17, 13, 15, 16
Common data reported to the medical examiner in cases of reportable deaths typically includes all but which data element? Question options: Ethnicity Marital status Number of children Age
Number of children
Responsibility for completing a fetal death certificate is determined by __________. Question options: Health department Federal law State law Physician policy
State law
When determining which immunizations must be reported, which of the following would you refer to first? Question options: Providers AMA pediatric section State reporting requirements HIPAA Privacy Rule
State reporting requirements
When staff are instructed to create passwords, it should be recommended that they use __________. Question options: Common dates A combination of letters and numbers A word found in the dictionary The name of a pet
A combination of letters and numbers
The following reporting exceptions to the doctrine of preemption are allowable except for which of the following? Question options: Injury Disease Marketing Child abuse
Marketing
When a state requirement exists that compels a healthcare facility to report patient information and there is an absence of specific data elements required for reporting, what should be disclosed? Question options: Demographic information Diagnostic information Protected health information Minimum necessary information
Minimum necessary information
Except as provided by law, who controls access to a patient's health information by third parties such as insurance companies? Question options: a. Patient b. Patient's legal representative c. Physician d. a and b only e. a and c only
d. a and b only
A mental health professional cannot be compelled to testify or disclose protected health information without the patient authorization in a judicial situation except in what situation? Question options: a. Health professional performs an examination under court order b. Patient brings up the issue of mental or emotional condition c. Protect patient from harming self or others d. a and c e. All of the above
e. All of the above
Which of the following is not an example of a red flag for a healthcare provider? Question options: A bill for a product that a patient denies receiving A question from a patient about a collection notice A question from a patient about scheduled surgery A patient's receipt of a bill for another individual.
A question from a patient about scheduled surgery
Which of the following is a potential consequence to the medical identity theft victim? Question options: Intermingling of the victim's and perpetrator's medical information Insurance denials Debt collection attempts All of the above
All of the above
A young child is killed by a hit-and-run driver. The case is reported to the medical examiner for all of the following reasons except __________. Question options: Age of the child Suspicious death Unexpected death Violence that caused death
Age of the child
What governmental agency offers programs and services aimed at quality improvement programs? Leapfrog Group Agency for Healthcare Research and Quality Commonwealth Fund National Committee for Quality Assurance
Agency for Healthcare Research and Quality
Based on the "Red Flags Rule," entities are considered creditors if they __________. Question options: Use consumer reports in connection with credit transactions Furnish information to consumer reporting agencies Extend credit All of the above
All of the above
Which of the following is a reason for not using e-mail to communicate sensitive patient information? Question options: It may be intercepted The identify of the recipient may be unclear It may consist of large amounts of data All of the above
All of the above
Which of the following types of abuse and neglect of the elderly is required to be reported? Question options: Sexual Physical Emotional All options are correct
All options are correct
The most common place to find a firewall is between __________. Question options: A PC and the internet The internal network and the intranet An organization's internal network and the internet The remote server and the PC
An organization's internal network and the internet
Which of the following is not a mechanism to control access to PHI? Question options: User-based access Role-based access Context-based access Anti-virus software
Anti-virus software
Which of the following would be the best tool to determine whether or not access to ePHI was appropriate? Question options: Automatic log-off Audit trail Access termination Access control
Audit trail
Which of the following is not a form of transmission security? Question options: Audit trails Encryption Routers Firewalls
Audit trails
One outcome of a successful quality improvement program would be __________. Peer review protection Avoidance of malpractice litigation Immunity from liability Pay increases for staff nurses
Avoidance of malpractice litigation
When the HIM professional is considering the major departmental functions to include in a disaster plan for emergency operations, which of the following would be the least important? Question options: Billing Chart tracking Transcription of dictation Master patient index
Billing
A staff person at Thompson Laboratories received a request from Mrs. Blake to receive a copy of her lab results. What legislation enables the laboratory to release Mrs. Blake's lab results directly to her? Question options: GINA CLIA FACTA UHCDA
CLIA
Elaine has moved to a new state to assume the role as director of HIM in a large community hospital. In her previous position, reporting of trauma injuries was required by state law. However, in her new position, it is apparent that the hospital is not reporting traumatic injuries. Which of the following is the most appropriate action for Elaine to take? Question options: Check state law to determine if reporting of trauma injuries is required Begin reporting trauma injuries Inform the hospital administrator and start reporting trauma injuries Refer to HIPAA about reporting of trauma injuries
Check state law to determine if reporting of trauma injuries is required
Data are sent in encrypted form from one computer to another. Which of the following terms describes the data after the encryption algorithm has been applied to it? Question options: Device control Ciphertext Public key cryptography Access control
Ciphertext
Which of the following is not a mechanism to detect external medical identity theft? Question options: Take a photograph of the patient at the time of registration Request a driver's license to verify identity Compare current patient signature with that from a previous encounter Conduct a background check on prospective employees
Conduct a background check on prospective employees
Most state laws deem adoption records to be confidential and allow their release only under what circumstance? Question options: Subpoena Authorization of adoptive parent(s) Authorization of adoptee Court order
Court order
Reporting of births by state law is allowable for which of the following reasons? Question options: Data are necessary to identify trends. Babies are cute and people want to know about them. Data are necessary to provide to diaper manufacturers. Data are necessary to determine where to build daycare centers.
