insurance & Billing Ch.2
After discovery of a breach of unsecured PHI, how long does a covered entity have to notify the individual(s) who would be affected?
60 days
Health plan premium payments is the HIPAA transaction name for number X12 _____
820
Which of the following statements define authorization?
A document signed by a patient to permit release of medical information
A code of conduct for the members of a practice would cover which of the following? (Select all that apply.)
A policy to encourage employees to report compliance concerns to the compliance officer Procedures for ensuring compliance with laws relating to referrals Provisions for discussing compliance during performance reviews
The health system reform legislation that offers improved insurance coverage and other benefits is abbreviated as _____.
ACA
An___ is responsible for managing the quality and cost of care provided to a group of patients.
ACO
What makes it illegal to knowingly offer incentives to induce referrals for services paid by government healthcare programs?
An antikickback statute
What must patients sign for use and disclosure of PHI for any reason other than TPO?
An authorization
According to the OIG, voluntary compliance plans should contain which of the following? (Select all that apply.)
Appointment of a compliance committee Consistent written policies and procedures Appointment of a compliance officer Training
Which of the following tasks are outlined in compliance plans?
Audit and monitor compliance with government regulations
To ensure that a compliance plan is established and followed, most practices will appoint a _____ to be in charge of ongoing work.
Be straightforward in presentations. Keep the presentations brief. Develop a procedure for sharing information between trainings. Use examples and facts. Explain the purpose of compliance.
The main federal government agency responsible for healthcare is abbreviated as .
CMS
The main federal government agency responsible for healthcare is the _____.
Centers for Medicare and Medicaid Services
An E/M service is usually documented with ____notes.
Chart
The Office for _____ Rights enforces the HIPAA Privacy Act.
Civil
Which of the following are covered entities that must follow HIPAA rules? (Select all that apply.)
Clearinghouses Healthcare providers Health plans
Which of the following are security measures that help enforce the HIPAA Security Rule? (Select all that apply.)
Create security policies for violations that occur Backups of data to replace items if damaged Provide secure Internet connections
Which of the following applies to the role of the Department of Justice with regards to HIPAA?
Criminal violations of HIPAA privacy standards are prosecuted by the DOJ.
_____ health information is medical data from which individual identifiers have been removed.
De-identified
What types of information make up a complete history and physical? (Select all that apply.)
Diagnosis Treatment plan Chief complaint H&P examination
Evaluation and management is abbreviated as _____.
E/M
__ is a method of converting a message into encoded text.
Encryption
A compliance plan seeks to ensure compliance with which of the following laws? (Select all that apply.)
Environmental safety laws Federal laws State laws Local laws Antifraud laws Employment laws
_____ stands for the Fraud Enforcement and Recovery Act of 2009.
FECA
Which of the following are documented in the patient's chart?
H&P PMH ROS HPI
Which of the following is the agency that governs emergency guidance for release of information?
HHS
The protection of patients' private health information is covered under which law?
HIPAA
Under _____ a code set is any group of codes used for encoding data elements.
HIPAA
Rules governing the electronic exchange of health information are called ____.
HIPAA Electronic Health Care Transaction and Code Sets
Privacy officials should review state laws to develop policies and procedures that are in compliance with which of the following?
HIPAA Privacy Rule
The law regulating the use and disclosure of patients' protected health information is called the _____.
HIPAA Privacy Rule
The law promoting the adoption and use of health information technology is abbreviated as _____.
HITECH
The law promoting the adoption and use of health information technology is called the _____.
Health Information Technology for Economic and Clinical Health Act
When might covered entities be exempt from the breach notification requirements for breaches of data? (Select all that apply.)
If destruction methods are used to secure data If encryption methods are used to secure data
Which of the following are true of an audit by the OIG? (Select all that apply.)
If patterns of errors are clearly determined, it could be considered fraud. Physicians are not subject to penalties for innocent errors. When problems are found during audits, an investigation follows.
Which of the following are examples of fraudulent or abusive billing acts? (Select all that apply.)
Intentionally billing for services that were not performed or documented Performing procedures that are not medically necessary Reporting services at a higher level than were carried out
Which of the following are true of the HITECH Act? (Select all that apply.)
It guides the use of federal stimulus money. It addresses privacy and security concerns associated with the electronic transmission of health information. It promotes the adoption of meaningful use of health information technology.
Which of the following are examples of how code sets can be used? (Select all that apply.)
Medical procedure codes Medical concepts Medical diagnosis codes Tables of terms
Which of the following are examples of patient's information that is taken out during the de-identified process?
Medical record number Insurance plan Names
What are identifiers?
Numbers of predetermined length and structure
A set of regulations enhancing patients' privacy protections and rights to information is called the _____.
Omnibus Rule
_____ is defined as protected health information.
PHI
What must be done when using patient information for the purpose of research?
Patient identifiers must be removed.
Which of the following are among the five provisions (titles) of HIPAA?
Preventing Healthcare Fraud and Abuse Healthcare Access, Portability and Renewability Tax-Related Health Provisions Revenue Offsets Application and Enforcement of Group Health Plan Requirements
Which of the following are examples of activities performed by CMS to ensure the quality of healthcare? (Select all that apply.)
