HEIT Test ComplianceB
5. A coder's misrepresentation of the patient's clinical picture through intentional incorrect coding or the omission of diagnosis or procedure codes would be an example of: a. Healthcare fraud b. Payment optimization c. Payment reduction d. Healthcare creativity
A
76. Which of the following groups are included in the feedback loop between denials, management, and clinical documentation improvement (CDI) program staff? a. Compliance b. Office of the Inspector General c. Center for Medicare and Medicaid Services d. Payers
A
9. Which type of identity theft occurs when a patient uses another person's name and insurance information to receive healthcare benefits? a. Medical b. Financial c. Criminal d. Health
A
13. If an HIM department acts in deliberate ignorance or in disregard of official coding guidelines, it may be committing: a. Abuse b. Fraud c. Malpractice d. Kickbacks
B
42. The breach notification requirement applies to: a. All PHI b. Unsecured PHI only c. Electronic PHI only d. PHI on paper only
B
35. All of the following are measures used to track and assess clinical documentation improvement (CDI) programs except: a. Record review rate b. Physician query rate c. Record agreement rate d. Query agreement rate
C
45. A visitor to the hospital looks at the screen of the admitting clerk's computer workstation when she leaves her desk to copy some admitting documents. What security mechanism would best have minimized this security breach? a. Document controls b. Audit controls c. Automatic logoff controls d. Device and media controls
C
75. Which of the following types of information include areas like genetics, adoption, and drug use that require special attention? a. Special information b. Scientific information c. Sensitive information d. Super information
C
15. In Medicare, the most common forms of fraud and abuse include all except which of the following? a. Billing for services not furnished b. Misrepresenting the diagnosis to justify payment c. Unbundling or exploding charges d. Implementing a clinical documentation improvement program
D
16. The policies and procedures section of a coding compliance plan should include all except which of the following? a. Physician query process b. Unbundling c. Assignment of discharge disposition codes d. Utilization review
D
38. The Medical Record Committee wants to determine if the hospital is in compliance with medical staff rules and regulations for medical record delinquency rates. The HIM director has compiled a report that shows that records are delinquent for an average of 29 days after discharge. Given this information, what can the committee conclude? a. Delinquency rate is within medical staff rules and regulations. b. All physicians are performing at optimal levels. c. The chart deficiency process is working well. d. Data are insufficient to determine whether the hospital is in compliance.
D
49. The coding staff should be updated at least ________ on compliance requirements. a. Weekly b. Monthly c. Every six months d. Annually
D
68. A postoperative patient was prescribed Lortab prn. Nurse Jones documented in the patient record that she administered one dose of Lortab to the patient, but never actually administered this medication. Nurse Jones then took the Lortab herself. This action would be called? a. Drug prescribing b. Adverse drug reaction c. Sentinel event d. Drug diversion
D
70. Events that occur in a healthcare organization that do not necessarily affect an outcome but carry significant chance of being a serious adverse event if they were to recur are: a. Time-out b. Serious events c. Sentinel events d. Near misses
D
10. A hospital receives a valid request from a patient for copies of her health records. The HIM clerk who is preparing the records removes copies of the patient's records from another hospital where the patient was previously treated. According to HIPAA regulations, was this action correct? a. No; the records from the previous hospital are considered to be included in the designated record set and should be given to the patient. b. Yes; this is hospital policy for which HIPAA has no control. c. No; the records from the previous hospital are not included in the designated record set but should be released anyway. d. Yes; HIPAA only requires that current records be produced for the patient.
