EHR Chapter 7

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Accounting of disclosures

Need authorized request, goes back a minimum of six years

Who usually sets up the basic security measures, or access, in a practice management or EHR program? Multiple choice question. Chief Financial Officer Office manager Chief Technology Officer Nurse

Office manager

Password

Unique code that is used to gain access to computer applications

What does AHIMA stand for?

American Health Information Management Association

What does ARRA stand for? American Recovery and Reinvestment Act American Recovery and Reenactment Act American Recovery and Removal Act American Release and Records Act

American Recovery and Reinvestment Act

Who does the Notice of Privacy Practices direct the patient to contact if they have a complaint with about their PHI? Department of Health and Human Services Department of AHIMA Department of the OIG Medicare

Department of Health and Human Services

User identification

Each user has one to log in and it often consists of person's first initial and last name

Select all that apply Which of the following apply to health information exchange? Multiple select question. There are no regulations addressing networking security. It is a Meaningful Use requirement. Care providers can access information from other providers immediately. Shared information is done through a secure environment. Information can only be shared between physicians and patients.

It is a Meaningful Use requirement. Care providers can access information from other providers immediately. Shared information is done through a secure environment.

Malware

Viruses and Trojan horses that attack computer programs

Notice of Privacy Practices

Written document that makes patients aware of their rights under HIPAA

Select all that apply Which of the following are examples of social media? Multiple select question. YouTube Twitter Texting Email Facebook

YouTube Twitter Facebook

Those choosing the EHR system should always keep which of the following in mind? Multiple select question. Facility needs Target date or timeline for implementation Office needs Patient contributions for payment Staff and training needs Types of insurance accepted by practice

Facility needs Office needs Staff and training needs Target date or timeline for implementation

_______ should be used to deter access to computer systems by unauthorized individuals. Decryption Malware Firewalls Trojan horses

Firewalls

Auditing

Ability to run reports by user or by patient that specify the menu, module, or function accessed

Covered entity

Any healthcare entity that captures or utilizes health information

You need a release of information signed if that information is being sent to which of the following? Multiple choice question. Insurance company Attorneys Employer for worker's compensation claim Public health agency

Attorneys

When the Omnibus Final Rule to the HITECH Act went into effect, which of the following notification standards were enhanced? Breach Fraud Abuse Nondisclosure

Breach

What two agencies have established standards that EHRs must use to qualify for incentive programs for an upgrade or purchasing a new one? Multiple choice question. CMS and ONC OSHA and CMS HL7 and ONC CMS and The Joint Commission

CMS and ONC

Which of the following should be included in a social media policy? Multiple select question. Comments should not violate the privacy of patients or their families. Comments should not be offensive. Comments should be on topic. Comments can include specific details about patients. Comments can be inflammatory as long as an alias is used.

Comments should not violate the privacy of patients or their families. Comments should not be offensive. Comments should be on topic.

Select all that apply At a minimum, written compliance policies should cover which of the following? Multiple select question. Computer access Coding and billing Housekeeping schedule Daily operations Claim payments Security breaches

Computer access Coding and billing Daily operations Security breaches

Which of the following are examples of hardware? Multiple select question. Computer monitor Webcam Mouse Keyboard Computer virus Computer program

Computer monitor Webcam Mouse Keyboard

Select all that apply The Omnibus Final Rule to the HITECH Act made which of the following types of changes? Multiple select question. Enhancements to protect patient privacy Denial of patients' requests for electronic health records when asked for them Elimination of sharing of information between multiple providers caring for one patient Strengthening the government's power to enforce the law Additions to individual patient rights

Enhancements to protect patient privacy Strengthening the government's power to enforce the law Additions to individual patient rights

Healthcare facilities are required to report breaches as part of which regulatory act? Multiple choice question. HIPAA HITECH ACA OSHA

HITECH

Which of the following makes it possible for healthcare providers to better manage patient care through secure use and sharing of health information? OSHA The ONC The OIG Health IT

Health IT

Select all that apply Of the following, who should be involved in choosing and implementing an EHR within a particular medical practice? Multiple select question. Health information staff Pharmacy staff Clinical staff Coding and billing staff Front office staff Patients