Preventing discrimination based on health status Evaluating the quality of healthcare services and facilities Regulating lab testing Researching the effectiveness of healthcare management
PHI is the abbreviation for which of the following?
Protected health information
What information must be included on an authorization to release information? (Select all that apply.)
Purpose of the disclosure Name of the people to whom the disclosure is being made Expiration date Name of the person authorized to disclose the information Description of the information to be disclosed
Which of the following is a term used to describe whistle-blower cases?
Qui tam
Which of the following are parts of the Omnibus Rule? (Select all that apply.)
Restating the standards for reporting breaches Increasing civil monetary penalties for violations Prohibiting health plans from disclosing genetic information for determining insurance coverage Strengthening previous HIPAA/HITECH rules
State statutes may differ from HIPAA in which of the following areas? (Select all that apply.)
Rights of inmates Designated record set Information compiled for court cases Psychotherapy notes
The HIPAA Privacy Rule mandates that covered entities must do which of the following? (Select all that apply.)
Safeguard patient records Notify patients of privacy rights Have a set of appropriate privacy practices Train employees in regard to privacy practices Appoint a privacy official for the practice
Which of the following are the three parts of the Administrative Simplification?
Security Rule Privacy Rule Electronic Transaction and Code Set
Which of the following are true about PHI that is made available for research data? (Select all that apply.)
Specific patient names may not be identified on reports or studies. It may be made available to researchers approved by the practice.
_____ rules make it illegal for physicians to have financial relationships with clinics for the purpose of self referrals.
Stark
Which of the following are true of state regulations in healthcare? (Select all that apply.)
State laws ensure the solvency of insurance companies and MCOs. States can restrict price increases on premiums. State commissioners of insurance investigate consumer complaints.
Which of the following are true of PHI releases under court orders? (Select all that apply.)
Subpoenas can be issued by the court directing a party to appear and testify. To release PHI to a court without the patient's approval, a judicial order must be received. A subpoena duces tecum requires a party to appear, testify, and bring specified documents or items. If required as evidence, PHI may be released without the patient's approval.
Which of the following are rules governing the electronic exchange of health information?
TCS
The revenue cycle explains how using EHRs is integrated with practice management programs as what process is performed?
Ten-step billing process
Who has the authority to authorize the release of a patient's medical information to anyone not directly involved in their care? (Select all that apply.)
The patient A legally appointed representative
Who has ownership of the actual progress notes, reports, and other clinical materials in a medical record?
The provider who created them
Why must communicable diseases be reported?
They can be dangerous and harm others.
For which of the following reasons are psychotherapy notes treated differently under HIPAA?
They contain sensitive information.
In which circumstances might CEs disclose PHI without the patient's consent? (Select all that apply.)
To grant public health authorities access to PHI necessary to carry out their public health mission. To prevent or lessen a serious threat to the health and safety of the public. To treat the patient or another patient
How are the HIPAA transactions standards labeled?
With a number and a name
The purpose of ______ logs is to record who has accessed or tried to access information.
activity
A formal examination of a physician's records is called a(n) _____
audit
_____are companies that help providers handle electronic transactions.
clearinghouses
An alphabetic and/or numeric representation of data is called a(n) _____.
code set
The practice's code of _____ covers compliance in referral arrangements, and employee performance compliance.
conduct
A health plan, clearinghouse, or provider who transmits any health information in electronic form is called a(n) _____.
covered entity
There are no restrictions on the use or disclosure of _____ information.
de-identified health
A system-to-system exchange of data in a standardized format is called a(n) _____.
electronic data interchange
New emergency guidance from HHS stating that CEs may disclose PHI without the patient's consent was applicable to a recent outbreak of Ebola virus because ______.
it was needed to lessen a serious and imminent threat to the health of the public
Being able to prove that a procedure is related to the patient's condition is called _____.
medical necessity
A(n) _____ is a file containing the documentation of a patient's medical history and related information.
medical record
State-specified performance measures for the delivery of healthcare are called _____.
medical standards of care
A patient encounter is also called the ____with the provider.
meeting
In order to use the patients medical data for research the patient's ____ may not be identified.
name
Role-based access into computer records means that _____.
only those who need the information can see it
An example of confidential authentication information used to access EHR/PMP is a(n) _____.
password
_____ management programs encrypt data between the office and the Internet.
practice
The HIPAA Standards for Privacy of Individually Identifiable Health Information Rule is also know as HIPAA___ Rule
privacy
The _____ official in an organization develops policies and procedures for HIPPA compliance.
privacy
_____ notes are treated differently because they contain particularly sensitive information.
psychotheraphy
A person who makes an accusation of fraud or abuse is called a(n) _____.
relator
The cycle that explains how using EHRs is integrated with practice management programs is called the _____ cycle.
revenue
When a provider asks questions about the function of each body system, it is considered a _____.
review of systems
The OIG compliance plan has _____ elements.
seven
Some specific types of information is required by ______ law to be released to state or social services.
state
regulate the operations and compliance of health insurance companies.
states
is an order of the court directing a party to appear and testify.
subpena
There are five _____ in HIPAA that focus on various aspects of healthcare.
titles
Unprotected health information that is not secured through the use of technologies or methods that HHS has specified is called _____ PHI.
unsecured