EHR Chapter 7
Accounting of disclosures
Need authorized request, goes back a minimum of six years
Who usually sets up the basic security measures, or access, in a practice management or EHR program? Multiple choice question. Chief Financial Officer Office manager Chief Technology Officer Nurse
Office manager
Password
Unique code that is used to gain access to computer applications
What does AHIMA stand for?
American Health Information Management Association
What does ARRA stand for? American Recovery and Reinvestment Act American Recovery and Reenactment Act American Recovery and Removal Act American Release and Records Act
American Recovery and Reinvestment Act
Who does the Notice of Privacy Practices direct the patient to contact if they have a complaint with about their PHI? Department of Health and Human Services Department of AHIMA Department of the OIG Medicare
Department of Health and Human Services
User identification
Each user has one to log in and it often consists of person's first initial and last name
Select all that apply Which of the following apply to health information exchange? Multiple select question. There are no regulations addressing networking security. It is a Meaningful Use requirement. Care providers can access information from other providers immediately. Shared information is done through a secure environment. Information can only be shared between physicians and patients.
It is a Meaningful Use requirement. Care providers can access information from other providers immediately. Shared information is done through a secure environment.
Malware
Viruses and Trojan horses that attack computer programs
Notice of Privacy Practices
Written document that makes patients aware of their rights under HIPAA
Select all that apply Which of the following are examples of social media? Multiple select question. YouTube Twitter Texting Email Facebook
YouTube Twitter Facebook
Those choosing the EHR system should always keep which of the following in mind? Multiple select question. Facility needs Target date or timeline for implementation Office needs Patient contributions for payment Staff and training needs Types of insurance accepted by practice
Facility needs Office needs Staff and training needs Target date or timeline for implementation
_______ should be used to deter access to computer systems by unauthorized individuals. Decryption Malware Firewalls Trojan horses
Firewalls
Auditing
Ability to run reports by user or by patient that specify the menu, module, or function accessed
Covered entity
Any healthcare entity that captures or utilizes health information
You need a release of information signed if that information is being sent to which of the following? Multiple choice question. Insurance company Attorneys Employer for worker's compensation claim Public health agency
Attorneys
When the Omnibus Final Rule to the HITECH Act went into effect, which of the following notification standards were enhanced? Breach Fraud Abuse Nondisclosure
Breach
What two agencies have established standards that EHRs must use to qualify for incentive programs for an upgrade or purchasing a new one? Multiple choice question. CMS and ONC OSHA and CMS HL7 and ONC CMS and The Joint Commission
CMS and ONC
Which of the following should be included in a social media policy? Multiple select question. Comments should not violate the privacy of patients or their families. Comments should not be offensive. Comments should be on topic. Comments can include specific details about patients. Comments can be inflammatory as long as an alias is used.
Comments should not violate the privacy of patients or their families. Comments should not be offensive. Comments should be on topic.