Health information staff Clinical staff Coding and billing staff Front office staff

Where should you use portable devices? In a room with the door shut In the cafeteria In the lobby of the office In a busy area

In a room with the door shut

User rights

Limitations of one's access to the functionality of software as defined by job description

What did HITECH offer from the ARRA? Multiple choice question. Made the rules for billing and coding more stringent Made the rules for security and privacy of electronic systems more stringent Made the rules for healthcare reimbursement more stringent Made the rules for security of paper systems more stringent

Made the rules for security and privacy of electronic systems more stringent

Data integrity

Maintaining the accuracy and consistency of data

What comes in the form of worms, viruses, and Trojan horses, all of which attack computer programs? CD virus Malware Computer virus Phishing

Malware

Communicating with other healthcare providers is one of the requirements of _________. Multiple choice question. OSHA Meaningful Use HIPAA compliance plans

Meaningful Use

Password protection

Must be assigned to all users and meet certain criteria to access software applications

What does ONC stand for? Multiple choice question. Office of National Compliance for Health Information Technology Office of the National Coordinator for Health Information Technology Office of the Natural Coordination for Health Information Technology Office of the National Coding Coordinator for Health Insurance Technology

Office of the National Coordinator for Health Information Technology

Confidentiality

Patient's right to expect that his or her health information will not be released without written authorization

You have been asked to provide continuity of care for Mr. Johnson who was seen by Dr. Ingram and is going to see Dr. Jorgenson. What do you need to do to provide continuity of care? Release information about Dr. Ingram to Dr. Jorgenson Release information about Mr. Johnson to Dr. Ingram Release information about Dr. Jorgenson to Mr. Johnson Release information about Mr. Johnson to Dr. Jorgenson

Release information about Mr. Johnson to Dr. Jorgenson

Breach of confidentiality

Releasing information without a required, properly executed authorization

Hardware

Tangible items that are used in automation

Privacy

The right to expect that one's personal space is respected while undergoing healthcare

To ensure data integrity, the healthcare facility must have strict policies regarding which of the following? Multiple select question. Timeliness of data Who may access the data Reimbursement policies Definition of a complete record

Timeliness of data Who may access the data Definition of a complete record

Select all that apply Which of the following explain the purposes of a compliance plan? Multiple select question. To ensure the organization is following the guidelines of Medicare and ARRA To ensure regulations are followed To ensure proper billing methods are done To ensure the organization is paid

To ensure the organization is following the guidelines of Medicare and ARRA To ensure regulations are followed To ensure proper billing methods are done

A deviant program, stored on a portable hard drive, that can cause unexpected and often undesirable effects, is called: phishing malware CD virus computer virus

computer virus

A system of hardware/software that protects a computer from intruders is called a(n) __________. Trojan horse computer virus malware firewall

firewall

The tangible items used in automation are considered ______. hardware malware firewalls software

hardware

The right to expect that one's personal space is respected while undergoing healthcare is called _______. security secrecy privacy confidentiality

privacy

What is a disaster recovery plan? Multiple choice question. A plan that will help recover information and keep sensitive information secure A plan for replacement of key personnel A plan that is not necessary but can be done just in case something happens A plan that will help employees continue to be paid

A plan that will help recover information and keep sensitive information secure

Assigning passwords to allow access to only necessary functions helps assure which of the following? Multiple select question. Confidentiality Increased security risk Security Privacy Cost savings

Confidentiality Security Privacy

Code sets

EHR must use ICD-10 codes, CPT codes, and HCPCS codes

What does HIMSS stand for? Multiple choice question. Healthcare Information and Management Systems Society Healthcare Infrastructure and Management Systems Security Healthcare Information and Maintenance Systems Society Healthcare Information and Management Security Systems

Healthcare Information and Management Systems Society

Where should back up files be stored? Multiple choice question. In a safe room in the healthcare facility In a server in the facility In the provider's home network In an off-site location

In an off-site location

When do releases of information need to be accounted for? Multiple choice question. Internal staff members only External requesters only Internal or external requesters Upon insurance company request

Internal or external requesters

Security/Backup/Storage

Kept in secure location and must be possible at any given time

What is a HIPAA requirement that a patient must sign so they are aware of how their personal health information will be used? Notice of HIPAA Health Privacy Practices Health Insurance Portability Act Notice of Privacy Practices

