Legal & Ethics Exam 4

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following is not an example of a red flag for a healthcare provider?

A question from a patient about scheduled surgery

The capture of data by a hospital's data security system that shows multiple invalid attempts to access the patients' database is an example of __________.

Audit trail

Which of the following generally describes a coroner?

Coroner is appointed or elected and may or may not be a physician

Reporting of births by state law is allowable for which of the following reasons?

Data are necessary to identify trends

Which of the following is not a HIPAA individual right?

Import PHR content into the provider's health record

What is the most common type of security threat to a health information system?

Internal to the organziation

The adoptive parents of Susan, a minor, wish to access her health record. What is the best way for them to obtain a copy of Susan's operative report?

Present an authorization that at least the mom or dad signed

Trauma registry data is used for all of the following purposes except _____.

Prosecution of drunk drivers

With regard to seclusion and restraint, federal laws

Restrict their use

Medicare requirements pertaining to seclusion and restraint_____.

restrict their use

General Hospital is a facility that benefitted from the Hill-Burton Act. As a result it_________.

was required to provide a reasonable volume of free or reduced-cost care

Vulnerabilities and threats are terms that can be used interchangeably

False

Employees in the hospital business office may have legitimate access to patient health information without patient authorization based on what HIPAA standard/principle?

Minimum necessary

Patient responsibilities generally include all of the following except:

Pay in advance for treatment rendered

Who is responsible for signing a death certificate in most states?

Physician

Healthcare facilities are required to report vital statistics to which of the following authority?

State department of health

Red flags are used to help a healthcare provider detect medical identity theft.

True

Which of the following actions are included about a physician in the National Practitioner Data Bank?

- Malpractice lawsuits - Disciplinary actions - Credentialing information from other facilities

Mia is a 16 year old pregnant female who plans on having an abortion. Mia has the right to choose who her health information may be released to. What other healthcare situations exist that give Mia the right to authorize release of her healthcare information?

- Mental health - Substance abuse - Veneral diseases

Cultural competence takes into account_________.

- Religion - Gender identity - Ethnicity

What rights does a competent individual have in regard to his or her healthcare?

- Right to consent to treatment - Right to access his or her own PHI - Right to refuse treatment

Which of the following is(are) true regarding the reporting of communicable diseases?

- The usual reporting time is 24 hours - The disease to be reported are established by state law - Reporting is required because of the public health threat they present

In the situation of behavioral healthcare information a healthcare provider may disclose health information on a patient without the patient's authorization in which of the following circumstances?

-Court order -Duty to warn -Involuntary commitment proceedings

Substance abuse patient information is afforded federal protection through HIPAA and Alcohol and Drug Abuse Regulations. If a minor wishes to authorize release of his or her health information he or she may do so if _____.

-State statute allows the minor to authorize release - State statutes allows minor and parent to authorize release

Medical device reporting is allowable without patient authorization under HIPAA for which of the following?

-Tracking product recalls - Conducting post marketing surveillance - Collecting or reporting of adverse events

Jackie has been transported to the emergency room. She has refused life-saving treatment. Which of the following options is true?

A court may decide there is a compelling state interest in preserving her life

A young child is killed by a hit-and-run driver. The case is reported to the medical examiner for all of the following reasons except _____.

Age of child

When the HIM professional is considering the major departmental functions to include in a disaster plan for emergency operations, which of the following would be the least important?

Billing

Elaine has moved to a new state to assume the director of HIM in a large community hospital. In her previous position, reporting of trauma injuries was required by state law. However, in her new position it is apparent that the hospital is not reporting traumatic injuries. Which of the following is the most appropriate action for Elaine to take?

Check state law to determine if reporting of trauma injuries is required

Which of the following defines the study of encryption and decryption techniques?

Cryptography

Key components to a contingency or disaster plan, mandated by the HIPAA Security Rule include __________.

Data back-up, data recovery and emergency mode of operations

What statement best addresses disclosure of information about abortions?

