Legal and Compliance Final
11.20 T/F a clinical data repository support sophisticated data analytics
F
11.22 T/F a master patient index is used to locate where patients may have records within a health information exchange organization
F
11.25 T/F a portal is the same as a personal health record
F
11.19 T/F computrerized provider order entry systems can be used to order narcotics
T
11.21 T/F an organization's goals that are supported by health IT can be achieved more quickly and completely if monitoring results is performed
T
11.23 T/F medication reconcilliation is very difficult to implement and often one of the last applications within the medication management set of systems
T
11.24 T/F the logical observations identifiers names and codes (LOINC) vocabulary is used to encode laboratory orders and results
T
10.13 threats to data security are most likely to come from which of the following a. employees b. natural disasters c. compramise firewalls d. hackers outside an organization
a
10.2 within the context of data security protecting data privacy means defending or safeguarding ______________ a. access to information b. data availibility c. health record qualoty d. system implementation
a
10.22 training that educates employees on the confidential nature of PHI is known as which of the following? a. awareness b. risk c. incident d. safeguard
a
10.5 adminitrative safeguards include policies and proceedures that address which of the following regarding computer resources a. management b. maintenance c. modification d. manipulation
a
10.7 an employee access PHI on a computer system that does not relate to her job functions. what secuiryt mechanism should have been implemented to minimize the security breach a. access controls b. audit controls c. contingency controls d. security incident controls
a
11.10 ideally, clinical documentation in an EHR should be performed _____________. a. at the point of care b. before the patient is discharged from the hospital c. via speech dictation when the clinician has completed examination of the patient d. within one business day of collection
a
11.16 the systems development lifecycle ______________. a. ensures all components for a system to acheive its values are in place b. identifies one products or services need to be sunset or discontinued c. helps organizations select appropriate software d. relates applications to the technology needed to run them
a
11.4 which of the following is a program that assures there is documented approval for altering an application? a. change control b. configuration management c. system build d. system maintenance
a
11.5 what health information exchange is a sophisticated structure that enables both reciept of data and the ability to query an exchange for data a. CONNECT b. Direct c. Microsoft Vault d. File Transfer Protocol
a
11.7 whats is interoperability a. the ability to share health information with other health IT systems b. a form of health information exchange c. a process that integrates all health information into one database d. a system of technologies that work together to acheieve a common purpose
a
11.9 structured data are which of the following? a. able to be processed by a computer b. images of data on printout c. organized according to classification system d. required for all part of the EHR
a
12.1 Healthcare Information is primarily for which of the following? a. privdier b. data analyst use in measuring quality of care provided c. researcher use in clinical trials d. individual use in personal health records
a
12.10 the clinical data __________ lends itself to data mining as it encompasses multiple sources od data a. warehouse b. repository c. record d. depository
a
12.14 the exchange of email communication between the patient and physician on a question regarding medication is an example of __________ health informatics a. consumer b. clinial c. translational d. medical
a
12.24 which of the following is a benefit of HIE a. enhanced patient care coordination b. advanced level of interoperability c. increased accessibility of billing records d. decreased need for medication refills
a
12.25 a patient portal that allows personal health information to be ploaded for provider access is an example of ____________. a. consumer-medical exchange b. data exchange c. provider-mediated exchange d. query based exchange
a
12.6 which of the following data visualization tool is used when displaying trends? a. graphs b. tables c. pie chart d. text
a
12.7 The ____________ is a management report of process measures. a. dashboard b. scorecard c. benchmark d. quality metric
a
9.14 which of the following statements about a facility directory of patients is true? a. disclosures from the directory need not be included in an accounting of disclosures . b. individuals must provide a written authorization before info can be placed in the directory c. the directory must contain only the patients name and birth date. d. the directory may contain diagnostic info as long as it is kept confidential
a
9.16 who of the following would be considered a member of a hospitals workforce? a. a clerk working in the hospitals registration office b. a lawn care service for the hospital grounds c. an employee of a company that picks up laundry from the hospital every day d. an employee of one of the hospitals business associates who is on the hospital premises occasionally
a
9.18 a covered entity may deny an individual's amendment request for which of the following reasons? a. if the PHI in question is not part of the designated record set b. if the PHI in questions was created by the covered entity and therefore cannot be amended c. if the PHI in question cannot be amended in an electronic health record d. if the PHI in question was created over a year ago
