Legal and Ethical Aspects of Health Information Management- Ch 13 Exam
Which of the following is NOT an example of an ineffective system safeguard? a. An emergency room doctor uses his password to gain access to the medical history of a colleague who is being treated for injuries sustained in a MVA. b. A nurse on the orthopedic floor prints copies of labor and delivery notes on a celebrity. c. A laboratory technician checks a patient's psychological therapy notes for evidence of a medication that requires surveillance of blood levels. d. A representative from a medical device vendor remotely accesses PHI to determine which specific device will be needed for implant.
An emergency room doctor uses his password to gain access to the medical history of a colleague who is being treated for injuries sustained in a MVA.
How do HIPAA Security and Privacy Rules differ? a. They are different names for the same policies. b. They often oppose each other's efforts. c. Both protect information from different angles. d. They limit patients' access and control of their medical information.
Both protect information from different angles.
What does E-SIGN refer to? a. legislation that states electronic signatures may not be used in interstate or foreign commerce b. Electronic Signatures in Global and National Commerce Act of 2001 c. encryption program d. a program developed to support insurance reimbursement for health care
Electronic Signatures in Global and National Commerce Act of 2001
Under HIPAA, a patient has the right to which of the following? a. know how his information is being disclosed b. receive copies of any records on request c. alter the original medical record d. restrict all disclosures of information
NOT B
Which is a NOT a risk prevention technique used to protect electronic health records? a. restricted copy functions b. PDA c. key cards d. password
PDA
To establish a health record as admissible under a business record exemption, what must the requesting party show? a. The record was kept in the ordinary course of business. b. An injury occurred as a result of negligence. c. There was a duty to act. d. An injury documented in the record was caused by negligence.
The record was kept in the ordinary course of business.
A security officer's responsibility are accomplished by which of the following? a. implementation of HIPAA security directives b. performing risk assessments c. improving IT security with vendors and consultants d. all of the above
all of the above
To overcome the hearsay rule to allow a health care record to be admitted into evidence, the health information manager must be able to testify to which of the following? a. foundation b. accuracy c. trustworthiness d. all of the above
all of the above
What is a defining characteristic(s) of an electronic health record? a. documentation created, authenticated, and retrieved by computers b. information that resides in a system specifically designed to provide accessibility to a patient's medical data c. is contained in a system that may also contain links to medical references and clinical decision support systems d. all of the above
all of the above
What measures can be taken to discourage or prevent sabotage? a. limiting log-on attempts b. methods of encryption c. additions of anti-virus software d. all of the above
all of the above
Which are advantages of switching to electronic health records? a. accessibility of information b. data mining c. decreases capacity required for information storage d. legibility of information e. all of the above
all of the above
In meeting the accuracy requirement, the health information manager must fulfill which requirement? a. what data entry procedures are routine b. be familiar with the hardware and software used in the system c. have knowledge of whether the person making the entry uses biometric identification d. be able to determine who made the entry
be familiar with the hardware and software used in the system
What is true about addressable specifications found in HIPAA's security rules? a. allow the covered entity to ignore unreasonable rules b. are mandatory c. do not bind the entity to implementation but require documentation of alternatives d. address only hybrid medical records
do not bind the entity to implementation but require documentation of alternatives
The Institute of Medicine has identified core functionalities that constitute an electronic health record. Which of the following is not one of those functionalities? a. order entry and management b. enforcement of collections c. clinical decision support d. admissions and scheduling
enforcement of collections
Which of the following is true regarding safeguards established by HIPAA security rules? a. ensure data integrity by protecting it from unauthorized deletion b. define specific times and conditions when data may be available c. protect confidentiality of data by allowing all healthcare providers within a facility access the information d. all of these
ensure data integrity by protecting it from unauthorized deletion
Which is true regarding a printout of the patient record that has been maintained in an electronic medium? a. has been allowed to be entered into evidence with testimony of the custodian of records b. has been determined to be equivalent to a paper record c. is considered inadmissible as it is not the actual record d. is not required to meet the foundation, trustworthiness, accuracy requirements
has been allowed to be entered into evidence with testimony of the custodian of records
Administrative safeguards under HIPAA do which of the following? a. help covered entities create policies and procedures to develop security measure that protect PHI b. define framework of a security program c. include optional risk assessments d. help entities protect information from physical intrusions
help covered entities create policies and procedures to develop security measure that protect PHI
Which is true regarding electronic authentication of medical record entries? a. is required by legislature b. does not hold the author of the entry accountable c. is recognized by accreditating bodies d. requires an additional paper record to verify authenticity
is recognized by accreditating bodies
What does damage prevention in an electronic health record system refer to? a. plans used to resume immediate computer operations in the event of a problem b. keeping data or equipment from being brought down by malicious attempts c. prevents third parties from gaining access to communications d. none of the above
keeping data or equipment from being brought down by malicious attempts
Permissions granted in an electronic health record system involve which of the following? a. ensuring people are who they say they are b. a way to prevent malicious attempts to destroy data or equipment c. preventing eavesdropping d. level of access granted to an operating system
level of access granted to an operating system
Beyond the responsibility for maintaining protected health information, health information managers will not be responsible for which of the following? a. vendor contracts b. statistics c. pharmacy calculations d. inappropriate access to genetic information
pharmacy calculations
Which are safeguards covered under HIPAA? a. physical and technical b. administrative and insurance c. physical and theoretical d. informational and technical
physical and technical
What does digital imaging in the context of maintenance of PHI refer to? a. photographs taken of patients before and after surgery b. scanning of a paper document that will be viewed over a server or web browser c. using fiberoptics in minimally invasive procedures d. electronic indexing
scanning of a paper document that will be viewed over a server or web browser
HIPAA's security rules do NOT include which of the following? a. mechanisms to report known or suspected breaches b. specific training programs for staff concerning the vulnerability of PHI c. addresses virus protection, password management d. requirements for documentation of training and periodic review and updates
specific training programs for staff concerning the vulnerability of PHI
Which of the following would not be an appropriate use of the Internet in regards to PHI? a. transmission of x-rays for reading by a radiologist off site b. providing poison control information to the public c. unencrypted email between physician and patient to report test results d. advertising for clinical trial participants
unencrypted email between physician and patient to report test results
