HIT 101 Part 1

Ace your homework & exams now with Quizwiz!

what functions does a R-ADT do

" for inpatient hospital: register pts for admisstion or outpt services (capturing demographic and insurance data and supplying this to all other applications as needed) opens an account for them tracks all transfers within the hospital closes the account when a pt is discharged"

list and describe data quality entry issues

"*copy and pasting- while this makes entering data faster it is easy to paste incorrect data into the record *use of comment fields- data entered into them cannot be processed in CDS or reports, data may contradict discrete data, not all users can view the free text which reduces its usefulness, so limit comment field size and require vendor to display it on every applicable screen *determining if entries are made by legitimate users- users may give their passwords to others for various reasons..review audit logs to see how often and when the person using a certain password is entering data..perhaps they didn't work the day data was entered *handling amendments, corrections, and deletions-error corrections must be visible to users and not confusing"

describe the consolidated HIE model

"*data is stored in one large database *data are NOT co-mingled, rather they are separated with access controls requiring specific authorization to gain access to any data *because data is in one place there is fear that large amounts of data could be used against the person if the wrong person accessed it"

describe the federated HIE model

"*no central location of data *has a central HUB *info is exchanged in a point-to-point manner *considered the least efficient and security is only as strong as the weakest link"

what are factors that should be considered when planning EHR implementation?

"*total cost of ownership/budget- cost of hardware/software, cost of consultants, construction, furniture *develop own implementation plan that take into account the vendors implementation plan *plan for chart conversion-how will we convert existing paper files to electronic form *data conversion- will we bring current electronic data into new system or keep in a legacy system *phase implementation-will we go live all at once or phase in sections at a time *issues management- how will we handle and keep track of problems that arrise during and after implementation *change management-support for workflow and other changes"

what is the difference between CDR and CDW?

"CDR= uses structured and unstructured data. It is optimized for online transaction processing (OLTP) which is transactions relating to patient care. Is often included in EHR CDW= uses structured data only. Is optimiced for online analytical processing (OLAP) -data mining, compare measures, identify patterns. Is rarely a standard part of EHR"

two main types of hardware infrastructure/architecture in an EHR

"Client/server architecture-uses combination of computers to capture and process data...servers are powerful computers that house all application software that serve client computers web services architecture (WSA)-utilizes web-based tools to permit communication between different software applicaions..there is NOT the one-to-one relationship of a client/server"

What is the difference between the EMR and EHR

"EMR= electronic record of health-related info that can be created, gathered, managed, and consulted by authorized clinicians within one healthcare organization EHR= electronic record of health-related info that conforms to nationally recognized interoperability standards that can be created, managed, and consulted by authorized clinicians across more than one healthcare organization"

Token

"Something you have" is demonstrated by: a. CAPTCHA b. Retinal scan c. Password d. Token

Metathesaurus

"The very large, multipurpose, and multilingual vocabulary database that is the central vocabulary component of the Unified Medical Language System"

The metathesaurus, one of the UMLS knowledge sources, contains syntactic information for many terms.

"The very large, multipurpose, and multilingual vocabulary database that is the central vocabulary component of the Unified Medical Language System"

what is the functions of a pharmacy info sys

"info sys that aids: pharmacist in checking for contraindications mixing drugs that require special preparation maintains inventory, staffing, and budgeting"

describe the consistent federated model

"it's a hybrid model *has one large database and smaller vaults *data is centrally located but logically and physically separated"

meaningful use has 3 parts..what are they

"standards for MU of EHR certification that EHR tech meets standards criteria for earning MU incentives"

list and describe 3 human-computer interfaces (technologies that make data capture easier)

"structured data entry via point-and-click, structured templates. These devices include the mouse, and touch screens natural language processing -the capability of a computer to convert narrative text to structured data direct data capture from a medical device attached to a patient-devices can be connected to a telephone line to capture data. useful for capturing vital signs or other monitoring data"

Under outpatient prospective payment system, Medicare decides how much a hospital or a community health center will be reimbursed for each service rendered. Depending on the service, the patient pays either a coninsurance amount (20%) or a fixed copayment amount, whichever is less. Mr. Smith who has paid his deductible for the year, was charged $85 for a minor procedure performed in the hospital outpatient department. The fixed copayment amount for this type of procedure, adjusted for wages in the geographic area, is $15. What would Mr. Smith need to pay in this case?

$15

The maximum penalty per violation for HIPAA violation due to willful neglect with correction is

$250,000

Audit trail

(1) a chronological set of computerized records that provides evidence of information system activity (log-ins and log-outs, file accesses) used to determine security violations. (2) a record that shows who has accessed a computer system, when it was accessed, and what operations were performed

Data integrity

(1) the extent to which healthcare data are complete, accurate, consistent, and timely (2) a security principle that keeps information from being modified or otherwise corrupted either maliciously or accidentally.

*Types of hospital ownership

* Government-owned hospitals (VA) * Proprietary hospitals (privately owned, foundations, etc.) * Voluntary hospitals - Not for-profit hospitals, owned by churches, universities, charities, etc.

Inaccurate data recorded in the health record could:

* Invalidate research findings * Compromise quality patient care * Contribute to incorrect assumptions by policy makers (All of the answers)

Which of the following is an advantage offered by computer - based clinical decision support tools?

* They recall relevant diagnostic criteria and treatment options on the basis of data in the health record and thus support physicians as they consider diagnostic and treatment alternatives. * They review structured electronic data and alert practitioners to out-of-range laboratory values or dangerous trends. * They give physicians instant access to pharmaceutical formularies, referral databases, and reference literature. (All of the answers)

*Secondary purpose of the health record

- Education of healthcare professionals - Legal, accreditation, and policy development - Public health and research

The privacy rule permits use or disclosure without written patient authorization

- For specific law enforcement purpose specified by privacy rule - For incidental disclosures -To prevent or lessen serious threats to health or safety

Requesting access - HIPAA

- HIPAA gives individuals the right to request access to their PHI - acted on no later than 30 days, 60 days if PHI is on-site

*Indices - 4 kinds

- Master patient index - MPI - Disease index - (ICD - International Classification of Disease) - Operation or procedure index (CPT - Current Procedure Terminology) - Physician index

*Formats of the health record

- Paper - Electronic - Hybrid

*Primary purpose of the health record

- Patient care - Management of patient care - Administrative purposed

*Paper Health Record

- Source-oriented health record ex. nurse notes grouped together, physicians notes grouped together - Universal Chart Order - reverse chronological order - SOAP Subjective, objective, assessment, plan - to remember what should be in the progress note -- SOAP came from the problem-oriented health record in the 1970's

*Quality issues in MPI systems

- Typographical errors - Outdated demographic information - Incorrect names - Duplicate - Patient has two or more records - Overlay - When patient is assigned another person's health record number. - Commingled info between 2 patients. - Overlap - More than one healthcare record at different locations in an enterprise.

*Different Type of Data Sets

- Uniform Hospital Discharge Data Set (UHDDS) - Uniform Ambulatory Care Data Set (UACDS) - Data Elements for Emergency Department Systems (DEEDS) - Minimum Data Set (MDS) - Outcomes and Assessment Information Set (OASIS) - Essential Medical Data Set (EMDS)

a valid authorization must contain:

-A description of the information to be used or disclosed -an expiration date or event -a statement that being used or disclosed may be subjected to redisclosure by the recipient

When an individual request that PHI be routed to an alternative location

-A health plan must honor reasonable request necessary to minimize a safety risk. -Both health plans and health care provider may deny a request of information regarding payment is not provided. -Both health plans and health care provider may deny a request if no alternative contact information is provided.

Deindentified information :

-Does not identify an IND -Is information from which personal characteristics have been stripped -Cannot be later constituted or combined to reidentify an IND

the privacy officer is responsible for:

-Handling complaint about the covered entity's violations of the Privacy Rule - Developing and implementing privacy policies and procedure -providing information about the covered entity's privacy practices

Protected Health information (PHI)

-Relate to one past, present, or future mental health condition -Relate to one past, present or future physical condition - Relate to payment for the provisions of healthcare

credentialing applies to:

-medical staff appointments -medical staff reappointments -the granting of specific clinical privilege

Bar graph

...

Benchmark

...

Brainstorming

...

Case management

...

Cause-and-effect diagram

...

Checksheet

...

Claims management

...

Clinical practice guidelines

...

Clinical protocols

...

Common-cause variation

...

Continued-stay (or concurrent) Utilization Review

...

Continuous improvement

...

Customer

...

Dashboards

...

Data abstracts

...

Discharge Utilization Review

...

Discharge abstract system

...

Discharge planning

...

External customers

...

Financial indicators

...

Fishbone diagram

...

Flowcharts

...

Force-field analysis

...

Ground rules

...

Health Care Quality Improvement Program (HCQIP)

...

Histogram

...

ISO 9000 certification

...

Incident/occurrence report

...

Inputs

...

Intensity-of-service screening criteria

...

Internal customers

...

Mission

...

Multivoting technique

...

National Patient Safety Goals (NPSGs)

...

Nominal group technique

...

Opportunity for improvement

...

Outcome indicators

...

Outcome measures

...

Outputs

...

Pareto charts

...

Patient advocacy

...

Performance Improvement (PI)

...

Performance indicators

...

Potentially compensable event

...

Preadmission Utilization Review

...

Process indicators

...

Prospective Utilization Review

...

Quality indicators

...

Retrospective Utilization Review

...

Risk

...

Risk management program

...

Root-cause analysis

...

Run chart

...

Scatter diagrams

...

Scorecards

...

Severity-of-illness screening criteria

...

Six Sigma

...

Special-cause variation

...

Standard

...

Statistical process control chart

...

Structure indicators

...

Structured brainstorming

...

The Joint Commission

...

Time ladders

...

Unstructured brainstorming method

...

Utilization Review (UR)

...

Virtuoso teams

...

Audit trail

1. A chronological set of computerized records that provides evidence of information system activity (logins and logouts, file accesses) used to determine security violations 2. A record that shows who has accessed a computer system, when it was accessed, and what operations were performed

Access control

1. A computer software program designated to prevent unauthorized use of an information resource 2. As amended by HITECH, a technical safeguard that requires a covered entity must in accordance with 164.306(a) implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4)(45 CFR 164.132 2003)

Access control

1. A computer software program designated to prevent unauthorized use of an information resource, a technical safeguard that requires a covered entity must in accordance with 164.306(a) implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in 164.308(a)(4)(45 CFR 164.132 2003)

Authorization

1. As amended by HITECH, except as otherwise specified, a covered entity may not use or disclose protected health information without an authorization that is valid under section 164.508 2. When a covered entity obtains or receives a valid authorization for its use or disclosure of protected health information, such use or disclosure must be consistent with the authorization (45 CFR 164.508 2013)

What activities do the benefits of Data Exchange Standards make possible?

1. Disease surveillance 2. Health and healthcare population monitoring 3. Outcomes research 4. Decision making and policy development

Contingency plan

1. Documentation of the process for responding to a system emergency, including the performance of backups, the line-up of critical alternative facilities to facilitate continuity of operations, and the process of recovering from a disaster 2. A recovery plan in the event of a power failure, disaster, or other emergency that limits or eliminates access to facilities and electronic protected personal health information (ePHI)

What are some of the benefits of Data Exchange Standards?

1. Exchanging information 2. Sharing information 3. Communicating within and across the discipline and settings 4. Integrating separate data systems 5. Comparing information at a regional, national, and international level. 6. Linking data in a secure environment.

What are the major categories of data collected by the MDS?

1. Identification information 2. Hearing, speech, and vision 3. Cognitive patterns 4. Mood 5. Behavior 6. Preferences for customary routine and activities 7. Functional status 8. Bladder and bowel 9. Active disease diagnosis 10. Health conditions 11. Swallowing/Nutritional status; 12. Oral/Dental status 13. Skin conditions 14. Medications 15. Special treatments and procedures 16. Restraints 17. Participation in assessment and goal setting 18. Care area assessment (CAA) summary 19. Correction request 20. Assessment administration

What are some data needs in the electronic environment?

1. Integration of data that originate in various databases within facilities as well as in databases outside the facility. 2. Must be able to respond to request to transfer data to other facilities, payers, accrediting and regulating agencies, quality improvement organizations, and other information users. 3. These goals can only be accomplished when every database system is either operating on the same platform or using common standards.

Data analytics

1. Is the science of examining raw data with the purpose of drawing conclusions about that information. It includes data mining, machine language, development of models, and statistical measurments. Analytics can be descriptive, predictive, or prescriptive.

What are the 8 sections that DEEDS is organized into?

1. Patient identification data. 2. Facility and practitioner identification data 3. Emergency department payment . 4. Emergency department arrival and first-assessment data. 5. Emergency department history & physical examination data. 6. Emergency department procedure and result data. 7. Emergency department medication data. 8. Emergency department disposition and diagnosis data.

Name the categories of data groupings in OASIS-C ?

1. Patient tracking items 2. Clinical record items 3. Patient history and diagnoses 4. Living arrangements 5. Sensory status 6. Integumentary status 7. Respiratory status 8. Cardiac status 9. Elimination status 10. Neuro/Emotional/Behavioral status 11. Activities of daily living (ADL)/Instrumental activities of daily living (IADLS) 12. Medications 13. Care management 14. Therapy need and plan of care 15. Emergent care 16. Discharge.

Data Capture

1. Process of recording data. 2. Is the process of recording data in a health record system or database. It is the first stage of transforming raw data into meaningful analytics.

Name the 4 types of standards.

1. Record Structure and Content Standards - Very Important 2. Content Exchange Standards 3. Vocabulary Standards 4. Privacy and Security Standards

Names three reasons for the increase in ambulatory care.

1. Technological improvements in diagnostic and therapeutic procedures and the development of short-acting anesthetics. 2. Third-party payers have extended coverage to include most procedures performed on an outpatient basis. 3. Medicare's acute inpatient hospital prospective payment system limits reimbursement for inpatient care.

Cryptography

1. The art of keeping data secret through the use of mathematical or logical functions that transform intelligible data into seemingly unintelligible data and back again 2. In information security, the study of encryption and decryption techniques

Data integrity

1. The extent to which healthcare data are complete, accurate, consistent, and timely 2. A security principle that keeps information from being modified or otherwise corrupted either maliciously or accidentally

Charts

1. The health record of a patient. 2. To document information about a patient in a health record.Such as pie and bar charts and graphs such as line graphs, are appropriate when presenting relationships.

Security

1. The means to control access and protect information from accidental or intentional disclosure to unauthorized persons and from unauthorized alteration, destruction, or loss 2. The physical protection of facilities and equipment from theft, damage, or unauthorized access; collectively, the policies, procedures, and safeguards designed to protect the confidentiality of information, maintain the integrity and availability of information systems, and control access to the content of these systems

Authentication

1. The process of identifying the source of health record entries by attaching a handwritten signature, the author's initials, or an electronic signature 2. Proof of authorship that ensures, as much as possible, that log-ins and messages from a user originate from an authorized source 3. As amended by HITECH, means the corroboration that a person is the one claimed

How is the data collected in OASIS-C used?

1. To assess the patient's ability to be discharged or transferred FROM home care services. 2. The data is also used to measure patient outcomes in order to assess the quality of home healthcare services.

What are the two purposes of healthcare data sets?

1. To identify the data elements that should be collected for each patient. 2. To provide uniform definitions for common terms.

8 components of a security program

1. employee awareness and education 2. risk management program 3. access safeguards 4. physical and administrative safeguards 5. software application safeguards 6. network safeguards 7. disaster planning and recovery 8. data quality control processes

The term STANDARD is a well-defined approach that supports a business process and...

1. has been agreed upon by a group of experts 2. has been publicly vetted 3. provides rules, guidelines, or characteristics 4. helps to ensure that materials, products, processes, and services are fit for their intended purpose 5. is available in an accessible format 6. is subject to an ongoing review and revision process

A tort is:

1.A wrongful act that results in injury to another. 2.civil wrongdoing

Discovery

1.Compulsory disclosure of pertinent facts or documents to the opposing parties in a civil case. 2.disclosure of pertinent facts or documents to the opposing parties in a legal case

Constitutional Law

1.Defines the amount and types of power and authority governments are given. 2. The body of law that deals with the amount and types of power and authority that governments are given.

Data mining

1.Extraction of recording data. 2. Data mining is the process of extracting and analyzing large volumes of data from a database for the purpose of identifying hidden and sometimes subtle relationships or patterns and using those relationships to predict behaviors. It is a key piece of analytics and of the knowledge discovery process. The information discovered from data mining databases aids clinical research. EX : It could be used to detect early signals of potential adverse drug events.

Private Law

1.Involves rights and duties among private parties. 2.Involves rights and duties among private entities or individuals. 3.The collective rules and principles that define the rights and duties of people and private businesses.4Rules and principles that define rights and duties among individuals or organizations

Mediation

1.Parties agree to submit a dispute to a third party facilitator, who assists the parties in reaching an agreed upon resolution. 2. In law, when a dispute is submitted to a third party to facilitate agreement between the disputing parties.

Analytics

1.Refers to statistical, processing of data to reveal new information. 2. Analytics involves acquiring,managing, studying, interpreting, and transforming data into useful information for a variety of reasons. They also plays a role in leveraging data to improve healthcare quality and patient outcomes. Analytics also plays a role in leveraging data to improve healthcare quality and patient outcomes.

Data

1.The dates, numbers,images, symbols, letters, and words that represent basic facts and observations about people,processes, and conditions.

Data abstraction

1.The identification of data elements by an individual through health record review, using standards and guidelines data mining can extract clinical data directly from the EHR to compile content for reporting clinical quality measures.

Dashboard

1.Which is a management report of process measures. 2.Reports process measures. Dashboard is an another data analytics tool.3. Reports of process measures, to help leaders follow progress to assist with strategic planning.

Judicial law(case law or common law)

1.Which is law, created from court (judicial) decisions. 2. The body of law created as a result of court decisions.

AHIMA recommends that the operative index be retained

10 years

AHIMA recommends that the operative index be retined for how long?

10 years

The number of days Medicare will cover SNF inpatient care per benefit period is limited to which of the following?

100

Mr. Jones was admitted to the hospital on July 20 and discharged on August l. What was the length of stay for Mr. Jones?

12 days

When all third-party payments have been received and contractual allowances have been written off, the remaining balance is categorized as the patient responsibility. Best practice is to have the patient responsibility amount be less than what percentage of the total balance?

According to the Pareto Principle:

20% of the sources of a problem are responsible for 80% of its actual effects

when do sanctions for not having an EHR begin?

2015- they won't get the full medicare reimbursement rate

Community Hospital had 245 patients in the hospital at midnight on April 1. The hospital admitted 30 patients on April 2. The hospital discharged 45 patients, including deaths, on April 2. Two patients were both admitted and discharged on April 2. What was the daily inpatient census at midnight on April 2?

232

Mr. Jones is a 67-year-old patient who only has Medicare's Part A insurance. Given the information here, if Mr. Jones used 36 lifetime reserve days, how many does the patient have left to be used at a later date?

24 days

Which of the following is recommended for design of forms for an EDMS?

24 lb. paper for double-sided forms

Given the numbers 45, 27, 7, 38, 29, 29, 34, and 53, what is the mode?

Given the numbers 45, 18, 9, 31, 28, 28, 33, and 48, what is the median?

29.5

To comply with HIPAA, under usual circumstances, a covered entity must act on a patient's request to review or copy his or health information within __ days

Given the numbers 50, 23, 14, 36, 33, 33, 38, and 53, what is the mean?

The best practice for a system hold for all charges to be entered into the billing system and all coding to be completed is:

4 days post-discharge or visit

Community Hospital had 20 inpatient deaths, including newborns for the month of November. The hospital had a total number of 477 discharges for the same period, including deaths of adults, children and newborns. What was the hospital's gross death rate for November?

AHIMA's record retention guidelines recommend that diagnostic images such as xrays be maintained:

5 years

Diagnostic images such as X-rays for minors

5 years after the age of majority

Per the HITECH breach notification requirements, what is the threshold for the immediate notification of each individual?

500 individuals affected

Mr Martin has asked his physician's office to review a copy of his PHI. His request must be responded to no later than _________ after the request is made.

60 days

Under HIPAA regulations, how many days does a covered entity have to respond to an individual's request for access to his or her PHI is stored off-site?

60 days

Community Hospital discharged nine patients on September 1. The length of stay for each of the patients was as follows: for patient A, three days: for patient B, six days; for patient C, five days; for patient D, five days; for patient E, seven days; for patient F, nine days; for patient G, nine days; for patient H, ten days; patient I, nine days. What was the average length of stay for these nine patients?

7 days

Community Hospital has a total of 2,755 inpatient service days for the month of June. What was the average daily census for the hospital during June?

91.8 patients

Nomenclature

: A recognized system of terms that follows pre-establishing naming conventions

Alex fell from a tree and was taken to the emergency room. The physician did a physical exam and diagnosed Alex with contusions. In fact, Alex suffered a punctured lung that would have been detected by a radiologic image. In this case, the physician committed which of the following? a. Nonfeasance b. Misfeasance c. Malfeasasance d. No wrongdoing

Errors in the health record should be which of the following? a. Corrected by drawing a single line in ink through the incorrect entry b. Obliterated so the incorrect information will not be used c. Ignored because information in the health record cannot be removed d. Corrected by administration only

If a patient is not asked to sign a general consent form when entering the hospital, and later sues the hospital for contact that was offensive, harmful, or not otherwise agreed to, what cause of action has the plaintiff most likely included in his lawsuit? a. Battery b. Lack of informed consent c. Negligence d. Breach of contract

The length of time health information is retained ______________. a. Must account for state retention laws, if they exist b. Must be approved by patients whose health information is being maintained c. Should not take into account the organization's operational needs d. Is ultimately the physician's decision

What type of negligence would apply when a physician does not order the necessary test? a. Nonfeasance b. Malfeasance c. Misfeasance d. Intentional tort

Which of the following is a true statement about the legal health record? a. It includes PHI stored on any medium b. It includes PHI on paper only c. It includes PHI on paper and electronic formats only d. It includes electronic PHI only

Clinical decision support system (CDSS)

A Special subcategory of clinical information systems designated to help healthcare providers make knowledge based clinical decisions. Example, a CDSS could deliver targeted clinical reminders and alerts impacting the quality and efficiency of care. EXample, whithin an EHR the clinician may receive a reminder that it is time for the patient's annual gynecological exam.

Benchmark and Baseline

A benchmark and baseline are a point of comparison for each indicator tracked.

Clinical data repository

A central database that focuses on clinical information.

Classification

A clinical vocabulary, terminology, or nomenclature that lists words or phrases with their meanings, provides for the proper use of clinical words as names or symbols, and facilitates mapping standardized terms to broader classifications for administrative, regulatory, oversight, and fiscal requirements

Impact analysis

A collective term used to refer to any study that determines the benefit of a proposed project including cost-benefit analysis, return on investment, benefits realization study, or qualitative benefit study

Impact analysis

A collective term used to refer to any study that determines the benefit of a proposed project, including cost-benefit analysis, return on investment, benefits realization study, or qualitative benefit study.

Define National Council for Prescription Drug Programs (NCPDP)

A committee that specializes in developing standards for exchanging prescription and payment information.

Common Clinical Data Set

A common set of data types and elements and associated standards for use across several certification criteria; established by the ONC

Risk management

A comprehensive program of activities intended to minimize the potential for injuries to occur in a facility and to anticipate and respond to ensuring liabilities for those injuries that do occur. The processes in place to identify, evaluate, and control risk, defined as the organization's risk of accidental financial liability

Which of the following best describes the function of kiosks?

A computer station that promotes the healthcare organization's services

Firewall

A computer system or a combination of systems that provides a security barrier or supports an access control policy between two networks or between a network and any other traffic outside the network

A key feature of performance improvement is:

A continuous cycle of improvement

Role-based access control (RBAC)

A control system in which access decisions are based on the roles of individual users as part of an organization

Role-Based Access Control (RBAC)

A control system in which access decisions are based on the roles of individual users as part of an organization.

What is the CCR standard?

A core data set of relevant current and past information about a patient's health status and healthcare treatment. It is just a generic baseline.

Which of the following statements is true in regard to responding to requests from individuals for access to their PHI?

A cost-based fee may be charged for making a copy of the PHI

Authorization

A covered entity may not use or disclose PHI without permission (authorization) that is valid.

Data dictionary

A descriptive list of the names, definitions, and attributes of data elements to be collected in an information system or database whose purpose is to standardize definitions and ensure consistent use

Data dictionary

Device and media controls

A dietary department donated its old microcomputer to a school. Some old patient data were still on the microcomputer. What controls would have minimized this security breach? a. Access controls b. Device and media controls c. Facility access controls d. Workstation controls

IHS

A federal agency within the Department of of Health and Human Services that is responsible for providing federal healthcare services to American Indians and Alaska Natives.