A
11. In developing a monitoring program for inpatient coding compliance, which of the following should be regularly audited? a. ICD-10-CM and ICD-10-PCS coding b. CPT/HCPCS and LOINC coding c. ICD-10-CM and SNOMED coding d. CPT/HCPCS and ICD-10-PCS coding
A
11. The deception or misrepresentation by a healthcare provider that may result in a false or fictitious claim for inappropriate payment by Medicare or other insurers for items or services either not rendered or rendered to a lesser extent than described in the claim is: a. Healthcare fraud b. Optimization c. Upcoding d. Healthcare abuse
A
13. Which of the following is part of qualitative analysis review? a. Checking that only approved abbreviations are used b. Checking that all forms and reports are present c. Checking that documents have patient identification information d. Checking that reports requiring authentication have signatures
A
14. Using data mining, an RAC makes a claim determination at the system-level without a human review of the health record. This type of review is called: a. Automated review b. Complex review c. Detailed review d. Systematic review
A
17. Quality Improvement Organizations perform medical peer review of Medicare and Medicaid claims through a review of which of the following? a. Validity of hospital diagnosis and procedure coding data completeness b. Appropriateness of EHR used c. Policies, procedures and standards of conduct d. Professional standards
A
18. A(n) __________ is imposed on providers by the OIG when fraud and abuse is discovered through an investigation. a. Corporate Integrity Agreement b. OIG Workplan c. Red Flags Rule d. Resource AgreementD
A
19. Which of the following is an example of a common form of healthcare fraud and abuse? a. Billing for services not furnished to patients b. Clinical documentation improvement c. Refiling claims after denials d. Use of a claim scrubber prior to submitting bills
A
2. Which of the following is a legal concern regarding the EHR? a. Ability to subpoena audit trails b. Template design c. ANSI standards d. Data sets
A
20. The Breach Notification Rule requires covered entities to do which of the following: a. Notify affected individuals when a breach occurs b. Establish a policy on minimum necessary c. Provide each patient with a new notice of privacy practices d. Assign a new patient record number
A
22. A provider's office calls to retrieve emergency room records for a patient's follow-up appointment. The HIM professional refused to release the emergency department records without a written authorization from the patient. Was this action in compliance? a. No; the records are needed for continued care of the patient, so no authorization is required b. Yes; the release of all records requires written authorization from the patient c. No; permission of the ER physician was not obtained d. Yes; one covered entity cannot request the records from another covered entity
A
22. Our computer system just notified us that Mary Burchfield has just looked up another patient with the same last name. This notification is called a(n): a. Trigger b. Audit reduction tool c. Integrity d. Audit control
A
3. The goal of coding compliance programs is to prevent: a. Accusations of fraud and abuse b. Delays in claims processing c. Billing errors d. Inaccurate code assignmentsA
A
37. Which of the following is a good question for a supervisor of coding to ask when evaluating potential fraud or abuse risk areas in the coding area? a. Are the assigned codes supported by the health record documentation? b. Does the hospital have a compliance plan? c. How many claims have not been coded? d. Which members of the medical staff have the most admissions to the hospital?
A
41. Calling out patient names in a physician's office is: a. An incidental disclosure b. Not subject to the minimum necessary requirement c. A disclosure for payment purposes d. An automatic violation of the HIPAA Privacy Rule
A
44. Per the Fair and Accurate Credit Transactions Act (FACTA), which of the following is not a red flag category? a. An account held by a person who is over 80 years old b. Warnings from a consumer-reporting agency c. Unusual activity relating to a covered account d. Suspicious documents
A
50. Organizations use of audits in data analysis in order to ensure compliance with policies and procedures is a component of: a. Internal monitoring b. Benchmarking c. Corrective action d. Educating staff
A
56. Medical identity theft includes which of the following: a. Using another person's name to obtain durable medical equipment b. Purchasing an EHR c. Purchasing surgical equipment d. Using another healthcare provider's national provider identifier to submit a claim
A
62. A Recovery Auditing Contractor (RAC) is conducting a review of claims for improper payment at Wildcat Hospital. The review is performed electronically utilizing a software program that analyzes claims data to identify proper payments. This type of review is referred to as: a. Automated review b. Complex review c. Semi-automated review d. Semi-complex review63. A patient was taken into surgery at a local hospital for treatment of colon cancer. A large section of the colon was removed during surgery and the patient was taken to the medical floor after surgery. Within the first 24 hours post-op, the patient developed fever, chills, and abdominal pain. An abdominal CT scan revealed the presence of a foreign body. This situation describes a: a. Near miss b. Sentinel event c. Security incident d. Time out
A
67. Community hospital is looking for ways to increase physician referrals. One board member suggested that they offer local physician $100 for every patient referred to the hospital for care. If the hospital goes ahead with the board member's suggestion, what statute is the hospital violating? a. Anti-Kickback Statute b. False Claims Act c. Health Insurance Portability and Accountability Act d. Red Flags Rule
A
72. Which item below is not recommended by the HHS and the OIG for minimum compliance with clinical documentation regulations? a. Physicians should include vaccination records b. Progress, response, and changes are to be documented c. Health record should be completely legible d. Past and present diagnosis should be easily accessible