Data are necessary to identify trends.
Which of the following are required components of a HIPAA-compliant disaster plan? Question options: Data back-up and data recovery Data back-up and emergency mode of operations Data back-up, data recovery, and emergency mode of operations Data back-up, data recovery, emergency mode of operations, and user IDs
Data back-up, data recovery, and emergency mode of operations
What statement best addresses disclosure of information about abortions? Question options: Disclosed at the direction of the physician Deferred to the chief of staff for determination Disclosed based on required reporting statutes Should never be disclosed
Disclosed based on required reporting statutes
The best mechanism to protect patient information during transit is __________. Question options: Biometrics Encryption E-mail Two-factor authentication
Encryption
The HIPAA Privacy Rule states that required reporting is __________ from the HIPAA Privacy Rule. Question options: Mandated Exempt Regulated Preempted
Exempt
Who owns the health record of a patient treated in a healthcare facility? Question options: Physician Patient Patient's family Facility
Facility
Which of the following is most likely to result in a security breach? Question options: Calling patient names in the waiting room Failing to deactivate user access at termination Transporting records to a satellite clinic Leaving voice mail patient appointment reminders
Failing to deactivate user access at termination
Report for a fetal death would be reported on which required form? Question options: Birth certificate Death certificate Fetal birth certificate Fetal death certificate
Fetal death certificate
The Safe Medical Devices Act requires the reporting of medical device injuries to which agency? Question options: Centers for Medicare and Medicaid Services Federal Communication Commission Food and Drug Administration World Health Organization
Food and Drug Administration
An underwriter at the Thompson Insurance Agency received health information on Mrs. Blake, who is applying for health and life insurance through the agency. Upon review of Mrs. Blake's health information, the underwriter finds documentation that indicates Mrs. Blake has the gene that is known to increase a woman's chance of developing breast cancer. Based on this finding, the underwriter denies Mrs. Blake's request for insurance. What federal law is this underwriter breaking as a result of his decision? Question options: FACTA GINA CLIA HIPAA
GINA
When Greg was released from Metro Hospital substance abuse inpatient facility, he authorized his records to be released to General Hospital, where he had his knee replaced. Greg's physical therapist has requested copies of his health record from the hospital. General Hospital releases Greg's information from Metro Hospital, along with its own information to the physical therapy service. Select the statement that best addresses this situation. Question options: Redisclosure of substance abuse health information is always permitted under HIPAA regulations General Hospital has violated redisclosure regulations by releasing the records from Metro Hospital to Physical Therapy Services Release of the information was appropriate since it follows the alcohol and drug abuse patient records regulations on disclosure of health information Redisclosure of Metro's information on Greg has occurred, but is okay since Greg signed an authorization to release his records to General Hospital
General Hospital has violated redisclosure regulations by releasing the records from Metro Hospital to Physical Therapy Services
What federal legislation enables Tom to a request that his health information be restricted and not disclosed to a health plan for payment or operations because he paid for the service completely out of his pocket? Question options: HIPAA FOIA Medicare HITECH
HITECH
What term best describes an organization that has been formed to create an electronic framework that connects hospitals, physicians, pharmacies, and other healthcare entities for the purpose of sharing patient information? Question options: Health record organization Health information exchange Health regional organization Health status organization
Health information exchange
To which of the following does GINA apply? Question options: Long-term care insurers Health insurers Life insurers Disability insurers
Health insurers
Healthcare organizations should implement medical identity theft prevention programs because they are __________. Question options: Helpful to protect patient information Trendy to implement Required by state law Required by the HIPAA Security Rule
Helpful to protect patient information
Mr. Thompson was working on his room and fell off, sustaining a severe head injury that has left him in a coma. Before he fell from the ladder, he and his wife were in the process of getting a divorce. However, the divorce was not final. Which statement best describes the circumstance regarding who may authorize access to Mr. Thompson's records? Question options: His wife may authorize access because she is next of kin and they are still married Mr. Jones eldest son can authorize the access His wife cannot authorize access because they were getting a divorce Legal counsel must be sought to represent Mr. Thompson
His wife may authorize access because she is next of kin and they are still married