Medicare

A federally funded health program to assist with the medical care costs of American 65 years of age and older.

template

A form of clinical decision support that guides a user in appropriate documentation is which of the following? a. Digital dictation b. Point of care documentation c. Reminder system d. Template

Subscriber

A health plan enrollee

Bar Chart

A horizontal or vertical arrangement of rectangular shapes that represents data from one or more groups or categories

Firewall

A hospital is looking to use something to act as a buffer between two networks. What should be recommended? a. Application control b. Cryptography c. Firewall d. Digital certificate

Case-mix index

A hospital's _______ represents the average DRG relative weight for a particular hospital. Case-mix index Management mix index Case management index Resource-based relative values scale system

A group practice has hired an HIT as its chief compliance officer. The current compliance program includes written standards of conduct and policies and procedures that address specific areas of potential fraud. It also has audits in place to monitor compliance. Which of the following should the compliance officer also ensure are in place?

A hotline to receive complaints and adoption of procedures to protect whistleblowers from retaliation

The hospital where I work is transitioning to an EHR. In the meantime, we have part of the health record electronic and part is still paper. This concept is known as:

A hybrid record

Medicaid

A joint federal and state program that helps with medical costs for some people with low incomes

What is Extensible Markup Language (XML)?

A key technology tool for enabling data sharing. It was developed as a universal language to facilitate the storage and transmission of data published on the Internet.

Workforce security awareness training

A laboratory employee forgot his user ID badge at home and uses another lab employee's badge to access the computer system. What controls should have been in place to minimize this security breach? a. Access controls b. Security incident procedures c. Security management process d. Workforce security awareness training

Data Set

A list of recommended data elements with uniform definitions that are relevant for a particular use.

PPO-preferred provider organization

A managed care contract coordinated care plan that has a network of providers that have agreed to a contractually specified reimbursement for covered benefits with the organization offering the plan.

Network controls

A method of protecting data from unauthorized change and corruption at rest and during transmission among information systems

Network controls

A method of protecting data from unauthorized change and corruption at rest and during transmission among information systems.

Ehealth exchange

A nation wide community of exchange partners. Examples of components of the eHealth Exchange include one unified trusted, operational, and legal framework, governance model, operating policies and procedures; technical services, and operational support. The eHealth Exchange has been successful in interoperable sharing of clinical information such as care summaries and quality data.

Define Institute of Electrical and Electronic Engineers (IEEE).

A national organization that develops standards for hospital system interface transactions, including links between critical care bedside instruments and clinical information systems.

Which of the following situations is considered a breach of PHI? - A patient's attorney is sent records not requested by that patient - A nurse starts to place PHI in a public area where a patient is standing and immediately picks it up - A nurse sees record of a patient that she is not caring for

A nurse sees record of a patient that she is not caring for

Check Digit

A one-digit character, alphabetic or numeric, used to verify the validity of a unique identifier

Power User

A person who is able to take advantage of all of the aids offered by health IT is referred to as which of the following? End user Meaningful user Power user Super user

Security program

A plan outlining the policies and procedures created to protect healthcare information

security program

A plan outlining the policies and procedures created to protect healthcare information.

Emergency mode of operations

A plan that defines the processes and controls that will be followed until the operations are fully restored

Emergency mode of operations

A plan that defines the processes and controls that will be followed until the operations are fully restored.

Capitation payment

A predetermined payment for each health plan enrollee

Use of the health record by a clinician to facilitate quality patient care is considered

A primary purpose of the health record

Business continuity plan

A program that incorporates policies and procedures for continuing business operations during a computer system shutdown

Digital Certificate

A public key is part of what security measure? Firewall Web security protocol Digital certificates Intrusion detection system

source system

A radiology information system is which of the following? a. Core clinical component b. Hospital information system c. Source system d. Supporting infrastructure

Personal health record (PHR)

A record created and managed by an individual in a private, secure, and confidential environment.It differs from EHR. A PHR can be about the individual's health or the health of someone in his or her care and be used as a tool to collect, track and share past and current information.Other benefits are improved patient engagement and enchanced probider patient communication.

Specialized database for a predefined set of data and its processing

A registry is which of the following? Software that supports patient identification and location of records Specialized database for a predefined set of data and its processing Storage location for archiving data not frequently used System that manages cloud computing

*Indices

A report or list from a database that provides help in finding data contained in the database. Serves as a guide or indicator to locate something within a database or other systems storing data

Fee-for-service

A retrospective payment system that billed payers after health care services were provided to the patient; hospital reimbursement was generated as per diem, a retrospective payment system that issued payment based on daily charges

Admission Utilization Review

A review of planned services (intensity of service) and/or a patient's condition (severity of illness) to determine whether care must be delivered in an acute-care setting.

Identify security threats

A risk analysis is useful to _________. Identify security threats Identify which employees should have access to data Establish password controls Establish audit controls

Access control

A security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it.

User-based access control (UBAC)

A security mechanism used to grant users of a system access based on identity

User-based access control (UBAC)

A security mechanism used to grant users of a system access based on identity.

Password

A series of characters that must be entered to authenticate user identity and gain access to a computer or specified portions of a database

Define Healthcare Effectiveness Data and Information Set (HEDIS).

A set of standard performance measures designed to provide healthcare purchasers and consumers with the information they need to compare the performance of managed healthcare plans.

Clinical Terminology:

A set of standardized terms and their synonyms that record patient findings, circumstances, events, and interventions with sufficient detail to support clinical care, decision support, outcomes research, and quality improvement

Two-factor authentication

A signature type that includes at least two of the following three elements: something known, such as a password; something held, such as a token or digital certificate; and something that is personal, such as a biometric in the form of a fingerprint, retinal scan, or other

two-factor authentication

What is a data element?

A single fact or measurement.

Security threat

A situation that has the potential to damage a healthcare organization's information system

Security threat

A situation that has the potential to damage a healthcare organization's information system.

Sniffers

A software security product that runs in the background of a network, examining and logging packet traffic and serving as an early warning device against crackers

Sniffers

A software security product that runs in the background of a network, examining and logging packet traffic and serving as an early warning device against crackers.

Copayment

A specified dollar amount to be paid to a health care provider for each visit or medical service received

semantic

A standard vocabulary is used to achieve what type of interoperability? a. Process b. Semantic c. System d. Technical

Define OASIS-C.

A standardized data set designed to gather and report data about Medicare beneficiaries who are receiving services from a Medicare-certified home health agency. It is REQUIRED.

Patient Portals

A system that allows consumers to log in to a secure online website to gain access to personal health information and navigate around it once inside the system.

Executive information system

A system that facilitates and supports senior managerial decisions. An EIS can transcend the organizational structure , transform the business by standardizing and describing solutions throughout the enterprise, and drive infromation centric decision making.The EIS is the source for identifying high level strategic, operational, financial or clinical issues.

Executive information system (EIS)

A system that facilitates and supports senior managerial decisions. The EIS is the source for identifying high level strategic, operational, financial or clinical issues.

Intrusion detection system (IDS)

A system that performs automated intrusion detection; procedures should be outlined in the organization's data security plan to determine what action should be taken in response to a probable intrusion

Intrusion Detection System (IDS)

A system that performs automated intrusion detection; procedures should be outlined in the organization's data security plan to determine what actions should be taken in response to a probable intrusion.

Point of care charting

A system whereby information is entered into the health record at the time and location of service. Example Nurses entering data using a tablet as they conduct patient assessments while at the bedside.

Affinity grouping

A technique for organizing similar ideas together in natural groupings.

Research

A term that refers to a statistical process of data to reveal new information is which of the following? Research Analytics Big data Data model

Specialist Lexicon

A tool that supplies the lexical information needed for the SPECIALIST natural language processing system

Managed Care Organization (MCO)

A type of healthcare organization that delivers medical care and manages all aspects of the care and payment for care by limiting providers of care, discounting payment to providers of care, or limiting access to care.

precertification

A type of prospective review involves ______ which is obtaining approval from a healthcare insurance company before a healthcare service is rendered. a. Post certification b. Precertification c. Proper certification d. Re-certification

Single sign-on

A type of technology that allows a user access to all disparate applications through one authentication procedure, thus reducing the number and variety of passwords a user must remember and enforcing and centralizing access control

single sign-on

Trojan horse

A user recently opened a file that they thought would help them with their job but it copied files to unsecure ares of the computer. What thpe of malware was activated? a. Rootkit b. Computer virus c. Computer work d. Trojan horse

Automatic logoff controls

A visitor to the hospital looks at the screen of the admitting clerk's computer workstation when she leaves her desk to copy some admitting documents. What security mechanism would best have minimized this security breach? a. Access controls b. Audit controls c. Automatic logoff controls d. Device and media controls

Facility access controls

A visitor walks through the computer department and picks up a CD from an employee's desk. What security controls should have been implemented to prevent this security breach? a. Device and media controls b. Facility access controls c. Workstation use controls d. Workstation security controls

virtual private network

A way to send secure messages over the Internet is which of the following? a. Cloud computing b. Digital imaging and communications network c. Virtual private network d. Web services architecture

Which of the following is required by HIPAA standards?

A written contingency plan

Medical malpractice:

A. refers to the professional liability of healthcare providers B. includes breach of contract C. includes intentional torts and negligence D. all of the above*****

When a service is not considered medically necessary based on the reason for encounter, the patient should be provided with a(n) ____ indicating that Medicare might not pay and that the patient might be responsible for the entire charge.

ABN

Coding policies should include which of the following elements?

AHIMA Standards of Ethical Coding

American Osteopathic Association

AOA

THE MINIMUM NECESSARY STANDARD:

APPLIES TO BOTH USES AND DISCLOSURES OF PHI

what larger act does HITECH belong to

ARRA- American Recovery and Reinvestment Act

meaningful use - define

ARRA/HITECH's rules that providers must follow in order to qualify for incentive payments for using the EHR

ANSI accredited standards Committee X12

ASC X12 is a message format standard for the health claims that professionals (physicians) send out to 3rd party payers

who made the ccr?

ASTM international

what was combined to make the CCD?

ASTM's CCR along with HL7's CDA(clinical document architecture)

The nature of an injury and its threat to life by body system is shown by the:

Abbreviated Injury Scale

Which of the following is a legal concern regarding the EHR?

Ability to subpoena audit trails.

All of the following are steps in medical necessity and utilization review, except:

Access consideration

An EHR system can provide better security than a paper record for protected health information system due to:

Access controls, audit trails, and authentication systems

Within the context of data security, protecting data privacy means defending or safeguarding:

Access to information

The term minimum necessary means that healthcare providers and other covered entities must limit use, access, and disclosure to the minimum necessary to:

Accomplish the intended purpose

The "discharged, not final billed" report (also known as "discharged, no final bill" or "accounts not selected for billing") includes what type of accounts?

Accounts that have been discharged and have not been billed for a variety of reasons

The act of granting approval to a healthcare organization based on whether the organization has met a set of voluntary standards is called:

Accreditation

The form and content of the health record are determined by:

Accreditation standards and public health reporting requirements, the needs of individual healthcare organizations, state and federal laws and regulatory requirements

What is ASC X12?

Accredited Standards Committee X12 is an ANSI-accredited standard that involves electronic data interchange

Which of the following determines health record content?

Accrediting body standards

Systems testing of a new information system should be conducted using:

Actual Patient Data

Change management is the process of planning for change. It concentrates on:

Addressing employee resistance to changes in processes, procedures, and policies

administrative safeguards

Administrative actions and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity's or business associate's workforce in relation to the protection of that information.

Rules developed by administrative bodies empowered by law to regulate specific activities

Administrative law

Scheduling appointments is an example of a patient portal feature having a(n)_______.

Administrative orientation

Scheduling appointments is the next sample of a patient portion future having an

Administrative orientation

Which of the following are policies and procedures required by HIPAA that address the management of computer resources and security?

Administrative safeguards

Management

Administrative safeguards include policies and procedures that address which of the following regarding computer resources? a. Management b. Maintenance c. Modification d. Manipulation

The security officer is responsible for:

Advising administration on information security

Which of the following is not an identifier under the Privacy Rule?

Age 75

Issues related to the efficiency and effectiveness of the healthcare delivery system are addressed by the _____.

Agency for Healthcare Research and Quality

Which of the following organizations within the federal government is responsible for looking at the issues related to the efficiency and effectiveness of the healthcare delivery system, disease protocols, and guidelines for improved disease outcomes?

Agency for Healthcare Research and Quality (AHRQ)

A medication being ordered is contraindicated due to a patient allergy. The physician is notified. This is an example of a(n):

Alert

Which of the following is true regarding the development of health record destruction policies?

All applicable laws must be considered

The Privacy Rule applies to

All covered entities involved with transmitting or performing any electronic transactions specified in the act

Secondary data sources consist of ____________.

All of the above

What information is needed to calculate the net death rate for a period?

All of the above

Which of the following types of statistics are used to report information about mortality, morbidity, and natality at the local, state, and national levels?

All of the above are used to report information about mortality, morbidity, and natality (the ratio of births to the general population; the birth rate) at the local, state, and national levels.

A secretary in the Nursing Office was recently hospitalized with ketoacidosis. She comes to the health information management department and requests to review her health record. Of the options here, what is the best course of action?

Allow her to review her record after obtaining authorization from her

St. Joseph's Hospital has a psychiatric service on the sixth floor of the hospital. A 31-year old male has come to the HIM department and requested to see a copy of his medical record. He indicated he was a patient of Dr. Schmidt, a psychiatrist, and that he was on the sixth floor of St. Joseph's for the last two months. These records are not psychotherapy notes. Of the options here, what is the best course of action?

Allow the patient to access his record if, after contacting his physician, his physician does not think it will be harmful to the patien

Allow the patient to access his record if, after contacting his physician, his physician does not think it will be harmful to the patient

Jennifer's widowed mother is elderly and often confused. She has asked Jennifer to accompany her to physician office visits because she often forgets to tell the physicians vital information. Under the Privacy Rule, the release of her mother's PHI to Jennifer is

Allowed when the information is directly relevant to Jennifer's involvement in her mother's care or treatment

Clinical data warehouse

Allows access to data from multiple databases and combines the results into a single query and reporting interface. For example , data mining may be used to extract clinical data directly from the EHR for the purpose of compiling content for reporting clinical quality measures.

What does Digital Imaging and Communication in Medicine (DICOM) do?

Allows for the exchange of imaging via the computer

What does ADA stand for?

American Dental Association

Which organization issues and maintains ethical standards for the health information management profession?

American Health Information Management Association

standards of ethical coding

American Health Information Management Association (AHIMA)

Coding Clinic

American Hospital Association

What does ANSI stand for?

American National Standards Institute

ARRA

American Recovery and Reinvestment Act

ARRA

American Recovery and Reinvestment Act - created the HITECH act. Also authorized the creation of the ONCHIT - Office of National Coordinator for Health Information Technology

The Medicare and Medicaid EHR Incentive Programs funded by the

American Recovery and Reinvestment Act of 2009

While auditing health records for incomplete documentation, the HIM specialist identifies written progress notes by Dr. Doe that she cannot read. She reports this to the hospital's risk manager. What is the best method to determine the scope of the documentation problem by Dr. Doe?

An HIM professional should conduct a more detailed audit of Dr. Doe's patients' records.

Context-based access control (CBAC)

An access control system which limits users to accessing information not only in accordance with their identity and role, but to the location and time in which they are accessing the information

Fraud

An act that represents a crime against payers or other health care programs, or attempts or conspiracies to commit those crimes

Edit checks

An admission coordinator consistently enters the wrong patient gender while entering data in the MPI. What security measures should be in place to minimize this security breach? a. Access controls b. Audit trail c. Edit checks d. Password controls

Pie chart

An arrangememt of pieces in a circular shape that represents the component parts of a single group or variable

Histogram

An arrangement of rectangular shapes that represents distributions of continuous variables

Trigger

An audit identified that an employee accessed a patient whose name is the same as the employee. This is known as a/an _________. Trigger Personal authentication Unsecured data Audit control

Which of the following statements is false?

An authorization does not have to be obtained for uses and disclosures for treatment, payment, and operation

American Recovery and Reinvestment Act

An economic stimulus bill passed in 2009, in response to the Great Recession, that provided $787 billion to state and local governments for schools, hospitals, and transportation projects. It was one of the largest single packages of government spending in American history.

Digital certificates

An electronic document that establishes a person's online identity

Digital certificates

An electronic document that establishes a person's online identity.

Digital signatures

An electronic signature that binds a message to a particular individual and can be used by the receiver to authenticate the identity of the sender

Digital Signatures

An electronic signature that binds a message to a particular individual and can be used by the receiver to authenticate the identity of the sender.

What is ANSI ASC X12N?

An electronic transfer standard that allows data to go back and forth.

Access controls

An employee accesses PHI on a computer system that does not relate to her job functions. What security mechanism should have been implemented to minimize this security breach? a. Access controls b. Audit controls c. Contingency controls d. Security incident controls

Facility access controls

An employee in the physical therapy department arrives early every morning to snoop through the EHR for potential information about neighbors and friends. What security mechanism should have been implemented that could minimize this security breach? a. Audit controls b. Facility access controls c. Workstation security

security incident procedures

An employee observes an outside individual putting some computer disks in her purse. The employee does not report this security breach. What security measures should have been in place to minimize this threat? a. Access controls b. Audit controls c. Authentication controls d. Security incident procedures

HMO

An entity that combines the provision of healthcare insurance and delivery of healthcare services, characterized by an organized healthcare delivery system to a geographic area, a set of basic and supplemental health maintenance and treatment services, voluntarily enrolled members, and predetermined fixed, periodic prepayments for members' coverage.

Likelihood determination

An estimate of the probability of threats occurring

Likelihood determination

An estimate of the probability of threats occurring.

Define Continuity of Care Document (CCD).

An implementation guide for sharing Continuity of Care Record (CCR) patient summary data using the CDA (Clinical Document Architecture). Pertains to EHR only.

Calling out patient names in a physician's office is

An incidental disclosure

Incident

An occurrence in a medical facility that is inconsistent with accepted standards of care

Incident

An occurrence in a medical facility that is inconsistent with accepted standards of care.

Accountable Care Organization (ACO)

An organization of healthcare providers accountable for the quality, cost, and overall care of Medicare beneficiaries who are assigned and enrolled in the traditional fee-for-service program.

What is Health Level 7 (HL7)?

An organization that develops messaging, data content, and document standards to support the exchange of clinical information.

Third-party payer

An organization that processes claims for reimbursement covered by a health care plan

A term that refers to statistical process of a dad add to reveal new information is which of the following

Analystics

How often are the Medicare fee schedules updated?

Annually

Prescriptive analytics

Answers How can we make it happen ?

Predictive analytics

Answers the question What will happen?

Diagnostic analytics

Answers the question Why did it happen?

Descriptive analytics

Answers the question what happened?

Which of the following security controls are built into a computer software program?

Application Controls

A durable power of attorney for healthcare decisions------------

Applies when the individual is no longer competent.

Medical staff credentialing refers to which of the following?

Appointing and granting clinical privileges to physicians.

A medical malpractice case is submitted to a third party rather than being resolved in the court system. The third party makes a final decision regarding the case. This process is called;

Arbitration

Proceeding in which disputes are submitted to a third party or a panel of experts outside the judicial trial system

Arbitration

Data Standards

Are documented agreements on representations,formats, and definitions of common data. Several types are needed including vocabulary, code sets, and terminology; coontent and structure; transport; and services.

The primary objective of quality in healthcare for both patient and provider is to:

Arrive at the desired outcomes

Physical safeguards

As amended by HITECH, security rule measures such as locking doors to safeguard data and various media from unauthorized access and exposures; includes facility access controls, workstation use, workstation security, and device and media controls

Implementation specifications

As amended by HITECH, specific requirements or instructions for implementing a privacy or security standard

Implementation specifications

As amended by HITECH, specific requirements or instructions for implementing a privacy or security standard.

Technical safeguards

As amended by HITECH, the Security Rule means the technology and the policy and procedures for its use that protect electronic protected health information and control access to it

The HIM Supervisor suspects that a departmental employee is accessing the EHR for personal reasons but has no specific data to support this suspicion. In this case, what should the supervisor do?

Ask the security officer for audit trail data to confirm or disprove the suspicion.

Which of the following tasks is not performed in an electronic health record system?

Assembly

National health plan identifier (PlanID)

Assigned to third party payers; contains 10 numeric positions including a check digit in the 10th position

AHIMA's record retention guidelines recommend that the health records of adults be maintained

At least 10 years after the most recent encounter

Subclassification level

At which level of the classification system are the most specific ICD-9-CM codes found?

Which of the following is a software program that tracks every access to data in the computer system?

Audit Trail

Which of the following actions by a health records custodian affirms the legitimacy of a health record?

Authentication

What does a form creation system do?

Automated administrative forms processing

Which of the following is an example of data security?

Automatic logoff after inactivity

A child's health record should be retained for how long? a. The statute of limitations plus five years b. The age of majority plus the statute of limitation c. The age of majority d. The age of majority plus three years

Congress passes laws, which are then developed by federal agencies to provide a blueprint for carrying out these laws. What do the federal agencies develop? a. Statutes b. Regulations c. Judicial decisions d. Ordinances

Elizabeth arrived at the nearest urgent care facility after being bitten by her cat, Felix. The physician examined her and gave her a tetanus shot. Based on these facts, a physician-patient relationship has _________. a. Been created by express contract b. Been created by implied contract c. Not been created d. Been breached

Metadata are which of the following? a. Found in personal health records only b. Data about data c. Found in paper records only d. A patient's billing records

The Registered Health Information Technician (RHIT) credential is an example of which of the following? a. Licensure b. Certification c. Accreditation d. Validation

The maintenance of health records ____________________. a. Is governed by state laws only b. Is governed by Medicare Conditions of Participation for organizations that treat Medicare and Medicaid patients c. Is always left solely to the discretion of the healthcare organization that maintains the records d. Are not addressed by accrediting bodies and governmental agencies

Which stage of the litigation process focuses on how strong a case the opposing party has? a. Deposition b. Discovery c. Trial d. Verdict

Which type of law defines the rights and duties among people and private businesses? a. Public law b. Private law c. Corporate law d. Administrative law

Which of the following is not true about health information retention? A. Retention depends on state, federal, and accreditation requirements B. Retention is the same for all types of healthcare facilities C. Retention depends on the needs of the healthcare facility D. Retention periods are frequently longer for health information about minors

B. Retention is the same for all types of healthcare facilities

Editors correct misrecognitions after the physician completes dictation when _______ is used

Back-end speech recognition technology

Editors correct misrecognitions after the physician completes dictation when--- is used

Back-end speech recognition technology

The federal legislation that focused on healthcare fraud and abuse issues, especially as they relate to penalties, was the:

Balanced Budget Act of 1997

To date the HIM department has not charged for copies of records requested by the patient. However, the policy is currently under review for revision. One HIM committee member suggests using the copying fee established by the state. Another committee member thinks that HIPAA will not allow for copying fees. What input should the HIM director provide?

Base charges on the cost of labor and supplies for copying and postage if copies are mailed

Data

Basic facts

If a patient is not asked to sign a general consent form when entering the hospital, and later sues the hospital for contact that was offensive, harmful, or not otherwise agreed to , what cause of action has the plaintiff most likely included in his lawsuit?

Battery

Been created by express contract

As part of an EHR system selection, due diligence should be done:

Before contracting for an EHR product

A Medicare benefit period is defined as:

Beginning the day the Medicare patient is admitted to the hospital and ending when the patient has been out of the hospital for 60 days in a row, including the day of discharge

A standard of performance or best practice for a particular process or outcome is called a(n):

Benchmark

Tracking and comparing over time the number of medical records coded per hour by individual coder to assess coder productivity is an example of a ---------

Benchmark

The RFP generally includes a detailed description of the system's requirements and provides guidelines for vendors to follow in:

Bidding for the contract

Which of the following has the ultimate responsibility for ensuring quality in a healthcare facility?

Board of Directors

Which of the following is one of the causes of action?

Breach of contract

which of the following is considered to be a professional liability?

Breach of contract, intentional tort, negligence

Code System

Broad term • Characteristics of a terminology or a classification • Primary or secondary data use

Which of the following is an organization's planned response to protect its information in the case of a natural disaster?

Business continuity plan

The medical record of Kathy Smith, the plaintiff, has been subpoenaed for a deposition. The plaintiff's attorney wishes to use the records as evidence to prove his client's case. In this situation, although the record constitutes hearsay, it may be used as evidence based on the:

Business records exception

Secondary data is generally used ________.

By external users

A durable power of attorney for healthcare decisions ______________. a. Should not be included in an individual's health record b. Applies only when the individual is competent c. Applies when the individual is no longer competent d. Prohibits the use of cardiopulmonary resuscitation in the event of a cardiac arrest

Disclosure of health information without the patient's authorization _____________. a. Is prohibited by federal law b. Is prohibited by most state laws c. May be required by specific state statutes d. Is only required for cases of suspected child abuse

In order for Susan to be able to prove negligence, she must be able to prove injury, standard of care, breach of standard of care and which of the following? a. Misfeasance b. Causation c. Malfeasance d. Joinder

The content of the health record _____

Which document directs an individual to bring originals or copies of records to court? a. Summons b. Subpoena ad testificandum c. Subpoena duces tecum d. Deposition

Which statement is true concerning CDR and EHR?

CDR supports management of data for an EHR

what application sets an EHR apart from simply automating paper documents

CDS

Which of the following is a snapshot in time and consolidates data from multiple sources to enhance decision making?