A
74. Risk determination considers the factors of: a. Likelihood and impact b. Risk prioritization and control recommendations c. Risk prioritization and impact d. Likelihood and control recommendations
A
81. Sarah, a new graduate of a health information technology program, sits for the registered health information technician (RHIT) exam and fails. She does not want her employer to know she failed and tells her coworkers she passed the examination. Sarah then starts using the RHIT credential after her name in work correspondence. A coworker, Nancy, discovers that Sarah is using the RHIT credential fraudulently and notifies the supervisor, Joan. What is the responsibility of Nancy and Joan in this situation? a. Contact AHIMA and report the abuse b. Contact the state licensing division c. Contact the office of the inspector general d. Contact the HIT program
A
83. A new mother placed her baby in the bassinet in her hospital room while she used the restroom in her room. When she returned, she went to pick up her baby and found the bassinet empty. She immediately called the nurse to inquire as to the whereabouts of her child. The nurse replied that she had not taken the baby and immediately issued a hospital-wide security alert for a possible infant abduction. Although all procedures were followed to locate the baby, the baby was not found within the hospital. This situation describes a ________. a. near miss b. sentinel event c. security incident d. time out
A
9. The leaders of a healthcare organization are expected to select an organization-wide performance improvement approach and to clearly define how all levels of the organization will monitor and address improvement issues. The Joint Commission requires ongoing data collection that might require improvement for which of the following areas? a. Operative and other invasive procedures, medication management, and blood and blood product use b. Blood and blood product use, medication management, and appointment to the board of directors c. Medication management, marketing strategy, and blood use d. Operative and other invasive procedures, appointments to the board of directors, and restraint and seclusion use
A
D15. Mary's PHI has been breached. She must be informed of all of the following except: a. Who committed the breach b. Date the breach was discovered c. Types of unsecured PHI involved d. What she may do to protect herself
A
1. The evaluation of coders is recommended at least quarterly for the purpose of measurement and assurance of: a. Speed b. Data quality and integrity c. Accuracy d. Effective relationships with physicians and facility personnel
B
10. The Medicare Integrity Program was established to battle fraud and abuse and is charged with which of the following responsibilities? a. Audit of expense reports and notifying beneficiaries of their rights b. Payment determinations and audit of cost reports c. Publishing of new coding guidelines and code changes d. Monitoring of physician credentials and payment determinations
B
13. Which of the following situations is considered a breach of PHI? a. A nurse views the record of a patient that she is not caring for b. A patient's attorney is sent records not authorized by that patient c. A nurse starts to place PHI in a public area where a patient is standing and immediately picks it up d. An HIM employee keys in the incorrect health record number but closes it out as soon as it is realized
B
14. A pharmacist who submits Medicaid claims for reimbursement on brand name drugs when less expensive generic drugs were dispensed has committed the crime of: a. Criminal negligence b. Fraud c. Perjury d. Products' liability
B
15. The Department of Health and Human Services has identified that Community Hospital is guilty of fraud. It was determined that the facility tried to comply with standards, but their efforts failed. What category of fraud and abuse prevention does this fall into? a. Reasonable cause b. Reasonable diligence c. Willful neglect d. Willful defiance
B
16. City Hospital submitted 175 claims where they unbundled laboratory charges. They were overpaid by $75 on each claim. What is the fine for City Hospital? a. $40,300 b. $39,375 c. $26,250 d. $13,125
B
2. Which of the following describes incomplete records that are not completed by the physician within the time frame specified in the healthcare facility's policies? a. Suspended records b. Delinquent records c. Loose records d. Default records
B
2. Which of the following practices is an appropriate coding compliance activity? a. Reviewing all accurately paid claims b. Developing procedures for identifying coding errors c. Providing a financial incentive for coding claims improperly d. Instructing coders to code diagnoses and submit the bill before all applicable information is documented in the health recordA
B
21. The process that is followed to mitigate and fix issues that arise during a review of systems that contain PHI to reduce vulnerabilities is called: a. Risk analysis b. Risk management c. Results documentation d. Recommendations for controls
B
25. Which of the following should be the first step in any quality improvement process? a. Analyze the problem b. Identify the performance measures c. Develop an alternative solution d. Decide on the best solution
B
26. The National Patient Safety Goals (NPSGs) have effectively mandated all healthcare organizations to examine care processes that have a potential for error that can cause injury to patients. Which of the following processes are included in the NPSGs? a. Identify patients correctly, prevent infection, and file claims for reimbursement b. Check patient medicines, prevent infection, and identify patients correctly c. File claims for reimbursement, check patient medicines, and improve staff communication d. Improve staff communication, process claims timely, and prevent infection
B
32. Per the HITECH breach notification requirements, what is the threshold for the immediate notification of each individual? a. 1,000 individuals affected b. 500 individuals affected c. 250 individuals affected d. Any number of individuals affected requires individual notification.