Notice of Privacy Practices

Select all that apply Which of the following would be considered factors of sensitive information? Multiple select question. Patient record of someone's relative who works at the facility Patient who had a heart attack STD listed in patient chart Patient who is well known to the community

Patient record of someone's relative who works at the facility STD listed in patient chart Patient who is well known to the community

Access rights

Policies that are dependent on each user's need to know are written and adhered to for functionality within the EHR

Select all that apply Which of the following factors dictate the privileges of a user? Multiple select question. Hourly rate of pay Length of employment Position Job description

Position Job description

Select all that apply Which of HIPAA's original rules were made more stringent by the HITECH Act? Multiple select question. Safety Privacy Security Reimbursement

Privacy Security

Select all that apply Which of the following apply to HITECH? Multiple select question. Privacy and security rules are more stringent. More power has been given to government authorities to enforce privacy and security. Government authorities have less power to enforce privacy and security. Privacy and security rules have been eliminated.

Privacy and security rules are more stringent. More power has been given to government authorities to enforce privacy and security.

Accounting of disclosures

Providing the patient with a listing of all disclosures of his or her health information

Select all that apply Which of the following should be addressed by electronic privacy and confidentiality policies? Multiple select question. Release of directory information Release of information to outside sources Insurance reimbursement information Hard-copy documents should be discarded in trash bins Signing of Notices of Privacy Practices

Release of directory information Release of information to outside sources Signing of Notices of Privacy Practices

Access report

Report of all persons within a facility who have had access to a patient's protected health information

Audit trail

Report which shows accesses by user to each function of the software - users who reviewed a patient's record

Select all that apply Which of the following describes continuity of care? Multiple select question. Sharing of information regarding patients' care Sharing of information regarding patients' bills The passing of information of one patient to another The passing of information from one provider to another

Sharing of information regarding patients' care The passing of information from one provider to another

Which of the following are strategies for protecting the sensitive information on devices? Multiple select question. Sign out of the device when unattended Store passwords on or near the device Encrypt PHI Leave the device open for easy access Use portable devices in secure areas

Sign out of the device when unattended Encrypt PHI Use portable devices in secure areas

Select all that apply Which of the following types of information might be found on a healthcare organization's social media site? Multiple select question. Specific patient details Social media policy Support groups and blogs Facts and figures about patient populations Links to related sites Patient test results

Social media policy Support groups and blogs Facts and figures about patient populations Links to related sites

Why are user rights assigned? Multiple choice question. To allow for user password selection To provide users with unlimited functionality To provide limited functionality to users To provide a user ID to staff

To provide limited functionality to users

A report that shows who accessed a person's medical record, is called: Multiple choice question. encrypted accounting of disclosures access report password report

access report

A report that shows who accessed a person's medical record, is called: encrypted password report accounting of disclosures access report

access report

To comply with HITECH, releases of information need to be ______. Multiple choice question. refused granted unrestricted accounted for

accounted for

When you provide the patient with a listing of all disclosures of his/her health information, both internally and externally, is called:

accounting of disclosures

Ongoing conversations about a topic that takes place online via the Internet are called ________. Multiple choice question. back-channels blogs Tweets webicles

blogs

The patient's right to expect that a patient's health information will not be released to any other entity without written authorization or as required by law is considered ________. privacy security confidentiality safety

confidentiality

The accuracy and timeliness of data collection is called ________. Multiple choice question. consistent charting limited data data interface data integrity

data integrity

Information about a patient's hospital status and his or her location in the hospital or facility is called _______. security information Master Patient Index directory information public knowledge

directory information

When only certain people have access to information, it is considered _______. Multiple choice question. full-user access denied rights restricted access user declination

restricted access

Interactive communication sites via the Internet are considered to be _______. Multiple choice question. social media Internet media social networking media outlets

social media


Ensembles d'études connexes

APUSH - Learning Curve Chapter 16

View Set

CRJU 1068 Crim Law Crim Just Final

View Set

AP Bio Unit 10 Recommended Review

View Set

Spanish 3: Lesson 6- Recapitulación

View Set