CDW

who specified the criteria for the MU?

CMS

Which of the following is an application that uses standard order sets and other clinical decision support that supports physician order entry into the computer?

CPOE

Which system generates a patient's medication list?

CPOE

what applications are considered part of closed-loop medication management systems

CPOE, e-prescribing (e-Rx..which is a special type of CPOE), electronic medication administration record (E-MAR), or barcode medication administration record (BC-MAR), medication reconciliation systems, and automated drug dispensing machines......as well as policies/procedures and workflows associated with ensuring proper drug ordering, dispensing, administering, and monitoring of reactions.

An individual's request that a covered entity attach an amendment to his or her health record:

Can be denied if the PHI in question was not created by the covered entity

Under HIPAA rules, when an individual asks to see his or her own health information, a covered entity:

Can deny access to psychotherapy notes

under the HIPAA Privacy Rule, when an individual asks to see their own health information, a covered entity:

Can deny access to psychotherapy notes

Under HIPAA rules, when an individual asks to see his or her own health information, a covered entity:

Can deny access to psychotherapy notes.

Who was the author of Bills of Mortality and what type of data was he collecting?

Captain John Graunt was the author. He was gathering data on the common causes of death in London.

In this case management step, the case manager confirms that the patient meets criteria for the care setting and that the services can be provided at the facility.

Care planning at the time of admission

Judicial law also known as

Case law or Common law

The principal process by which organizations optimize the continuum of care for their patients is:

Case management

In order for Susan to be able to prove negligence, she must be able to prove injury, standard of care, breach of standard of care and which of the following?

Causation

What term is used for the number of inpatients present at any one time in a healthcare facility?

Census

who maintains icd 9 / 10 procedure classifications

Centers for Medicare and Medicaid Services

Disease registry

Central collection of data used to improve the quality of care and measure the effectiveness of a particular aspect of healthcare delivery

The registered Health Information Technician (RHIT) credential is an example of which of the following?

Certification AHIMA

Managing the adoption and implementation of new processes is called:

Change management

In order for a hospital to generate a claim for reimbursement by a health plan, the EHR must have which of the following components?

Charge capture

The unique number that identifies each service or supply in the CDM and links each item to a particular department is known as the:

Charge code

The National Patient Safety Goals (NPSGs) have effectively mandated all healthcare organizations to examine care processes that have a potential for error that can cause injury to patients. Which of the following processes are included in the NPSGs?

Check patient medicines, prevent infection, and identify patients correctly

Who is responsible for implementing the policies and strategic direction of the hospital or healthcare organization and for building an effective executive management team?

Chief Executive Officer

Which of the following types of hospitals are excluded from the Medicare inpatient prospective payment system?

Children's

Community Hospital wants to offer information technology services to City Hospital, another smaller hospital in the area. This arrangement will financially help both institutions. In reviewing the process to establish this arrangement, the CEO asks the HIM director if there are any barriers to establishing this relationship with regard to HIPAA. In this situation, which of the following should the HIM director advise?

City Hospital should obtain a business associate agreement with Community Hospital

Which of the following is not one of the basic functions of the utilization review process?

Claims Management

Which of the following is not one of the basic functions of the utilization review process?

Claims management

In a typical acute-care setting, charge capture is located in which revenue cycle area?

Claims processing

In a typical acute-care setting, which revenue cycle area uses an internal auditing system (scrubber) to ensure that error-free claims (clean claims) are submitted to third-party payers?

Claims processing

In a typical acute-care setting, the Explanation of Benefits, Medicare Summary Notice, and Remittance Advice documents (provided by the payer) are monitored in which revenue cycle area?

Claims reconcilliation/collections

Diagnostic and Statistical Manual of Mental Disorders, Fifth Edition (DSM-5)

Classification for mental disorder • Print, online, and in software applications • Assignment by a clinician • Used for o Assessments o Developing treatment plans o Communicating between healthcare providers

As part of the clinic's performance improvement program, an HIM director wants to implement benchmarking for the transcription division at a large physician clinic. The clinic has 21 transcriptionists who average about 140 lines per hour. The transcription unit supports 80 physicians at a cost of 15 cents per line. What should be the first step that the supervisor takes to establish benchmarks for the transcription division?

Clearly define what is to be studied and accomplished by instituting benchmarks

When some computers are used primarily to enter data and others to process data the architecture is called:

Client/server

-------- data analytics is where health infromation is captured, reviewed, and used to measure the quality of care provided

Clinical

Which decision support systems could deliver a reminder to a physician that it is time for the patient's flu shot?

Clinical

________ data analytics is where health information is captured, reviewed, and used to measure the quality of care provided.

Clinical

CDR what is it

Clinical Data Repository a special kind of relational database

Online transaction processing is conducted in which of the following

Clinical data repository

Which of the following technologies would be best for a hospital to use to manage data from its laboratory, pharmacy, and radiology information systems?

Clinical data repository

Structured data templates

Clinical documentation systems that support clinical decision making capture data via ______________. Alerting programs Digital dictation Scanned images Structured data templates

Who are the primary users of the health record for delivery of healthcare services?

Clinical professionals who provide direct patient care

SNOWMED CT

Clinical terminology used for documentation and reporting • No book of codes or no assignment by a coding professional • Implemented in software applications • Granular level of clinical data capture

Revenue Codes

Codes that classify hospital categories of service by revenue cost center; reported on the CMS 1450

Most chief financial officers view the HIM department's most essential role in the revenue cycle management to be:

Coding of the record

Bills of Mortality was the foundation for what?

Collecting statistical information

The concept of systems integration refers to the healthcare organization's ability to:

Combine information from any system within the organization

Clinical Observations

Comments of care givers that create a chronological report of the patient's condition and response to treatment during his or her hospital stay.

This private, not-for-profit organization is committed to developing and maintaining practical, customer-focused standards to help organizations measure and improve the quality, value, and outcomes of behavioral health and medical rehabilitation programs.

Commission on Accreditation of Rehabilitation Facilities

Performance standards are used to:

Communicate performance expectations

Brainstorming, affinity grouping, and nominal group techniques are tools and techniques used during performance improvement initiatives to facilitate ____ among employees.

Communication

Ratio

Comparing quantities where x and y are completely independent of each other or x can be included in y.

Mrs. Elfman has filed a medical malpractice lawsuit against Dr. Quinn. She accomplishes this by which of the following?

Complaint

A record that fails quantitative analysis is missing the quality criterion of:

Completeness

Components of ICF

Components o Health condition o Body functions o Body structures o Activities and Participation o Contextual Factors

Encoders

Computer software programs that assist in the assignment of codes used with diagnostic and procedural classifications are called:

HIM Professionals have been working with a multidisciplinary committee to identify the best solution that will allow hospital physicians coordinated access to all forms of incoming and outgoing messages including voice, fax, e-mail, and video mail. Currently, physicians have to log in to various systems, using different IDs and passwords to retrieve all their messages, reducing effectiveness and efficiency. Which of the following would provide the best solution to the current problem?

Computer-telephone integration (CTI)

Electronic Data Interchange (EDI)

Computer-to-computer transfer of data between provider and payer (or clearinghouse) using a data format agreed upon by the sending and receiving parties

Since we implemented a new technology, we have eliminated lost orders and problems with legibility. What technology are we using?

Computerized physician/provider order entry

semantic network

Concepts joined together by links that show how the concepts are related.One of the knowledge sources for users of the Unified Medical Language System

What is the general name for Medicare rules affecting healthcare organizations?

Conditions of Participation

Community Hospital has launched a clinical documentation improvement (CDI) initiative. Currently, clinical documentation does not always adequately reflect the severity of illness of the patient or support optimal HIM coding accuracy. Given this situation, which of the following would be the best action to validate that the new program is achieving its goals?

Conduct a retrospective review of all query opportunities for the year

Which of the following is not a responsibility of a healthcare organization's quality management department?

Conducting medical peer review to identify patters of care

What is the legal term used to define the protection of health information in a patient-provider relationship?

Confidentiality

In the health information exchange patience opt in or opt out of having their data exchange via

Consent directive

*Problem oriented health record

Consists of a problem list, the history and physical exam and initial lab findings, test, procedures and progress notes.

The exchange of email communication between the patient and physician on a question regarding medication is an example of --------- health informatics.

Consumer

The exchange of email communication between the patient and physician on a question regarding medication is an example of ____________ health informatics.

Consumer

Tools such as mobile devices, patient portals, and social networking allow consumers to not only manage their health information electronically but also participate in their own healthcare via electronic means.

Consumer health IT application for information access and navigation

A patient portal that allows personal health information to be uploaded for provider access is and example of

Consumer mediated exchange

Which of the following is a form of HIE?

Consumer mediated exchange

A patient portal that allows personal health information to be uploaded for provider access is an example of _______________.

Consumer-mediated exchange

Which of the following is not an element that makes information "PHI" under the HIPAA Privacy Rule?

Contained within a personnel file

What is metadata?

Contains indexing terms and attributes that gives data on data. For example, creation date, date sent, date received, last access date, and last modification date.

A record is considered a primary data source when it ___.

Contains information about the patient that has been documented by the professionals who provided care to the patient

A record is considered a primary data source when it ___________.

Contains information about the patient that has been documented by the professionals who provided care to the patient

A --------- would be used to define syntax conventions.

Content and structure Standard

A ________ would be used to define syntax conventions.

Content and structure standard

What does CCD stand for?

Continuity of Care Document

What does CCR stand for?

Continuity of Care Record

Which of the following is an example of a business associate?

Contract coder

Which of the following is necessary to ensure that each term used in an EHR has a common meaning to all users?

Controlled Vocabulary

Application safeguards

Controls contained in application software or computer programs to protect the security and integrity of information

Original data sets such as UHDDS and UACDS create a big challenge in what type of conversion?

Conversion to electronic format. They were originally created for paper-based health record systems.

What does the American National Standards Institute (ANSI) do?

Coordinates the development of voluntary standards in a variety of industries, including healthcare.

Which of the following is the definition of revenue cycle management?

Coordination of all administrative and clinical functions that contribue to the capture, management, and collection of patient service revenue

Which term refers to the electronic transmission of information from a provider to a health plan to determine a patient's eligibility for services?

Coordination of benefits transaction

Define Continuity of Care Record (CCR).

Core data set for patient's clinical summary. Pertains to EHR only.

Errors in the health record should be which of the following?

Corrected by drawing a single line in ink through the incorrect entry

The one aspect of managed care that has had the greatest impact on healthcare organizations is:

Cost Control

The one aspect of managed care that has had the greatest impact on healthcare organizations is:

Cost control

A lawsuit by a defendant against a plaintiff is a:

Counterclaim

Amber files a medical malpractice lawsuit against Dr. Mason, who performed her surgery. She names no other defendants in the lawsuit. Dr. Mason files a complaint against Amber. By doing this, Dr. Mason has completed which legal action?

Counterclaim

District court

Court in the lowest tier of the federal court system

US court of appeals

Court with the power to overturn the final judgments of district courts

US supreme court

Court with the power to overturn the final judgments of federal and state courts of appeal

state appellate court

Court with the power to overturn the final judgments of state trial courts

International Classification of Diseases, Tenth Revision, Procedure Coding System (ICD-10-PCS)

Created by 3M Health Information Systems • Maintained by Centers for Medicare and Medicaid Services • Reports procedures for inpatient claims • Possible updates April and October • Print, online, and in software applications • Assignment by a professional code

Statutes are laws:

Created by or enacted by legislative bodies

This status is conferred by a national professional organization that is dedicated to a specific are of healthcare practice.

Credential

Which of the following is not reimbursed according to the Medicare prospective payment system?

Critical access hospitals

This is a true statement

Critique this statement: HIPAA represents an attempt to establish best practices and standards for health information security. This is a true statement. This is not a true statement as HIPAA does not establish best practices for health information security. This is not a true statement as HIPAA does not establish standards for health information security. This is not a true statement as HIPAA does not address health information security.

Many organizations and quality experts define quality as meeting or exceeding:

Customer Expectations

Dr. Smith is being sued by a former patient. At issue is whether the care he provided the patient was consistent with that which would be provided by an ordinary and reasonable physician treating a patient in the plaintiff's condition. The concept in question is whether _____________. a. Dr. Smith owed a duty to the patient b. Dr. Smith was practicing medicine with a valid license c. There was a causal relationship between Dr. Smith's actions and the harm to the patient d. Dr. Smith met the standard of care

In Lindsay's lawsuit against her physical therapist, her attorney a) obtained copies of most documents that he requested such as medical records, contracts, e-mail communications, bills, and receipts. However, at trial, Lindsay was surprised to learn that b) several of these documents were not permitted to be considered by the jury as evidence. The concepts associated with a) and b) are which of the following? a. Subpoena; default b. Counterclaim; discovery c. Deposition; voir dire d. Discovery; admissibility

Jeremiah files a medical malpractice lawsuit against Dr. Watson, who performed his surgery. He names no other defendants in the lawsuit. Dr. Watson files a complaint against his assistant surgeon, Dr. Crick. By doing this, Dr. Watson has completed which legal action? a. Counterclaim b. Crossclaim c. Default judgment d. Joinder

Policies that address how PHI is used inside the organization deal with which of the following? a. Legal health record b. Priviledged communications c. Disclosures d. Use

Stacie is writing a health record retention policy. She is taking into account the statute of limitations for malpractice and contract actions in her state. A statute of limitations refers to which of the following? a. A limited number of state laws b. The period of time that a case must be brought to trial c. The timeliness of the health records in her facility d. The period of time in which a lawsuit must be filed

Which of the following tyeps of destruction is appropriate for paper health records? a. Degaussing b. Demagnetizing c. Overwriting d. Pulping

Which of the following determines the content of the health record? A. state law B. Federal regulations C. Accrediting body regulations D. All of the above

D. All of the above

HIT Professionals must have knowledge of A. privacy issues with regard to the management of health information B. laws affecting the use and disclosure of health information C. AHIMA's professional ethical principles of practice regarding the use and disclosure of health information D. all of the above

D. all of the above

In a deposition A. a subpoena is issued B. an individual appears at an appointed time and place to testify under oath C. a reporter transcribes the testimony D. all of the above

D. all of the above

Medical malpractice A. refers to the professional liability of healthcare providers B. includes breach of contract C. includes intentional torts and negligence D. all of the above

D. all of the above

The sources of law are: A. constitutions B. statutes and administrative law C. judicial decisions D. all of the above

D. all of the above

what was EDMS called at first?

DIMS- document imaging management systems

What term is used for the number of inpatients present at the census-taking time each day, plus any inpatients who were both admitted and discharged after the census-taking time the previous day?

Daily census

The --------is a management report of process measures.

Dashboard

The _________ is a management report of process measures.

Dashboard

Which of the following provide process measure metrics in a precise format?

Dashboard

To arrive at information, -------- are required

Data

To arrive at information, _________ are required.

Data

What does DEEDS stand for?

Data Elements for Emergency Department Systems

Which of the following is a technique for graphically depicting the structure of a computer database?

Data Model

The protection measures and tools for safeguarding information and information systems is a definition of:

Data Security

Metadata are which of the following?

Data about data

The Medical Review Committee wants to determine if the hospital is in compliance with Joint Commission standards for medical record delinquency rates. The HIM Director has compiled a report that shows that records are delinquent for an average of 29 days after discharge. Given this information, what can the Committee conclude?

Data are insufficient to determine whether the hospital is in compliance

What is the first stage of transforming raw data into meaningful analytics?

Data capture

what is the first stage of transforming raw data into meaningful analytics?

Data capture

When all required data elements are included in the health record, the quality characteristic for ____ is met.

Data comprehensiveness

When all required data elements are included in the health record, the quality characteristics for ________________ is met.

Data comprehensiveness

Decryption

Data decoded and restored back to original readable form

Decryption

Data decoded and restored back to original readable form.

Secondary Data Source for Health Information

Data derived from a patient record, such as an index or database.

Secondary data:

Data derived from the primary patient record

Aggregate data:

Data extracted from individual patient records and combined to form information about groups of patients

--- is a tool used for extracting data from the database.

Data mining

------------- is key to the knowledge discovery process.

Data mining

__________ is key to the knowledge discovery process.

Data mining

___________ is a tool used for extracting data from a database.

Data mining

Identity data integrity

Data must be accurately collected, entered, and queried in order to maintain patient identity data integrity.

The term used to describe excepted data values is

Data precision

Information

Data processed into a usable form

What is the second stage of a transforming raw data into meaningful analytics?

Data provisioning

What is the second stage of transforming raw data into meaningful analytics?

Data provisioning

Integrity

Data security includes protecting data availability, privacy, and ________. a. Suitability b. Integrity c. Flexibility d. Quality

Health Data and Information Sets

Data set: recommended data element with uniform definition o Data collected used for clinical decision support and clinical quality measures

*Registry

Database on specific diseases and procedures

All of the following are required elements of a charge description master except:

Date of service

What is the singular form of data?

Datum

A _________ generated scorecard could be used by a manager to monitor readmission rates in order to track trends and identify opportunities for improvement.

Decision support system

A-------- generated scorecard could be used by a manager to monitor readmission rates in order to track trends and identify oppurtunities for improvement .

Decision support system

What is it called when accrediting bodies such as The Joint Commission can survey facilities for compliance with the medicare Conditions of Participation for Hospitals instead of the government?

Deemed Status

If a defendant fails to answer a complaint or take other action, the court grants the plaintiff a judgment by:

Default

Content and structure Standards

Define the syntax conventions such as the clinical Document Architecture (CDA) which specifies the structure and semantics of a care plan.

Transport standards

Define the way in which information is moved from one location to another. An example of a transport standard is the Hypertext Transfer Protocol (HTTP)

The legal health record (LHR) is a(n):

Defined subset of all patient-specific data created and accumulated by a healthcare provider that may be released to third parties in response to a legally permissible request for patient information

Consumer-directed health plans (CDHPs)

Defines employer contributions and asks employees to be more responsible for health care decisions and cost sharing

HIM profession is changing due to

Demands of physicians

Cancer Registry Key Components

Demographic information Information on the industrial or occupational history of the individual with cancer Administrative info, including date of diagnosis Pathological data characterizing the cancer, including site, stage of the neoplasm, etc

Traditional model of HIM

Department based.

sworn testimony usually collected before a trial

Deposition

"What happened?" Is answered by --- analytics.

Descriptive

"What happened?" is answered by _______ analytics.

Descriptive

Burning, shredding, pulping, and pulverizing are all acceptable methods in which process?

Destruction of paper-based health records

Which of the following is not a step in quality improvement decision-making?

Determination of the quickest solution

The patient's account balance is displaying a negative balance. What should the health care organization do to resolve this situation?

Determine which payer overpaid and return the funds

The phrase "bad debt" refers to accounts that include money owed by the patient and are:

Determined by the facility to be uncollectible

National Correct Coding Initiative (NCCI)

Developed by CMS to promote national correct coding methodologies and to eliminate improper coding

What is the American Dental Association (ADA)?

Develops dental standards and promote safe and effective oral healthcare.

All of the following are Joint Commission core measure criteria sets except:

Diabetes mellitus

"Why did it happen ?" is answered by -----------analytics.

Diagnostic

"Why did it happen?" is answered by _______ analytics.

Diagnostic

Which of the following services would be included in the 72-hour payment window and included in the inpatient MS-DRG payment to an acute-care hospital?

Diagnostic laboratory testing

What does DICOM stand for?

Digital Imaging and Communication in Medicine

The most common approaches to converting from an old information system to a new one are the parallel approach, the phased approach, and the ____ approach.

Direct cutover

Forms of Health Information Exchange

Directed Exchange: Is the ability to send and receive secure information electronically between care providers to support coordinated care. Examples os patient information include ancillary tests orders and results, patient care summaries, or consultation reports. The encrypted patient information is electronically sent securely between parties with an established relationship. For example, directed exchange is used to report public health data. Query based exchange: is the ability for providers to find and / or reequest information on a patient from other providers, often used for unplanned care. Query based exchange is used to search and disciver accessible clinical sources on a patient. Example, a query based exchange can assist a provider in obtaining a health record on a patient who is visiting from another state, resulting in more informed decisions about the care of the patient. Consumer mediated exchange: is the ability for patients to aggregate and control the use of their health information among providers. For this form ,the patient is the driver, not the provider. For example, a patient portal may allow personal health information to uploaded for provider access.

The HIPAA Security Awareness and Training administrative safeguard requires all of the following addressable implementation programs for an entity's workforce except:

Disaster recovery plan

Which stage of the litigation process focusses on how strong a case the opposing party has?

Discovery

In Lindsay's lawsuit against her physical therapist, her attorney a) obtained copies of most documents that he requested such as medical records, contracts, e-mail communications, bills, and receipts. However, at trial, Lindsay was surprised to learn that b) several of these documents were not permitted to be considered by the jury as evidence, The concepts associated with a) and b) are which of the following?

Discovery; admissibility

To identify cases to be entered into the trauma registry, where should someone look?

Disease index

*Registries

Disease registries Cancer registries Transplant registries Immunization registries, etc.

Which of the following data sets would be most useful in developing a grid for identification of components of the legal health record in a hybrid record environment?

Document name, media type, source system, electronic storage start date, stop printing start date

The principal purpose of the health record is to

Document patient treatment and allow providers to communicate

The use of disclosure of PHI for marketing

Does not require written authorization for face-to-face communications with the individual

The amount of money owed a healthcare facility when claims are pending is called:

Dollars in accounts receivable

When a hospital develops its EHR system by selecting one vendor to provide financial and administrative applications and another vendor to supply the clinical applications, this is commonly referred to as a ____ strategy.

Dual Core

Which of the following is an element of negligence?

Duty

what does it mean to say that EDMS has workflow support?

EDMS will send notifications out when certain jobs need to be done at the correct time

describe the second part of MU- certification that EHR tech meets standards criteria

EHR has to be certified by an entity approved by the ONC an ONC authorized testing and certifying body

Which of the following statements does NOT pertain to electronic health records (EHRs) ?

EHRs are filed in paper folders.

Recommendations for care based on research

EHRs support evidence-based medicine, which refers to which of the following? Recommendations for care based on research Clinical decision support Clinical documentation improvement Medical quality improvement

Community Hospital wants to provide transcription services for transcription of office notes of the private patients of physicians. All of these physicians have medical staff privileges at the hospital. This will provide an essential service to the physicians as well as provide additional revenue for the hospital. In preparing to launch this service, the HIM director is asked whether a business associate agreement is necessary. Which of the following should the hospital HIM director advise to comply with HIPAA regulations?

Each physician practice should obtain a business associate agreement with the hospital

A Joint Commission-accredited organization must review its formulary annually to ensure a medication's continued:

Efficacy and Safety

A transition technology used by many hospitals is to increase access to medical record content is:

Electronic document management system

Which of the following is a transition strategy to achieve an EHR?

Electronic document management system

Which of the following technologies would allow a hospital to get as much medical record information online as quickly as possible?

Electronic document management system

Electronic systems used by nurses and physicians to document assessments and findings are called:

Electronic point-of-care charting

Specific performance expectations and/or structures and processes that provide detailed information for each of the Joint Commission standards are called:

Elements of performance

What is the biggest threat to the security of healthcare data?

Employees

Periodic performance reviews:

Encourage good performance

The executive branch the president and staff, namely cabinet level agencies --------

Enforces the law. Example , the centers for Medicare and Medicaid Services (CMS), an agency within the cabinet level department of Health and Human services (HHS), enforces the Medicare laws.

Which of the following is a benefit of HIE?

Enhanced patient care coordination

Which of the following is a benefit of HIE?

Enhanced patient care coordination or a basic level of interoperability is met .

Why does an ideal EHR system require point-of-care charting?

Ensures that appropriate data are collected

Which of the following must covered entities do to comply with HIPAA security provisions?

Establish a contingency plan

The primary goal of the Hospital Standardization Program established in 1918 by the American College of Surgeons was to:

Establish minimum quality standards for hospitals

Authentication of a record refers to:

Establishment of its baseline trustworthiness

The IRB functions as a(n):

Ethics committee

How do patient care managers and support staff use the data documented in the health record?

Evaluate the performance of individual patient care providers and to determine the effectiveness of the services provided.

During training, the employee should be:

Evaluated to make sure work is error free

CDI staff should revisit cases:

Every 24 to 48 hours

The policies and procedures section of a coding compliance plan should include all of the following except:

Evidence-based practice guideline

What is the term for an explicit statement that directs clinical decision making?

Evidence-based practice guideline

The _______ would be used to help find actionable insights to drive enterprise performance.

Executive information system

Which system would be used to pull together operational and clinical information in order to uncover a problem with readmissions

Executive information system

Which system would be used to pull together operational and clinical information in order to uncover a problem with readmissions?

Executive information system

The ---------would be used to help find actionable insights to drive enterprise performance.

Executive information system.

Which of the following uses artificial intelligence techniques to capture the knowledge of human experts and to translate and store it in a knowledge base?

Expert System

Written or spoken permission to proceed with care is classified as:

Expressed Consent

What does XML stand for?

Extensible Markup Language

A cross-claim is a claim by a defendant against a plaintiff.