B
4. Corporate compliance programs became common after adoption of which of the following? a. False Claims Act b. Federal Sentencing Guidelines c. Office of the Inspector General for HHS d. Federal Physician Self-Referral Statute
B
4. Each healthcare organization must identify and prioritize which processes and outcomes (in other words, which types of data) are important to monitor. This data collection should be based on the scope of care and services they provide and: a. The number of employees they employ b. Their mission c. The QI methodology used d. Their accreditation status
B
48. In a typical acute-care setting, the Explanation of Benefits, Medicare Summary Notice, and Remittance Advice documents (provided by the payer) are monitored in which revenue cycle area? a. Preclaims submission b. Claims reconciliation and collections c. Accounts receivable d. Claims processing
B
5. A group practice has hired an HIT as its chief compliance officer. The current compliance program includes written standards of conduct and policies, and procedures that address specific areas of potential fraud. It also has audits in place to monitor compliance. Which of the following should the compliance officer also ensure are in place? a. A bonus program for coders who code charts with higher paying MS-DRGs b. A hotline to receive complaints and adoption of procedures to protect whistleblowers from retaliation c. Procedures to adequately identify individuals who make complaints so that appropriate followup can be conducted d. A corporate compliance committee that reports directly to the CFO
B
5. In developing an internal coding audit review program, which of the following would be risk areas that should be targeted for audit? a. Admission diagnosis and complaints b. Chargemaster description and medical necessity c. Clinical laboratory results d. Radiology orders
B
52. How many basic elements are included in an effective compliance program? a. Five b. Seven c. Nine d. Three
B
53. What is one key component of a compliant clinical documentation improvement program? a. Detailed review of Joint Commission findings b. Documented, mandatory physician education c. Revenue cycle team involvement d. Exceeding query response targets
B
58. A facility recently submitted two claims for the same service for a patient's recent encounter for chemotherapy. If the third-party payer pays both of these claims, the facility will receive a higher reimbursement than deserved. This is called: a. Appropriate payment b. Overpayment c. Unbundling d. Waste
B
6. Examples of high-risk billing practices that create compliance risks for healthcare organizations include all except which of the following? a. Altered claim forms b. Returned overpayments c. Duplicate billings d. Unbundled procedures
B
60. The Joint Commission is conducting an audit at Community Hospital to determine the hospital's compliance with The Joint Commission standards regarding patient rights. This is an example of a(n): a. Complex review b. External audit c. Internal audit d. Casefinding review
B
63. A patient was taken into surgery at a local hospital for treatment of colon cancer. A large section of the colon was removed during surgery and the patient was taken to the medical floor after surgery. Within the first 24 hours post-op, the patient developed fever, chills, and abdominal pain. An abdominal CT scan revealed the presence of a foreign body. This situation describes a: a. Near miss b. Sentinel event c. Security incident d. Time out
B
65. The clinical documentation improvement (CDI) program must keep high-quality records of the query process for: a. Revenue cycle analysis b. Compliance issues c. Chart deficiency tracking d. Reducing the workload on HIM
B
69. Detailed query documentation can be used to: a. Protect the hospital from lawsuits b. Protect the hospital against claims from physicians about leading queries c. Show the effects of follow-up training d. Protect the auditor from corrective action
B
7. During an audit of health records, the HIM director finds that transcribed reports are being changed by the author up to a week after initial transcription. To remedy this situation, the HIM director should recommend which of the following? a. Immediately stop the practice of changing transcribed reports b. Develop a facility policy that defines the acceptable period of time allowed for a transcribed document to remain in draft form c. Conduct a verification audit d. Alert hospital legal counsel of the practice
B
73. Which of the following is an investigational technique that facilitates the identification of the various factors that contribute to a problem? a. Affinity grouping b. Cause-and-effect diagram c. Force-field analysis d. Nominal group technique
B
80. If a patient notices an unknown item in the explanation of benefits they receive from an insurance company and they do not recognize the service being paid for, the patient should: a. Not do anything b. Contact the insurer and the provider who billed for the services to correct the information c. Contact the police d. Contact human resources and let them know there has been a mistake
B
D1. In developing an internal audit review program, which of the following would be risk areas that should be targeted for audit? a. Admission diagnosis and complaints b. Chargemaster description c. Clinical laboratory results d. Radiology orders
B
1. The HIM manager was asked by the medical director to present the hospital's policy on deletion of erroneous information from the electronic health record to the medical staff. This policy requires that the original documentation is retained in the EHR along with the corrected documentation. Which of the following is a key component of this policy? a. The new documentation must be reviewed by the chief of the medical staff b. Natural language processing would be utilized to delete erroneous information c. The new and old documentation would be included in the same document with a comment section. d. The new documentation needs to be reviewed by the risk manager.