What is the data collection tool used by risk managers to gather facts about a potentially adverse event? Incident report Legal health record Medication administration record Credentials file
Incident report
What tool is used by a risk manager for capturing data about an adverse event? Nursing notes Medication administration record Incident report Progress notes
Incident report
Several weeks after the discharge of a patient, the attending physician comes to the HIM director and requests access to enter a progress note in the record. The HIM director denies the request since the record is closed. She then reviews the record and notices documentation of the family expressing concerns about the care and interaction with the doctors and nursing staff. Which of the following should the HIM director do? Inform the Risk Manager about the physician's request Remove the documentation regarding the family's concern Ignore it because the patient is discharged Contact the patient about the note in the record
Inform the Risk Manager about the physician's request
Which of the following is a public interest and benefit exception to the HIPAA authorization requirement? Question options: Information on payment Information on birth control Information on workers' compensation Information on domestic violence
Information on domestic violence
Katie is 13 years old and lives with her mom, who has custody of Katie, since her parents are divorced. Katie has recently been in the hospital, and her mother is now seeking a copy of Katie's health record. Who must sign the authorization form that will enable Katie's mother to access Katie's record? Question options: Katie Katie's mother, because she has custody of Katie Katie may appoint a personal representative to sign for her Both of Katie's parents must sign
Katie's mother, because she has custody of Katie
Which of the following communicable diseases is typically not required to be reported?
Lice
Which of the following statements is true regarding the doctrine of concept of charitable immunity? Is supported by state legislature Protects hospitals from law suits Gained use as a defense because of the Darling case Lost significance as a defense as a result of the Darling case
Lost significance as a defense as a result of the Darling case
Marty Jones has been out of work for three months and has recently applied for a position at a local factory. As part of the employment process, the employer has asked Mr. Jones to complete a pre-employment physical that includes genetic testing for any diseases that might interfere with Mr. Jones' ability to run an expensive piece of factory equipment. Of the options below, what is the best option? Question options: Mr. Jones informs the employer that CLIA regulations prohibit employers from requiring genetic information as part of the employment process Mr. Jones complies with the request Mr. Jones informs the employer that GINA regulations prohibit employers from requiring genetic information as part of the employment process Mr. Jones reluctantly complies with the request because he needs a job
Mr. Jones informs the employer that GINA regulations prohibit employers from requiring genetic information as part of the employment process
Which of the following pieces of information is not typically mandated by state law child abuse reporting requirements? Question options: Name of parents Name of child Name of siblings Age of child
Name of siblings
When a patient is an organ donor whose death is imminent, notifying the family members that the organ procurement organization will be contacted is __________. Question options: Required Not required Recommended Not recommended
Not required
Which government office has the responsibility for enforcing the confidentiality provisions of the Patient Safety Rule as it relates to PSO? Office of Civil Rights Health and Human Services Centers for Medicare and Medicaid Services Occupational Safety and Health Administration
Office of Civil Rights
A competent adult female has a diagnosis of ovarian cancer and while on the operating table suffers a stroke and is in a coma. Her son would like to access her health records from a clinic she recently visited for pain in her right arm. The patient is recently divorced and lives with her two grown children. According to the Uniform Health-Care Decision Act (UHCDA), who is the logical person to request and sign an authorization to access the woman's health records from the clinic? Question options: Adult child making the request Patient Spouse Oldest adult child
Oldest adult child
Which of the following facilities must report information about implantable cardiac defibrillators? Question options: Assisted living facilities All nursing homes Only hospitals seeking reimbursement All rehabilitation hospitals with cardiac services
Only hospitals seeking reimbursement
What legislation encouraged clinicians and hospitals to voluntarily report their confidential quality and patient safety data on events that adversely affect patients? Healthcare Research and Quality Act HITECH Patient Safety and Quality Improvement Act ACA
Patient Safety and Quality Improvement Act
Which of the following is an example of an adverse patient outcome? Sister of patient given discharge instructions. Patient receives wrong medications in IV. Husband picking up medicine at pharmacy for wife. Parent getting a copy of immunization records of child.