FALSE

In mediation, a third party makes a final decision about a dispute between parties

FALSE

PHRS can contain information from the patients themselves but not from healthcare providers.

FALSE

Private law defines rights and duties between individuals and the government.

FALSE

Scheduling appointments is a required functionality for a patient portal.

FALSE

deposition does not occur under oath.

FALSE

The Privacy Rule public interest and benefit purposes include

Facilitating organ donations Information about decedents Information provided to law enforcement

Breach of contract

Failure to meet the conditions specified under a legal agreement

A deposition does not occur under oath

False

A subpoena duces tecum primarily seeks an individual's testimony.

False

A subpoena is another name for a court order.

False

Administrative law is created by court decisions.

False

I physician champion is now referred as the chief medical informatics officer

False

True or false. A Level I trauma center provides care from initial evaluation through stabilization.

False

True or false. The main goal of Healthy People 2020 is to focus on promoting vaccine safety in public and private provider settings.

False

Went almost all application used in a hospital or acquired from the same vendor the strategy being deployed is it consider best of breed

False

Web service architecture does not require an interface

False ( web servers architecture requires web-based forms of interphase such as XML

The following table compares Community Hospital's pneumonia length of stay (observed LOS) to the pneumonia LOS of similar hospitals (expected LOS). Given this data, where might Community Hospital want to focus attention on its pneumonia LOS?

Family Practice

FRCP

Federal Rules of Civil Procedure created E-discovery rules

Corporate compliance programs became common after adoption of which of the following:

Federal Sentencing Guidelines

Which of the following is an example of an external user utilizing secondary data?

Federal agencies

Which entity is responsible for processing Part A claims and hospital-based Part B claims for institutional services on behalf of Medicare?

Fiscal intermediary/MAC

The facility's Medicare case-mix index has dropped, although other statistical measures appear constant. The CFO suspects coding errors. What type of coding quality review should be performed?

Focused audit

The most recent coding audit has revealed a tendency to miss secondary diagnoses that would have increased reimbursement for the case. Which of the following strategies will help to identify and correct these cases in the short term?

Focused reviews on lower weighted MS-DRGs from triples and pairs

Must conduct a risk assessment to determine if the specification is appropriate to its environment

For HIPAA implementation specifications that are addressable, the covered entity _________. a. Implements the specification b. May choose not to implement the specification if it is too costly to execute c. Must conduct a risk assessment to determine if the specification is appropriate to its environment d. Does not have to implement the specification if it is a small hospital

The Privacy Rule establishes that a patient has the right of access to inspect and obtain a copy of his or her PHI

For as long as it is maintained

Consumer health IT applications

For information access and navigation include hardware, software, and web based applications. Tools such as mobile devices, patient portals, and social networking allow consumers to not only manage their health information electronically but also participate in their own healthcare via electronic means.

Which of the following are used to associate relationships between entities (tables) in a relational database?

Foreign Keys

Primary focus of AHIMA

Foster professional development of its members

If an HIM department acts in deliberate ignorance or in disregard of official coding guidelines, it may be committing:

Fraud

Information in personal health records (PHRS)

From a number of sources including those from patients themselves as well as healthcare providers. Identification sheet : form originated at the time of registration that contains demographic information. Problem list: List of significant illnesses and operations. Medication Record: list of medication listing those prescribed or administered. History and physical: past and current illness and surgeries, current medications and family history as well as a physical exam performed by the physician. Progress notes: Notes made by the doctors, nurses , therapists, and social workers that reflect their observations, the patient's response to treatment, and plans for continued treatment. Consultation: opinion about the patient's condition made by a physician other than the attending physician. Physician's orders: Physician's directions to nurses and other members of the healthcare team regarding medications, tests, diets, and treatments. Imaging and x-ray repots: findings of X-rays, mammograms, ultrasounds, and scans. Lab reports: results of tests conducted on body fluids. Immunization record: documentation of immunizations given for diseases such as polio,measles, mumps, rubella, and the flu. Consent and authorization forms: consents for admission, treatment m surgery, and release fo information.

Physicians correct misrecognitions at the time of dictation when -------is used.

Front end speech recognition technology

Physicians correct misrecognitions at the time of dictation when _______ is used.

Front-end speech recognition technology

The following data has been collected about the HIM department's coding productivity as part of the organization's total quality improvement program. Which of the following is the best assessment of this data?

Full-time coders are more productive than part-time coders

The __ provide the objective and scope for the HIPAA Security Rule as a whole.

General Rules

*Certification

Given to acknowledge a specified level of knowledge, competencies, and skills. - Tests to receive certification CCHIM Credentials that has specific eligibility requirements and a certification examination. RHIT, RHIA, CCA, CCS, CCS-P, CHPS, CHDA, CDIP, CHTS

*Licensure

Gives the person permission to practice, or the organization to operate within a certain field of practice. Given by an organization or governmental agency.

Which of the following apply to radiological and other procedures that include professional and technical components and are paid as a lump sum to be divided between physician and healthcare facility?

Global payments

state supreme court

Gnerally, term used to describe court in the highest tier of the state court system

House of Delegates

Governs the HIM profession

Certification is :

Granted to both individuals and organizations

Which of the following data visualization tool is used when displaying trends?

Graphs

The codes used in a charge description master are:

HCPCS Levels I and II

This data set was developed by the National Committee for Quality Assurance to aid consumers with health-related issues with information to compare performance of clinical measures for health plans:

HEDIS

Which of the following issues compliance program guidance?

HHS Office of Inspector General (OIG)

the ONC falls within what governmental department?

HHS- department of health and human services

Six years from date of creation or date when last in effect, whichever is later

HIPAA requires that policies and procedures be maintained for a minimum of _______. a. Seven years b. Six years from date of creation c. Six years from date of creation or date when last in effect, whichever is later d. Seven years from date when last in effect

National Provider Identifier (NPI)

HIPAA standard that would require hospitals, doctors, nursing homes, and other health care providers to obtain a unique identifier consisting of 10 numeric digits for filing electronic claims with public and private insurance programs

What are the two names of the HHS advisory committees established by ARRA?

HIT Policy Committee (HITPC) and HIT Standards Committee (HITSC).

---------------is a barrier to health information exchange users.

HITECH

what act made the ONC permanent?

HITECH

Which of the following statements represents an example of nonmaleficense?

HITs must ensure that patient-identifiable information is not released to unauthorized parties

Which of the following is a family of standards that aid the exchange of data among hospital systems and physician practices?

HL7

who developed the EHR-System Function Model

HL7

how may the CCD be transmitted?

HL7 standard messages, email attachments, or standard internet file protocol (FTP)

The creation of the National Practitioner Data Bank was mandated by the ___.

Health Care Quality Improvement Act

The creation of the National Practitioner Data Bank was mandated by the:

Health Care Quality Improvement Act

What does HIT stand for?

Health Information Technology

what does HITECH stand for

Health Information Technology for Economic and Clinical Health

HIPAA

Health Insurance Portability and Accountability Act

What does HL7 stand for?

Health Level 7

HL7

Health Level 7 - message format standards that aid in the exchange of health data among hospital and physician systems. Used by almost every EHR vendor in the US

Primary Data Source for Health Information

Health Record - because it contains information about a patient which has been documented by a professional who provided care for said patient.

HIEO- define

Health information exchange organization- organization that governs the exchange of health-related info among organizations according to nationally recognized standards

what types of health records are subject to the HIPAA Privacy Rule?

Health records in any format

What does HEDIS stand for?

Healthcare Effectiveness Data and Information Set

The collection of information on healthcare fraud and abuse was mandated by HIPAA and resulted in the development of the ___.

Healthcare Integrity and Protection Data Bank

The collection of information on healthcare fraud and abuse was mandated by HIPAA and resulted in the development of:

Healthcare Integrity and Protection Data Bank

A health record is owned by which of the following?

Healthcare organization that created and maintains it

One of the advantages of an EDMS is that it can:

Help manage work tasks

Edit check

Helps to ensure data integrity by allowing only reasonable and predetermined values to be entered into the computer

Edit Check

Helps to ensure data integrity by allowing only reasonable and predetermined values to be entered into the computer.

What is the name of the system in which discharge data was collected?

Hospital discharge abstract systems.

What did the first data standardization efforts focus on?

Hospitals and specifically on hospital discharge data.

The Legislative branch includes

House of representatives (Congress) Senate

Which of the following agencies is responsible for providing healthcare services to American Indians and Alaska natives?

IHS

OF THE FOLLOWING OPTIONS, A SIGN IN SHEET AT A PHYSICIAN'S OFFICE IS BEST DESCRIBED AS:

INCIDENTAL DISCLOSURE

National employer identifier

IRS federal tax identification number (EIN) adopted as the national employer identifier, retaining the hyphen after the first two numbers

at the point of care

Ideally, clinical documentation in an EHR should be performed _____________. a. At the point of care b. Before the patient is discharged from the hospital c. Via speech dictation when the clinician has completed examination of the patient d. Within one business day of collection

What can be determined from aggregate data?

Identification of common characteristics that might predict the course of a disease or provide information about the most effective way to treat it.

Access safeguards

Identification of which employees should have access to what data; the general practice is that employees should have access only to data they need to do their jobs

Access safeguards

Identification of which employees should have access to what data; the general practice is that employees should have access only to data they need to do their jobs.

Patient identifiable data

Identified by name or number.

A risk analysis is useful to:

Identify security threats

Which of the following should be the first step in any quality improvement decision-making process?

Identifying the problem

What does the term access control mean?

Identifying which data employees should have a right to use

The key for linking data about an individual who is seen in a variety of care settings is:

Identity Matching Algorithim

Security functionality provided in the health information exchange is collectively referred to as which of the following

Identity management

Community Hospital is identifying strategies to minimize the security risks associated with employees leaving their workstations unattended. Which of the following solutions will minimize the security risk of unattended workstations?

Implement session termination

In which phase of the systems development life cycle are trial runs of the new system conducted, backup and disaster recover procedures developed, and training of end users performed?

Implementation

A step-by-step approach to installing, testing, training, and gaining adoption for an EHR is referred to as:

Implementation Plan

In Medicare, the most common forms of fraud and abuse include all of the following, except:

Implementing a clinical documentation improvement program

When an individual requests a copy of the PHI or agrees to accept summary or explanatory information, the covered entity may:

Impose a reasonable cost-based fee

False Claims Act (FCA)

Imposes civil liability on those who submit false/fraudulent claims to the government for payment and can exclude violators from participation in government programs

Sharing the contents of PHR with the providers created an opportunity to----

Improve patient safety

Sharing the contents of a PHR with providers creates an opportunity to ____________.

Improve patient safety

Staff model

In a _____ HMO the physicians are employed by the HMO. Physicians see only members of the HMO and are paid a salary by the HMO: Group Model Network Model Open-Panel Model Staff Model

Consent Directive

In a health information exchange, patients opt in or opt out of having their data exchanged via a(n) _____________________. Access controls Authorization form Consent directive Release of information

The Privacy Rule extends to protected health information

In any form or medium, including paper and oral forms

Public key infrastructure (PKI)

In cryptography, an asymmetric algorithm made publicly available to unlock a coded message

Public Key Infrastructure (PKI)

In cryptography, an asymmetric algorithm made publicly available to unlock a coded message.

Charge Capture

In order for a hospital to generate a claim for reimbursement by a health plan, the EHR must have which of the following components? Business intelligence Charge capture Claim clearinghouse Encoder

Medical device integration

In order for a physiological monitor, such as a device a patient may wear during exercise, to be connected to an EHR, there must be which of the following? Data porting Medical device integration Picture archiving and communication system Telehealth application

Identity matching

In order to locate a patient via a health information exchange organization, there must be which of the following? a. Identity matching b. Identity management c. Record locator service d. Unique patient identifier

Data consistency

In two computer systems the same data element is different. This is what type of issue? Data availability Data consistency Data definition Data dictionary

RBRVS

In what system are payments for services determined by the resource cost needed to provide them? RBVS RBRVS RVBRS RVRBS

Aggregate Data

Includes data on groups of people or patients without identifying any particular patient or individual

A performance measure that enables healthcare organizations to monitor a process to determine whether it is meeting process requirements is called:

Indicator

After an outpatient review, individual audit results by coder should become part of the:

Individual employee's performance evaluation

Which of the following establish eligibility standards for enrollment in Medicaid?

Individual states

Which of the following statements about the directory of patients maintained by a covered entity is true?

Individuals must be given an opportunity to restrict or deny permission to place information about them in the directory

The process that involves ongoing surveillance and prevention of infections so as to ensure the quality and safety of healthcare for patients and employees is known as:

Infection Control

Case management coordinates an individual's care, especially in complex and high cost cases. Goals of case management include all of the following except:

Information Security

Primary data:

Information about the patient that is documented by the clinicians who provide services to the patient

New model of HIM

Information focused

Demographic data:

Information such as age and date of birth

Patient-identifiable data:

Information such as age and date of birth

smart peripherals

Infusion pumps and robotics are examples of which of the following? a. EHR systems b. Medical devices c. Smart peripherals d. Specialty clinical applications

Which of the following statements best describes the difference between a hospital inpatient and a hospital outpatient?

Inpatients receive room, board, and continuous nursing services in areas of the hospital where patients generally stay overnight; outpatients receive ambulatory diagnostic and therapeutic services.

What does IEEE stand for?

Institute of Electrical and Electronic Engineers

Workers Compensation

Insurance that most employers in the US are required to carry and is used for employees who are injured on the job.

IDS

Integrated Delivery Systems

IHR

Integrated Health Record

The paper-based health record format that organizes all forms in chronological order is known as the:

Integrated health record

ICD-0-3

International Classification of Diseases for Oncology, Third Edition; Based on ICD • Used by cancer registries o Reports topography and morphology of neoplasm • Print and online • Assignment by a professional coder; Used to report cancers to state and national registries

ICD9CM and 10

International Classification of Diseases, 9th and 10th Revision, Clinical Modification- a. It can be used as the basis for epidemiological research. b. It can be used in the evaluation of medical care planning for healthcare delivery systems. c. It can be used to facilitate data storage and retrieval

The ability to electronically send data from one electronic system to a different electronic system and still retain its meaning is called:

Interoperability

Define the ORYX initiative.

Introduced by The Joint Commission to integrate outcome data and other performance measurement data into its accreditation processes through data collection about specific core measures. The core measures are based on selected diagnoses/conditions such as diabetes mellitus, the outcomes of which can be improved by standardizing care.

A physician takes the medical records of a group of HIV-positive patients out of the hospital to complete research tasks at home. The physician mistakenly leaves the records in a restaurant, where they are read by a newspaper reporter who publishes an article that identifies the patients. The physician can be sued for:

Invasion of privacy

An HIM director reviews the departmental scanning productivity reports for the past three months and sees that productivity is below that of the national average. Which of the following actions should the director take?

Investigate whether there are factors contributing to the low productivity that are not reflected in the national benchmarks

Front end speech recognition (FESR)

Is a process where the provider speaks into a microphone or headset attached to a PC and upon speaking, the words are displayed as they are recognized. The physician corrects misrecognition at the time of dictation. Templates and macros are also tools used with SRT to capture data.

Release of birth and death information to public health authorities:

Is a public interest and benefit disclosure that does not require patient authorization

Back end speech recognition (BESR)

Is a specific use of speech recognition technology (SRT) in an enviornment where the recognition process occurs after the completion of dictation by sending voice through server. In BESR , an employee edits or corrects the dictation.

A physician patient relashionship

Is established by contract

The maintenance of health records

Is governed by state laws only

(ONC) office of the national coordinator for health information technology

Is harmonizing the standards and specifications, and guiding implementation. Harmonization involves the identification of candidate standards, evaluation fo the standards aginst specific criteria and selection, of a standard.

When a patient revokes authorization for release of information after a healthcare facility has already released the information, the facility in this case:

Is protected by the Privacy Act

Disclosure in a facility's patient directory:

Is subject to the patient having had the opportunity to informally agree or object

National coverage determination (NCD)

Issued by CMS to specify clinical circumstances for which a service is covered

Community Hospital's hardware has been placed on back-order; the network team is having trouble getting the network to function properly. This is an example of:

Issues management

Which of the following statements is not true about a business associate agreement?

It allows the business associate to maintain PHI indefinitely

Which of the following is a characteristic of credentialing?

It applies to the granting of specific clinical privileges to medical staff members

What does the Office of National Coordinator (ONC) do?

It helps develop a national health IT infrastructure to improve the quality and efficiency of healthcare and the ability of consumers to manage their care and safety.

Which of the following is a true statement about the legal health record?

It includes PHI stored on any medium

Define the Resident Assessment Instrument (RAI) process.

It is a federally mandated standard assessment used to collect demographic and clinical data on residents in a Medicare and/or Medicaid-certified long-term care facility. REQUIRED. It consists of three components: Minimum Data Set (MDS), the Care Area Assessment (CAA), and the RAI utilization guidelines. To meet federal requirements, an assessment must be completed for every resident at the time of admission and at designated reassessment points throughout the resident's stay.

Which of the following statements best defines utilization management?

It is a set of processes used to determine the appropriateness of medical services provided during specific episodes of care

Which of the following is an element of consent?

It is one's agreement to receive medical treatment

Consumer health informatics

It is the field devoted to informatics from multiple consumer or patient views. It is a subtype of health informatics. A patient portal to a provider's website where a PHR can be developed and maintained is an example of consumer health informatics. Clinical email communication is another example of consumer health informatics.

Which of the following is a characteristic of the legal health record?

It is the record disclosed upon request

Which of the following describes the National Practitioner Data Bank(NPDB)?

It limits movement of physicians with negative histories

What is the benefit of standardizing data elements and definitions?

It makes it possible to compare the data collected at different facilities.

What does HL7 CDA provide?

It provides an exchange model for clinical documents and brings the healthcare industry closer to the realization of EHR. The CDA standard makes documents machine-readable so that they can be easily processed electronically. It also makes documents human-readable so that they can be retrieved easily and used by people who need them.

The permanent RAC program was completely implemented in the United States by:

January 2010

Dr. Smith has been sued by a patient for a faulty hip replacement procedure. Because Dr. Smith believes he did not commit any errors, but rather that the artificial hip was defective, he brings in ortho joint, the manufacturer, as a defendant. The process Dr. Smith has just completed is called

Joinder

Who prohibits specific abbreviations from being used in the health record?

Joint Commission

Who interprets laws passed by the legislative branch?

Judicial branch (Court system)

Which of the following is one of the four sources of law?

Judicial decision

The legal control that a federal court has over cases involving federal statues is referred to as

Jurisdiction

A court's legal authority to make decisions is called

Jursdiction

Tracking a --- can help the tag problems and identify opportunities for performance improvement

Key indicator

Tracking a _______ can help detect problems and identify opportunities for performance improvement.

Key indicator

Tracking and comparing over time the number of medical records coded per hour by individual coder to assess coder productivity is an example of a __________.

Key indicator

What are the 3 main departmental/ancillary systems necessary for an EHR to function in a hospital

LIS (laboratory),RIS (radiology), pharmacy info sys

what are the 'big 3' ancillary systems needed to support the majority of clinical processes

LIS, RIS, and pharmacy information system

The chief information officer is a senior-level executive who is responsible for:

Leading the organization's strategic Information Systems planning process

3 branches of government

Legislative Executive Judicial

What term is used for the number of calendar days of an inpatient hospitalization from admission to discharge?

Length of stay

Medical school graduates must pass a test before they can obtain a _____ to practice medicine.

License

Which of the following gives an individual premission to practice or an organization to operate within a certain field of practice?

Licensure

Accession registry:

List of cases in a cancer registry arranged in the order in which the cases were entered

Disease index:

List of diseases and conditions of patient treated in a facility, sequenced according to classification code numbers

Physician index

List of patients by physician, usually arranged by physician code numbers

Trauma registry

List of patients with severe injuries

Operation index

List of the operations and procedures performed in a facility, sequenced according to classification code numbers

Chargemaster

Lists all the procedures, services, and supplies provided to patients by a hospital

Which of the following is an advance directive?

Living will

Local coverage determination (LCD)

Local payers specify clinical circumstances for which a service is covered by a Medicare payer and correctly coded

Physical control

Locks on computer room doors illustrate a type of _________. a. Access control b. Workstation control c. Physical control d. Security breach

Which of the following types of care is not covered by Medicare?

Long-term nursing care

IF SHERI REQUESTS A COPY OF HER HEALTH RECORD FROM A PROVIDER, PER HIPAA THE PROVIDER:

MAY CHARGE FOR THE COST OF COPYING

Which of the following is made up of claims data from Medicare claims submitted by acute-care hospitals and skilled nursing facilities?

MEDPAR

Critique this statement: The Medicare Provider Analysis and Review File is not made up of patient demographic data collected by acute care and skilled nursing facilities.

MEDPAR is actually made up of claims data which does include demographic data collected by acute care and skilled nursing facilities.

Critique this statement: The Medicare Provider Analysis and Review File is made up of patient demographic data collected by acute care and skilled nursing facilities.

MEDPAR is made up of claims data which does include demographic data

The Deficit Reduction Act of 2005:

Made compliance programs mandatory

Which of the following computer architectures uses a single large computer to process data received from terminals into which data are entered?

Mainframe

An organization is served with a subpoena. An appropriate response to the reasonable anticipation of litigation would be to:

Make a copy of the paper-based record associated with the anticipated litigation and give the original paper-based record to the organization's legal counsel to be secured in a locked file

If a patient wants to amend his or her health record, the covered entity may require the individual to:

Make an amendment request in writing and provide a rationale for the amendment

Alex fell from a tree and was taken to the emergency room. The physician did a physical exam and diagnosed Alex with contusions. In fact, Alex suffered a punctured lung that would have been detected by a radiologic image . In this case, the physician committed which of the following?

Malfeasasance

Which of the following systems would the HIM department director use to receive daily reports on the number of new admissions to, and discharges from, the hospital?

Management information system

MPI

Master Patient Index Permanent record of all patients treated

Disclosure of health information without the patient's authorization

May be required by specific state statues

They affordable care act is a regulation that was used by CMS, outlining an incentive program for professionals that adopt and successfully demonstrate-----certified EHR Technology

Meaningful use

Rate

Measure an event over time

Given the following information, from which payer does the hospital proportionately receive the least amount of payment?

Medicaid

What is the name of the program funded by the federal government to provide medical care to people on low incomes or with limited financial resources?

Medicaid

Which of the following dictates how the medical staff operates?

Medical Staff Bylaws

A smart phone app that analyzes and interprets blood pressure readings to detect irregularities is a _________ according to FDA guidance.

Medical device

A smart phone app that analyzes and interprets blood pressure readings to detect irregularities is a----according to FDA guidance

Medical device

According to FDA guidance, a mobile app running on a smart phone to analyze and interpret EKG waveforms to detect heart function irregularities is a ___________.

Medical device

According to FDA guidance, a mobile app running on a smart phone to analyze and interpret EKG waveforms to detect heart function irregulartities is a

Medical device

In order for physiological monitors such as device patient may wear during exercise to be connected to an EHR there must be which of the following

Medical device integration

Examples of Statues law are

Medicare and HIPAA.

Beneficiaries

Medicare enrollees are called ______ and must fall into a benefit category to be eligible for Medicare coverage. Beneficiaries Benefactors Benefited Contractors

Medicare Part D

Medicare prescription drug coverage

Give an example of a data reporting system that is mandated by federal regulations.

Medicare prospective payment system (PPS)

Audit logs and alert pop-ups are examples of:

Metadata

Incident detection

Methods used to identify both accidental and malicious events; detection programs monitor the information systems for abnormalities or a series of events that might indicate that a security breach is occurring or has occurred

Incident Detection

Developing, implementing, and revising the organization's policies is the role of:

Middle Managers

What does MDS stand for?

Minimum Data Set

This HIPAA Privacy Rule requires that covered entities must limit use, access, and disclosure of PHI to only the amount needed to accomplish the intended purpose. What concept is this an example of?

Minimum Necessary

Case-mix adjustment

Multiple possible payment rates based on patients anticipated care needs that allow payment systems to decrease the average between the pre-established payment and each patients actual cost to the facility

The length of time health information is retained

Must account for state retention laws, if they exist

Notices of privacy practices must be available at the site where the individual is treated and

Must be posted in a prominent place where it is reasonable to expect that patients will read them

Notices of privacy practices must be available at the site where the individual is treated and:

Must be posted in a prominent place where it is reasonable to expect that patients will read them

When served with a court order directing the release of health records, an individual:

Must comply with it

Which of the following is not true of notices of privacy practices?

Must contain content that may not be changed

Which of the following is not true about the Notice of Privacy Practices?

Must include at least two examples of how information is used for both treatment and operations

What does NCHS stand for?

National Center for Health Statistics

who maintains icd 9 / 10 diagnosis classifications

National Centers for Health Statistics

What does NCPDP stand for?

National Council for Prescription Drug Programs

What does NHIN stand for?

Nationwide Health Information Network

That eHealth Exchange is a ---of exchange Partners

Nationwide community

The eHealth Exchange is a _______________ of exchange partners.

Nationwide community

Which of the following may be used to capture the data for storage in a database?