C
11. Coding policies should include which of the following elements? a. Lunch or break schedule b. How to access the computer system c. AHIMA Standards of Ethical Coding d. Nonofficial coding guidelines
C
12. Which of the following would be an example of a sentinel event? a. Incidence of hospital acquired infection b. Incidence of an unruly patient c. Incidence of infant abduction d. Incidence of blood transfusion reaction
C
14. How many identifiers must be removed for a data to be considered de-identified under the Safe Harbor Method? a. 12 b. 15 c. 18 d. 20
C
17. Exceptions to the Federal Anti-Kickback Statute that allow legitimate business arrangements and are not subject to prosecution are: a. Qui tam practices b. Safe practices c. Safe harbors d. Exclusions
C
17. The HIM Department has been receiving complaints about the turnaround time for release of information (ROI) requests. A PI team is created to investigate this issue. What data source would be appropriate to use to investigate this issue further? a. ROI employee evaluations b. Survey requestors c. ROI tracking system d. ADT systemA
C
18. What resource should the facility compliance officer consult to provide information on new and ongoing reviews or audits each year in programs administered by the Department of Health and Human Services? a. Regional health information organizations b. Corporate compliance plans c. OIG workplans d. Federal register
C
18. When the Medicare Recovery Audit Contractor has determined that incorrect payment has been made to an organization, which document is sent to the provider notifying them of this determination? a. Appeal request b. Claims denial c. Demand letter d. Medicare Summary Notice
C
19. When a staff member documents in the health record that an incident report was completed about a specific incident, in a legal proceeding how is the confidentiality of the incident report affected? a. There is no impact. b. The person making the entry in the health record may not be called as a witness in trial. c. The incident report likely becomes discoverable because it is mentioned in a discoverable document. d. The incident report cannot be discovered even though it is mentioned in a discoverable document.
C
20. Dr. Smith always orders the same 10 things when a new patient is admitted to the hospital in addition to some patient-specific orders. What would assist in assuring that the specific patient is not allergic to a drug being ordered? a. Clinical decision support b. Electronic medication administration record system c. Pharmacy information system d. Standard order set
C
21. Community Hospital is identifying strategies to minimize the security risks associated with employees leaving their workstations unattended. Which of the following solutions will minimize the security risk of unattended workstations? a. Use biometrics for access to the system. b. Implement firewall and virus protection. c. Implement automatic session terminations. d. Install encryption and similar devices.