Patient receives wrong medications in IV.
Which of the following information is not included about a physician in the National Practitioner Data Bank? Question options: Personal bankruptcy Malpractice lawsuits Credentialing information from other facilities Disciplinary actions
Personal bankruptcy
A wife who is legally authorized to make healthcare decisions and act on behalf of her husband, who is a patient, is acting in what capacity? Question options: Next of Kin Friend Personal representative Representative
Personal representative
What term refers to the systematic means of determining potential losses in a risk management process? Risk financing Risk evaluation Risk identification Risk analysis
Risk identification
Which of the following is not a purpose of a risk management program? Prediction of an unfavorable deviation from expectations Evaluation of an unfavorable deviation from expectations Identification of an unfavorable deviation from expectations Elimination of unfavorable deviation from expectations
Prediction of an unfavorable deviation from expectations
What protects confidential communication from disclosure between a doctor and patient related to diagnosis and treatment during civil and some criminal misdemeanor litigation? Question options: Communication rules of court Duty of responsibility Contract Privilege statutes
Privilege statutes
Trauma registry data is used for all of the following purposes except __________. Question options: Performance improvement Public safety law Research Prosecution of drunk drivers
Prosecution of drunk drivers
The HIPAA Security Rule requires which of the following to achieve compliance? Question options: Hiring security consultants Protecting ePHI Eliminating security threats Hiring a full-time security officer
Protecting ePHI
Middleburg Hospital recently purchased new protective safety needles for use with routine intramuscular injections. However, the number of needle sticks has increased 20 percent since the purchase of the needles. What should the risk manager do? Provide re-training on the use of the needles Instruct the nurses to not complete incident reports Complete disciplinary reports for the nurses Ignore the findings and do nothing
Provide re-training on the use of the needles
The release of information manager at Hope Hospital has received a request to obtain copies of an individual's recent hospitalization for spousal abuse. Upon reviewing the request, the manager notices that the signature on the request does not look like the patient's signature on the informed consent in the patient's medical record. What would be the best course of action? Question options: Refer the request to the hospital's medical identify theft committee to ascertain if this is indeed the patient requesting the information Wait until the person comes in to pick up the material and ask the person to sign their name again for comparison purposes; if it looks the same, give them the record Ignore the request since you are pretty sure it is not legitimate Copy the requested information and have it ready for pick up by the individual requesting the information
Refer the request to the hospital's medical identify theft committee to ascertain if this is indeed the patient requesting the information
Which of the following health information handlers are required to provide authorization for access and disclosure of PHI? Question options: Recovery Audit Contractor Zone Program Integrity Contractor Release of Information Contractor Medicare Administrative Contractor
Release of Information Contractor
Telephone callback procedures are used primarily for __________. Question options: Remote employees Contract employees Temporary employees Employees who have been placed on probation
Remote employees
The role of the National Practitioner Data Bank in quality improvement can best be described as which of the following? Reporting providers with adverse actions Advising providers with adverse actions Researching providers with adverse actions Prosecuting providers with adverse actions
Reporting providers with adverse actions
Quality Improvement Organizations (QIOs) are responsible for all of the following except __________. Requiring every facility to use the same software for data collection Improving quality of care for Medicare Beneficiaries Ensuring that services paid for are medically necessary Protecting beneficiaries by addressing complaints
Requiring every facility to use the same software for data collection
Which of the following entity authentication processes would be the most difficult to breach? Question options: Retinal scan Password and token Token Password
Retinal scan
In a risk management program, what process involves identifying which risks should be proactively addressed, and which risks are low priority? Risk treatment Risk analysis Risk evaluation Risk exposure
Risk analysis
In a risk management process, what technique is aimed at preventing or reducing the chances and effects of a loss occurrence? Risk analysis Risk control Risk identification Risk exposure
Risk control
The role of the risk manager is best described by which of the following statements? Risk managers try to settle malpractice suits Risk managers try to find fault after an occurrence Risk managers try to identify exposure before occurrences Risk managers try to assign blame for an occurrence
Risk managers try to identify exposure before occurrences
Uniform access to patient information for all nursing staff best describes __________. Question options: Data warehouse Group-based access Passwords Role-based access
