accreditation standards require it to be completed within 24 hours of admission. In this case, 191 instances of timely H&Ps out of 200 sampled is 95.5% accuracy. The calculation is (191/200) × 100 = 95.5% (Brickner 2016, 84; Horton 2016b, 383).

A critical early step in designing an EHR is to develop a(n) ________ in which the characteristics of each data element are defined. a. Accreditation manual b. Core content c. Continuity of care record d. Data dictionary

d A data dictionary improves data validity and reliability within, across, and outside the enterprise because it ensures that each piece of data can only mean one thing. A critical early step in implementing the EHR is to develop a data dictionary (Brinda 2016, 141-142).

Community Hospital's HIM department conducted a random sample of 150 inpatient health records to determine the discharge summary completion timeliness rate. Thirteen discharged were determined to be out of compliance with completion standards. Which of the following percentages represents the timeliness rate for discharge summaries at Community Hospital? a. 8.7% b. 9.5% c. 41.5% d. 91.3%

d A discharge summary is a concise account of the patient's illness, course of treatment, response to treatment, and condition at the time of patient discharge from the hospital. Accreditation requirements state that the record needs to be complete within 30 days of discharge. Hospitals set completion standards based on this requirement. Record completion would include the discharge summary (137/150) × 100 = 91.3% (Brickner 2016, 97).

This type of chart plots all data points as a cell for two given variables of interest and, depending on frequency of observations in each cell, provides color to visualize high or low frequency. a. Barplot b. Scatter plot c. Boxplot d. Heatmap

d A heat map plots all data points as a cell for two given variables or interest, and depending on frequency of observations in each cell, provides color to visualize high or low frequency (Kellogg 2016a, 41).

If you want to display the parts of a whole in graphic form, what graphic technique would you use? a. Table b. Histogram c. Line graph d. Pie chart

d A pie chart is an easily understood chart in which the sizes of the slices of the pie show the proportional contribution of each part. Pie charts can be used to show the component parts of a single group or variable (Watzlaf 2016, 351). 133 Correct0 Wrong0 Unanswered133

A special web page that offers secure access to data is a(n): a. Internet b. Home page c. Intranet d. Portal

d A portal is a special application to provide secure remote access to specific applications (Brinda 2016, 162).

At Community Hospital, each full-time employee is required to work 2,080 hours annually. The table below shows the amount of time that four employees were absent from work over the past year. Community Hospital Health Information Management Department Coding Section Absentee Report Annual Statistics, 20XX Employee Name Vacation Hours Used Sick Leave Hours Used A 40 6 B 22 16 C 36 8 D 80 32 Which employee had the highest absentee rate? a. Employee A b. Employee B c. Employee C d. Employee D

d A rate is a ratio in which there is a distinct relationship between the numerator and denominator and the denominator often implies a large base population. Coder D had the highest absentee rate. In this situation the vacation hours used is added to the sick leave hours used and multiplied by 100 divided by 2,080 hours (for a full time employee). The absentee rate for each employee is calculated as follows: Coder A: [(40 + 6) × 100] / 2,080 = 4,600 / 2,080 = 2.21%; Coder B: [(22 + 16) × 100] / 2,080 = 3,800 / 2,080 = 1.826 = 1.83%; Coder C: [(36 + 8) × 100] / 2,080 = 4,400 / 2,080 = 2.115 = 2.12%; Coder D: [(80 + 32) × 100] / 2,080 = 11,200 / 2,080 = 5.38% (Horton 2016a, 23).

A subpoena duces tecum compels the recipient to: a. Serve on a jury b. Answer a complaint c. Testify at trial d. Bring records to a legal proceeding

d A subpoena duces tecum instructs the recipient to bring documents and other records with himself or herself to a deposition or to court (Rinehart-Thompson 2017a, 59).

Analyze the following report of physician deficiency rates and determine which physician has the lowest deficiency rate for H&Ps completed within 24 hours of admission. Community Hospital Health Information Services Physician Documentation Deficiencies January 20XX Physician No. No. Admissions No. of H&Ps Not Completed within 24 Hours of Admission Rate of Deficiency 102 189 5 2.64 237 234 4 1.71 391 98 8 8.16 518 122 5 4.10 637 178 3 1.69 a. 102 b. 237 c. 391 d. 637

d A table is an orderly arrangement of values that groups data into rows and columns. Almost any type of quantitative information can be grouped into tables. Columns allow you to read data up and down, and rows allow you to read data across. The columns and rows should be labeled. In this table, the physician with the lowest rate of deficiency is number 637 (Horton 2016a, 249-250).

Which of the following are components of AHIMA's principles of information governance? a. Accountability and accessibility b. Integrity and safeguards c. Safeguards and accessibility d. Accountability and integrity

d AHIMA defined the following principles to support proper information governance across an organization: accountability, transparency, integrity, protection, compliance, availability, disposition, and retention (Brinda 2016, 150-151).

After the types of cases to be included in a registry have been determined, what is the next step in data acquisition? a. Case registration b. Case definition c. Case abstracting d. Case finding

d After the cases to be included have been determined, the next step is usually case finding. Case finding is a method used to identify the patients who have been seen or treated in the facility for the particular disease or condition of interest to the registry (Sharp 2016, 175).