Natural language processing

What is the term used to denote the type of cause of action where a plaintiff sues a physician for failing to perform with reasonable skill and care

Negligence

Which of the following connects computers together in a way that allows for the sharing of information and resources?

Network

Mrs. Bolton is an angry patient who resents her physicians "bossing her around." She refuses to take a portion of the medications the nurses bring to her pursuant to physicians orders and is verbally abusive to the patient care assistants. Of the following options, the most appropriate way to document Mrs. Bolton's behavior in the patient medical record is:

Non-compliant and hostile towads staff

What type of negligence would apply when a physician does not order the necessary test?

Nonfeasance

The state cancer registry desires to become accredited. Who should they contact?

North American Association of Central Cancer Registries

Lane Hospital has a contact with Ready-Clean, a local company, to come into the hospital to pick up all of the facility's linen for off-site laundering, Ready-Clean is:

Not a business associate because it does not use or disclose individually identifiable health information

When a provider agrees to accept assignment from Medicare, the provider has agreed to:

Not bill patients for the balance

Jeremy Lykins was required to undergo a physical exam prior to becoming employed by San Fernando Hospital. Jeremy's medical information is:

Not protected by the Privacy Rule because it is part of a personnel record

To be in compliance with HIPAA regulations, a hospital would make its membership in a RHIO known to its patients through which of the following?

Notice of Privacy Practices

In developing a coding compliance program, which of the following would not be ordinarily included as participants in coding compliance education?

Nursing Staff

Which of the following may be part of hillside Hospital's workforce?

Nursing employees, Volunteers and Employees who work on _site for a contractor of the hospital

Patient generated health data (PGHD)

ONC identified PGHD as and important issue for advancing patient engagement because patients may become more involved with their own care when patient provider communication includes the use of the patient generated data as part of healthcare decision making. Examples , health and treatment history and data from a wearable monitor, such as an exercise tracking device.

In processing a medicare payment for outpatient radiology exams, a hospital outpatient services department would receive payment under which of the following?

OPPS

Erin is a HIM professional. She is teaching a class to clinicians about proper documentation in the health record. which of the following is an example of improper teaching?

Obliterate errors

Erin is a health information professional. She is teaching a class to clinicians about proper documentation in the health record. Which of the following would she not instruct them to do?

Obliterate errors

What does ONC stand for?

Office of National Coordinator

ONC

Office of the National Coordinator for Health Information Technology- provides leadership for the development and implementation of an interoperable health info technology infrastructure nationwide to improve healthcare quality and delivery (their task)

To ensure relevancy, an organization's security policies and procedures be reviewed at least:

Once a year

Line Graph

One or more series of points connected by a line or lines to represent trends in time

Social media

Online communities specific to a condition or disease provide the consumer with information about the condition and which treatments may have greater success than others. Providers use social media to inform consumers about diseases, conditions, and treatments. For example, Mayo Clinic's website contains patient care and health information on many diseases and conditions.

Clinical data repository

Online transaction processing is conducted in which of the following? Clinical data repository Clinical data warehouse Data analytics system Online analytical processor

A coding supervisor who makes up the weekly work schedule would engage in what type of planning?

Operational

CAHIIM

Organization that accredits HIM education programs

What are Standards Development Organizations (SDOs)?

Organizations that are involved in the creation or revisions of standards.

Managed care

Originally referred to the prepaid health care sector which combined health care delivery with the financing of health care services; increasingly used to refer to preferred provider organizations and some forms of indemnity coverage that incorporate utilization management activities

OASIS data are used to assess the ___ of home health services.

Outcome

Donabedian proposed three types of quality indicators: structure indicators, process indicators, and:

Outcome indicators

The final results of care, treatment, and services in terms of the patient's expectations, needs, and quality of life, which may be positive and appropriate or negative and diminishing, are included in what are of performance measurement?

Outcomes

What does OASIS-C stand for?

Outcomes and Assessment Information Set

Under HIPAA, which of the following is not named as a covered entity?

Outsourced transcription company

what is a type of speciality information system

PACS- picture archival and communication system-captures digital images and provides special viewing capabilities of these images from a computer

Patient authorization is required to release

PHI to the patient's attorney

Which of the following is considered a consumer-centric informatics application?

PHR

what is the physician's office equivalent o a R-ADT

PMS- practice managemnt system or simply a scheduling system

Arbitration

Parties agree to submit a dispute to a third party to make a decision.

Mediation

Parties agree to submit a dispute to a third party who assists both parties in reaching an agreed upon resolution.

Which of the following is considered a two-factor authentication system?

Password and swipe card

In the relational database shown here, the patient table and the visit table are related by:

Patient Number

Which of the following is the unique identifier in the relational database patient table?

Patient Number

Health information exchange is used primarily for which of the following?

Patient care

Daughter from wearable monitor such as an exercise tracking device is an example of?

Patient generated health data

In conducting a qualitative analysis to ensure that documentation in the health record supports the diagnosis of the patient, what documentation would a coder look for to substantiate the diagnosis of aspiration pneumonia?

Patient has history of inhaled food, liquid, or oil

What role in a consumer information is HIM filling in the following situation: creation of the policies and design of workflows for accepting and managing patient-generated health information

Patient information card teenager

What role in consumer informatics is HIM filling in the following situation: Creation of policies and design workflows for accepting and managing patient-generated health information.

Patient information coordinator

Which access tool is used to view a subset of patient's health records after logging in to a secure online website?

Patient portal

Medical History

Patient's current complaints, symptoms and past medical, personal, family history etc.

Data from a wearable monitor, such as an exercise-tracking device, is an example of?

Patient-generated health data

Abuse

Pattern of practice that is inconsistent with sound business, fiscal, or health service practices, and which results in unnecessary costs to payers and government programs, reimbursement for services not medically necessary, or failure to meet professionally recognized standards for health services

Some services are covered and paid by Medicare before Medicaid makes payments because Medicaid is considered which of the following?

Payer of last resort

How do health plans incentivize providers to use EHRs?

Paying for performance programs

The Medicare Integrity Program was established as part of Title II of HIPAA to battle fraud and abuse and is charged with which of the following responsibilities?

Payment determinations and audit of cost reports

The sixth scope of work for quality improvement organizations (QIOs) introduced which of the following?

Payment error Prevention Program

Managed care

Payment method in which the third-party has implemented some provisions to control the costs of healthcare while maintaining quality care.

Every healthcare organization's risk management plan should include the following components except:

Peer Review

Which of the following is not a type of utilization review?

Peer Review

Which of the following is not a type of utilization review?

Peer review

Dual eligible

People who are enrolled in both Medicare and Medicaid known as _____. Twice eligible Two times eligible Combined eligible Dual eligible

Total quality management and continuous quality improvement are well-known:

Performance improvement models

A quantitative tool that provides an indication of an organization's performance in relation to a specified process or outcome is a(n):

Performance measure

AHIMA's record retention guidelines recommend that the MPI be maintained:

Permanently

Which of the following actions is not included about a physician in the National Practitioner Data Bank?

Personal bankruptcy

To ensure that a computerized provider order entry (CPOE) system supports patient safety, what other system must also be in place?

Pharmacy Information System

Which of the following are security safeguards that protect equipment, media, and facilities?

Physical Access Controls

Placing locks on computer room doors is considered what type of security control?

Physical Control

Which of the following are security safeguards that protect equipment, media, and facilities?

Physical access controls

Placing locks on computer room doors is considered what type of security control?

Physical control

The primary user of computerized provider entry is:

Physician

Which of the following facilities do not have to meet standards in the Conditions of Participation?

Physician Offices

Which of the following facilities do not have to meet standards in the Conditions of Participation?

Physician offices

Stark II

Physician self-referral law expanded to include referrals of Medicare and Medicaid patients for designated health care services

In which phase of the systems development life cycle is the primary focus on identifying and assigning priorities to the various upgrades and changes that might be made in an organization's information systems?

Planning

The first phase of the SDLC is the ____ phase.

Planning

Is data plural or singular?

Plural

Which of the following is where a nurse enters data using a tablet computer when conducting a patient assessment while at the bedside?

Point-of-care charting

Administrative controls

Policies and procedures that address the management of computer resources and security are which of the following? Access controls Administrative controls Audit controls Role-based controls

Administrative

Policies are which type of safeguards? a. Technical b. Application c. Administrative d. Network

Six years

Policies were recently rewritten. How long does the facility need to retain the obsolete policies? Five years Six years Two years One year

A statement or guideline that directs decision making or behavior is called a:

Policy

Which of the following is a written description of an organization's formal position?

Policy

information technology asset disposition (ITAD)

Policy identifies how all data storage devices are destroyed and purged of data prior to repurposing or disposal.

Information Technology Asset Disposition (ITAD)

Policy that identifies how all data storage devices are destroyed and purged of data prior to repurposing or disposal

Choose the correct statement regarding population registries.

Population registries may or may not contain follow-up information on patients.

Mobile Devices

Portable, wireless computing devices or mobile devices include tablet computers, laptop computers, and smart phones. These devices combined with mobile medical apps can help consumers gain access to useful information wherever they may be and whenever it is needed. According to the US Food and Drug Administration (FDA),a mobile medical app is a mobile app that meets the definition of device in the Federal Food , Drug, and Cosmetic Act (FD&C Act).

A special web page that offers secure access to data is a(n):

Portal

A person who is Abele to take advantage of all of the aids offered by the house information technology is referred to as which of the following

Power user

PMS

Practice management system- software designed to help physician practices run more smoothly- example = MEDISOFT collects pt demographic, insurance info, scheduling, and billing

Prospective payment system (PPS)

Pre-establishes reimbursement rates for health care services

When the patient's physician contacts a healthcare organization to schedule an episode of care service, the healthcare organization begins which step in the case management process?

Preadmission care planning

HIPAA regulations

Preempt less strict state statutes where they exist

Which of the following groups of healthcare providers contracts with a self-insured employer to provide healthcare services?

Preferred provider organization

The Executive branch includes

President Vice President

Ambulatory Care

Preventive or corrective healthcare provided in a doctor's office, clinic, or a non resident hospital (outpatient basis). No overnight stay

Which of the following uniquely identifies each record in a database table?

Primary Key

Primary and Secondary Data Us

Primary use: Granular o Example - clinical decision support • Secondary use: Aggregate o Example - billing and payment

Present on Admission (POA)

Principal and secondary diagnoses, including external cause of injuries, that are present at the time the order for inpatient admission occurs

An individual's right to control access to his or her personal information is known as:

Privacy

The legal term used to describe when a patient has the right to maintain control over certain personal information is referred to as:

Privacy

Connecting the PHR to the patient's legal health record protects it under the HIPAA ______

Privacy Rule

Right to request amendment

Privacy Rule allows that a covered entity amend PHI or a record about the individual or DRS - the covered entity may deny the request see page 225

Connecting the PHR to the patient's leagal health record protects it under the HIPPA --------

Privacy rule

Rules and principles that define rights and duties among individuals or organizations

Private law

Arbitration

Proceeding in which disputes are submitted to a third party or a panel of experts outside the judicial trial system

This type of performance measure focuses on a process that leads to a certain coutcome, meaning that a scientific or experimental basis exists for believing that the process, when executed well, will increase the probability of achieving a desired outcome.

Process Measure

The interrelated activities in healthcare organizations, which promote effective and safe patient outcomes across services and disciplines within an integrated environment, are included in what area of performance measurement?

Processes

Stark I

Prohibits a physician from referring Medicare patients to clinical laboratory services where they or a member of their family have a financial interest

Federal Antikickback Statute

Prohibits the offer, payment, receipt, or solicitation of compensation for referring Medicaid/Medicare patients and imposes a $25,000 fine per violation, plus imprisonment for up to five years

Which of the following reimbursement methods pays providers according to charges that are calculated before healthcare services are rendered?

Prospective payment method

Attorneys for healthcare organizations use the health record to

Protect the legal interests of the facility and its healthcare providers

Attorneys for healthcare organizations use the health record to:

Protect the legal interests of the facility and its healthcare providers

According to HIPAA, what does the abbreviation PHI stand for?

Protected health information

what does the acronym PHI stand for?

Protected health information

Natural Language Processing (NLP)

Provide yet another way to acquire health data. NLP is a technology that converts human language (structured or unstructured) into data that can be translated and then manipulated by computer systems.

Who is responsible for ensuring the quality of health record documentation?

Provider

When a provider accepts assignment, this means that the:

Provider accepts as payment in full the allowed charge from the fee schedule

Healthcare information is primarily for which of the following?

Provider use in the management of care

Who owns the health record?

Provider who generated the record

State Children's Health Insurance Program (SCHIP)

Provides health coverage to eligible children through both Medicaid and individual state programs.

Mrs. Guindon is requesting every piece of health information that exists about her from Garrett Hospital. The Garrett Hospital privacy officer must explain to her that, under HIPAA privacy regulation, she does not have the right to access her:

Psychotherapy notes

Secondary uses of healthcare information include

Public health agencies,administrative purposes, including determination of payment for services provided, measurement of quality performance indicators, and research.

Which of the following has access to personally identifiable data without authorization or subpoena?

Public health department for disease reporting purposes

1. Law that involves the government and it's relationships with individuals or organizations.2. A type of legislation that involves the government and its relations with individuals and business organizations.

Public law

Administrative law is a type of which of the following?

Public law

Criminal law is a type

Public law

Law can be classified as which of the following?

Public or private

Which of the following types of destruction is appropriate for paper health records?

Pulping

I reviewed the health record of Sally Williams and found the physician stated on her post-op note, "examined after surgery." This would be an example of:

Qualitative Analysis

Through the establishment of the National Practitioner Data Bank (NPDB), the federal government became involved in malpractice issues and what other type of issue?

Quality of care

I reviewed the patient's record of Mr. Brown and found there was no H&P on the record at seven hours past this patient's admission time. This would be an example of:

Quantitative analysis

In conducting a qualitative review, the clinical documentation specialist sees that the nursing staff has documented the patient's skin integrity on admission to support the presence of a stage I pressure ulcer. However, the physician's documentation is unclear as to whether this condition was present on admission. How should the clinical documentation specialist proceed?

Query the physician to determine if the condition was present on admission

A ---can you see a provider in obtaining a health record and the patient who is this a thing from another state resulting in more informed decisions about the care of a patient

Query-based exchange

A _______ can assist a provider in obtaining a health record on a patient who is visiting from another state, resulting in more informed decisions about the care of the patient.

Query-based exchange

list the financial/administrative systems

R-ADT, PFS- patient financial systems, form creation systems

CCHIM Certification Program

RHIT, RHIA, CCA, CCS, CCS-P, CHPS, CHDA, CDIP, CHTS

A Medicate patient had two physician office visits, underwent hospital radiology examinations, clinical laboratory tests, and received take-home surgical dressings. Which of the following could be reimbursed under the outpatient prospective payment system?

Radiology examination

Gatekeepers determine the appropriateness of all of the following components, except:

Rate of capitation or reimbursement

EHRs support evidence-based medicine, which refers to which of the following

Recommendations for cure based on research

A report that lists the ICD-9-CM codes associated with each physician in a healthcare facility can be used to assess the quality of the physician's services before he or she is:

Recommended for staff reappointment

There should be four primary percentages that should be calculated and tracked to assess clinical documentation improvement (CDI) programs. These include all of the following except:

Record agreement rate

The process of releasing health record documentation originally created by a different provder is called:

Redisclosure

Define information.

Refers to data that has been collected, combined, analyzed, interpreted, and /or converted into a form that can be used for specific purposes. Gives meaning or representation.

Medical malpractice :

Refers to the professional liability of healthcare providers

The sister of a patient requests the HIM department to release copies of her brother's health record to her. She states that because the doctor documented her name as her brother's caregiver that HIPAA regulations apply and that she may receive copies of her brother's health record. In this case, how should the HIM department proceed?

Refuse the request

Secondary data sources consist of ___.

Registries

Population-based registry

Registry that includes information from more than one facility in a geopolitical region

Facility-based registry

Registry that includes only cases for a specific facility

Databases - 2 kinds

Relational Object oriented

Which of the following stores data in predefined tables consisting of rows and columns?

Relational database

One of the most common health care database is the

Relational database, which stores data in predefined tables consisting of rows and columns.

The following step should not be included in a health information department's procedure for preparing health records in response to a subpoena:

Remove pages containing detrimental information

The charge description master relieves the HIM department of ___ that does not require documentation analysis

Repetitive coding

Disability Insurance

Replaces 40 to 60 percent of an individual's gross income (tax free) if an illness or injury prevents the individual from earning an income

Score card

Reports outcomes measures.

The clinical data ___________ is a central database that focuses on clinical information.

Repository

The clinical data---is the central database that focuses on clinical information.

Repository

Discrete data

Represent separate and distinct values or observations; that is, data that contain only finite numbers and have only specified values.

Range

Represents the simplest measure of spread (or variability)

Medical necessity

Requires the documentation of services or supplies that are proper and needed for the diagnosis or treatment of a medical condition

What does RAI stand for?

Resident Assessment Instrument

Which of the following is a core clinical EHR system

Results management system

A system that enables processing of diagnostic studies results into tables, graphs, or other structure is:

Results retrieval and management technology

Which of the following is true about health information retention?

Retention periods differ among healthcare facilities.

What type of health record policy dictates how long individual health records must remain available for authorized use?

Retention policies

A patient has been discharged prior to an administrative utilization review being conducted. Which of the following should be performed?

Retrospective Utilization Review

Examples of high-risk billing practices that create compliance risks for healthcare organizations include all of the following, except:

Returned Overpayments

patient financial service system

Revenue cycle management is accomplished through use of which of the following systems? a. Eligibility verification system b. Form creation system c. Patient financial service system d. Registration-admission, discharge, transfer system

Trigger events

Review of access logs, audit trails, failed logins, and other reports generated to monitor compliance with the policies and procedures

Trigger events

Review of access logs, audit trails, failed logins, and other reports generated to monitor compliance with the policies and procedures.

RBAC

Role based access control

An individual designated as an inpatient coder may have access to an electronic medical record to code the record. Under what access security mechanism is the coder allowed access to the system?

Role-Based

An individual designated as an inpatient coder may have access to an electronic medical record to code the record. Under what access security mechanism is the coder allowed access to the system?

Role-based

Private law

Rules and principles that define rights and duties among individuals or organizations

This program provides additional federal funds to states so that Medicaid eligibility can be expanded to include a greater number of children.

SCHIP

The standard used in E prescribing systems to transmit a prescription to retail pharmacy is which of the following?

SCRIPT

Which of the following is an example of a service standard?

SNOMED CT

*SOAP

SOAP Subjective, objective, assessment, plan - to remember what should be in the progress note -- SOAP came from the problem-oriented health record in the 1970's

Exceptions to the Federal Anti-Kickback Statute that allow legitimate business arrangements and are not subject to prosecution are:

Safe Harbors

An HIM department is researching various options for scanning the hospital's health records. The department director would like to achieve efficiencies through scanning such as performing coding and cancer registry functions remotely. Given these considerations, which of the following would be the best scanning process?

Scanning all documents at the time of patient discharge

The _________ reports outcomes measures.

Scorecard

Which of the following data visualization tool is used to organize quantitative data

Scorecard

Which of the following would a health record technician use to perform the billing function for a physician's office?

Screen 837P or CMS 1500

Use of the health record to monitor bio terrorism activity is considered:

Secondary purpose of the health record

Protection of healthcare information from damage, loss, and unauthorized alteration is also known as:

Security

What is the legal term used to describe the physical and electronic protection of health information?

Security

Which of the following is not an automatic contgrol that helps preserve data confidentiality and integrity in an electronic system?

Security Awareness programs

Which of the following is not an automatic contgrol that helps preserve data confidentiality and integrity in an electronic system?

Security awareness program

Application controls

Security controls built into a computer software program to protect information security and integrity are which of the following? Physical controls Administrative controls Application controls Media controls

Identity Management

Security functionality provided in a health information exchange is collectively referred to as which of the following? Cyber correction Encryption Identity management Security service protocol

Application control

Security strategies, such as password management, included in application software and computer programs

Application controls

Security strategies, such as password management, included in application software and computer programs

The Joint Commission's quality improvement activites for health record documentation include all but which of the following core performance measures for hospitals:

Seizure disorder

Standard Vocabulary

Semantic interoperability is achieved by using ____________. Accredited transaction standards Data dictionaries Data intelligence systems Standard vocabularies

Which of the following technologies would reduce the risk that information is not accessible during a server crash?

Server redundancy

A supervisor wants to determine whether the release of information staff are working at optimal output. Which of the following would be most useful to determine this?

Set productivity standards for the area and review results on a regular basis

The HIPAA Privacy Rule:

Sets a minimum (floor) of privacy requirements

The ONC's goal of advancing secure and interopeable Health information requires----

Sharing information among individuals providers and community

The ONC's goal of advancing secure and interoperable health information requires_______.

Sharing information among individuals, providers and the community

The content of the health record

Should facilitate retrieval of data

From an evidentiary standpoint, incident reports:

Should not be placed in a patient's health record

During user acceptance testing of a new EHR system, physicians are complaining that they have to use multiple log-on screens to access all system modules. For example, they have to use one log-on for CPOE and another log-on to view laboratory results. One physician suggest having a single sign-on that would provide access to all the EHR system components. However, the hospital administrator thinks that one log-on would be a security issue. What information should the HIM director provide?

Single sign-on is less frustrating for the end user and can provide better security

The number that has been proposed for use as a unique identification number but is controversial because of confidentiality and privacy concerns is the:

Social Security Number

If consumers were looking to interact and receive support from others with similar devices via electronic means which tool might they use

Social media

If consumers were looking to interact and receive support from others with similar diseases via electronic means, which tool might they use?

Social media

Malware

Software applications that can take over partial or full control of a computer and can compromise data security and corrupt both data and hard drives

Our record has all of the lab filed together, all of the progress notes filed together, and so on. What format are we using?

Source-oriented health record

A registry is which of the following

Specialize database for pretty fine set of data and it's processing

Speech recognition

Speech to text conversion.

A hospital employee destroyed a health record so that its contents - which would be damaging to the employee - could not be used at trial. In legal terms, the employee's action constitutes:

Spoliation

Healthcare Effectiveness Data and Information Set (HEDIS)

Sponsored by NCQA • Designed to collect administrative, claims, and health record review data • Standardized HEDIS data elements collected by clinics and acute care hospitals from health records • Contains performance measures

Position descriptions, policies and procedures, training checklists, and performance standards are all examples of:

Staffing Tools

A ---accepts data patient select from external sources which is then stored on their computer.

Standalone PHR

A _______ accepts data patients' select from external sources, which is then stored on their computer.

Standalone PHR

UB-04

Standard institutional claim form submitted by hospitals, skilled nursing facilities, and other institutional based providers to payers to obtain reimbursement for health care services provided to patients

CMS-1450

Which of the following services is most likely to be considered medically necessary?

Standard of care for health condition

Semantic inter-operability is achieved by using

Standard vocabularies

LOINC Logical Observation Identifiers, Names, and Codes

Standardizes names and codes for the identification of laboratory and clinical test results or observation; System for recording tests, measurements and observations • Facilitates sharing of data • No book of codes or no assignment by a coding professional • Implemented in software applications

What does SDO stand for?

Standards Development Organizations

An established set of clinical decisions and actions taken by clinicians and other representatives of healthcare organizations in accordance with state and federal laws, regulations, and guidelines is called:

Standards of care

What are transaction standards?

Standards that support the uniform format and sequence of data during transmission from one healthcare entity to another.

American College of Surgerons

Started the hospital standardization movement.

___________ is a barrier to health information exchange users.

State law

Minors are basically deemed legally incompetent to access, use or disclose their health information. What resource should be consulted in terms of who may authorize access, use, or disclose the health records of minors?

State law because HIPAA defers to state laws on matters related to minors

which of the following should be considered first when establishing health record retention policies?

State retention requirements

Law enacted by a legislative body

Statute

Law enacted by a legislative body is a(n):

Statute

Which of the following is a secure law?

Statute

What are the sources of law?

Statutes and constitutions, judicial decisions, administrative laws

What is the purpose of computer databases?

Store and retrieve data.

Environmental assessments are performed as part of which of the following processes?

Strategic planning

The use of a drop-down list to select a patient's diagnosis is an example of

Structured data

The use of a dropdown list to select a patient's diagnosis is an example of _________.

Structured data

Able to be processed by a computer

Structured data are which of the following? a. Able to be processed by a computer b. Images of data on a printout c. Organized according to a classification system d. Required for all parts of the EHR

Clinical documentation systems that support clinical decision-making capture data via

Structured data templates

After a claim has been filed with Medicare, a healthcare organization had late charges posted to a patient's outpatient account that changed the calculation of the APC. What is the best practice for this organization to receive the correct reimbursement from Medicare?

Submit an adjusted claim to Medicare

Which document directs an individual to bring originals or copies of records to court?

Subpoena duces tecum

Supporting infrastructure

Such as human computer interfaces and connectivity systems such as personal health records.(PHR)

Core clinical EHR systems

Such as point of care charting.

Source systems

Such as the laboratory information systems.