Select all that apply At a minimum, written compliance policies should cover which of the following? Multiple select question. Computer access Coding and billing Housekeeping schedule Daily operations Claim payments Security breaches
Computer access Coding and billing Daily operations Security breaches
Which of the following are examples of hardware? Multiple select question. Computer monitor Webcam Mouse Keyboard Computer virus Computer program
Computer monitor Webcam Mouse Keyboard
Select all that apply The Omnibus Final Rule to the HITECH Act made which of the following types of changes? Multiple select question. Enhancements to protect patient privacy Denial of patients' requests for electronic health records when asked for them Elimination of sharing of information between multiple providers caring for one patient Strengthening the government's power to enforce the law Additions to individual patient rights
Enhancements to protect patient privacy Strengthening the government's power to enforce the law Additions to individual patient rights
Healthcare facilities are required to report breaches as part of which regulatory act? Multiple choice question. HIPAA HITECH ACA OSHA
HITECH
Which of the following makes it possible for healthcare providers to better manage patient care through secure use and sharing of health information? OSHA The ONC The OIG Health IT
Health IT
Select all that apply Of the following, who should be involved in choosing and implementing an EHR within a particular medical practice? Multiple select question. Health information staff Pharmacy staff Clinical staff Coding and billing staff Front office staff Patients
Health information staff Clinical staff Coding and billing staff Front office staff
Where should you use portable devices? In a room with the door shut In the cafeteria In the lobby of the office In a busy area
In a room with the door shut
User rights
Limitations of one's access to the functionality of software as defined by job description
What did HITECH offer from the ARRA? Multiple choice question. Made the rules for billing and coding more stringent Made the rules for security and privacy of electronic systems more stringent Made the rules for healthcare reimbursement more stringent Made the rules for security of paper systems more stringent
Made the rules for security and privacy of electronic systems more stringent
Data integrity
Maintaining the accuracy and consistency of data
What comes in the form of worms, viruses, and Trojan horses, all of which attack computer programs? CD virus Malware Computer virus Phishing
Malware
Communicating with other healthcare providers is one of the requirements of _________. Multiple choice question. OSHA Meaningful Use HIPAA compliance plans
Meaningful Use
Password protection
Must be assigned to all users and meet certain criteria to access software applications
What does ONC stand for? Multiple choice question. Office of National Compliance for Health Information Technology Office of the National Coordinator for Health Information Technology Office of the Natural Coordination for Health Information Technology Office of the National Coding Coordinator for Health Insurance Technology
Office of the National Coordinator for Health Information Technology
Confidentiality
Patient's right to expect that his or her health information will not be released without written authorization
You have been asked to provide continuity of care for Mr. Johnson who was seen by Dr. Ingram and is going to see Dr. Jorgenson. What do you need to do to provide continuity of care? Release information about Dr. Ingram to Dr. Jorgenson Release information about Mr. Johnson to Dr. Ingram Release information about Dr. Jorgenson to Mr. Johnson Release information about Mr. Johnson to Dr. Jorgenson
Release information about Mr. Johnson to Dr. Jorgenson
Breach of confidentiality
Releasing information without a required, properly executed authorization
Hardware
Tangible items that are used in automation
Privacy
The right to expect that one's personal space is respected while undergoing healthcare
To ensure data integrity, the healthcare facility must have strict policies regarding which of the following? Multiple select question. Timeliness of data Who may access the data Reimbursement policies Definition of a complete record
Timeliness of data Who may access the data Definition of a complete record
Select all that apply Which of the following explain the purposes of a compliance plan? Multiple select question. To ensure the organization is following the guidelines of Medicare and ARRA To ensure regulations are followed To ensure proper billing methods are done To ensure the organization is paid
To ensure the organization is following the guidelines of Medicare and ARRA To ensure regulations are followed To ensure proper billing methods are done
A deviant program, stored on a portable hard drive, that can cause unexpected and often undesirable effects, is called: phishing malware CD virus computer virus
computer virus
A system of hardware/software that protects a computer from intruders is called a(n) __________. Trojan horse computer virus malware firewall
firewall
The tangible items used in automation are considered ______. hardware malware firewalls software
hardware
The right to expect that one's personal space is respected while undergoing healthcare is called _______. security secrecy privacy confidentiality
privacy
What is a disaster recovery plan? Multiple choice question. A plan that will help recover information and keep sensitive information secure A plan for replacement of key personnel A plan that is not necessary but can be done just in case something happens A plan that will help employees continue to be paid
A plan that will help recover information and keep sensitive information secure
Assigning passwords to allow access to only necessary functions helps assure which of the following? Multiple select question. Confidentiality Increased security risk Security Privacy Cost savings
Confidentiality Security Privacy
Code sets
EHR must use ICD-10 codes, CPT codes, and HCPCS codes
What does HIMSS stand for? Multiple choice question. Healthcare Information and Management Systems Society Healthcare Infrastructure and Management Systems Security Healthcare Information and Maintenance Systems Society Healthcare Information and Management Security Systems