Which of the following is the healthcare industry's leading standards-setting body in the country? a. Agency for Healthcare Research and Quality b. National Guideline Clearinghouse c. National Committee for Quality Assurance d. The Joint Commission

d Although there are many high quality accreditation organizations in existence today, all with the common goals of patient safety and the delivery of high quality healthcare to patients, the Joint Commission has been an industry leader in the area of healthcare provider organization accreditation (Brickner 2016, 85).

When a patient revokes authorization for release of information after a healthcare facility has already released the information, the facility in this case: a. May be prosecuted for invasion of privacy b. Has become subject to civil action c. Has violated the security regulations of HIPAA d. Is protected by the Privacy Act

d An individual may revoke an authorization at any time, provided that he or she does so in writing. However, the revocation does not apply when the covered entity has already taken action on the authorization (Rinehart-Thompson 2017c, 223).

Under HIPAA, which of the following is not named as a covered entity? a. Attending physician b. Healthcare clearinghouse c. Health plan d. Outsourced transcription company

d An outsourced transcription company and vendor would be business associates of a covered entity (CE). Although business associates are not directly regulated by the Privacy Rule, they do come under the Privacy Rule's requirements by virtue of their association with one or more CEs. A business associate is a person or organization other than a member of a CE's workforce that performs functions or activities on behalf of or affecting a CE that involve the use or disclosure of individually identifiable health information (45 CFR 160.103(1); Rinehart- Thompson 2017c, 210-211).

Ted and Mary are the adoptive parents of Susan, a minor. What is the best way for them to obtain a copy of Susan's operative report? a. Wait until Susan is 18 b. Present an authorization signed by the court that granted the adoption c. Present an authorization signed by Susan's natural (birth) parents d. Present an authorization that at least one of them (Ted or Mary) has signed

d Because minors are, as a general rule, legally incompetent and unable to make decisions regarding the use and disclosure of their own health information, this authority belongs to the minor's parent(s) or legal guardian(s) unless an exception applies. Because privacy, security, and confidentiality of minor records are extremely regulated, HIM professionals should also consult state regulations or legal counsel for specific questions. Generally, only one parent signature is required to authorize the use or disclosure of the minor's PHI (Brodnik 2017b, 343).

The HIM data analytics professional is reviewing a chart (shown here) on nosocomial infections presented by the hospital's infection control committee. The committee is reporting that the decrease in infection rate has accelerated during the past 10 years. What comments should the data analytics professional make? a. Concur with the conclusion of the committee b. State that the greatest decrease in infection rate in a year took place in 2005 c. State that the greatest decrease in infection rate occurred in 1960 and 1970 d. Request a new data chart be presented that accurately reflects the trend of infection rate

d Both x and y axes are in unequal measures, so data are not accurately represented. Line graphs are used to display time trends as opposed to a histogram or bar chart (Watzlaf 2016, 351).

Two coders have found the same abbreviation on two records. One abbreviation of "O.D." was used on an eye health record to mean "right eye." The other abbreviation on another patient's record was used to mean "overdose" on an abuse record. What data quality component is lacking here? a. Timeliness b. Completeness c. Security d. Consistency

d Characteristics for data entry should be uniform throughout the health record to ensure consistency. Abbreviations are extremely easy to use; however, data must have definitions and be uniform to prevent information inconsistencies (Sayles and Trawick 2014, 40, 46).

A competent individual has the following rights concerning his or her healthcare: a. Right to consent to treatment and the right to destroy their original health record b. Right to destroy their original health record and the right to refuse treatment c. Right to access his or her own PHI and the right to take the original record with them d. Right to consent to treatment and the right to access his or her own PHI

d Competent adults have a general right to consent to or refuse medical treatment. In general, a competent adult has the right to request, receive, examine, copy, and authorize disclosure of the patient's healthcare information (Brodnik 2017b, 341-342).

What is the status conferred by a national professional organization that is dedicated to a specific area of healthcare practice? a. Degree b. Certificate c. License d. Credential

d Credentials are the recognition by healthcare organizations of previous professional practice responsibilities and experiences commonly accorded to licensed independent practitioners and are usually conferred by a national professional organization dedicated to a specific area of healthcare practice (Shaw and Carter 2015, 336).

Which of the following is not a recommended guideline for maintaining integrity in the health record? a. Specifying consequences for the falsification of information b. Requiring periodic training covering the falsification of information and information security c. Prohibiting the entry of false information into any of the organizations' records d. Assuring documentation that is being changed is permanently deleted from the record

d Data integrity is the assurance that the data entered into an electronic system or maintained on paper are only accessed and amended by individuals with the authority to do so. Data integrity includes data governance, patient identification, authorship validation, amendments and record correction, and audit validation for reimbursement purposes. These functions ensure that the data is protected and altered by authorized individuals as per policy (Brinda 2016, 152).