Hospital A discharges 10,000 patients per year. Hospital B is located in the same town and discharges 5,000 patients per year. At Hospital B's medical staff committee meeting, a physician reports that he is concerned about the quality of care at Hospital B because the hospital has double the number of deaths per year than Hospital A. The HIM director is attending the meeting in a staff position. Which of the following actions should the director take?

Suggest that the data be adjusted for possible differences in type and volume of patients treated

When a vendor is no longer selling or supporting a health IT product it is said to be

Sunset

Which of the following is a secondary purpose of the health record?

Support for research.

---------- the highest courts in a system that hear final appeals from intermediate courts of appeal.

Supreme courts

Which of the following statements does not represent a fundamental principle of performance improvement?

Systems are static and do not demonstrate variation

Active armed services members and their qualified family members are covered by which of the following healthcare programs?

TRICARE

What is the name of the federally funded program that pays the medical bills of the spouces and dependents of persons on active duty in the uniformed services?

TRICARE

Consumer health IT applications for information access and navigation include smartphones.

TRUE

Home monitoring systems results such as blood pressure levels are part of PHR

TRUE

One type of electronic PHRs is tethered.

TRUE

True /False the HIO requires all participants to sign a participation agreement that spells out the policies and procedures for exchanging information

TRUE

Which of the following data visualization tool is used to organize quantitative data

Tables

Which of the following data visualization tool is used to organize quantitative data?

Tables

Which of the following data visualization tool is used when displaying trends?

Tables

Define aggregate data.

Taking a group of data, extracting data out and collecting into a database.

The vision of the EHR is that discrete data would be entered by providers into an EHR via:

Templates

When exchanging information about a patient's problem, a ________ would be used.

Terminology standard

When exchanging information about the patient's problem , a ---would be used

Terminology standard

The "custodian of health records" refers to the individual within an organization who is responsible for the following action(s),except:

Testifies regarding the care of the patient

Which of the following is a type of electronic personal health record that allows access through a portal?

Tethered

Which of the following is a type of electronic personal health record that allows access through a portal/

Tethered or connected

Community Hospital is discussing restricting the access that physician have to electronic clinical records. The medical record committee is divided on how to approach this issue. Some committee members maintain that all information should be available, whereas others maintain that HIPAA restricts access. The HIM director is part of the committee. Which of the following should the director advise the committee?

The "minimum necessary" concept does not apply to disclosures made for treatment purposes, but the organization must define what physicians need as part of their treatment role

Meaningful Use

The Affordable Care Act is a regulation that was issued by CMS, outlining an incentive program for professionals that adopt and successfully demonstrate ________________ of certified EHR technology. Meaningful Use Security Acquisition Privacy

The Healthcare Cost and Utilization Project is a major initiative of which organization within the federal government?

The Agency for Healthcare Research and Quality

Keep documented logs of system access and access attempts

The HIPAA data integrity standard requires that organizations do which of the following? Keep documented logs of system access and access attempts Assign role-based access privileges Establish workstation security Conduct workforce training for correct data input

The creation of the National Practitioner Data Bank was mandated by _____________.

The Health Care Quality Improvement Act

The collection of information on healthcare fraud and abuse was mandated by HIPAA and resulted in the development of _____________.

The Healthcare Integrity and Protection Data Bank

This organization has been responsible for accrediting healthcare organizations since the mid 1950's and determines whether the organization is continually monitoring and improving the quality of care they provide.

The Joint Commission

Which accrediting organization has instituted continuous improvement and sentinel event monitoring and uses tracer methodology during survey visits?

The Joint Commission

Which of the following is the largest healthcare standards-setting body in the world?

The Joint Commission

Which of the following databases was developed by the National Library of Medicine?

The Medical Literature, Analysis, and Retrieval System Online

Which of the following can be used to discover current hot areas of compliance?

The OIG Workplan

Which of the following can be used to discover current hot areas of compliance?

The OIG workplan

Central City Clinic has requested that Ghent Hospital send its hospital records from Susan Hall's most recent admission to the clinic for her follow-up appointment. Which of the following statements is true?

The Privacy Rule's minimum necessary requirement does not apply

revenue cycle

The ______ is the process of patient financial and health information moving into, through, and out of the healthcare facility. a. Revenue stream b. Revenue spin c. Revenue cycle d. Revenue circle

*Accreditation

The act of granting approval to a healthcare organization based on whether that organization has met a set of voluntary standards of the accrediting agency.

A child's health record should be retained for how long ?

The age of majority plus the statute of limitation

Cryptography

The art of keeping information secret by using encryption and decryption techniques.

Agency for Healthcare Research and Quality (AHRQ)

The branch of the United States Public Health Services that supports general health research and distributes research findings and treatment guidelines with the goal of improving the quality, appropriateness, and effectiveness of healthcare services.

All definitions of HIE mention which of the following

The capacity exists for different information systems and software applications to exchange data

All definitions of HIE mention which of the following?

The capacity exists for different information systems and software applications to exchange data

For HIPAA implementation specifications that are addressable, which of the following statements is true?

The covered entity must conduct a risk assessment to determine whether the specification is appropriate to its environment

--- in order to maintain patient identity data integrity

The data must be accurately entered

____________ in order to maintain patient identity data integrity

The data must be accurately entered

____________ in order to maintain patient identity data integrity.

The data must be accurately entered

Which events must occur in order to maintain patient identity data integrity?

The data must be accurately queried

Most facilities begin counting days in accounts receivable at which of the following times?

The date the bill drops

Validity

The degree to which codes accurately reflect the patient's diagnoses and procedures

Completness

The degree to which the codes capture all the diagnoses and procedures documented in the patient's health record

Reliability (coding)

The degree to which the same results are achieved consistently

Disaster Recovery Plan

The document that defines the resources, actions, tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.

Disaster recovery plan

The document that defines the resources, actions, tasks, and data required to manage the businesses recovery process in the event of a business interruption

RxNorm concept unique identifier (RXCUI)

The drug name and all of its synonyms, which represent a single concept; Standardized nomenclature for clinical drugs • No book of codes or no assignment by a coding professional • Implemented in software applications • Interim updates weekly; full update monthly Used to communicate drug related information • Unique identifiers o Ingredient o Strength o Dose form

all definitions of HIE mention which of the following?

The exchange of information is done electronically

Health Information Exchange(HIE)

The exchange of information is done electronically and the capacity exists for different information systems and software applications to exchange data.It is an important part of the healthcare industry ecosystem.

Which of the definitions below best describes the concept of confidentiality?

The expectation that personal information shared by an individual with a healthcare provider during the course of care will be used only for its intended purpose

Data availability

The extent to which healthcare data are accessible whenever and wherever they are needed

Data availability

The extent to which healthcare data are accessible whenever and wherever they are needed.

Data consistency

The extent to which the healthcare data are reliable and the same across applications

Data consistency

The extent to which the healthcare data are reliable and the same across applications.

TRICARE

The federal healthcare program that provides coverage for the dependents of armed forces personnel and for retirees receiving care outside military treatment facilities.

Health Informatics

The field of information science concerned with the management of all aspects of health data and information through the application of computers and computer technologies.

The following descriptors about the data element PATIENT_LAST_NAME are included in a data dictionary: definition: legal surname of the patient; field type: numeric: field length: 50; required field: yes; default value: none; input mask: none. Which of the following is true about the definition of this data element?

The field type should be changed to Character

Establish a secure organization

The first and most fundamental strategy for minimizing security threats is which of the following? a. Establish access controls b. Implement an employee security awareness program c. Establish a secure organization d. Conduct a risk analysis

To prepare healthcare data for data analysis

The first step is data capture, which helps ensure the data needed is available and that the data is correct. The second is data provisioning, Which ensures that the data is in a format that can be manipulated for data analysis. Data analysis is the third stage where data interpreted, is the final stage of transforming raw data into meaningful analytics.

Data Visualization

The graphic display of data can help the viewer understand the data trends so it is easier to identifyo areas that need action, such as addressing a decline in the number of patients or an increase in the infection rate.

Humans

The greatest threat category to electronic health information is which of the following? a. Natural disasters b. Power surges c. Hardware malfunctions d. Humans

Identify the true statement about the health record.

The health record is a primary data source.

which of the following entities owns the physical hospital health record?

The hospital that maintains the record

Data obstraction

The identification of data elements by an individual through health record review.

The most prevalent trend in the collection of secondary databases is _____________.

The increased use of automated data entry

Chief security officer

The individual responsible for ensuring that everyone follows the organization's data security policies and procedures is which of the following? a. Chief executive officer b. Chief information officer c. Chief privacy officer d. Chief security officer

Clinical Data

The information that shows the treatment and services provided to the patient, as well as how the patient responded to such treatments, etc. Is the largest portion of the HR and consists of 9 points

Service Standard meaning & example

The infrastructure components used to achieve specific interoperability requirements. Example,Imaging and Communications in Medicine (DICOM)

Candidacy

The interim stage of accreditation.

Which of the following is a true statement about the content of the legal health record?

The legal health record contains metadata

Who creates Statutes law ?

The legislative branch, which is the US Congress and is comprised of the House of Representatives and the senate.

Audit Control

The mechanisms that record and examine activity in information systems

Audit control

The mechanisms that record and examine activity in information systems

eHealth Exchange

The nationwide health information network is now called which of the following? eHealth Exchange Health information exchange organization National health information exchange

What lead to the development of data sets or lists of recommended data elements with uniform definitions?

The need to compare uniform discharge data from one hospital to the next. This is an example of benchmarking.

CPT Assistant

The official publication of American Medical Association that addresses CPT coding issues

The physical health record is usually considered the property of which entity?

The organization or provider

A provider may deny a patient's request to review and copy his or her health information if:

The patient agreed to temporarily suspend access during a research study. The patient requests his psychotherapy notes. A licensed healthcare professional determines that access to PHI would endanger the life or physical safety or the patient or another person.

The period of time in which a lawsuit must be filed

Biometrics

The physical characteristics of users (such as fingerprints, voiceprints, retinal scans, iris traits) that systems store and use to authenticate identity before allowing the user access to a system

Computer downtime

The primary reason that healthcare organizations develop business continuity plans is to minimize the effects of which of the following? Electrical power surges Hardware and software malfunctions Computer downtime Deliberate damage to information systems caused by computer hackers

Intrusion Detection

The process of identifying attempts or actions to penetrate a system and gain unauthorized access.

Risk analysis

The process of identifying possible security threats to the organization's data and identifying which risks should be proactively addressed and which risks are lower in priority

Data security

The process of keeping data, both in transit and at rest, safe from unauthorized access, alteration, or destruction

Data security

The process of keeping data, both in transit and at rest, safe from unauthorized access, alteration, or destruction.

Encryption

The process of transforming text into an unintelligible string of characters that can be transmitted via communications media with a high degree of security and then decrypted when it reaches a secure destination

American Recovery and Reinvestment Act (ARRA)

The purposes of this act include the following: (1) To preserve and create jobs and promote economic recovery. (2) To assist those most impacted by the recession. (3) To provide investments needed to increase economic efficiency by spurring technological advances in science and health. (4) To invest in transportation, environmental protection, and other infrastructure that will provide long-term economic benefits. (5) To stabilize state and local government budgets, in order to minimize and avoid reductions in essential services and counterproductive state and local tax increases

drug knowledge database

The source of drug-drug contraindication information in a computerized provider order entry system is ___________. a. Clinical decision support system b. Drug knowledge database c. Evidence-based medicine d. RxNorm

Data definition

The specific meaning of a healthcare-related data element

Data Definition

The specific meaning of a healthcare-related data element.

SCRIPT

The standard used in e-prescribing systems to transmit a prescription to a retail pharmacy is which of the following? SCRIPT Accredited Standards Committee X12 National Drug Code RxNorm

The Judicial branch includes

The supreme court

Ensures all components for a system to achieve its value are in place

The systems development life cycle _________________________. a. Ensures all components for a system to achieve its value are in place b. Identifies when products or services need to be sunset or discontinued c. Helps organizations select appropriate software d. Relates applications to the technology needed to run them

Timeliness

The time frame in which health records are coded

Types of Personal Health Records

The two main types of electronic PHRs are 1.Standalone: patients fill in information, they want to share with their healthcare provider. The information stored on patient's computers or through an online system. Some standalone PHRs accept data from external sources, such as healthcare providers and laboratories. Patients choose with whom they share the information. 2. Tethered or connected : A type of PHR that is linked to a specific healthcare organization's EHR. A tethered PHR allows patients to access their own records through a secure portal. In an emergency situation, a PHR may provide information when the patient cannot.

1928

The year HIM started

Explain what the accession number 16-214 means.

The year that the patient was entered in the registry is 2016 and this was the 214th patient entered in the registry during 2016

What is (are) the format problems with the following table?

There are blank cells.

Data Capture tools

There are several tools available for acquiring health realated data. Data capture into a health record was via written notes or traditional voice dictation that was transcribed and typed into a paper report. Another method for data capture is scanning documents into electronic document management systems that create aa picture of the scanned document, making it accessible electrnonically.

The coordination of benefits transaction (COB) is important so that:

There is no duplication of benefits paid

Application controls

These are automatic checks that help preserve data confidentiality and integrity. a. Access controls b. Audit controls c. Application controls d. Incident controls

Describe Privacy and Security Standards.

These standards ensure that patient-identifiable health information remains confidential and protected from unauthorized disclosure, alteration, or destruction.

Which of the following statements does NOT pertain to paper-based health records?

They have a built-in access control mechanism.

What do Structure and Content standards do?

They provide clear and uniform definitions of the data elements to be included in EHR systems.

What do Content Exchange Standards provide?

They provide the rules (protocols) of how data are actually transmitted from one computer system to another.

Arbitration is the submission of a dispute to a

Third party

Which of the following is an institutional user of the health record?

Third-party payer Government policy maker

As the corporate director of HIM Services and enterprise privacy officer, you are asked to review a patient's health record in preparation for a legal proceeding for a malpractice case. The lawsuit was brought by the patient 72 days after the procedure. The physician in question has a longstanding history of being lackadaisical with record completion practices. Previous concerns regarding this physician's record maintenance practices had been reported to the facility's Credentialing Committee. Is this information admissible in court?

This information could be rejected since the physician dictated the procedure note after the malpractice suit was filed

Critique this statement: Data and information mean the same thing.

This is a FALSE statement as data is raw facts and information is data converted into a meaningful format.

Critique this statement: patient care mangers are individuals users of health records.

This is a TRUE statement.

Critique this statement: The health record documents services provided by allied health professionals and a patient's family.

This is a false statement at the health record documents the care care provided by healthcare professionals.

Critique this statement: Case definition for trauma registries is determined by individual facilities.

This is a true statement.

Critique this statement: Interrater reliability depends on the consistency of data collection activities among abstractors.

This is a true statement.

Critique this statement: The Healthcare Cost and Utilization Project is an interactive database supported by the Agency for Healthcare Research and Quality. The database facilitates the comparison of hospital statistics for the purpose of research and benchmarking.

This is a true statement.

Critique this statement: The National Center for Health Statistics is the agency within the Centers for Disease Control that gathers information on vital and health statistics in the United States.

This is a true statement.

Network control

This type of control is designed to prevent damage cause by computer hackers. Administrative control Access control Network control Physical access control

Once a year

Though the HIPAA Security Rule does not specify audit frequency, how often should an organization's security policies and procedures be reviewed? Once every six months Once a year Every two years Every five years

External threats

Threats that originate outside an organization

External threats

Threats that originate outside an organization.

Internal threats

Threats that originate within an organization

Internal Threats

Threats that originate within an organization.

Employees

Threats to data security are most likely to come from which of the following? a. Employees b. Natural disasters c. Compromised firewalls d. Hackers outside an organization

Healthy People 2020

To 'create social and physical environments that promote good health for all'

How do accreditation organizations use the health record?

To determine whether standards of care are being met

What is the purpose of Vocabulary Standards?

To establish common definitions for medical terms to encourage consistent descriptions of an individual's condition in the health record.

What is the goal of the Uniform Ambulatory Care Data Set (UACDS)?

To improve data comparison in ambulatory and outpatients care settings. To provide uniform definitions that help providers analyze patterns of care. It is RECOMMENDED.

What is the purpose of the Nationwide Health Information Network (NHIN)?

To improve patient care, increase safety, and assist in clinical and administrative decision making.

What is the purpose of the Uniform Hospital Discharge Data Set (UHDDS)?

To list and define a set of common, uniform data elements (patient-specific). The data elements are collected from the health records of every hospital INPATIENT and later abstracted from the health record and included in national databases. It is REQUIRED.

Tables are used

To organize quantitative data or data expressed as numbers.

What is the purpose of Data Elements for Emergency Department Systems (DEEDS)?

To support the uniform collection of data in hospital-based emergency departments and to reduce the incompatibilities in emergency department records.

civil wrongdoing

Tort

Which Joint Commission survey methodology involves an evaluation that follows the hospital experiences of past or current patients?

Tracer Methodology

An organization identifies key people in various functional areas to be trained first, and then asks them to subsequently train other users in this same functional area. What is this approach to user training called?

Train-the-trainer

Awareness

Training that educates employees on the confidential nature of PHI is known as which of the following? a. Awareness b. Risk c. Incident d. Safeguard

What type of information system would be used for processing patient admissions, employee time cards, and purchase orders?

Transaction processing system

What basic components make up every electronic network communications system?

Transmitters, receivers, media, and data

Which of the following is a common registration error that will affect the revenue cycle?

Transposed digits in the social security number, date of birth, or policy number

Acute Care

Trauma center hospital, emergency services

TPO

Treatment, payment and operations

under the privacy rule , a health care provider who choose to obtain a patient's consent does so in order to use or disclose PHI for

Treatment, payment or healthcare operation

Under the Privacy Rule, a healthcare provider who chooses to obtain a patient's consent does so in order to use or disclose PHI for:

Treatment, payment, or healthcare operations

Appellate courts hear appeals on final judgments of trial court decisions.

True

HIPAA Security Rule requires that security incidents be identified, reported, and documented T/F

True

In most cases, a subpoena for health records must be accompanied by patient authorization.

True

Statutes are enacted by legislative bodies.

True

T/F ICD-10 is used in the United States for morbidity reporting

True

The "minimum necessary" requirements do not apply to disclosures that are required by law.

True

The a STM international standardized the content of continuity of care record

True

The system development life cycle is repeat it when monitoring reveals that the system is no longer producing the desired result

True

True or false. A Level III trauma center provides advanced trauma life support prior to the transfer of patients to a higher level trauma center.

True

True or false. An accession number is a number assigned to cases as it is entered in a cancer registry.

True

T/ F " Concept table" is NOT a knowledge source for users of the Unified Medical Language System?

True - Concept table is NOT a UMLS knowledge source

true

True or false: A Chargemaster is a financial management list that contains information about the organization's charges for healthcare services it provides to patients.

false

True or false: A clinical data repository supports sophisticated data analytics.

false

True or false: A master patient index is used to locate where patients may have records within a health information exchange organization.

false

True or false: A portal is the same as a personal health record.

true

True or false: A prospective payment system is a method of reimbursement in which Medicare payment is made based on a predetermined, fixed amount.

true

True or false: An organization's goals that are supported by health IT can be achieved more quickly and completely if monitoring results is performed.

false

True or false: Clinical data is used to identify an individual.

True

True or false: Computerized provider order entry systems can be used to order narcotics.

True

True or false: Health insurance payers have a variety of reimbursement plans and contract with individual providers and employers for payment meaning the same type of service to two different patients may be paid differently depending on the type of contract or insurance each patient has.

true

True or false: If a patient is covered by more than one insurance plan, the process of coordination of benefits (COB) takes place.

True

True or false: In a network HMO the HMO contracts with a network of providers who provide multispecialty group practices.

True

True or false: Many Americans are covered by private insurance plans through their employer, purchased individually, or through a group, such as a professional association.

true

True or false: Medication reconciliation is very difficult to implement and often one of the last applications within the medication management set of systems.

True

True or false: Retrospective review involves screening for medical necessity and the appropriateness or timeliness of delivery of medical care from the time of admission until discharge.

false

True or false: Retrospective utilization review process involves review of utilization information before the patient has been discharge or the care has been completed.

True

True or false: The ASTM International standardized the content of the continuity of care record.

True

True or false: The Balance Budget Act (BBA) of 1997 modified how facilities are paid for skilled nursing facility (SNF) services. SNF's are paid a comprehensive per diem under a PPS, meaning they receive a set amount for each day of service instead of being paid on itemized charges or services.

False

True or false: The Health Information and Accountability Act established the hospital-acquired conditions reduction program to encourage hospitals to reduce HAC's.

False

True or false: The Health Maintenance Organization Act of 1973 made it harder for HMOs to grow and attract clients and required all employers that offered traditional health care to their employees to sign up for an HMO if they had more than 35 employees.

true

True or false: The Logical Observations Identifiers Names and Codes (LOINC) vocabulary is used to encode laboratory orders and results

True

True or false: The system development lifecycle is repeated when monitoring reveals that the system is no longer producing the desired result

false

True or false: The technical component of a service is considered the part of the service supplied by physicians, while the professional component is supplied by the hospital or freestanding surgical center.

False

True or false: Web service architecture does not require an interface.

False

True or false: When almost all applications used in a hospital are acquired from the same vendor, the strategy being deployed is considered best-of-breed.

How often are healthcare facilities required to practice their emergency preparedness plan annually?

Twice

Healthcare Common Procedure Coding System hcpcs level 1 and II

Two code systems o Level I: CPT o Level II: professional services, procedures, products, and supplies • Level II published by CMS • Updated quarterly • Print, online, and in software applications Level II Assignment by a pr • Used for reimbursement of ambulatory care • Modifiers

Private key infrastructure

Two or more computers share the same secret key and that key is used to both encrypt and decrypt a message; however the key must be kept secret and if it is compromised in any way, the security of the data is likely to be eliminated; see also single key encryption

Private key infrastructure

Two or more computers share the same secret key and that key is used to both encrypt and decrypt a message; however, the key must be kept secret and if it is compromised in any way, the security of the data is likely to be eliminated.

Single-key encryption

Megan is creating a retention scheudle for health information - what should she include?

Type of info to be retained, length of time info should be retained, type of medium that should be used to retain the information

Case mix

Types and categories of patients treated by a health care facility

Private Health Insurance

Typically, insurance plans that have very high deductibles or limited covered services is called what? Commercial insurance Private health insurance Public health insurance Employee health insurance

*which of the following spells out the powers of the three branches of the federal government?

US constitution

which of the following spells out the powers of the three branches of the federal government?

US constitution

An audit trail may be used to detect which of the following:

Unauthorized access to a system

An audit trail may be used to detect which of the following:

Unauthorized access to system

Security breach

Unauthorized data or system access

Administrative safeguards

Under HIPAA, are administrative actions and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity's or business associate's workforce in relation to the protection of that information (45 CFR 164.304 2013)

Knowledge

Understanding to make informed decisions

What does UACDS stand for?

Uniform Ambulatory Care Data Set

What does UHDDS stand for?

Uniform Hospital Discharge Data Set

CMS-1500

Universal claim form developed by the Centers for Medicare & Medicaid Services and used by providers to bill payers for professional fees and office procedures and services

Healthcare fraud is all of the following except:

Unnecessary Costs to a program

The problem being sold with the use of DSS is typically---

Unstructured

The problem being solved with the use of DSS is typically _______.

Unstructured

Free text describing a patient's chief complaint is an example of -------

Unstructured data

Free text describing a patient's chief complaint is an example of _________.

Unstructured data

----is the possible outcome of point of care charging

Unstructured or structure data

__________ is a possible outcome of point-of-care charting.

Unstructured or structured data

___________ is a possible outcome of point-of-care charting.

Unstructured or structured data

Freestanding Ambulatory Care Centers

Urgent care for walk in patients

Policies that address how PHI is used inside the organization deal with which of the following ?

Use

Which of the following would be the best course of action to take to ensure continuous availability of electronic data?

Use mirrored processing on redundant servers

What committee usually oversees the development and approval of new forms for the health record?

Use radio buttons to select multiple items from a set of options

Which of the following is not true of good electronic forms design?

Use radio buttons to select multiple items from a set of options

Minimum necessary

Use, access, or disclosure of health information limited to the amount necessary for the intended purpose

Minimum necessary

Use, access, or disclosure of health information limited to the amount needed for the intended purpose

Uniform Hospital Discharge Data Set (UHDDS)

Used for reporting inpatient data in acute care, short-term care, and long-term care hospitals. Minimum set of items based on standard definitions to provide consistent data for multiple users. Required for reporting Medicare and Medicaid patients. Many other health care payers also use most of the UHDDS for the uniform billing system.; core data elements incorporated into IPPS

How is data collected by the MDS used?

Used to develop care plans for residents and to document placement at the appropriate level of care.

International Classification of Functioning, Disability and Health (ICF)

Used to report health and disability • Print and online • Assignment by a health professional

A key element in effective systems implementation is:

User training

The director of health information services is allowed access to the medical record tracking system when providing the proper log-in and password. Under what access security mechanism is the director allowed access to the system?

User-based

Which of the following is not true about document imaging?