C
21. The organization that employs you just concluded an investigation of a laptop computer that was lost and contained a file with the information of 765 patients on it, including names, addresses, telephone numbers, and social security numbers. As the privacy officer, you are required to manage the notification process for the data breach. All of the following would need to be notified of this data breach within 60 days of the discovery except: a. Individual patients b. Local media c. Attending physicians of the patients d. Department of Health and Human Services
C
22. Every healthcare organization's risk management plan should include the following components except: a. Loss prevention and reduction b. Risk identification and analysis c. Peer review d. Claims management
C
23. Healthcare organizations conduct regular campaigns and educational sessions for all employees on the proper methods and procedure of working with patients with blood-borne pathogens like Hepatitis or HIV. These large-scale educational efforts are used to protect patients and employees against possible exposure to infectious agents is called ________. a. Infectious deterrents b. Standard measures c. Standard precautions d. Infectious measure
C
24. The quality improvement organizations (QIOs) under contract with CMS conduct audits on highrisk and hospital-specific data from claims data in this report: a. Hospital Payment Monitoring Program b. Payment Error Prevention Program c. Program for Evaluation Payment Patterns Electronic Report d. Compliance Program Guidance for Hospitals
C
27. A Joint Commission-accredited organization must review its formulary annually to ensure a medication's continued: a. Safety and dose b. Efficiency and efficacy c. Efficacy and safety d. Dose and efficiency
C
28. A risk manager is called in to evaluate a situation in which a visitor to the hospital slipped on spilled water, fell, and fractured his femur. This situation was referred to the risk manager because it involves a: a. Medical error b. Claims management issue c. Potentially compensable event d. Sentinel event
C
29. From an evidentiary standpoint, incident reports: a. Are universally nonadmissible during trial proceedings b. May be referenced in the patient's health record c. Should not be placed in a patient's health record d. Are universally nondiscoverable during litigation
C
31. A hospital employee destroyed a health record so that its contents—which would be damaging to the employee—could not be used at trial. In legal terms, the employee's action constitutes: a. Mutilation b. Destruction c. Spoliation d. Spoilage
C
39. Which step of risk analysis identifies information assets that need protection? a. Identifying vulnerabilities b. Control analysis c. System characterization d. Likelihood determination
C
4. One way for a hospital to demonstrate compliance with OIG guidelines is to: a. Designate a privacy officer b. Continuously monitor PEPPER reports c. Develop, implement, and monitor written policies and procedures d. Obtain ABNs for all Medicare registrations
C
40. The supervisor over the coding division in the HIM Department at Community Hospital reviewed the productivity logs of four newly hired coders after their first month. Using the information provided, which employee will require additional assistance in order to meet the standard of 20 medical records coded per day? Community Hospital Coding Productivity Report Coding Standard: 20 health records per day Coder Week 1 Week 2 Week 3 Week 4 1. 90. 105 98 107 2. 100 105. 105. 95 3. 75. 80 85. 105 4. 80. 95 115. 110 a. Coder 1 b. Coder 2 c. Coder 3 d. Coder 4
C
43. A local nonprofit community hospital is looking to do a fundraiser to add to their surgical center. HIPAA rules restrict activities related to fundraising for healthcare organizations. Which of the following must the hospital do to comply with the HIPAA requirements for fundraising? a. Fundraising materials do not have to include opt-out instructions b. Prior authorization is only required if individuals are not targeted based on diagnosis c. Individuals must be informed in the notice of privacy practices that their information may be used for fundraising purposes d. Authorization is never required for fundraising solicitations
C
47. The overutilization or inappropriate utilization of services and misuse of resources, typically not a criminal or intentional act is called which of the following? a. Fraud b. Abuse c. Waste d. Audit
C
51. The nursing staff routinely sends text messages to attending physicians to clarify orders during the night shift. The HIM professional should recommend which of the following to refine the policy as the best practice for protecting information that is text messaged. a. Send a text message to more than one person b. Enter a person's telephone number each time a text message is sent to him c. Encrypt text messages during transmission d. Presume that telephone numbers stored in memory remain valid
C
54. The clinical documentation improvement (CDI) staff might create a feedback loop with which department to prevent disgruntled physicians from filing claims against them? a. Billing or finance b. Health information management c. Compliance d. Case management
C
55. Why is it essential for members of the compliance team to be involved in the entire EHR implementation process? a. To ensure HIPAA compliance b. Evolving regulatory guidelines c. To monitor cut and paste documentation d. Reimbursement risk
C
6. When performing a coding audit, a health record technician discovers that an inpatient coder is assigning diagnosis and procedure codes specifically for the purpose of obtaining a higher level of reimbursement. The coder believes that this practice helps the hospital increase its revenue. Which of the following should be done in this case? a. Compliment the coder for taking initiative in helping the hospital b. Report the coder to the FBI for coding fraud c. Counsel the coder and stop the practice immediately d. Provide the coder with incentive pay for her actions
C
61. What is the goal of the clinical documentation improvement (CDI) compliance review? a. Compliant MS-DRG assignment between CDI program staff b. To ensure corrective action for any compliance concerns c. Compliant query generation and physician responses d. To ensure compliance between CDI program staff
C
66. Which of the following is the whistleblower provision of the False Claims Act that provides a means for individuals to report healthcare information non-compliance? a. Quid pro quo b. Query c. Qui tam d. Quasi reporting
C
7. The risk manager's principal tool for capturing the facts about potentially compensable events is the: a. Accident report b. RM report c. Occurrence report d. Event report
C
79. The benefits of a coding compliance plan include the following: a. Improving patient care b. Identifying those who participate in fraud and abuse c. Retention of high standard of coding d. Increasing the number of denials of healthcare services reimbursement based on coding errors
C
9. Healthcare abuse relates to practices that may result in: a. False representation of fact b. Failure to disclose a fact c. Performing medically unnecessary services d. Knowingly submitting altered claim forms
C
10. Which of the following is a principle of contemporary performance improvement? a. Success must never be celebrated as this does not encourage more success. b. Systems never demonstrate variation. c. Performance improvement works by identifying the individuals responsible for quality problems and reprimanding them. d. Performance improvement relies on the collection and analysis of data to increase knowledge.