a
9.21 a subpoena should be accompanied by which I'd the following a. patient authorization b. patient consent c. court order d. interrogatory
a
9.22 in court, hearsay is generally a. non-admissable b. a key component of the decision making process c. admissible d. e-discovery
a
9.24 critique this statement:according to HIPAA, workforce members include students a. this is a true statement b. this is a false statement as students are not employees in the organization c. this is a false statement as workforce includes employees only d. this is a false statement as the workforce includes employees and physicians only
a
9.5 the HIPAA privacy rule requires that covered entities limit use, access, and disclosure of PHI to the least amount necessary to accomplish the intended purpose. what concept is this? a. minimum necessary b. notice of privacy practice c. authorization d. consent
a
9.6 which of the following should be included in a covered entitys notice of privacy practices? a. description with one example of disclosures made for treatment purposes b. description of one other purpose for which a covered entity is permitted or required to disclosure PHI without consent or authorization
a
9.8 which of the following statements is true? a. an authorization must contain an expiration date or event b. a consent for use and disclosure of info must be obtained from every patient c. an authorization must be obtained for uses and disclosures for treatment, payment, and operations d. a notice of privacy practices must give ten examples of ause or disclosure for healthcare operations
a
11.2 when an EHR is integrated into the daily routine of a clinicians it is said to be in what stage of existence? a. adoption b. implementation c. meaningful use d. optimization
a. adoption
10.1 data security includes protecting data availibilty, privacy, and ____________ a. suitabiltiy b. integrity c. flexibility d. quality
b
10.10 a dietary department donated its old microcoomputer to a school some old patient data were still on the microcomputer. what controls would have minimized the security breach a. access controls b. device and media controls c. facility access controls d. workstation controls
b
10.12 a visitor walks through the computer department and picks up a CD from an employee's desk. what security controls should have been implemented to prevent this security breach a. device and media controls b. facility access controls c. workstation use controls d. workstation security controls
b
10.15 an employee in the physical therapy department arrives early every morning to snoop through the EHR for portential information about neighbors and friends. what security mechanism should have been implemented that could minimize the security breach a. audit controls b. facility access controls c. faciltiy acces controls d. workstation security
b
10.19 which of the following statements is true regarding HIPAA security? a. all institutions must implement the same security measures b. HIPAA allows flexibility in a way an institution implements the security standards c. All institutions must implement all HIPAA implementation specifications d. a security risk assesment must be performed every year
b
11.11 the source of drug-drug contraindiction information in a computerized provider order entry system is ____________. a. clinical decision support system b. drug knowledge database c. evidence-based medicine d. RxNorm
b
11.13 a standard vocabulary is used to achieve what type of interoperability a. process b. digital dictation system c. view lab result d. technical
b
11.15 in order to locate a patient via a health information exchange organizations, there must be a which of the following a. identity matching b. identity management c. record locator service d. unique patient identitfier
b
12.16 which access tool is used to view a subset of patient's health records after logging in to a secure online website? a. patient gateway b. patient portal c. medical record portal d. provider portal
b
12.21 tracking and comparing over time the number of medical records coded per hour by individual coder to access coder productivity is an example of a __________. a. best practive criterion b. key indicator c. nechmark d. baseline
b
12.22 physicians correct misrecognitions aat the time of dictation when __________ is used a. back end speech recognition technology b. frontend speech recognition technology c. natural processing technology natural language understanding technology
b
12.3 _____________ data analytics is where health information is captured, reviewed, and used to measure the quality of care provided. a. healthcare b. clinical c. financial d. operational
b
12.5 Which of the following may be used to capture the data for storage in a database? a. dashboards b. natural language processing c. data mining d. key indicator
b
9.13 which of the following statements is true of the notice of privacy practices? a. it gives the covered entity permission to use info for treatment purposes. b. it must be provided to every individual at the first time of contact or service with the covered entity c. it must be provided to the individual by the covered entity within 10 days after receipt of treatment or service d. it serves the same purpose as the authorization
b
9.17 when would PHI loses its status? a. if health info is not identified by the persons name b. after an individual has been deceased for more than 50 years c. when it is being used for research d. when it is in the hands of a business associate.