Healthcare Information and Management Systems Society
Where should back up files be stored? Multiple choice question. In a safe room in the healthcare facility In a server in the facility In the provider's home network In an off-site location
In an off-site location
When do releases of information need to be accounted for? Multiple choice question. Internal staff members only External requesters only Internal or external requesters Upon insurance company request
Internal or external requesters
Security/Backup/Storage
Kept in secure location and must be possible at any given time
What is a HIPAA requirement that a patient must sign so they are aware of how their personal health information will be used? Notice of HIPAA Health Privacy Practices Health Insurance Portability Act Notice of Privacy Practices
Notice of Privacy Practices
Select all that apply Which of the following would be considered factors of sensitive information? Multiple select question. Patient record of someone's relative who works at the facility Patient who had a heart attack STD listed in patient chart Patient who is well known to the community
Patient record of someone's relative who works at the facility STD listed in patient chart Patient who is well known to the community
Access rights
Policies that are dependent on each user's need to know are written and adhered to for functionality within the EHR
Select all that apply Which of the following factors dictate the privileges of a user? Multiple select question. Hourly rate of pay Length of employment Position Job description
Position Job description
Select all that apply Which of HIPAA's original rules were made more stringent by the HITECH Act? Multiple select question. Safety Privacy Security Reimbursement
Privacy Security
Select all that apply Which of the following apply to HITECH? Multiple select question. Privacy and security rules are more stringent. More power has been given to government authorities to enforce privacy and security. Government authorities have less power to enforce privacy and security. Privacy and security rules have been eliminated.
Privacy and security rules are more stringent. More power has been given to government authorities to enforce privacy and security.
Accounting of disclosures
Providing the patient with a listing of all disclosures of his or her health information
Select all that apply Which of the following should be addressed by electronic privacy and confidentiality policies? Multiple select question. Release of directory information Release of information to outside sources Insurance reimbursement information Hard-copy documents should be discarded in trash bins Signing of Notices of Privacy Practices
Release of directory information Release of information to outside sources Signing of Notices of Privacy Practices
Access report
Report of all persons within a facility who have had access to a patient's protected health information
Audit trail
Report which shows accesses by user to each function of the software - users who reviewed a patient's record
Select all that apply Which of the following describes continuity of care? Multiple select question. Sharing of information regarding patients' care Sharing of information regarding patients' bills The passing of information of one patient to another The passing of information from one provider to another
Sharing of information regarding patients' care The passing of information from one provider to another
Which of the following are strategies for protecting the sensitive information on devices? Multiple select question. Sign out of the device when unattended Store passwords on or near the device Encrypt PHI Leave the device open for easy access Use portable devices in secure areas
Sign out of the device when unattended Encrypt PHI Use portable devices in secure areas
Select all that apply Which of the following types of information might be found on a healthcare organization's social media site? Multiple select question. Specific patient details Social media policy Support groups and blogs Facts and figures about patient populations Links to related sites Patient test results
Social media policy Support groups and blogs Facts and figures about patient populations Links to related sites
Why are user rights assigned? Multiple choice question. To allow for user password selection To provide users with unlimited functionality To provide limited functionality to users To provide a user ID to staff
To provide limited functionality to users
A report that shows who accessed a person's medical record, is called: Multiple choice question. encrypted accounting of disclosures access report password report
access report
A report that shows who accessed a person's medical record, is called: encrypted password report accounting of disclosures access report
access report
To comply with HITECH, releases of information need to be ______. Multiple choice question. refused granted unrestricted accounted for
accounted for
When you provide the patient with a listing of all disclosures of his/her health information, both internally and externally, is called:
accounting of disclosures
Ongoing conversations about a topic that takes place online via the Internet are called ________. Multiple choice question. back-channels blogs Tweets webicles
blogs
The patient's right to expect that a patient's health information will not be released to any other entity without written authorization or as required by law is considered ________. privacy security confidentiality safety
confidentiality
The accuracy and timeliness of data collection is called ________. Multiple choice question. consistent charting limited data data interface data integrity
data integrity
Information about a patient's hospital status and his or her location in the hospital or facility is called _______. security information Master Patient Index directory information public knowledge
directory information
When only certain people have access to information, it is considered _______. Multiple choice question. full-user access denied rights restricted access user declination
restricted access
Interactive communication sites via the Internet are considered to be _______. Multiple choice question. social media Internet media social networking media outlets
social media