Uses microfilm to store images

The policies and procedures section of a coding compliance plan should include all of the following except:

Utilization Review

The process of determining whether the medical care provided to a specific patient is necessary according to preestablished objective screening criteria is:

Utilization Review

Which of the following is not a true statement about a hybrid health record system?

Version control is easy to implement

Engage

Virtual network used by AHIMA members.

Clinical data

Vocabulary , code set, and terminology standards represent the meaning of the clinical data.

Medical nomenclature

Vocabulary of clinical and medical terms

The clinical data -- lends itself to data mining as it encompasses multiple sourcess of data.

Warehouse

The clinical data ___________ lends itself to data mining as it encompasses multiple sources of data.

Warehouse

All of the following services are typically reviewed for medical necessity and utilization except:

Well-baby check

Automates administrative forms processing

What does a form creation system do? Automates administrative forms processing Captures images of documents Generates templates for data capture in an EHR Reads handwritten documents and converts them into structured data

Identifying which data employees should have a right to use

What does the term access control mean? Identifying the greatest security risks Identifying which data employees should have a right to use Implementing safeguards that protect physical media Prohibiting employees from accessing a computer system

CONNECT

What health information exchange is a sophisticated structure that enables both receipt of data and the ability to query an exchange for data? a. CONNECT b. Direct c. Microsoft Vault d. File Transfer Protocol

Coinsurance

What is a pre-established percentage of eligible expenses after the deductible is met? Coinsurance Deductible Eligibility Medical necessity

NCQA

What is a private not-for-profit organization with the mission to improve healthcare quality by accrediting, assessing and reporting on the quality of managed care plans? AHIMA HMO NCQA NQCCA

The ability to share health information with other health IT systems

What is interoperability? a. The ability to share health information with other health IT systems b. A form of health information exchange c. A process that integrates all health information into one database d. A system of technologies that work together to achieve a common purpose

Explanation of benefits

What is name of the form that details the way the payer processed the claim for payment? Explanation of benefits Benefits explanation Explaining the benefits Claim explanation

Employees

What is the biggest threat to the security of healthcare data? Natural disasters Fires Employees Equipment malfunctions

value

What is the combination of quality and cost of healthcare? a. Care process b. Risk c. System d. Value

third party payer

What is the term that is used to identify an insurance company that pays for the healthcare of covered individuals? a. First party payer b. Second party payer c. Third party payer d. Fourth party payer

Adjudication

What is the term used by the insurance industry that refers to the process of paying, denying, and adjusting claims based on patients' health insurance coverage benefits? a. Reimbursement b. Adjudication c. Claims d. Out-of-Pocket

global payment

What methodology involves payment that combines the professional and technical components of a procedure and disperses payments in a lump sum to be split between the physician and the healthcare facility? a. Global payment b. Prospective payment c. Encompassing payment d. Retrospective payment

Prospective review

What refers to the review that takes place prior to elective procedures or admissions? Preauthorization Prospective review Retrospective review Concurrent review

Group Model HMO

What type of HMO model contracts with more than one physician, such as a medical group that includes physicians in multiple fields of expertise? Staff Model HMO Network Model HMO Group Model HMO Open-Panel Model HMO

When was the Office of National Coordinator (ONC) established?

When HIPAA was enacted. It is a permanent office under HHS (Department of Health and Human Services) through a statutory authorization in ARRA.

In which of the following situations must a covered entity provide an appeals process for denials to requests from individuals to see their own health information?

When a licensed healthcare professional has determined that access to PHI would likely endanger the life or safety of the individual

Sunset

When a vendor is no longer selling or supporting a health IT product, it is said to be _________________. Sunset Abandoned Discontinued Marooned

adoption

When an EHR is integrated into the daily routine of clinicians it is said to be in what stage of existence? a. Adoption b. Implementation c. Meaningful use d. Optimization

Progress Notes

Where a caregiver records details to document a patient's clinical status or achievements. 'wikipedia' SOAP Subjective, objective, assessment, plan - to remember what should be in the progress note

The mechanisms for safeguarding information and information systems

Which of the following best describes information security? The mechanisms for safeguarding information and information systems The right of individuals to limit access to information about themselves The expectation that information shared by an individual will be kept private The expectation that information will be used only for its intended purpose

Results management system

Which of the following is a core clinical EHR system? Results management system Electronic document management system Intensive care system Portal

clinical transformation

Which of the following is a fundamental change in how medicine is practiced using health IT? a. Clinical decision support b. Clinical transformation c. EHR optimization d. Medical informatics

Change control

Which of the following is a program that assures there is documented approval for altering an application? a. Change control b. Configuration management c. System build d. System maintenance

Audit Trail

Which of the following is a software program that tracks every access to data in the computer system? Access control Audit trail Edit check Risk assessment

Context-based

Which of the following is a technique that can be used to determine what information access privileges an employee should have? Context-based Risk assessment Risk analysis Business continuity

Locking computer systems

Which of the following is an example of a physical safeguard that should be provided for in a data security program? Using password protection Prohibiting the sharing of passwords Locking computer rooms Annual employee training

Workgroup tool

Which of the following is an example of clinical decision support? a. Authenticate a document b. Digital dictation system c. View lab results d. Workgroup tool

Integrity

Which of the following is an example of technical security? Integrity Workforce security Sniffer Facility access controls

Business continuity plan

Which of the following is an organization's planned response to protect its information in the case of a natural disaster? Administrative controls Audit trail Business continuity plan Physical controls

A written contingency plan

Which of the following is required by HIPAA standards? A written contingency plan Review of audit trails every 24 hours Use passwords for all transactions Permanent bolting of workstations in public areas

Covered entities must retain policies for 6 years after they are no longer used.

Which of the following is true regarding HIPAA security provisions? Covered entities must appoint two chief security officers who can share security responsibilities for 24 hour coverage. Covered entities must conduct employee security training sessions every six months for all employees. Covered entities must retain policies for 6 years after they are no longer used. Covered entities must conduct technical and nontechnical evaluations every six years.

General Rules

Which of the following provide the objective and scope for the HIPAA Security Rule as a whole? Administrative provisions General rules Physical safeguards Technical safeguards

HIPAA allows flexibility in the way an institution implements the security standards.

Which of the following statements is true regarding HIPAA security? a. All institutions must implement the same security measures. b. HIPAA allows flexibility in the way an institution implements the security standards. c. All institutions must implement all HIPAA implementation specifications. d. A security risk assessment must be performed every year.

Data integrity

Which of the following terms means that data should be complete, accurate, and consistent? Data privacy Data confidentiality Data integrity Data safety

Third party administrator

Who is responsible for making payment for healthcare claims on behalf of the company? First party administrator Second party administrator Third party administrator Premium party administrator

Access to information

Within the context of data security, protecting data privacy means defending or safeguarding _________. a. Access to information b. Data availability c. Health record quality d. System implementation

Which of the following insurance covers healthcare costs and lost income associated with work-related injuries?

Workers' Compensation

Susan is completing her required high school community service hours by serving as a volunteer at the local hospital. Relative to the hospital, she is a(n):

Workforce member

Patient Accounts has submitted a report to the revenue cycle team detailing $100,000 of outpatient accounts that are failing NCD edits. All attempts to clear the edits have failed. There are no ABNs on file for these accounts. Based only on this information, the revenue cycle team should:

Write off the failed charges to bad debt and bill Medicare for the clean charges

Subpoena duces Tecum

Written document directing an individual to furnish documents and other records to a court

Subpoena duces tecum

Written documentation directing an individual to furnish documents and other records to a court

To effectively transmit healthcare data between a provider and payer, both parties must adhere to which electronic data interchange standard?

X12N

case management

_____ is a collaboration between healthcare and service providers to aid in the process of assessment, planning, facilitation, care coordination, evaluation, and advocacy to meet an individual's and family's comprehensive health needs. Case management Utilization management Service management Concurrent management

Utilization management

_____ is the evaluation of medical necessity, appropriateness, and efficiency of the use of health care services, procedures, and facilities under the provisions of the applicable health benefits plan. Prospective review Utilization management Retrospective review Case management

Balance bill

_____ means charging the patient for the remainder of the charges that were not paid by the insurance plan. Balance bill Balance forward Bill left over Balance buddy

Eligibility

______ includes verification that the patient is currently covered by the plan on the date of service the services being provided are covered by the plan. Medical necessity Eligibility Deductible Claims

Copayment

______ is a cost-sharing measure in which the policy holder pays a fixed dollar amount per service. Copayment Deductible Coinsurance Eligibility

capitation

______ is a specified amount of money paid to a health plan or doctor, used to cover the cost of a health plan member's healthcare services for a certain length of time. a. Capitation b. Global payment c. Episode-of-Care (EOC) d. Managed Fee-for-Service

pay for performance

______ is a type of incentive to improve clinical performance using the electronic health record resulting in additional reimbursement or eligibility for grants or other subsidies to support further HIT efforts. a. Fee-for-service b. Fee-for performance c. Pay-for-service d. Pay-for-performance

Health insurance marketplace or exchange

______ is where uninsured, eligible Americans are able to purchase federally-regulated and subsidized health insurance. Health insurance marketplace or exchange Marketplace to buy insurance Exchange of health insurance Changing health insurance marketplace

health insurance

________ protects a person from having to pay the full cost of healthcare. a. Health insurance b. Claims c. Data d. ACA

Administrative Law

a body of rules and regulations developd by various administrative entities empowered by congress

describe the first part of MU-standards for MU of EHR?

a certified EHR is connected in such a way that allows for the electronic exchange of health information that includes vocabulary standards to ensure consistent meaning.

crossclaim

a complaint filed against a co-defendant a claim by one party against another party who is on the same side of the main litigation

Risk Management

a comprehensive program of activities intended to minimize the potential for injuries to occur in a facility and to anticipate and respond to ensuring liabilities for those injuries that do occur.

Decision support system(DSS)

a computer based system that gathers data from a variety of sources and assists in providing structure to the data by using various analytical models and visual tools in order to facilitate and improve the ultimate outcome in decision making tasks associated with nonroutine and nonrepetitive problems. A DSS is primarily used by management for operational as well as strategic decisions.

spyware

a computer program that tracks an individual's activity on a computer system

Firewall

a computer system that provides a security barrier or supports an access control policy between two networks.

When a covered entity has given a patient a notice of privacy practices

a consent to use or disclose information for purposes or treatment, payment, or operations is not required

which of the following statements is true responding to requests from individuals who wish to access their PHI?

a cost based fee may be charged for making a copy of the PHI

which of the following statements is true responding to requests from individuals who wish to access their PHI?

a cost-based fee may be charged for making a copy of the PHI

counterclaim

a countersuit

legal hold

a court order that protects a health record from being destroyed

express contract

a patient's wish to be treated articulated either in writing or verbally

CE Covered Entity

a person or organization that must comply with the HIPAA Privacy Rule

Contingency plan

a plan that outlines alternative courses of action that may be taken if an organization's normal processes are disrupted or become ineffective.

discovery

a pretrial stage where parties use numerous strategies to discover or obtain information both a process and a period of time

rootkit

a program designed to gain unauthorized access to a computer and assume control over the operating systems

Unified Medical Language System (UMLS)

a program initiated by the National Library of Medicine to build an intelligent, automated system that can understand biomedical concepts, words, and expressions and their interrelationships; includes concepts and terms from many different source vocabularies

backdoor programs

a program that bypasses normal authentication processes and allows access to computer resources such as programs, computer networks, or entire computer systems

computer worm

a program that copies itself and spreads throughout a network....it does not need to attach itself but can RUN ON ITS OWN

trojan horse

a program that gains unauthorized access to a computer and masquerades as a useful function...they may also duplicate and send themselves to email addresses in a user's computer

Business continuity plan

a program that incorporates policies and procedures for continuing business operations during a computer system shutdown.

computer virus

a program that reproduces itself and attaches itself to legitimate programs on the computer

Key Indicator

a quantifiable measure used over time to determine whether some structure, process, or outcome in the provision of care to a patient supports high quality performance measured against best practice criteria. Example key indicators could monitor death rates or infections.

Password

a series of characters that must be entered to authenticate user identity and gain access to a computer or specific portions of a database.

how to correct errors or make changes in the paper health record

a single line should be drawn in ink through the incorrect entry. the word 'error' should be printed at the top of the entry along with a legal signature or initials;date;time; and discipline of the person making the change. see page 204

audit trail

a software program that tracks every single access or attempted access of data in the computer system.

define controlled vocabulary

a specific set of terms for specified data is used and any changes must be formally approved......

define adoption

a state in which every intended user of the EHR is using the basic functions of the system

SNOMED what is it

a vocabulary standard that was originally developed by American College of Pathologists...it is now freely available to US vendors as the basis for clinical data dictionaries in EHR systems.

what is an identity matching algorithm?

a way to match a patient with their data in an HIO

complaint

a written legal statement from a plaintiff that initiates a civil lawsuit

malfeasance

a wrong or improper act, such as removal of the wrong body part.

A tort is

a wrongful act that results in injury to another

Tort

a wrongful act that results in the injury of another

who uses analytics?

academic and research institutions, health plans, pharmaceutical manufacturers, and public health departments

An HIM professional using her password can access and change data in the hospital's master patient index, a patient accounting representative, using his password cannot perform the same function, why

access controls

ACO- define

accountable care organization- organization of providers accountable for the quality, cost, and overall care of Medicare beneficiaries who are assigned in the traditional fee-for-service program. A health reform mechanism that ties reimbursement to quality and costs.

the form and content of the health record are determined by:

accreditation standards and public health reporting requirements, the needs of individual healthcare organizations, state and federal laws and regulatory requirements

define optimization

activities that extend the use of the EHR beyond the basic functions....usually involves changes in clinical practice

name the source systems

administrative, financial, departmental (ancillary) systems

examples of Clinical decision support

alerts about drug contraindications and out of range lab results and standard order sets in CPOE, templates that help determine what documentation is required, suggest less expensive but equally effective drugs and alternate treatments/protocols

web security protocols

allow authentication of the server VOIP - voice over internet protocol - instant messaging, faxes, etc.

Privacy Rule's Right of Access

allows an individual to inspect and obtain a copy of his or her own PHI contained within a DRS

consent directive -define

allows patients to opt in or opt out of having their data exchanged in the HIE

what is consent management?

allows patients to opt in or opt out of having their data exchanged in the HIE

What is HL7's CDA?

an XML-based standard that provides structure (description of document content for users), vocabulary standards (SMOMED and LOINC), and codes for sharing clinical documents

Context-based access control (CBAC)

an access control system which limits users to access and information not only in accordance with their identity and roll, but to the location and time in which they're accessing the information.

digital certificates etc.

an electronic document that verifies that a public key belongs to an individual

likelihood determination

an estimate of the probability of threats occurring

summons

an instrument - paper - used to begin a civil action

incident

an occurrence or event

breach

an unauthorized use or disclosure of PHI that compromises the security of that information - page 240

Training programs on data security should be conducted at least

annually

discoverable data

any electronically stored data that may potentially be compelled as evidence, also including metadata (data about data)

define results management

application that enables diagnostic study results (primarily lab) to be both reviewed in a report format and allows the user to process (trend,share, graph, compare) the data within the reports.

define closed-loop medication management system

applications that help assure patient safety from the point a drug is ordered to the point it is administered

The HIPAA Privacy rule

applies nationally to healthcare providers

Medical staff credentialing refers to

appointing and granting clinical privileges to physicians

Consents

are generally not required to permit use and disclosure of PHI for treatment, payment, or operations

data center define

area where servers are kept...the area needs special temperature, humidity and power controls

What is an example of a technical safeguard

assigning passwords that limit access to computer-stored information

In what way might an organization's human resources department be involved in information security

assisting in workforce data access clearances

AHIMA's record retention guidelines recommend that the health records of adults be maintained:

at least 10 years after the most recent encounter

AHIMA's record retention guidelines recommend that diagnostic images such as xrays be maintained:

at least 5 years

server redundancy with server failover...what does this mean?

at least two if not more servers are performing the same processing on data simultaneously. If one server goes down, processing is still occurring at another server....users are not interrupted

written permission to use or disclose patient-identifiable health information

authorization

what functions does a forms creation systems do

automates some of the authorization, consent, advance directive, and other forms used. Captures e-signature, provides info to pt, and supplies a copy of the signed form to the pt

An effective data security program embodies three basic what is one discussed in this chapter

availability

Which of the following statements does (do) not apply to inpatient length-of-stay data?

b and d above

why would you need a separate clinical decision support system to provide information about drug-lab checking?

because it is not a routine function of the CPOE (drug) or LIS (Lab) but requires the combination of the data from both sources and the ability to dliver the alert back to the correct system.

why are many physicians adverse to use CDSS?

because it requires data to be entered in a structured fashion and physicians don't usually like that--its a workflow issue

access safeguards

being able to identify which employees should have access to which data

admissibility

being admitted into evidence in a court of law

Structured data

binary , machicne readable data in discrete fields.Example is using checkboxes to indicate patient symptoms.

is the Clinical decision support built into the core applications of an EHR or is it a separate system?

both. CDS found in core EHR applications if rudimentary, more sophisticated CDS requires the integration of data from the other EHR components...these require separate applications

failure to meet the conditions specified under a legal agreement

breach of contract

3 causes of action

breach of contract intentional tort negligence

which of the following is considered to be a professional liability?

breach of contract, intentional tort, negligence

HITECH deemed the HIO as a ____ ____under HIPAA.

business associate

analytics is used to create XXXXX XXXXX , such as predicting prescribing paterns of physicians, or the impact of a disaster on local emergency services

business intelligence

under the HIPAA Privacy Rule, when an individual asks to see their own health information, a covered entity:

can deny access to psychotherapy notes

certificate authority middle man that confirms that each computer is who it says it is

What is CCHIT

certification commission for ehalth information technology...it certifies HER

what is a plan to provide access to content of previous visit info in an HER?

chart conversion

what are systems that HIM use that are not addressed by the EHR and so will remain

chart deviciency sys, RIO sys, coding/abstracting sys

CSO

chief security officer

tort

civil wrongdoing

False Claims Act

claims of fraud can be brought for up to 10 years

nosology

classification and naming system for medical and psychological phenomena

what is a CDW

clinical data warehouse. May be a relational database but more often it is a hierarchial or multi-dimensional database.

what is the function of a LIS

collects, stores, and manages lab tests and their results. It also performs quality control, maintains an inventory of equipment and supplies, and manages info on departmental staffing/costs.Speeds up access to test results.

what is the function of a RIS

collects, stores, and provides info on radiological tests. After receiving order it schedules the procedure, notifies the pt/personnel how to prep for the procedure, tracks procedure's performance, performs quality control, maintains inventory of equpment/ supplies, and manages staffing/costs

Judicial Law

common law, case law, created from court.

subpoena

compels a response to a hearing request from the court to come to the proceedings

Mrs Elfman has filed a medical malpractice lawsuit against Dr. Quinn. She accomplishes this through a mechanism called a

complaint

process by which a lawsuit is initiated

complaint

define client

computer that users use to retrieve and enter data

thin client

computer with minimal processing capability but no storage(memory)

What computer program can copy and run itself without attaching itself to a legitimate program

computer worm

advance directive

consent that communicates an individuals wishes to be treated - or not- should the individual be incapacitated at some point.

Workforce members

consists not only of employees, but also volunteers, student interns, trainees, etc...such as a custodial worker

CBAC

content based access control - limits a user's access based not only on identity and role, but also on a person's location and time

define CCD

continuity of care documemt- provides content and format specifications for exchanging referral informaion between providers (ASTM and HL7 together made the CCD)

what is the CCR/CCD

continuity of care documemt- provides content and format specifications for exchanging referral informaion between providers (ASTM and HL7 together made the CCD)

application safeguards

controls contained in application software or computer programs to protect the security and integrity of information.

encryption

converting data into a jumble of unreadable scrambled character and symbols as they are transmitted

potential problems with reuse of data (copy/paste) in an HER

correcting entries is required, documentation compliance, privacy

what are some challenges that must be over come for EHR adoption

cost, questions about their true benefits, workflow changes, productivity impact, and unintended consequences

district court

court in the lowest tier of the federal court system

US court of appeals

court with the power to overturn the final judgments of district courts

US supreme court

court with the power to overturn the final judgments of federal and state courts of appeal

state appellate court

court with the power to overturn the final judgments of state trial courts

Statutes are laws:

created by legislative bodies

implied contract

created by the patient's behavior such as when a patient enters the emergency room or office it is implied that they want care

define meaningful use

criteria, set by ARRA/HITECH that providers must meet in order to qualify for incentives for using EHR

Jeremiah files a medical malpractice lawsuit against DR. Watson, who performed his surgery. He names no other defendants in the lawsuit. Dr. Watson files a complaint against his assistant surgeon, Dr. Crick. By doing this, Dr. Watson has completed which legal action?

crossclaim

Metadata

data about data

What type of data must be protected against breaches

data at rest, in motion, and disposed

DES

data encryption standard best known secret key security

The patients address is the same in the master patient index, electronic health record, laboratory information system, and other systems, this means that the data values are consistent and therefore indicative of what

data integrity

data is complete, accurate, consistent and up to date

what functions do analytics involve?

data mining, forcasting, and neural networks( mathematical modeling that makes connections between data to discover relationships)

how must data be stored if the results management application is to be used

data must be stored in a structured form and ideally stored together in one data repository

integrity

data that is complete, accurate, and up to date

define DBMS

database management systems are software applications that organize, provide access to, and manage a database

individual or party who is the object of a lawsuit

defendant

The purpose of private law is to

define rights and duties among private parties

telehealth- define

delivers healthcare services remotely - remote monitoring devices, videoconferencing

define cloud computing

delivery of computing resources (software) over a network and sold as a metered service..much like buying electricity

4 ways a defendant answers a complaint

denying admitting pleading ignorance bringing a countersuit

data definition

describing the data

remote patient monitoring device- define

device that enables provider to monitor and treat a pt from a remote location

best practice

dictates that health record entries and health records must be complete, accurate, and timely.

what is an example of a CDSS used in a stand-alone fashion by physicians

differential diagnosis system...compares images or data against a library of images or data to help in diagnosing a condition

discovery

disclosure of pertinent facts or documents to the opposing parties in a legal case

interrogatories

discovery method used to obtain information from other parties in a lawsuit

deposition

discovery method: formal proceeding where the oral testimonies of the parties of a lawsuit and/or witnesses are obtained

Trial courts are called

district courts in federal system.Generally, term used to describe court in the lowest tier of state court systems

DNR

do not resuscitate order directs health care providers to not give life giving measures - in the event of terminal cancer, etc.

court order

document issued by a judge

practice guidelines -define

draws info from experts in the field who reach consensus on best practices (they use EHR at the POC (point of care)

DPOA-HCD

durable power of attorney for healthcare decisions designating someone else to make healthcare decisions for you

Unsecured electronic protected health information (e-PHI)

e-PHI that has not been made unusable, unreadable, or indecipherable to unauthorized persons

Unsecured electronic protected health information (e-PHI)

e-PHI that has not been made unusable, unreadable, or indecipherable to unauthorized persons.

The nationwide health information network is now called which of the following

eHealth exchange (The nationwide health information network has gone through several name changes but currently the federal government named it the E health exchange)

what is a flat file

earliest form of a database. Stored data in plain text where each line of text holds one record with fields separated by delimiters (tabs/commas). There are no folders/paths in which to organize files

What is a software application safegaurd

edit check

what is EDMS

electronic document management systems-involve scanning documents to turn them into digital documents. Some include barcoding. This system can manage many types of documents including e-mails and faxes

The categories of security threats by people demonstrate an organization's greatest potential liability group consists of

employees

What is the process that encodes material, converting it to scrambled data that must be decoded

encryption

With regard to training in PHI policies and procedures

every member of the covered entity's workforce must be trained

EBM- define

evidence-based medicine the practice of medicine utilizing guidance from research studies....in the absence of research practice guidelines may be used

two-factor authentication

ex. an individual providing something he KNOWS and something he HAS using smart cards or tokens

*Source oriented health record

ex. nurse notes grouped together, physicians notes grouped together

informed consent

example: before surgery, etc. understanding risks, etc.

what is an e-visit

existing patients can exchange e-mail in lieu of visiting the physisican for follow-up or recurring care needs

spoken or written agreement; may be given by a patient to a healthcare provider to permit treatment

express contract

living will

expresses the treatment wishes of the patient in the event they become afflicted with certain conditions - such as a vegitative state, etc.

nonfeasance

failure to act - such as not ordering a standard diagnostic test

breach of contract

failure to meet the conditions specified under a legal agreement

breach of contract

failure to perform any term of a contract by any party involved in the contract

*the joint commission sets the official record retention standards for hospitals and other healthcare facilities.

false

In all cases, a covered entity may deny an individual's request to restrict the use or disclosure of his or her PHI.

false

The joint commission sets the official record retention standards for hospitals and other healthcare facilities.

false

the joint commission sets the official record retention standards for hospitals and other healthcare facilities.

false

list the types of HIE (HIEO) models

federated, consistent federated, consolidated (centralized)

A firewall

filters information between networks

Medical identity theft includes all of the following except use of another person's

financial information to purchase expensive handbags

Which of the following is a data collection tool that records current processes?

flow chart

general consent

for routine treatment

What provides the objective and scope for the HIPPA Security Rule as a whole

general rules

state supreme court

generally, term used to describe court in the highest tier of the state court system

trial court

generally, term used to describe court in the lowest tier of state court systems

what is the purpose of the Safeguarding Access for Every Medicare Patient Act (SAFE Medicare Patient Act)

give legal protection to medicare/medicaid providers who participate in the MU incentive program to help ensure patient safety due to unintended consequences. It would also create a system for reporting errors and potential errors that occur when using the EHR or HIE

licensure

given by a governmental agency that gives an individual permission to practice

certification

given by a private organization to acknowledge requisite level of knowledge, competencies, and skills.

accreditation

given to a healthcare organization by an accrediting organization.