The patient's address is the same in the master patient index, electronic health record, laboratory information system, and other systems. This means that the data values are consistent and therefore indicative of which of the following? a. Data availability b. Data accessibility c. Data privacy d. Data integrity

d Data integrity means that data are complete, accurate, consistent, and up-to-date so it is reliable (Rinehart-Thompson 2016c, 254).

The HIM manager is conducting a study in which she is comparing the current year's diagnosis codes to the proposed new codes for the next fiscal year and documenting variations in order to assess the impact on the organization. This process creates a: a. Data chargemaster report b. Data dictionary c. Database management system d. Data map

d Data mapping is a process that allows for connections between two systems. For example, mapping two different coding systems to show the equivalent codes allows for data initially captured for one purpose to be translated and used for another purpose (Brinda 2016, 148).

Which of the following would be the best course of action to take to ensure continuous availability of electronic data? a. Acquire storage management software. b. Send data to a remote site using the Internet. c. Store data on RAID. d. Use redundant servers.

d Data must be available continuously. When paper as a backup no longer exists in a paperless electronic health record (EHR) environment, users must be assured that the computer system is available to them at all times. To achieve such availability, an EHR should have server redundancy. This means that as data are entered and processed by one server, they are entered and processed simultaneously by a second server. Should the primary server crash, the system should be designed to "fail over" to the second server and can continue processing as if, at least from the user's point of view, nothing had happened (Rinehart-Thompson 2016a, 212-213).

What is the information identifying the patient (such as name, health record number, address, and telephone number) called? a. Accession data b. Indicator data c. Reference data d. Demographic data

d Demographic data is used to identify an individual, such as name, address, gender, age, and other information linked to a specific person (Gordon and Gordon 2016a, 422).

An HIT using her password can access and change data in the hospital's master patient index. A billing clerk, using his password, cannot perform the same function. Limiting the class of information and functions that can be performed by these two employees is managed by: a. Network controls b. Audit trails c. Administrative controls d. Access controls

d Determining what data to make available to an employee usually involves identifying classes of information based on the employee's role in the organization. Every role in the organization should be identified, along with the type of information required to perform it. This is often referred to as role-based access. Although there are other types of access control strategies, role-based access is probably the one used most often in healthcare organizations. Access to information and information resources (such as computers) must be restricted to those authorized to access the information or the associated resources (Rinehart-Thompson 2016c, 262). 130 Correct0 Wrong0 Unanswered130

Which of the following would be used to track data movement from one system to another? a. Administrative metadata b. Business metadata c. Context metadata d. Embedded metadata

d Embedded metadata are most often associated with automated records of operations (such as audit trails) and are stored with the date themselves. If data move from a source system to another system, then the system can attach metadata that identify where the data originated. In this way, metadata helps track data movement from one system to another (Johns 2015, 145).

How do accreditation organizations such as the Joint Commission use the health record? a. To serve as a source for case study information b. To determine whether the documentation supports the provider's claim for reimbursement c. To provide healthcare services d. To determine whether standards of care are being met

d Every participating healthcare organization is subject to a periodic accreditation survey. Surveyors visit each facility and compare its programs, policies, and procedures to a prepublished set of performance standards. A key component of every accreditation survey is a review of the facility's health records. Surveyors review the documentation of patient care services to determine whether the standards for care are being met (Sayles 2016b, 55).

One of the questions on the patient satisfaction survey that is sent to the patient after discharge asks for the number of times the nurses checked the patient's vital signs in a day. This is an example of which type of data? a. Nominal b. Interval c. Qualitative d. Quantitative

d Healthcare data are divided into two broad categories of quantitative and qualitative data. Quantitative data are numeric while qualitative data describe observations. Quantitative data can be numerically counted. They deal with measurements (Horton 2016a, 322).

How do accreditation organizations use the health record? a. To serve as a source for case study information b. To determine whether the documentation supports the provider's claim for reimbursement c. To provide healthcare services d. To determine whether standards are being met

d In order to be granted and maintain accreditation, a healthcare organization must show compliance with the accrediting body standards. This frequently requires review of the health record to determine compliance with documentation and patient care standards (Sayles 2016b, 55).

Recently, a state senator was admitted to your facility for a serious medical condition. The facility privacy officer has been tasked with reviewing access logs daily to determine which of the following? a. Whether or not the patient is fit to continue public service b. What information should be shared with the media c. That the patient has received adequate care d. Whether all access by hospital employees was appropriate

d In order to maintain patient privacy certain audits may need to be completed daily. If a high profile patient is currently in a facility, for example, access logs may need to be checked daily to determine whether all access to this patient's information by workforce is appropriate (Thomason 2013, 173). 133 Correct0 Wrong0 Unanswered133

Based on the payment percentages provided in this table, which payer contributes most to the hospital's overall payments? Payer Charges Payments Adjustment Charges Payments Adjustments BC/BS $450,000 $360,000 $90,000 23% 31% 12% Commercial $250,000 $200,000 $50,000 13% 17% 6% Medicaid $350,000 $75,000 $275,000 18% 6% 36% Medicare $750,000 $495,000 $255,000 39% 42% 33% TRICARE $150,000 $50,000 $100,000 7% 4% 13% Total $1,950,000 $1,180,000 $770,000 100% 100% 100% a. BC/BS b. Commercial c. TRICARE d. Medicare

d In the "Payments" column, Medicare has the highest payment percentage (42 percent) of any of the payers; therefore, Medicare contributes more to the hospital's overall payments (Watzlaf 2016, 347).