Role-based access
The most common place to find intrusion detection software would be on the network __________. Question options: Cell phones Fax machines Back-up servers Routers
Routers
Crossing the Quality Chasm: A new Health System for the 21st Century identified the need for healthcare to be __________. Safe, timely, organized, measured Safe, patient-centered, efficient, effective, equitable, timely Safe, utilized effectively, measured, patient-centered Safe, efficient, secure, protected, patient-centered
Safe, patient-centered, efficient, effective, equitable, timely
Which statement best describes the right of a mother about the reporting of her child's birth? Question options: She may object to the reporting of the birth. She may limit the amount of information that is reported. She may request an account of the disclosure about the birth. She may request a restriction to the amount of information that is reported.
She may request an account of the disclosure about the birth.
A sentinel event in a Joint Commission accredited facility is __________. A standard that measures the final outcome of care Signals the need for immediate investigation and response by the organization An important situation that must be carefully documented in the progress note Usually related to the structure of care and must be reported to The Joint Commission
Signals the need for immediate investigation and response by the organization
Health care facilities are required to report vital statistics to which of the following authority? Question options: Centers for Disease Control and Prevention National Center for Vital Statistics World Health Organization State department of health
State department of health
Examples of reportable deaths include which of the following? Question options: Sudden, expected, violent, suspicious Sudden, unexpected, violent, suspicious Sudden, expected, non-violent, suspicious Sudden, unexpected, non-violent, suspicious
Sudden, unexpected, violent, suspicious
What is the term used when public health departments engage in the systematic gathering analysis of health data which may include PHI to detect a bioterrorism threat or an outbreak of Ebola? Question options: Data surveillance Quality indicators Syndromic surveillance Disease surveillance
Syndromic surveillance
What is the not-for-profit, nongovernmental entity that offers voluntary accreditation programs for all types of health care organizations? Quality Improvement Organization The Joint Commission Centers for Medicare and Medicaid Services National Committee for Quality Assurance
The Joint Commission
Ownership of a secondary data source such as a hospital trauma registry belongs to __________. Question options: The entity that created it No one owns it The doctors who treated the patients The patients whose data makes up the registry
The entity that created it
Risk management and quality improvement programs are related because of which of the following reasons? They are usually located in the HIM department They share similar underlying processes They emphasize the reduction of liability They lessen the chances of financial loss
They share similar underlying processes
Which of the following is a good policy for faxing PHI? Question options: Place fax machines in open areas so they are easier for staff to access Never fax PHI Use a cover sheet with a confidentiality statement Fax only sensitive information
Use a cover sheet with a confidentiality statement
Which of the following is the public or known portion of most user log-ins? Question options: User ID Token Firewall Password
User ID
During the flu season, a nursing home reports the cases of known flu in the nursing home population. The local health department calls and wants more information on the recent hospitalizations of these flu patients. How should the request be handled? Question options: Verify the authenticity of the request and provide information Inform the sheriff of suspicion of medical identity theft Call the nursing home attorney for advice Obtain an authorization from each of the patients and provide the information
Verify the authenticity of the request and provide information
Under which of the following conditions is Mr. Smith's authorization required for the use and disclosure of his health information? Question options: When the federal government suspects the patient is involved in terrorism activity When information is requested by the RAC for audit purposes When information on the patient's venereal disease is given to the health department When Mr. Smith's attorney is requesting the information
When Mr. Smith's attorney is requesting the information
Which computer virus stores and replicates itself? Question options: Hacker Macro virus Trojan horse Worm
Worm
Over a 24-hour time period a large number of individuals have arrived in the emergency department of a local hospital complaining of severe abdominal pain, vomiting, and diarrhea that they have all seemed to pick up at a local restaurant in town. The hospital has provided the public health department with the PHI of all patients treated for the illness. Did the hospital have the right to disclose this information? Question options: No, under no circumstances can the hospital release PHI without patient authorization. Yes, the hospital may disclose PHI to a public health department if state law does not specifically require it if the disclosure is for controlling the spread of disease. No, the hospital needed to verbally ask the patient if it was ok to release the PHI. None of the options are correct.