Federal Rules of Evidence

governs admissibility in the federal court system

HIE define

health information exchange- services that support sharing health information across different healthcare organizations

what types of health records are subject to the HIPAA Privacy Rule?

health records in any format

What does Clinical decision support do

helps providers make decisions about patient care

HIS

hospital information sys. Comprehensive database containing all clinical, administrative, financial and demographic info about each pt

disclosure

how health information is disseminated externally

use

how health information is used internally.

basic building block of access control

identification of an individual

describe the third part of MU-criteria for earning MU incentives

identifies the extent to which the functions of the EHR must be used

PHI Protected Health Information

identifies the individual or provides a reasonable basis to believe the person could be identified from the information given.

risk analysis

identifying security threats, weaknesses, and vulnerabilities

If an implementation specification is addressable

if not implemented, the organization must document why it is not reasonable and appropriate to do so

permission inferred when a patient voluntarily submits to healthcare treatment

implied consent

A physician patient relationship is established by either an

implied contract or an express contract.

misfeasance

improper performance during an otherwise correct act such as nicking the bladder during a normal gallbladder surgery,etc.

when were meaningful use incentives started..what about the date set for sanctions

incentive payments were started in 2011 and sanctions are set for 2015

Password policies should

include mandatory scheduled password changes

DRS Designated Record Set

includes the health records, billing records and various claims records that are used to make decisions about an individual.

defendant

individual or party who is the object of a lawsuit

plaintiff

individual who brings a lawsuit

An important piece of patient centered healthcare is

information sharing.Example, patient portal and personal health record.

define thick client

information system with full processing capabilities

ITAD

information technology asset disposition - it identifies how all data storage devices are destroyed or purged

define business intelligence

integration of financial and clinical data that supports business decisions

What term is defined as data that is complete, accurate, consistent, and up-to-date

integrity

Public Law

involves the government at any level and its relationship with individuals and organizations

LOINC

is a data standard for representing lab tests,

BA - Business Associate

is a person or organization other than a member of a covered entity's workforce that performs functions on behalf of or for a covered entity. Such as consultants, billing companies, etc.

Personal Health Record (PHR)

is a record created and managed by an individual in a private,secure, and confidential enviornment.

Database

is an organized collection of data, text, refrences, or pictures in a standardized format, typically stored in a computer system for multiple applications.

DICOM Standard

is for exchanging imaging documents.

Under the Privacy Rule, a code to re identify deidentified information

is never allowed

Healthcare data analytics

is the practice of using data to make business decisions in healthcare,

Clinical data analytics

is the process by which health information is captured, reviewed,and used to measure quality of care provided.

The legal health record

is the record disclosed upon request

A notice of privacy practices

is to be given to patients upon their first contact with the covered entity Does not have to be given to inmates who are patients Explains an individual's rights under the HIPAA privacy rule

what is identity management?

it is NOT patient identification. It provides security including determinating who or what information system is authorized to access information, authentication services, audit logging, encryption, and transmission controls

why do some facilities prefer cloud computing for an EHR

it lowers the cost...although customization is not possible at the lower cost

What does a CDR do?

it manages data from all sources in a facility--helps to combine data from multiple source systems into one location for easier processing

statute

law enacted by a legislative body

public law

law that involves the government and its relationship with individuals or organizations

jurisdiction

legal authority to make decisions

NPDB - National Practitioner Data Bank

limits the movement

what is a record locator service?

locates alll patient medical records for one person

An accounting of disclosures must include disclosures

made for public health reporting purposes

data availability

making sure the organization can depend on the information system to perform as expected

Intentional software intrusions are also known as

malware

intentional software intrusion

malware

describe the function of an HIO

manages patient identity, record location and security --including consent directives where patients opt in or opt out of having their data exchanged through the HIO

cryptography

mathematical cyphers or codes created that are to be kept secret

Per the Americans with Disabilities Act (ADA), a person with a documented disability

may not be denied a job if a reasonable accommodation is possible

HIPAA Privacy Rule

means that federal law for example the HIPAA Privacy Rule, may supersede the state law, but it does NOT supersede more strict laws.

What does ambulatory care include?

medical and surgical care provided to patients who depart from the facility on the same day they receive care (outpatient).

professional liability of healthcare providers in the delivery of care to patients

medical malpractice

what is included in the e-Rx

medication alerts/reminders (like CPOE) formulary information that identifies whether the patient's health plan covers the cost of the drug and what co-pay may be required (unlike CPOE)

DICOM

message format standard that helps exchange clinical images such as x-rays, CT scans and so on

NCPDP

message format standard that helps the exchange of prescriptions from a physician practice e-Rx system directly to the retail pharmacy information system

what is the difference between message format and vocabulary standards

message format standards are rules that ensure data transmitted from one system to another remain comparable while vocabulary standards ensure standardized meaning of terms

digital signature

method that ensures that an electronic document or email is authentic.

incident detection

methods to detect incidents both accidental and malicious

what is a strategic plan that identifies applications, technology, and operational elements needed for the overall info technology program in a health organization

migration path

DRS - Designated record set

more expansive than the legal health record - also includes billing records

According to HIPPA standards, the designated individual responsible for data security

must be identified by every covered entity

notice of privacy practices

must be posted in a prominent place where it is reasonable to expect that patients will read them.

A subpoena requesting patient records

must usually be accompanied by patient authorization

does meaningful use include E-MAR, barcode medication administration record, or support for E/M coding?

is blood-banking and clinical pathology part of the LIS

is a nursing information system considered a clinical documentation system?

no it is considered a departmental system..similar to LIS or RIS because it manages the nursing department including staffing, training, budgeting and other managerial functions

does meeting the MU requirements mean that you have a complete EHR system?

no...the requirements do not include all the core components for an EHR ...examples include BC-MAR, ambulatory practices are not required to have physician progress notes,

is EDMS part of an EHR?

no..it is part of a hybrid system

Is CPOE part of clinical documentation system?

no..its considere part of the medication management system (pg 961)

can facilities expect much financial return for installing/using an EHR?

no..they consider it a cost of doing business...the only area where hospitals see cost savings/return on investment is in administrative areas....storage of paper charts/warehouse costs are reduced, number temporary and overtime hours is reduced (to manage paper records)

does the HIM department have its own information system?

no..they manage some financial, admin, and support applications

Unstructured data

nonbinary, human readable data. Example is free text that describes the patient's description of his or her condition.

Deidentified information

not protected under the Privacy Rule information that cannot identify...

components of icd 10 pcs- 7 character codes

o Character 1: Section o Character 2: Body system o Character 3: Operation o Character 4: Body part o Character 5: Approach o Character 6: Device o Character 7: Qualifier

single sign-on

one time log in

Healthcare data

one use of this healthcare information is clinical decision support(CDS)

Defendant

one who defends themselves from a lawsuit or allegation

Plaintiff

one who initiates or brings a lawsuit

consent

one's agreement to receive medical treatment.

Business associate agreements are developed to cover the use of PHI by:

organization outside the covered entity's workforce that use PHI to perform functions on behalf of the covered entity

PHR - Personal Health Record

owned and managed by the individual who is the subject of the record.

firewall (secure gateway)

part of a computer system or network that is designed to block unauthorized access while permitting authorized communciations

Data from a PHR is

patient generated health data (PGHD)

what are critical services an HIO must supply

patient identification (identify matching algorithm), record locator service, identity management, consent management

A healthcare organization's data privacy efforts should encompass

patient, employee, and organizational information

What is a threat to data security

people

*AHIMA's record retention guidelines recommend that the MPI be maintained:

permanently

AHIMA's record retention guidelines recommend that the MPI be maintained:

permanently

implied consent

permission inferred when a patient voluntarily submits to healthcare treatment

individual

person who is the subject of the PHI

PHR what is it

personal health record- electronic record of health -related info that can be accessed from multiple sources while being managed and controlled by the individual that conforms to national interoperability standards

phr- define

Apps for smartphones include

pharmaceutical references with information about side effects and dosage amounts, access to licensed healthcare professionals allowing video chats about a medical problem, and guides providing step by step first aid instructions.

physical safeguards

physical protection of information resources from physical damage....such as natural disasters or theft

What are some problems with CPOE use?

physicians feel they now have to perform clerical duties and so don't use CPOE, alert fatigue, unintended consequences due to the CPOE being based on standard order sets

which of the following parties are considered covered entities under the HIPAA Privacy Rule?

physicians, hospitals, pharmacies

Individual who brings a lawsuit

plaintiff

define HIE

plan in which health information is shared among providers

Which of the following is where a nurse enters data using a tablet computer when conducting a patient assessment while at the bedside?

point of care charting

what is another name for clinical documentation applications?

point-of-care charting

administrative safeguards

policies and procedures that address the management of computer resources. such as having a rule for employees to log off when they are not using the system, etc.

business continuity plan

policies that direct how to continue its business operations in the event of a disaster

According to the American Recovery and Reinvestment Act revisions

potential business associate liability was increased under HIPPA

PGP

pretty good privacy

what is the funciton of departmental/ancillary systems

primarily to manage the department while at the same time prividing key clinical data for the EHR

Which type of law defines the rights and duties among people and private businesses?

private law

complaint

process by which a lawsuit is initiated

voir dire

process for how a jury is selected

intrusion detection intrusion detection system (IDS)

process of identifying attempts or actions to penetrate a system can be performed manually or automatically

how is productivity affected by an EHR?

productivity falls while people get used to the new system but after optimization productivity is elevated over past performance

medical malpractice

professional liability of healthcare providers in the delivery of care to patients

medical malpractice

professional liability of healthcare providers in the delivery of patient care

define clinical transformation

profound change in how medicine is practiced due to significant changes in technology

Patient-Centered Medical Home -define

program to provide comprehensive primary care that partners physicians with the patient and their family to allow better access to healthcare and improved outcomes

what does the acronym PHI stand for?

protected health information

define- data exchange standards/message format standards

protocols/rules that help ensure data transmitted from one system to another remain comparable ex. 042187 will be recognized by both systems as the patient's record number NOT his birthday

The principal purpose of collecting and storing health information is to:

provide direct patient care and serve the patient's intests

define alert fatigue

providers ignoring alerts when there are an excessive number of them

Clinical Decision Support (CDS)

provides clinicians, staff, patients,or other individuals with knowledge and personspecific information, intelligently filtered or presented at appropriate times, to enhance health and healthcare.

what is does a NHIN (national health information network) do

provides technology to support the national health information infrastructure

PKI

public key infrastructure

Administrative law falls under the umbrella of

public law

Administrative law falls under the umbrella of:

public law

Law can be classified as

public or private

International Classification of Diseases for Oncology, Third Edition

purpose = To provide a detailed classification system for coding the histology, topography, and behavior of neoplasms

what is analytics used for?

quality improvement, quality reporting (core measures PQRI), used by insurance companies to decide whether to grant facilities favorable discount rates on fees, consumers use analytics to decide which facility to have procedures done at (success rates of procedures), research for new/better outcomes for procedures/medications, can also be used to generate a patient follow-up list

architecture define

refers to the configuration and relationships of all components of a computer system

CLIA Clinical Laboratory Improvement Amendments

regulates the quality of laboratory testing

what is the difference between relational and hierarchial/multi-dimensional databases

relational databases store each piece of data only once while hierarchial and multi-dimensional data may purposefully duplicate data

Terminology standard

represents the meaning of the clinical data.

Janice is a well-informed patient. She knows that the Privacy Rule requires that individuals be able to:

request restrictions on certain uses and disclosures of PHI Request amendment of their PHI Receive a copy of the notice of privacy practices

FACTA Fair and Accurate Credit Transactions Act

requires financial institutions and creditors to develop and implement written identity theft programs that detect red flags, etc.

minimum necessary standard

requires uses, disclosures, and request must be limited to only the amount needed to accomplish an intended purpose.

what are the 5 main components/applications of an EHR

results management; clinical documentaiton; closed-loop medication management; clinical decision support; analytics and reporting

what is the difference between results retrieval and results management systems

results retrieval systems only allow results to be viewed and/or printed while results management systems allow the user to compare, trend, graph the results

RCM define

revenue cycle all process relating to creating, submitting, analyzing, and obtaining payment for services given

An individual may

revoke an authorization in writing

Private Law

rights and duties among private entities or individuals

What is the identification of an organization's security threats and vulnerabilities

risk analysis

administrative law

rules developed by administrative bodies empowered by law to regulate specific activities

Physical safeguards

security rule measures such as locking doors to safeguard data and various media from unauthorized access and exposures. ( includes facility access controls, workstation use, workstation security)

subpoena ad testificandum

seeks one's testimony

subpoena duces tecum

seeks the documents one can bring with him or her

Data backup polices and procedures may include

server redundancy

system -define

set of components that work together to accomplish a goal

contingency plan

set of procedures to be followed when responding to emergencies

Covered entities must retain documentation of their security policies for at least

six years

examples of something you have

smart cards and tokens

Which of the following provides the most comprehensive controlled vocabulary for coding the contents of a patient record

snomed CT

Malware

software applications that can take over partial or full control of a computer and compromise data security and corrupt both data and hard drives.

what is a patient portal?

software that allows a patient to log on to a website from home or a kiosk in a providers waiting room to schedule appointments, pay bills, obtain educational material, sign informed consents, request ROI, or enter their own health history

What is true regarding a coordinated security program

someone inside the organization must be responsible for data security

biometrics

something you ARE

what are some issues with the BC-MAR system

somme specially compounded drugs administered IV require special labels which not all hospitals pharmacy information systems can accommodate..requiring data to be entered manually into the system; you have to bring the computer, barcode wand, and medication to the patient...this can be done via wireless workstation-on -wheels (WOW..which is heavy to push) or carrying a sling with a tablet and wand; the hospital needs to define what constitutes a medication error...a wrong time may not be due to error...the pt may have been unavailable during the administration time

development of an EHR most often begins with acquisition of

source systems

what is e-Rx

special type of CPOE used exclusively to make a prescription and transmit it electronically to RETAIL pharmacies

warrant

specialized type of court order

express contract

spoken or written agreement; may be given by a patient to a healthcare provider to permit treatment

RxNorm what is it

standardized nomenclature (vocabulary standard) for clinical drugs and drug delivery devices

US court systems consists of

state and federal courts.

privileged communication statutes

state laws that protect information shared between a patient and his/her physician.

which of the following should be considered first when establishing health record retention policies?

state retention requirements

which of the following laws are enacted by a legislative body?

statutes

what is a relational database

stores data in predefined tables that contain rows and columns similar to a spreadsheet. Each talbe is a set of rows and columns that relate to one another

migration path...define

strategic plan that outlines the major components and the order in which they are to be implemented (EHR)

Per the Fair and Accurate Credit Transactions Act (FACTA), which of the following is a red flag category?

suspicious documents

Deposition

sworn testimony usually collected before a trial

define implementation

system has been installed and configured but the staff are still experimenting with it/learning how to use it and the new workflows

what is a BC-MAR

system that requires the hospital to have each patient identified with a barcode (wristband) and to package drugs in unit dose form , each with a barcode or radio-frequency identification tag that identifies the drug, dose, and route. When the nurse logs onto the BC-MAR system and scans the pt's wristband and unit dose pkg the system automatically time and date-stamps the entry made

what is a specialty system

system that supports documentation of patient care in specialty areas such as ICU, ED, respiratory therapy, rehab, behavioral and hospice care

what is an example of a CDSS used in a stand-alone fashion by a hospital

system to alert infection control nurses of a potential hospital-acquired infection...

what provides connectivity services?

systems integrators, registries, and health informaion exchange organizations

connectivity systems define

systems that enable the exchange of data across separate information systems both within and across organizations

what is electronic signature authentication

systems that requires the user to log into the system using a password and user ID, review the document to be signed, and indicate approval...the system annotates the date and time that the document has been signed

source system -define

systems that supply the EHR with data

Types of Data Visualization tools

tables, charts, and graphs.Example , tables display exact values whereas graphs show trends.

HIT - define

technical aspects of processing health data includes classification and coding, abstracting, registry, development, storage. Encompasses not only the HER but other broader uses of into tech such as applications that support insurance info, billing, drug ordering, collection of pt demographics

in order for hospitals or physicians to meet meaningful use their ERH technology must meet 3 things..what are they

technology must be certified, interoperable, and used in a meaningful way

what is supporting infrastructure

technology that allows the various applications to work (hardware, software, policies/procedures)

what is medical device integration

technology that would allow the integration of automated medical devices (fetal monitoring strip, vital signs monitors, cardiac output monitor, ventilators, infusion pumps) into an EHR.

what are some examples of separate CDSS that are integrated into the EHR

templates used in clinical documentation, standard order sets used in CPOE, clinical pathways for nurses

DMS-IV-TR

the American Psychiatric Association's Diagnostic and Statistical Manual of Mental Disorders, Fourth Edition, updated as a 2000 "text revision"; a widely used system for classifying psychological disorders

HIPAA Security Rule

the Federal Regulations created to implement the security requirements of HIPAA

authentication

the act of verifying a claim of identity

Constitutional law

the body of law that deals with the amount and types of power and authority that governments are given

HIPAA Security Rule

the federal regulations created to implement the security requirements of HIPAA

A medical record is owned by

the healthcare organization that created it

Supreme courts

the highest courts in a system that hear final appeals from intermediate courts.

which of the following entities owns the physical hospital health record?

the hospital that maintains the record

risk management

the identification, evaluation, and control of risks that are inherent

impact analysis

the impact of threats on information - example...if an organization lives in a tornado area, then they should prepare for tornadoes

Trial courts (called 'district courts' in the federal system)

the lowest tier of state court - hears crimes of lesser severity or civil matters of lower dollar amount

define data comparability

the meaning of a term is consistent across all users

Security

the means to control access and protect information from accidental or intentional disclosure to an authorized persons and from an authorized alteration destruction or loss. The physical protection of facilities and equipment from damage theft or unauthorized access

what part of an HER does not support analytics and reporting

the nature of the database required for POC charting and CDS...it is often necessary to data from an HER system to a separate database that is optimized to perform analytics and reporting

statute of limitations

the period of time in which a lawsuit must be filed.

Biometrics

the physical characteristics of users (such as fingerprints retinal scans and others) that systems store and used to authenticate identity before allowing the user access to a system.

Intrusion detection

the process of identifying attempts or actions to penetrate a system and gain unauthorized access

Risk analysis

the process of identifying possible security threats to the organization's data and identifying which risk should be proactively address and which risks are lower in priority.

Authentication

the process of identifying the source of health record entries by attaching a handwritten signature, the author's initials, or an electronic signature.

ROI Release of Information

the process of providing PHI access to individuals or entities that are authorized to receive or review it' page 243

Encryption

the process of transforming text into an unintelligible string of characters that can be transmitted via Communications media with a high degree of security and then decrypted when it reaches a secure destination.

legal health record

the record disclosed upon request can be stored on any medium, paper, electronic, microfilm, etc. its content is defined by the organization rather than by law.

access control

the restriction of access to information and information resources

authorization

the right or permission given to an individual to use a computer resource to gain specific data, etc.

e-discovery

the same pre-trial process as discovery, but parties now obtain electronically stored data.

clinical privileges

the set of services a dr. is permitted to perform in that facility

what does analytics and reporting applications refer to?

the statistical processing of data to reveal NEW information...such as which form of treatment for a specific condition had the best outcomes

Technical safeguards

the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.

what does data storage refer to?

the type of media, location, and length of time the contents of a database are kept

what is the function of the PFS(patient financial system)

they aid RCM (revenue cycle management)- charge capture to collect info about services performed in departmental systems, claim generation for reimbursement, claims status inquiry and response- posting RA reflecting actual fees reimbursed and receiving electronic funds transfers

why is the ability of the analytics and reporting application to produce reports important?

they are used to improve quality and reduce healthcare costs(find more efficient ways of doing things)

are products certified by the authorized ONC entity complete EHR?

they can be complete or they can be modular...modular components meet one or more but not all of MU requirements and so providers must combines modular products to have a complete system to meet incentive criteria

Courts of Appeal (appellate courts)

they hear the appeals on final judgements of trial courts

why are financial/administrative systems not considered departmental systems

they manage patient-specific data needed for all other applications and do not process data that aid in the management of the departments as departmental systems do

Wha is true about internal security threats

they originate within an organization

IOM- define

they provided early description of EHR---branch of the National Academy of Sciences whose goal is to advance and distribute scientific - knowledge with the mission of improving human health

Arbitration is the submission of a dispute to a:

third party or a panel of experts

Arbitration is the submission of a dispute to a:

third party or panel of experts

define clinical documentaiton system

those applications that supply templates to the user to direct documentation that needs to be recorded for the patient to be completed primarily via point-and-click, drop-down, type-ahead, and other data-entry tools and that also provides a way to supply CDS at the time when the clinician is most responsive to alerts/reminders

external data security threats

threats that come outside of an organization

internal data security threats

threats that originate within the organization

2 goals for the Privacy Rule

to provide greater protection to provide an individual with greater rights with respect to his or health information.

One of the objectives to achieve Meaningful Use (MU) for certified EHR technology is

to provide patients within a certain number of days of the information being available to the eligible professionals.

what is the purpose of a CDW

to support online analytical processing (OLAP)

External security threats can be caused by

tornados

what is another name for a CDR?

transactional databases

*stricter state statutes related to the confidentiality of healthcare information take precedence over the provisions of the HIPAA Privacy Rule. (State law preempts HIPAA, if stricter)

true

a notice of privacy practices should include a statement that explains that individuals may complain to the secretary of the department of health and human services if they believe that their privacy rights have been violated.

true

critique this statement Skilled nursing facilities are no longer paid under a system based on reasonable cost but, rather, through per-diem prospective case-mix-adjusted payment rates.

true

stricter state statutes related to the confidentiality of healthcare information take precedence over the provisions of the HIPAA Privacy Rule.

true

when a healthcare provider purposely commits a wrongful act that results in injury to the patient, the provider can be held responsible for an intentional tort

true

when a healthcare provider purposely commits a wrongful act that results in injury to the patient, the provider can be held responsible for an intentional tort.

true

private key infrastructure (single key encryption)

two or more computers share the same secret key and the key must be kept secret

What is the strongest type of authentication

two-factor

define unintended consequence and give an example

unanticipated and undesired effect of implementing and using an EHR . A physician accepting a standard order when his patient's needs require something different and a bad result happens

Security breach

unauthorized data or system access

security breach

unauthorized data or system access by people both inside and outside the health organization

negligence

unintentional wrongdoing

what is voluntary universal health identifier

unique patient identifier

what is CPOE used for?

used for entering ALL orders..not just medication orders (orders for pt admission, lab tests, consults, referrals, discharge of pt and medication orders)

UBAC

user based access control - grants access based on a user's identity

malware

usually gains access through emails or downloads or with pop up windows

NDC what is it

vocabulary standard for drug inventories in pharmacies

LOINC what is it

vocabulary standard that is used for lab test results

how is data comparability achieved?

vocabulary standards

define portal

web page that offers secure access and allows data entry upon authorization of user

bench trial

when a judge hears a case

in which of the following situations must a covered entity provide an appeal process for denials to requests from individuals to see their own health information?

when a licensed healthcare professional has determined that access to PHI would likely endanger the life or safety of the individual

intentional tort

where an individual purposefully commits a wrongful act

Electronic Health Record (EHR)

which is created and managed by the health care provider.

The Privacy Rule states that an individual has the right to receive an accounting of certain disclosure made by a covered entity:

within the three years prior to the date on which the accounting is requested

which organization originally published icd-9-cm

world health organization

What is an example of an administrative safegaurd

writing a policy regarding automatic computer logoffs

Statutes - Statutory Law

written law established by federal and state legislatures

authorization

written permission to use or disclose patient-identifiable health information

does meaningful use include CPOE

yes

does the BC-Mar system generate reports?

yes...on the timely administration of drugs..also has ability for nurse to write notes to describe exceptions

HIT 101 Part 1

Related study sets

ISDS 551 - CH 5 Questions

Biology106 Chapter 1 The Science of Biology

Examen 1

Orgo 2 Exam Questions

66

Module 7

History Research Paper

MGMT 3000 L13

unit 2 us history test

CIS - Networking Fundamentals - 150 - Quiz 4

GEOL 101 Chapter 15

Physics Final Exam

Abnormal Behavior Final

Media Now Chapter 3

IS175

Chapters 11 & 14

D101 Cost and Managerial Accounting Module 2

Series 7 TO CheckPoint #3

Quiz 2 (The Research in Psychology)

TIM 333 Final Exam