The following is documented in an acute-care record: "HEENT: Reveals the tympanic membranes, nares, and pharynx to be clear. No obvious head trauma. CHEST: Good bilateral chest sounds." In which of the following would this documentation appear? a. Medical history b. Pathology report c. Operation report d. Physical examination

d Information usually documented in the physical examination includes vital signs and examinations of the head, eyes, ears, nose, throat (HEENT) (Brickner 2016, 91-92).

Which of the following is an example of how an internal user utilizes secondary data? a. State infectious disease reporting b. Birth certificates c. Death certificates d. Benchmarking with other facilities (duplicate term?)

d Internal users of secondary data are individuals located within the healthcare facility. For example, internal users include medical staff and administrative and management staff. Secondary data enable these users to identify patterns and trends that are helpful in patient care, long-range planning, budgeting, and benchmarking with other facilities (Sharp 2016, 173).

Which of the following is an example of how an internal user utilizes secondary data? a. State infectious disease reporting b. Birth certificates c. Death certificates d. Benchmarking with other facilities

d Internal users of secondary data are individuals located within the healthcare facility. Internal users include medical staff and administrative and management staff. Secondary data enable these users to identify patterns and trends that are helpful in patient care, long-term planning, budgeting, and benchmarking with other facilities (Sharp 2016, 173).

The facility privacy officer is visited at the hospital by a recent patient that is concerned that her nosy neighbor, who happens to be a hospital employee, accessed her electronic health record inappropriately in order to tell other neighbors about the patient's health conditions. In order to determine this occurred, the privacy officer requests an audit log of activity within the patient's health record. What part of the audit log would the privacy officer need to first analyze to determine if this patient complaint is valid? a. The physician documentation from her recent stay regarding the patient's health conditions b. Whether the patient had requested any amendments to her record c. If the record has any deficiencies that would cause the record to be delinquent d. Which employees viewed, created, updated, or deleted information

d It is a requirement of the HIPAA Security Rule to implement ways that document access to information systems that contain electronic PHI. One of the ways to do this is to review the individuals that have viewed, created, updated, or deleted information within a health record. In this instance the Privacy Officer should review this information to determine if the patient complaint is valid (Thomason 2013, 177).

Which of the following statements represents knowledge? a. Hematocrit is 48 today b. Mary Jones had a blood pressure of 120/100 c. The hospital has an 89 percent occupancy rate d. Mary Jones's hemoglobin of 13 is within normal range

d Knowledge consists of a combination of rules, relationships, ideas, and experiences applied to information. The statement "Mary Jones's hemoglobin of 13 is within normal range" identifies the patient, specific information about that patient and how it relates to normal parameters which makes it knowledge rather than information (Johns 2015, 25).

Why does an ideal EHR system require point-of-care charting? a. Eases duplicate data entry burden b. Eliminates intermediary paper forms c. Reduces memory loss d. Ensures that appropriate data are collected timely

d Many hospitals begin their EHR implementation with point of care (POC) charting systems. These systems provide context-sensitive templates. Templates ensure that the appropriate data are collected and guide users in adhering to professional practice standards. These might include nursing admission assessments, nursing progress notes, vital signs charting, intake and output records, and the like (Giannangelo 2016b, 325-326).

Which of the following describe criteria with specific objectives and measures that hospitals must meet to demonstrate they are using EHRs that positively affect patient care? a. Approved certified EHR technology b. Hospital standardization program c. Interoperability standards d. Meaningful use

d Meaningful use is criteria with specific objectives and measures to be met by hospitals to demonstrate they are using EHRs that positively affect patient care (Johns 2015, 34).

Given the following information, from which payer does the hospital proportionately receive the least amount of payment? Payer Charges Payments Adjustments Charges Payments Adjustments BC/BS $450,000 $360,000 $90,000 23% 31% 12% Commercial $250,000 $200,000 $50,000 13% 17% 6% Medicaid $350,000 $75,000 $275,000 18% 6% 36% Medicare $750,000 $495,000 $255,000 39% 42% 33% TRICARE $150,000 $50,000 $100,000 7% 4% 13% Total $1,950,000 $1,180,000 $770,000 100% 100% 100% a. BC/BS b. TRICARE c. Medicare d. Medicaid

d Medicaid charges are larger than the charges to commercial insurance and TRICARE; however, the facility receives a smaller payment from Medicaid. There is an adjustment of 36 percent, meaning that the facility had to adjust their charges 36 percent from the actual amount billed and the amount they receive in payment (Watzlaf 2016, 347; Gordon and Gordon 2016a, 423).

The legal health record: a. Is inadmissible into evidence b. May not be hybrid c. Must consist in part on paper d. Will be disclosed upon request

d One of the major purposes of a health record is to serve as the legal business record of an organization and as evidence in lawsuits or other legal actions, and as such, it would be the record released upon a valid request (Rinehart-Thompson 2017b, 171).