Disclosed based on required reporting statutes

Tarasoff v. The Regents of the University of California is a landmark case related to the release of psychiatric patient information without patient authorization. The healthcare provider must release such information based on what circumstance?

Duty to warn

Eleanor has refused life-saving treatment. Which of the following is true?

Eleanor has the right of self-determination to refuse treatment

The Safe Medical Devices Act requires the reporting of medical device injuries to which agency?

FDA

The predetermined time for an automatic log-off from the system is mandated by

Facility policy

A patient must allow their health information to be shared with a health information exchange.

False

Abuse of the elderly is limited to physical neglect of an elder person.

False

Billing advocates work for healthcare providers to ensure that patients pay their medical bills in full.

False

CLIA prohibits a patient from accessing lab results directly for the laboratory conducting the test.

False

Compliance with the HIPAA Security Rule is the only standards that should be considered when developing a security plan and performing a risk assessment.

False

Disaster recovery and contingency plans related to ePHI are nice to have but not necessary.

False

E-mail related to patient care should be kept separate from the patient medical record

False

It is best policy to provide a special mark or notice on an HIV/AIDS patient health record in order to ensure extra privacy precautions on the record.

False

It is best practice to select a very strong password and use it for all accounts.

False

Psychotherapy notes are always part of the behavioral health record.

False

Regardless of the type of request made, if the request is from the patient, a formal authorization form is required per the HIPAA Privacy Rule.

False

The Affordable Care Act generally permits lifetime limits on health insurance benefits.

False

The responsibility for notifying individuals who have had contact with an individual with an infected communicable disease is the person who has the disease.

False

When an employee is injured at work he must authorization disclosure of his PHI before it can be reported to OSHA.

False

With whom may patients file a complaint if they suspect medical identity theft violations?

Federal Trade Commission

Dr. Jordan, a member of the medical staff, asks to see the medical records of his adult daughter who was hospitalized in your institution for a tonsillectomy at age 16. The daughter is now 25. Dr. Smith was the patient's physician. Of the options below what is the best course of action?

Inform Dr. Jordan that he cannot access his daughter's health record without her signed authorization allowing him access to the record

Dr. Williams is on the medical staff of Sutter Hospital, and he has asked to see the health record of his wife, who was recently hospitalized. Dr. Jones was the patient's physician. Of the options below, which is the best course of action?

Inform Dr. Williams that he cannot access his wife's health information unless she authorizes access through a written release of information

Which of the following is a public interest and benefit exception to the HIPAA authorization requirement?

Information on domestic violence

Sally uses a patient health information portal.

It increases her 24/7 access to her health information

The following reporting exceptions to the doctrine of preemption are allowable except for which of the following?

Marketing

Which of the following pieces of information is not typically mandated by state law child abuse reporting requirements?

Name of siblings

Which of the following is not an access control commonly utilized by covered entities for compliance with the HIPAA security rule?

Palm scanners

Which of the following would be considered a two-factor authentication system?

Password and swipe card

What is the most common method for implementing entity authentication?

Password systems

Which of the following statements is the least likely reason a state would require the reporting of a gunshot wound and subsequent death of a 16-year-old involved in a drive-by shooting?

Patient was a minor

Which of the following information is not included about a physician in the National Practitioner Data Bank?

Personal bankruptcy

A wife who is legally authorized to make healthcare decisions and act on behalf of her husband, who is a patient, is acting in what capacity?

Personal representative

The HIPAA Security Rule requires which of the following to achieve compliance?

Protecting ePHI

The release of information manager at Hope Hospital has received a request to obtain copies of an individual's recent hospitalization for spousal abuse. Upon reviewing the request, the manager notices that the signature on the request does not look like the patient's signature on the informed consent in the patient's medical record. What would be the best course of action?

Refer the request to the hospital's medical identity theft committee to ascertain if this is indeed the patient requesting the information

Which of the following health information handlers are required to provide authorization for access and disclosure of PHI.