b
9.2 under the HIPAA privacy rule, which of the following is a covered entity category? a. business associate b. healthcare clearinghouse c. physician office d. document disposal company
b
9.20 the breach notification requirement applies to a. all PHI b. unsecured PHI only c. electronic PHI only d. PHI on paper only
b
9.7 which of the following is true of the notice of privacy practices? a. it must be made available at the corporate headquarters b. it must be posted in a prominent place c. its content cannot be changed d. it cannot be posted on the website
b
9.9 in which of the following instances must patient authorization be obtained prior to disclosure? a. to an insurance company for payment b. to the patients attorney c. to public health authorities as required by law d. to another provider for treatment
b
11.3 which of the following is a fundamental change in how medicine is practiced using health IT? a. clinical decision support b. clinical transformation c. EHR optimization d. medical informatics
b. clinical transformation
10.11 HIPAA requires that policies and procedures be maintained for a minimum of _____________ a. 7 years b. 6 years from data of creation c. 6 years from data of creation or date when last in effect whichever is later d. 7 years from last in effect
c
10.14 these are automatic checks that help preserve data confidentiality and integrity a. access controls b. audit controls c. application controls d. insident controls
c
10.17 locks on computer room doors illustrate a type of _________. A. access control b. workstation control c. Physical control d. security breach
c
10.18 An admission coordinator consistently enters the wrong patient gender while entering data in the MPI. What security measures should have been in place to minimize this threat? a. access controls b. audit controls c. edit checks d. password controls
c
10.20 for HIPAA implementation specifications that are addressable, the covered entity___________. a. implements the specification b. may choose not to implement the specification if it is too costly to execute c. must conduct a risk assessment to determine if the specification is appropriate to its environment d. does not have to implement the specification if it is a small hospital
c
10.24 policies are which type of safeguards? a. technical b. application c. administrative d. network
c
10.25 a hospital is looking to use something to act as a buffer between two networks. what should be recommended? a. application controls b. cryptography c. firewall d. digital certificate
c
10.4 the first and most fundamental strategy for minimizing security threats is which of the following a. establish access controls b. implement an employee security awareness program c. establish a secure prganization d. conduct a risk analysis
c
10.8 a visitor to the hospital looks at the screen of the admitting clerks computer workstation when she leaves her desk to copy some admitting documents. what security mechanism would best have minimize the security breach a. access controls b. audit controls c. automatic log off controls d. device and media controls
c
11.14 a way to send secure messaged over the internet is which of the following a. cloud computing b. digital imaging and communications network c. virtual private network d. web services architecture
c
11.6 infusion pumps and robotics are examples of which of the following a. EHR systems b. Medical devices c. Smart peripherals d. specialty clinical applications
c
11.8 revenue cycle management is accomplished through use of which of the following systems? a. eligibility verification system b. form creation system c. patient financial service system d. registration-admission, discharge, transfer systems
c
12.11 which deicision support systems could deliver a reminder to a physician that it is time for the patient's flu shot? a. document driven b. execuative c. clinical d. management
c
12.13 a _________ generated scorecard could be used by a manageger to monitor readmission rates in order to track trends and identify opportunities for improvement a. provider decision support system b. clinical deicsion support system c. deicsion support system d. resource allocation support system
c
12.15 according to FDA guidance, a mobile app running on a smart phone to analyze and interpret EKG waveforms to detect heart function irregularities is a _________. a. durable medical equipment b. patient portal c. medical device d. medical product
c
12.19 "why did it happen?" is answered by __________ analytics a. prescriptive b. desctiptive c. diagnositc d. predictive
c
12.2 To arrive at information, ___________ are required. a. EHRs b. Statistics c. Data d. PHRs
c
12.20 free text describing a patient's chief complaint is an example of ________. a. structured data b. discrestionary data c. unstructured data d. discrete data
c
12.23 _____________ is a barrier to health information exchange users a. HIPAA b. HITECH c. State law d. CDC
c
12.4 what is the first stage of tranforming raw data into meaningful analytics? a. data normalization b. data analysis c. data capture d. data provisioning
c
12.8 Which of the following is where a nurse enters data using a tablet computer when conducting a patient assessment while at the bedside? a. Human-computer charting b. free form charting c. point of care charting d. strctured charting