The hospital's Performance Improvement Council has compiled the following data on the volume of procedures performed. Given this data, which procedures should the council scrutinize in evaluating performance? (graph unable to be added) a. Procedures 1, 4 b. Procedures 2, 3, 5 c. Procedures 6, 7 d. Procedures 1, 4, 6, 7

d Performance measurement in healthcare provides an indication of an organization's performance in relation to a specified process or outcome. Healthcare performance improvement philosophies most often focus on measuring performance in the areas of systems, processes, and outcomes. Outcomes should be scrutinized whether they are positive and appropriate or negative and diminishing (Shaw and Carter 2015, 44-47).

How are amendments handled in the EHR? a. Amendments are automatically appended to the original note. No additional signature is required. b. Amendments must be entered by the same person as the original note. c. Amendments cannot be entered after 24 hours of the event. d. The amendment must have a separate signature, date, and time.

d Policies and procedures need to be in place to address amendments and corrections in the EHR. Once a document is authenticated, the document should be locked to prevent changes. In the event that an amendment, addendum, or deletion needs to be made, the document would need to be unlocked. The EHR should retain the previous version of the document and identify who made the change along with the date and time that the change was made (Sayles 2016b, 70).

Which of the following is true about a primary key in a database table? a. Usually is not a unique number b. Changes in value c. Is dependent on the data in the table d. Uniquely identifies each row in a table

d Primary keys ensure that each row in a table is unique. A primary key must not change in value. Typically, a primary key is a number that is a one-up counter or a randomly generated number in large databases. A number is used because a number processes faster than an alphanumeric character. In large tables, this makes a difference. In the PATIENTS table, the PATIENT_ID is the primary key. It is good programming practice to create a primary key that is independent of the data in a table (Johns 2015, 127-128).

AHIMA's retention standards recommend that the master patient index be maintained: a. For at least 5 years b. For at least 10 years c. For at least 25 years d. Permanently

d Record retention should only be done in accordance with federal and state law and written retention and destruction policies of the organization. AHIMA's recommended retention standards for the master patient index (MPI) is permanent retention (Fahrenholz 2013a, 110).

Identify the report where the following information would be found: "HEENT: Reveals the tympanic membranes, nares, and pharynx to be clear. No obvious head trauma. CHEST: Good bilateral chest sounds." a. Discharge summary b. Health history c. Medical laboratory report d. Physical examination

d Review of body systems is typically documented in the report of a physical examination. This would include documentation regarding the HEENT (head, eyes, ears, nose, and throat) and the chest (Brickner 2016, 91-92).

Which of the following is used to plot the points for two variables that may be related to each other in some way? a. Force-field analysis b. Pareto chart c. Root cause analysis d. Scatter diagram

d Scatter diagrams are used to plot the points for two continuous variables that may be related to each other in some way. For example, one might want to look at whether age and blood pressure are related. One variable, age, would be plotted on the vertical axis of the graph, and the other variable, blood pressure, would be plotted on the horizontal axis (Watzlaf 2016, 353).

Which of the following is not an automatic control that helps preserve data confidentiality and integrity in an electronic system? a. Edit checks b. Audit trails c. Password management d. Security awareness program

d Security awareness requires entities to provide security training for all staff. They must address security reminders, detection and reporting of malicious software, login monitoring, and password management. Edit checks, audit trails, and password management can all be programmed to be automatic controls where a security awareness program cannot (Rinehart- Thompson 2016c, 272).

A consumer nonprofit organization wants to conduct studies on the quality of care provided to Medicare patients in a specific region. An HIT professional has been hired to manage this project. The nonprofit organization asks the HIT professional about the viability of using billing data as the basis for its analysis. Which of the following would not be a quality consideration in using billing data? a. Accuracy of the data b. Consistency of the data c. Appropriateness of the data elements d. Cost to process the data

d Several factors must be addressed when assessing data quality. These include: data accuracy, consistency, completeness, and timeliness. Cost to process the data does not influence the quality (Brinda 2016, 157-158).

Cancer registries receive approval as part of the facility cancer program from which of the following agencies? a. American Cancer Society b. National Cancer Registrar's Association c. National Cancer Institute d. American College of Surgeons

d Several organizations have developed standards or approval processes for cancer programs. The American College of Surgeons (ACS) Commission on Cancer has an approval process for cancer programs. One of the requirements of this process is the existence of a cancer registry as part of the program (Sharp 2016, 177).

Which of the following provides a standardized vocabulary for facilitating the development of computer-based patient records? a. Current Procedural Terminology b. Healthcare Common Procedure Coding System c. International Classification of Diseases, Tenth Revision, Clinical Modification d. Systematized Nomenclature of Medicine Clinical Terminology

d Standardized vocabulary is needed to facilitate the indexing, storage, and retrieval of patient information in an electronic health record (EHR). Systematized Nomenclature of Medicine Clinical Terminology (SNOMED CT) creates a standardized vocabulary. The Computerbased Patient Record Institute (CPRI) has studied the ability of current nomenclatures to capture information for EHRs. The institute has determined that SNOMED CT is the most comprehensive controlled vocabulary for coding the contents of the health record and facilitating the development of computerized records (Giannangelo 2016a, 116-117).