Release of information Contractor

Select the best response to complete this statement: Natural (birth) parents of a child who has been adopted by adoptive parents _____.

Relinquish the right to inspect their child's health records once their parental rights have been terminated

An employer has contacted the Health Information Management Department and requested health information on one of his employees. Of the options below, what is the best course of action?

Request employee's written authorization for release of information

Elements to include in a security system risk analysis program include all but which of the following?

Restricting remote access to users

The Uniform Health-Care Decision Act (UHCDA) refers to _____.

Selecting an individual to make healthcare decisions for a competent adult

Minors are basically deemed legally incompetent to access, use, or disclose their health information. What resource should be consulted in terms of who may authorize access, use, or disclose the health records of minors?

State law because HIPPA defers to state laws on matters related to minors

Examples of reportable deaths include which of the following?

Sudden, unexpected, violent, suspicious

Which of the following is the best option for password management?

System auto-assigns password

An audit trail is a record that shows when a particular user accessed a computer system.

True

Assignment of patient medical record numbers is one of the priorities of the HIM professional during system downtime during a disaster.

True

Data encryption ensures that data transferred from one location on a network to another are secure from eavesdropping or data interception.

True

Depending on state law, an individual may access his or her PHI housed in an immunization registry.

True

Employee nondisclosure agreements are particularly important for employees who work in remote locations or telecommute.

True

Employees directly involved in patient care do not require authorization to access the patient's record.

True

For a substance abuse program to be in compliance with the Privacy Rule, the authorization of disclosure of information should include specific elements required by the Privacy Rule.

True

Health organizations and providers may charge a reasonable fee as set by state law for copying health records in response to a request for patient information.

True

In absence of a legal executor or administrator of an estate, states may follow the UHCDA to allow access to the health records of a deceased patient.

True

Information reported without patient authorization under federal laws should be included in the Notice of Privacy Practices.

True

Patient portals are hosted by healthcare providers.

True

The American Hospital Association's Patient Bill of Rights is now the Patient Care Partnership, which focuses on patient expectations, rights, and responsibilities.

True

The FDA does not regulate electronic health records but it does regulate a number of health IT applications that may pose a risk to the health or safety of a patient.

True

Transplant registries may include data about organ donors as well as organ recipients.

True

All of the following are examples of unusual events that healthcare facilities typically must report except _____.

Worker's compensation cases

Which computer virus stores and replicates itself?

Worm

Which of the following has the right to consent to treatment?

an 88 year old woman

Which of the following is not a mechanism to detect external medical identity theft?

conduct a background check on prospective employees

Esther is an 86-year-old patient of Dr. Brooks. When taking into consideration that Esther views the physician-patient relationship differently because of her age, Dr. Brooks is exhibiting_________.

cultural competence

A clinical registry is a collection of secondary data derived from a patient's health record, which may be used for all of the following except _____.

enforcing HIPPA violations

The greatest threats to organizational security stem from __________.

internal threats

The community benefit standard_________.

is required for tax-exempt status

"Against medical advice" discharges_________.

may result, if prohibited by the provider, in a battery claim against the provider

Disclosure regarding reportable conditions under state laws and regulations _____.

must be included in the AOD maintained by the facility

When a patient is an organ donor whose death is imminent, notifying the family members that the organ procurement organization will be contacted is _____.

not-required

If a healthcare facility sustains physical damage caused by a tornado, the disaster recovery mechanism which provides the greatest protection of the data is __________.

off-site data storage

The purpose of the trauma registry is for all of the following except _____.

prosecute those that cause trauma to others


Kaugnay na mga set ng pag-aaral

Ch 28: Obstructive Pulmonary Diseases

View Set

2018 Core Practice Exam (9th Edition Manual)

View Set

The Point Assessing Head and Neck

View Set

Evolve Adaptive Quiz: Med-Surg, Respiratory

View Set

chapter 6- skeletal system; bones and bone tissue

View Set

Essential Foundations of Economics - Exam 1 Study Questions

View Set