Yes, the hospital may disclose PHI to a public health department if state law does not specifically require it if the disclosure is for controlling the spread of disease.
Zach is 14 years old and consented to completing a three-month drug rehabilitation program. When he completes the program, who has the right to authorize the release of his health information to another party? Question options: Zach Zach's doctor Zach's parents Zach's drug rehab counselor
Zach
Mia is a 16 year old pregnant female who plans on having an abortion. Mia has the right to choose who her health information may be released to. What other health care situations exist that give Mia the right to authorize release of her healthcare information? Question options: a. Mental health b. Substance abuse c. Venereal diseases d. a and b e. a and c f. a, b, and c
a, b, and c
a. May be a public or private data organization b. Collect, analyze and aggregate patient safety data c. Serve local, regional and national adverse event data collection needs d. Created and monitored by AHRQ e. a and b f. a, c and d g. a, b, c and d
a, b, c and d
Under federal drug and alcohol abuse regulations, what situation enables the disclosure of patient information without patient written authorization? Question options: a. Audits b. Insurance claims c. Program evaluation d. Scientific research e. a, b and c f. a, b, and d g. a, c, and d
a, c, and d
Why would an enterprise risk management approach be important to an integrated hospital system? a. Because risks are not isolated and risks in one area can easily and often impact other departments and the organization overall b. Because it looks at the probability that adverse events will occur and what the liability might be. c. Because it focuses on identifying and eliminating the financial impact and volatility of a portfolio of risks rather than on risk avoidance alone. a and c are correct all of the options are correct
all of the options are correct
Jack is a paramedic and recently assisted at a car accident where several individuals were hurt and had to be taken to the hospital for treatment. One victim had extensive injuries and there was a great deal of blood that Jack was exposed to as a result of assisting with this patient. As a result, Jack has requested the results of an HIV blood test on the victim that he cared for. Which statement(s) below is (are) most likely correct in terms of Jack's request? Question options: a. Jack has the right to access the victim's information as a result of HIPAA b. Jack may have the right to access the results based on state law permitting emergency personnel exposed to blood access to HIV test results of the person they assisted c. Jack cannot access this information without the authorization of the patient regardless of HIV concerns e. a and b f. None of the above options
b. Jack may have the right to access the results based on state law permitting emergency personnel exposed to blood access to HIV test results of the person they assisted
Which of the following statements are true? a. All risks can be predicted b. Most risks have a catastrophic impact c. Some risks may have a low probability of occurrence but a catastrophic impact d. Data from quality improvement activity may help in reducing and preventing risk e. a and b f. b and c g. c and d h. b and d
c and d
If a healthcare facility sustains physical damage caused by a tornado, the disaster recovery mechanism which provides the greatest protection of the data is __________. Question options: anti-virus automatic software updates off-site data storage password management automatic log-off
off-site data storage
Any data, reports, records or written or oral material developed by a provider or a PSO for patient safety purposes is protected from discovery if it is identified as a __________. incident report adverse event report patient safety patient record patient safety work product
patient safety work product