The medical record of Kathy Smith, the plaintiff, has been subpoenaed for a deposition. The plaintiff's attorney wishes to use the records as evidence to prove his client's case. In this situation, although the record constitutes hearsay, it may be used as evidence based on the: a. Admissibility exception b. Discovery exception c. Direct evidence exception d. Business records exception

d The Business Records Exception is the rule under which a record is determined not to be hearsay if it was made at or near the time by, or from information transmitted by, a person with knowledge; it was kept in the course of a regularly conducted business activity; and it was the regular practice of that business activity to make the record (Klaver 2017a, 80).

A patient requests a copy of his health records. When the request is received, the HIM clerk finds that the records are stored off-site. Which is the longest timeframe the hospital can take to remain in compliance with HIPAA regulations? a. Provide copies of the records within 15 days b. Provide copies of the records within 30 days c. Provide copies of the records within 45 days d. Provide copies of the records within 60 days

d The HIPAA Privacy Rule requires that records be produced within 30 days to a patient or their personal representative, with a one-time extension of an additional 30 days if necessary. If such an additional 30 days is needed, the covered entity must notify the patient in writing of the need for additional time (Thomason 2013, 98).

The director of health information services is allowed access to the health record tracking system when providing the proper log-in and password. What is this access security mechanism called? a. Context based b. Role based c. Situation based d. User-based

d User-based access is a security mechanism that grants users of a system access based on their identity (Rinehart-Thompson 2016c, 262).

A celebrity injured while on vacation was admitted to the local community hospital for treatment of a fracture. On day two of the admission, the hospital was contacted by several media agencies stating that they were aware the patient was at the facility and requesting information about the current medical condition of this high profile celebrity patient. The CEO is concerned that an employee has shared information to the media regarding this patient. The facility privacy officer was tasked with determining if a facility employee leaked this information to the press. How would the privacy officer begin this analysis? a. Create a new policy about high-profile patient privacy b. Start by discussing the situation with the media to resolve their inquiries c. Make contact with employees in the facility d. Review audit trail information to determine which employees have accessed this patient's information

d The HIPAA Security Rule requires that access to electronic PHI in information systems is monitored. Included in the same standard is the requirement that covered entities examine the activity using access audit logs. Often they record time stamps that record access and use of the data elements and documents; what was viewed, created, updated, or deleted; the user's identification; the owner of the record; and the physical location on the network where the access occurred. Reviewing the audit trail information would be the first step to identify all employees who have accessed this patient's information (Thomason 2013, 177).

As part of your job duties, you are responsible for reviewing audit trails of access to patient information. All of the following are types of activity that you would monitor except: a. Every access to every data element or document type b. Whether the person viewed, created, updated, or deleted the information c. Physical location on the network where the access occurred d. Whether the patient setup an account in the patient portal

d The HIPAA Security Rule requires that access to electronic PHI in information systems is monitored. Included in the same standard is the requirement that covered entities examine the activity using access audit logs. Often they record: time stamps that record access and use of the data elements and documents; what was viewed, created, updated, or deleted; the user's identification; the owner of the record; and the physical location on the network where the access occurred. Creation of an account through the patient portal by the patient is appropriate use (Thomason 2013, 177).

The data set designed to organize data for public release about the outcomes of care is: a. UHDDS b. DEEDS c. MDS d. HEDIS

d The Healthcare Effectiveness Data and Information Set (HEDIS) is sponsored by the National Committee for Quality Assurance (NCQA). HEDIS is a set of standard performance measures designed to provide healthcare purchasers and consumers with the information they need to compare the performance of managed healthcare plans (Shaw and Carter 2015, 179).

Which group focuses on accreditation of rehabilitation programs and services? a. HFAP b. Joint Commission c. AAAHC d. CARF

d The Joint Commission accredits rehabilitation programs and services but they do not focus on it like CARF does (Brickner 2016, 103).

Which accrediting organization has instituted continuous improvement and sentinel event monitoring and uses tracer methodology during survey visits? a. Accreditation Association for Ambulatory Healthcare b. Commission on Accreditation of Rehabilitation Facilities c. American Osteopathic Association d. The Joint Commission

d The Joint Commission requires healthcare organizations to conduct in-depth investigations of occurrences that resulted—or could have resulted—in life-threatening injuries to patients, medical staff, visitors, and employees. The Joint Commission uses the term sentinel event for such occurrences (Carter and Palmer 2016, 503).

Which one of the following indexes contains a list maintained in procedure code number order for patients who are discharged from a facility during a particular time period? a. Physician b. Master patient c. Disease d. Operation

d The Operation Index is similar to the Disease Index except that it is arranged in numerical order by the patient's procedure code(s) using International Classification of Diseases or Current Procedural Terminology (CPT) codes (Sharp 2016, 174).