D
12. Insufficient documentation is the highest risk area for Physician Services. Which of the following is the best approach for the coding supervisor at Family Physicians group to combat this issue? a. Ensure medical record documentation is submitted for every single CERT record request. b. Work with billing to ensure only valid CPT and HCPCS codes are reported on Medicare claims. c. Design and execute a physician documentation assessment. d. Perform a root cause analysis of records denied for insufficient documentation and then develop a plan based on the findings.
D
12. What should be done when the HIM department's chart analysis error rate is too high, or its accuracy rate is too low based on policy? a. Re-audit the problem area b. The problem should be treated as an isolated incident c. The formula for determining the rate may need to be adjusted d. Corrective action should be taken to meet the department standards
D
16. HIPAA requires a covered entity to establish policy to ensure that protected health information could not identify a specific individual. One method used to meet this deidentification standard is the expert determination model. The expert determination model requires these four steps: Determine the statistical and scientific method to be used to determine the risk of reidentification Analyze and assess the risk to the deidentified data The expert applies the method to the deidentified data The facility should choose the expert for the deidentification analysis What is the correct order in which these steps should be performed? a. 4, 1, 2, 3 b. 1, 2, 3, 4 c. 2, 4, 3, 1 d. 4, 1, 3, 2C
D
19. During a review of documentation practices, the HIM director finds that nurses are routinely using the copy and paste functionality of the hospital's EHR system for documenting nursing notes. Which of the following should the HIM director do to ensure that the nurses are following acceptable documentation practices? a. Inform the nurses that copy and paste is not acceptable and to stop this practice immediately b. Determine how many nurses are involved in this practice c. Institute an in-service training session on documentation practices d. Develop policy and procedures related to cutting, copying, and pasting documentation in the EHR system
D
20. The basic functions of healthcare risk management programs are similar for most organizations and should include which of the following? a. Reporting of claims, initiating an investigation of claims, protecting the primary and secondary health records, negotiating settlements, managing litigations, and using information for claim's resolution in performance management activities b. Risk acceptance, risk avoidance, risk reduction or minimization, and risk transfer c. Safety management, security management, claims management, technology management, and facilities management d. Risk identification and analysis, loss prevention and reduction, and claims management
D
3. Healthcare fraud is all except which of the following? a. Damage to another party that reasonably relied on misrepresentation b. False representation of fact c. Failure to disclose a material fact d. Unnecessary costs to a program
D
3. The removal of medication from its usual stream of preparation, dispensing, and administration by personnel involved in those steps in order to use or sell the medication in nonhealthcare settings is called: a. Prescribing b. Adverse drug reaction c. Sentinel event d. Diversion
D
30. A notice that suspends the process or destruction of health records is called a: a. Subpoena b. Consent form c. Rule d. Legal hold
D
33. A physician takes the medical records of a group of HIV-positive patients out of the hospital to complete research tasks at home. The physician mistakenly leaves the records in a restaurant, where they are read by a newspaper reporter who publishes an article that identifies the patients. The physician can be sued for: a. Slander b. Willful infliction of mental distress c. Libel d. Invasion of privacy
D
34. Community Hospital has launched a clinical documentation improvement (CDI) initiative. Currently, clinical documentation does not always adequately reflect the severity of illness of the patient or support optimal HIM coding accuracy. Given this situation, which of the following would be the best action to validate that the new program is achieving its goals? a. Hire clinical documentation specialists to review records prior to coding b. Ask coders to query physicians more often c. Provide physicians the opportunity to add addenda to their reports to clarify documentation issues d. Conduct a retrospective review of all query opportunities for the year
D