c
9.10 which of the following is true about a facilitys patient directory? a. a written authorization from the patient is required before any info the patient is placed in a facility directory b. only the patients name may placed in a facility directory c. the covered entity must inform the individual of the info to be included in the facility directory d. because this is considered a normal hospital operation, an individual may prohibit his or her inclusion in the directory
c
9.11 which of the following statements about a business associate agreement is true? a. it allowas the business associate to use or disclosure PHI for any purpose. b. it allows the business associate to maintain PHI indefinitely after termination of the contract. c. it allows the business associate to use or disclose PHI in limited ways. d. it requires the business associate to make available records relating to PHI use and disclosure to the HHS
c
9.12 how many days does a covered entity have to respond to an individuals request for access to his or her PHI when the PHI is stored off-site? a. 10 days beyond the orignal requirement b. 30 days c. 60 days d. 90 days
c
9.23 the American recover and reinvestment act expanded the definition of business associates to include which of the following a. co sultants b. billing companies c. patient safety organizations d. transcription companies
c
9.4 under the usual circumstances a covered entity must act on a patients request to review or copy his or her health info within what time frame a. 10 days b. 20 days c. 30 days d.60 days
c
11.1 A Radiology Information System is which of the following? a. Core clinical component b. hospital information system c. source system d. supporting infastructure
c. source system
10.16 An employee observes an outside individual putting some computer disks in her purse. The employee does not report this security breach. What security measures should have been in place to minimize this threat? A.Access controls b. audit controls c. authentication controls d. security incident procedures
d
10.21 a user recently opened a file that they thought would help them with their job but it copied files to unsecure areas of the computer. what type of malware was activated? a.rootkit b. computer virus c. computer work d. trojan horse
d
10.23 something you have is demonstrated by: a. CAPTCHA b. retinal scan c. password d. token
d
10.3 the greatest threat category to EHI is which of the following a. natural disasters b. power surges c. hardware malfunctions d. humans
d
10.6 the individual responsible for ensuring that everyone follows organizations data security policies and proceedures is which of the following a. chief execuative officer b. cheif information officer c. chief privacy officer d. chief secuirty officer
d
10.9 a laboratory employee forgot his user ID badge at home and uses another lab employee's badge to access the computer system. what controls should have been in place to minimize the security breach a. access controls b. security incident procedures c. security management process d. workforce securoty awareness training
d
11.12 which of the following is an example of clinical decision support? a. authenticate a document b. disgital dictation system c. view lab results d. workgroup tool
d
11.17 a form of clinical decision support that guides a user in appropriate documentation is which of the following a. digital dictation b. point of care documentation c. reminder system d. template
d
11.18 what is the combination of quality and cost of healthcare a. care process b. risk c. system d. value
d
12.12 the ____________ would be used to help find actionable insights to drive enterprise performance a. knowledge driven system b. group decision support system c. business information system d. execuative information system
d
12.17 which of the following is a type of electronic personal health record that allows access through a portal? a. merged b. standalone c. secure d. tethered
d
12.18 connecting the PHR to the patient's legal health record protects it under the HIPAA ________. a. confidentiality rule b. ONC rule c. security rule d. privacy rule
d
12.26 a __________ would be used to define synax conventions a. terminology standard b. transport standard c. services standard d. content and structure standard
d
9.15 in which of the following situations can PHI be disclosed without authorization, as long as there was an opportunity for the individual to agree or object? a. disclosures for public health purposes b. disclosures to health oversight agencies c. disclosures regarding decedents d. facility directory disclosures
d
9.19 which of the following is a public interest and benefit exception to the authorization requirement a. treatment, payment, and operations b. facility directory c. notification of relatives and friends d. judicial and administrative proceedings
d
9.25 the designated record set include which of the following a. strategic plan b. policies and procedures c. audits d. billing records
d
9.3 Under the HIPAA privacy rule, an impermissible use or disclosure should be presumed to be a breach unless the covered entity or business associate demonstrates that the probability the PHI has beem compromised is___________. a. high b. moderate c. low d. non-existent
d