A health record technician has been asked to review the discharge patient abstracting module of a proposed new EHR. Which of the following data sets would the technician consult to ensure the system collects all federally required discharge data elements for Medicare and Medicaid inpatients in an acute-care hospital? a. CARF b. DEEDS c. UACDS d. UHDDS

d The Uniform Hospital Discharge Data Set (UHDDS) data characteristics include patient-specific items on every inpatient (Giannangelo 2016a, 133-134).

The "custodian of health records" refers to the individual within an organization who is responsible for all except which of the following actions? a. Authorized to certify records b. Supervising inspection and copying of record c. Testifying to the authenticity of records d. Testifying regarding the care of the patient

d The custodian of health records is the individual who has been designated as having responsibility for the care, custody, control, and proper safekeeping and disclosure of health records for such persons or institutions that prepare and maintain records of healthcare. The custodian of the health record does not have the responsibility or expertise to testify regarding the care of the patient (Brodnik 2017a, 9).

Which of the following is not a characteristic of high-quality healthcare data? a. Data relevancy b. Data currency c. Data consistency d. Data accountability

d The data quality model applies the following quality characteristics: data accuracy, data accessibility, data comprehensiveness, data consistency, data currency, data definition, data granularity, data precision, data relevancy, and data timeliness (Brinda 2016, 156-159).

A patient's registration forms, personal property list, RAI, care plan, and discharge or transfer documentation would be found most frequently in which type of health record? a. Rehabilitative care b. Ambulatory care c. Behavioral health d. Long-term care

d The following list identifies some of the most common components of long-term care records: registration forms including resident identification data, personal property list, history and physical and hospital records, advance directives, bill of rights, and other legal records, and RAI and care plan (Brickner 2016, 103).

Using the information in the table below, calculate the vaginal delivery rate at University Hospital for the semiannual period. University Hospital Obstetrics Service Semiannual Statistics July-December, 20XX Admissions 672 Discharges and Deaths: Delivered 504 Not Delivered 147 Aborted 21 Vaginal deliveries 403 C-sections 101 a. 20.04% b. 59.97% c. 84.13% d. 79.96%

d Vaginal delivery rate: (403 × 100) / 504 = 40,300 / 504 = 79.96% (Horton 2016a, 155-157).

What is the term that is used to mean ensuring that data are not altered during transmission across a network or during storage? a. Media control b. Audit controls c. Mitigation d. Integrity

d The goals of the HIPAA security rule are to ensure the confidentiality, integrity, and availability of electronically created protected health information (PHI). Integrity is ensuring that data are not altered either during transmission across a network or during storage. e-PHI must be available when needed for patient care and other uses (Sayles and Trawick 2014, 206-207).

The HIM department at Community Hospital has three full time coders. One is considered the lead coder and his salary is $20.35 per hour. One coder is a new graduate who makes $15.50 per hour and the third coder is an experienced employee who earns $18.90 per hour. The lead coder codes four records per hour; the new coder codes three records per hour and their experienced coder codes six records per hour. Using a 7.5-hour productive day, what is the unit cost for the new graduate coder? a. $3.36 per record b. $4.49 per record c. $5.43 per record d. $5.51 per record

d The new graduate coder's salary is $15.50 × 2,080 (hours per year) = $32,240. Productivity is 7.5 hours per day × 3 records per hour = 22.5 records per day. 22.5 records × 5 days per week × 52 weeks per year = 5,850 records per year. $32,240 / 5,850 = $5.51 per record (Horton 2016a, 174-175).

In which type of distribution are the mean, median, and mode equal? a. Bimodal distribution b. Simple distribution c. Nonnormal distribution d. Normal distribution

d The normal distribution is where data follows a symmetrical curve. The normal distribution is actually a theoretical family of distributions that may have any mean or any standard deviation. In a normal distribution, the mean, median, and mode are equal (Watzlaf 2016, 361).

Which of the following is a key characteristic of the problem-oriented health record? a. Allows all providers to document in the health record b. Uses laboratory reports and other diagnostic tools to determine health problems c. Provides electronic documentation in the health record d. Uses an itemized list of the patient's past and present health problems

d The problem-oriented health record is better suited to serve the patient and the end user of the patient's information. The key characteristic of this format is an itemized list of the patient's past and present social, psychological, and health problems. Each problem is indexed with a unique number (Brickner 2016, 106).

A health information technician is responsible for designing a data collection form to collect data on patients in an acute-care hospital. The first resource that she should use is: a. ORYX b. UACDS c. MDS d. UHDDS

d The purpose of the UHDDS is to list and define a set of common, uniform data elements. The data elements are collected from the health records of every hospital inpatient and later abstracted from the health record and included in national databases (Brinda 2016, 142-143).

Which term is used to describe the number of inpatients present at the census-taking time each day plus the number of inpatients who were both admitted and discharged after the census-taking time the previous day? a. Inpatient bed occupancy rate b. Bed count c. Average daily census d. Daily inpatient census

d The result of the official count taken at midnight is the daily inpatient census. This is the number of inpatients present at the official census-taking time each day. Also included in the daily inpatient census are any patients who were admitted and discharged the same day (Horton 2016b, 386).

