insurance & Billing Ch.2

Ace your homework & exams now with Quizwiz!

After discovery of a breach of unsecured PHI, how long does a covered entity have to notify the individual(s) who would be affected?

60 days

Health plan premium payments is the HIPAA transaction name for number X12 _____

820

Which of the following statements define authorization?

A document signed by a patient to permit release of medical information

A code of conduct for the members of a practice would cover which of the following? (Select all that apply.)

A policy to encourage employees to report compliance concerns to the compliance officer Procedures for ensuring compliance with laws relating to referrals Provisions for discussing compliance during performance reviews

The health system reform legislation that offers improved insurance coverage and other benefits is abbreviated as _____.

ACA

An___ is responsible for managing the quality and cost of care provided to a group of patients.

ACO

What makes it illegal to knowingly offer incentives to induce referrals for services paid by government healthcare programs?

An antikickback statute

What must patients sign for use and disclosure of PHI for any reason other than TPO?

An authorization

According to the OIG, voluntary compliance plans should contain which of the following? (Select all that apply.)

Appointment of a compliance committee Consistent written policies and procedures Appointment of a compliance officer Training

Which of the following tasks are outlined in compliance plans?

Audit and monitor compliance with government regulations

To ensure that a compliance plan is established and followed, most practices will appoint a _____ to be in charge of ongoing work.

Be straightforward in presentations. Keep the presentations brief. Develop a procedure for sharing information between trainings. Use examples and facts. Explain the purpose of compliance.

The main federal government agency responsible for healthcare is abbreviated as .

CMS

The main federal government agency responsible for healthcare is the _____.

Centers for Medicare and Medicaid Services

An E/M service is usually documented with ____notes.

Chart

The Office for _____ Rights enforces the HIPAA Privacy Act.

Civil

Which of the following are covered entities that must follow HIPAA rules? (Select all that apply.)

Clearinghouses Healthcare providers Health plans

Which of the following are security measures that help enforce the HIPAA Security Rule? (Select all that apply.)

Create security policies for violations that occur Backups of data to replace items if damaged Provide secure Internet connections

Which of the following applies to the role of the Department of Justice with regards to HIPAA?

Criminal violations of HIPAA privacy standards are prosecuted by the DOJ.

_____ health information is medical data from which individual identifiers have been removed.

De-identified

What types of information make up a complete history and physical? (Select all that apply.)

Diagnosis Treatment plan Chief complaint H&P examination

Evaluation and management is abbreviated as _____.

E/M

__ is a method of converting a message into encoded text.

Encryption

A compliance plan seeks to ensure compliance with which of the following laws? (Select all that apply.)

Environmental safety laws Federal laws State laws Local laws Antifraud laws Employment laws

_____ stands for the Fraud Enforcement and Recovery Act of 2009.

FECA

Which of the following are documented in the patient's chart?

H&P PMH ROS HPI

Which of the following is the agency that governs emergency guidance for release of information?

HHS

The protection of patients' private health information is covered under which law?

HIPAA

Under _____ a code set is any group of codes used for encoding data elements.

HIPAA

Rules governing the electronic exchange of health information are called ____.

HIPAA Electronic Health Care Transaction and Code Sets

Privacy officials should review state laws to develop policies and procedures that are in compliance with which of the following?

HIPAA Privacy Rule

The law regulating the use and disclosure of patients' protected health information is called the _____.

HIPAA Privacy Rule

The law promoting the adoption and use of health information technology is abbreviated as _____.

HITECH

The law promoting the adoption and use of health information technology is called the _____.

Health Information Technology for Economic and Clinical Health Act

When might covered entities be exempt from the breach notification requirements for breaches of data? (Select all that apply.)

If destruction methods are used to secure data If encryption methods are used to secure data

Which of the following are true of an audit by the OIG? (Select all that apply.)

If patterns of errors are clearly determined, it could be considered fraud. Physicians are not subject to penalties for innocent errors. When problems are found during audits, an investigation follows.

Which of the following are examples of fraudulent or abusive billing acts? (Select all that apply.)

Intentionally billing for services that were not performed or documented Performing procedures that are not medically necessary Reporting services at a higher level than were carried out

Which of the following are true of the HITECH Act? (Select all that apply.)

It guides the use of federal stimulus money. It addresses privacy and security concerns associated with the electronic transmission of health information. It promotes the adoption of meaningful use of health information technology.

Which of the following are examples of how code sets can be used? (Select all that apply.)

Medical procedure codes Medical concepts Medical diagnosis codes Tables of terms

Which of the following are examples of patient's information that is taken out during the de-identified process?

Medical record number Insurance plan Names

What are identifiers?

Numbers of predetermined length and structure

A set of regulations enhancing patients' privacy protections and rights to information is called the _____.

Omnibus Rule

_____ is defined as protected health information.

PHI

What must be done when using patient information for the purpose of research?

Patient identifiers must be removed.

Which of the following are among the five provisions (titles) of HIPAA?