36. HIPAA requires that data security policies and procedures be maintained for a minimum of: a. 3 years from date of creation b. 5 years from date of creation c. 5 years from date of creation or the date when last in effect, whichever is later d. 6 years from date of creation or the date when last in effect, whichever is later
D
46. A laboratory employee forgot his password to the computer system while trying to record the results for a STAT request. He asked his coworker to log in for him so that he could record the results and said he would then contact technical support to reset his password. What controls should have been in place to minimize this security breach? a. Access controls b. Security incident procedures c. Security management process d. Workforce security awareness training
D
57. Which of the following is the process of establishing an organizational culture that promotes the prevention, detection, and resolution of instances of conduct that do not conform to federal, state, or private payer healthcare program requirements or the healthcare organization's ethical and business policies? a. Corporate integrity b. Meaningful Use c. Benchmarking d. Compliance
D
59. Which of the following would not be a focus area of claims auditing for healthcare services provided in the emergency department? a. Ensuring claims are not submitted more than once b. Procedures are reported at the appropriate level c. Ensuring documentation supports services reported on the claim d. Patients are satisfied with their services
D
64. What is the most constant threat to health information integrity? a. Natural threats b. Environmental threats c. Internal threats d. Human threats
D
7. Which of the following issues compliance program guidance? a. AHIMA b. CMS c. Federal Register d. HHS Office of Inspector General
D
71. Pam is a nursing supervisor in the newborn intensive care unit. During her shift several parents of newborns in the unit are visiting and the neonatologist has also recently been in and has provided orders for several of the newborns. Because of the current workload another nurse in the unit, Jackie, has asked Pam to help her complete the orders. Pam is asked to administer a medication to one of the newborns that Jackie has already retrieved for the patient. Jackie tells Pam that she has double checked the medication both through bar coding and with the order. Before Pam goes to administer the medication, she scans both the medication and the newborn's patient ID band and learns that she has the incorrect medication for this patient. Pam does not administer that medication, but goes back to the order and through the proper steps administers the correct medication. Based on this scenario, which of the following occurred? a. Time-out b. Serious event c. Sentinel event d. Near miss
D
77. If a patient receives a ________ from a healthcare organization it indicated that the patient's protected health information was involved in a data breach. a. Notice of Breach b. Release of Information c. Protected Health Breach Notice d. Receipt of Breach Notice
D
78. A patient requested a copy of a payment made by her insurance company for a surgery she had last month. The business office copied the remittance advice (RA) notice the organization received from the insurance company but failed to delete or remove the PHI for 10 other patients listed on the same RA. This is an example of: a. Double billing b. Stereotyping c. Retrospective review d. Security breach
D
8. In developing a coding compliance program, which of the following would not be ordinarily included as participants in coding compliance education? a. Current coding personnel b. Medical staff c. Newly hired coding personnel d. Nursing staff
D
8. The national patient safety goals score organizations on areas that: a. Affect the financial stability of the organization b. Commonly lead to overpayment c. Affect compliance with state law d. Commonly lead to patient injury
D
8. The role of the HIM professional in medical identity theft protection programs includes all of the following except: a. Ensure safeguards are in place to protect the privacy and security of PHI b. Balance patient privacy protection with disclosing medical identity theft to victims c. Identify resources to assist patients who are victims of medical identity theft d. Send all issues related to medical identity theft to the in-house attorney
D
82. Which plan should be devised to respond to issues arising from the clinical documentation improvement (CDI) compliance and operational audit process? a. CDI response plan b. Quality assurance plan c. CDI plan d. Corrective action plan
D
6. Which of the following is the principal goal of a corporate compliance program? a. Protect providers from sanctions or fines b. Increase revenues c. Improve patient care d. Limit unnecessary changes to the chargemaster
a