Which of the following is the unique identifier in the relational database patient table? Patient Table Patient # Patient Last Name Patient First Name Date of Birth 021234 Smith Donna 03/21/1944 022366 Jones Donna 04/09/1960 034457 Smith Mary 08/21/1977 a. Patient last name b. Patient last and first name c. Patient date of birth d. Patient number

d The unique identifier in the patient table is the patient number. It is unique to each patient. Patient last name, first name, and date of birth can be shared with other patients, but the identifier will not be shared (Sayles and Trawick 2014, 56).

Which of the following should be avoided when designing forms for an electronic document management system (EDMS)? a. Color borders around the edge of a form b. Mnemonic descriptor used for nonbarcode recognition engine c. Quarter-inch border on each side of document without bar code d. Shading of bars or lines that contain text

d The use of colored paper or ink other than black, or shading of text in EDMS should be minimized or eliminated because the color can adversely affect the quality of scanned images (Sayles 2016b, 65).

Electronic systems used by nurses and physicians to document assessments and findings are called: a. Computerized provider order entry b. Electronic document management systems c. Electronic medication administration record d. Electronic point-of-care charting

d There are important applications that support electronic health record (EHR) functionality. Many hospitals begin their EHR implementation with point-of-care (POC) charting systems. These systems provide context-sensitive templates. Templates ensure that the appropriate data are collected and guide users in adhering to professional practice standards. These might include nursing admission assessments, nursing progress notes, vital signs charting, intake and output records, and the like (Giannangelo 2016b, 325-326).

The following is documented in an acute-care record: "Spoke to the attending re: my assessment. Provided adoption and counseling information. Spoke to CPS re: referral. Case manager to meet with patient and family." In which of the following would this documentation appear? a. Admission note b. Dietary note c. Physician progress note d. Social service note

d This documentation would typically be found in social service notes (Fahrenholz 2013c, 660).

Community Hospital is using a system that will help them detect when intracranial pressure becomes high in patients with a recent CVA that will quickly send an alert to the physician. This is an example of ________. a. Descriptive analytics b. Predictive analytics c. Prescriptive analytics d. Real-time analysis

d Unlike retrospective analytical tools, such as predictive modeling, real-time analytics refers to data that can be accessed as they come into a computer system. Real-time analytics, also referred to as streaming analytics, implies instantaneous results; however, the data may not be immediately available, but rather available within a few minutes. The most valuable data in this category are those that are collected and analyzed during the customer interaction, not the review afterward (Horton 2016a, 325).

Lane Hospital has a contract with Ready-Clean, a local company, to come into the hospital to pick up all of the facility's linens for off-site laundering. Ready-Clean is: a. A business associate because Lane Hospital has a contract with it b. Not a business associate because it is a local company c. A business associate because its employees may see PHI d. Not a business associate because it does not use or disclose individually identifiable health information

d Vendors who have a presence in a healthcare facility, agency, or organization will often have access to patient information in the course of their work. If the vendor meets the definition of a business associate (that is, it is using or disclosing an individual's PHI on behalf of the healthcare organization), a business associate agreement must be signed. If a vendor is not a business associate, employees of the vendor should sign confidentiality agreements because of their routine contact with and exposure to patient information. In this situation, Ready-Clean is not a business associate (Brodnik 2017b, 346).

Standardizing medical terminology to avoid differences in naming various health conditions and procedures (such as the synonyms bunionectomy, McBride procedure, and repair of hallux valgus) is one purpose of: a. Content and structure standards b. Security standard c. Transaction standards d. Vocabulary standards

d Vocabulary standards are a list or collection of clinical words or phrases with their meanings; also the set of words used by an individual or group within a particular subject field, such as to provide consistent descriptions of medical terms for an individual's condition in the health record (Russo 2013b, 317; Fahrenholz and Russo 2013, 715).

The HIPAA Privacy Rule: a. Protects only medical information that is not already specifically protected by state law b. Supersedes all state laws that conflict with it c. Is federal common law d. Sets a minimum (floor) of privacy requirements

d With the passage of the Privacy Rule, a minimum amount of protection (that is, a floor) was achieved uniformly across all the states through the establishment of a consistent set of standards that affected providers, healthcare clearinghouses, and health plans (Rinehart- Thompson 2017c, 210).

The process of releasing health record documentation originally created by a different provider is called: a. Privileged communication b. Subpoena c. Jurisdiction d. Redisclosure

d The process of releasing health record documentation originally created by a different provider is called redisclosure. Federal and state regulations provide specific redisclosure guidelines; however, when in doubt, follow the same principles as the release and disclosure guidelines for other types of health record information (Fahrenholz 2013a, 104).


Conjuntos de estudio relacionados

Psychology of applied modern life

View Set

Epi lecture 4 - the 2x2 contingency table

View Set

Ch 4: Conversions and Calculations Used by Pharmacy Technicians

View Set

Chapter 49: Assessment and Management of Patients With Hepatic Disorders

View Set

Introduction and Perceptions of Mental Health & Mental Illness/ Settings/Culture

View Set

Medical-Surgical Assignment Exam Dr. P

View Set

ITSY Ch 5.5 Virtual Private Networks (VPN)

View Set