Preventing Healthcare Fraud and Abuse Healthcare Access, Portability and Renewability Tax-Related Health Provisions Revenue Offsets Application and Enforcement of Group Health Plan Requirements

Which of the following are examples of activities performed by CMS to ensure the quality of healthcare? (Select all that apply.)

Preventing discrimination based on health status Evaluating the quality of healthcare services and facilities Regulating lab testing Researching the effectiveness of healthcare management

PHI is the abbreviation for which of the following?

Protected health information

What information must be included on an authorization to release information? (Select all that apply.)

Purpose of the disclosure Name of the people to whom the disclosure is being made Expiration date Name of the person authorized to disclose the information Description of the information to be disclosed

Which of the following is a term used to describe whistle-blower cases?

Qui tam

Which of the following are parts of the Omnibus Rule? (Select all that apply.)

Restating the standards for reporting breaches Increasing civil monetary penalties for violations Prohibiting health plans from disclosing genetic information for determining insurance coverage Strengthening previous HIPAA/HITECH rules

State statutes may differ from HIPAA in which of the following areas? (Select all that apply.)

Rights of inmates Designated record set Information compiled for court cases Psychotherapy notes

The HIPAA Privacy Rule mandates that covered entities must do which of the following? (Select all that apply.)

Safeguard patient records Notify patients of privacy rights Have a set of appropriate privacy practices Train employees in regard to privacy practices Appoint a privacy official for the practice

Which of the following are the three parts of the Administrative Simplification?

Security Rule Privacy Rule Electronic Transaction and Code Set

Which of the following are true about PHI that is made available for research data? (Select all that apply.)

Specific patient names may not be identified on reports or studies. It may be made available to researchers approved by the practice.

_____ rules make it illegal for physicians to have financial relationships with clinics for the purpose of self referrals.

Stark

Which of the following are true of state regulations in healthcare? (Select all that apply.)

State laws ensure the solvency of insurance companies and MCOs. States can restrict price increases on premiums. State commissioners of insurance investigate consumer complaints.

Which of the following are true of PHI releases under court orders? (Select all that apply.)

Subpoenas can be issued by the court directing a party to appear and testify. To release PHI to a court without the patient's approval, a judicial order must be received. A subpoena duces tecum requires a party to appear, testify, and bring specified documents or items. If required as evidence, PHI may be released without the patient's approval.

Which of the following are rules governing the electronic exchange of health information?

TCS

The revenue cycle explains how using EHRs is integrated with practice management programs as what process is performed?

Ten-step billing process

Who has the authority to authorize the release of a patient's medical information to anyone not directly involved in their care? (Select all that apply.)

The patient A legally appointed representative

Who has ownership of the actual progress notes, reports, and other clinical materials in a medical record?

The provider who created them

Why must communicable diseases be reported?

They can be dangerous and harm others.

For which of the following reasons are psychotherapy notes treated differently under HIPAA?

They contain sensitive information.

In which circumstances might CEs disclose PHI without the patient's consent? (Select all that apply.)

To grant public health authorities access to PHI necessary to carry out their public health mission. To prevent or lessen a serious threat to the health and safety of the public. To treat the patient or another patient

How are the HIPAA transactions standards labeled?

With a number and a name

The purpose of ______ logs is to record who has accessed or tried to access information.

activity

A formal examination of a physician's records is called a(n) _____

audit

_____are companies that help providers handle electronic transactions.

clearinghouses

An alphabetic and/or numeric representation of data is called a(n) _____.

code set

The practice's code of _____ covers compliance in referral arrangements, and employee performance compliance.

conduct

A health plan, clearinghouse, or provider who transmits any health information in electronic form is called a(n) _____.

covered entity

There are no restrictions on the use or disclosure of _____ information.

de-identified health

A system-to-system exchange of data in a standardized format is called a(n) _____.

electronic data interchange

New emergency guidance from HHS stating that CEs may disclose PHI without the patient's consent was applicable to a recent outbreak of Ebola virus because ______.

it was needed to lessen a serious and imminent threat to the health of the public

Being able to prove that a procedure is related to the patient's condition is called _____.

medical necessity

A(n) _____ is a file containing the documentation of a patient's medical history and related information.

medical record

State-specified performance measures for the delivery of healthcare are called _____.

medical standards of care

A patient encounter is also called the ____with the provider.

meeting

In order to use the patients medical data for research the patient's ____ may not be identified.

name

Role-based access into computer records means that _____.

only those who need the information can see it

An example of confidential authentication information used to access EHR/PMP is a(n) _____.

password

_____ management programs encrypt data between the office and the Internet.

practice

The HIPAA Standards for Privacy of Individually Identifiable Health Information Rule is also know as HIPAA___ Rule

privacy

The _____ official in an organization develops policies and procedures for HIPPA compliance.

privacy

_____ notes are treated differently because they contain particularly sensitive information.

psychotheraphy

A person who makes an accusation of fraud or abuse is called a(n) _____.

relator

The cycle that explains how using EHRs is integrated with practice management programs is called the _____ cycle.

revenue

When a provider asks questions about the function of each body system, it is considered a _____.

review of systems

The OIG compliance plan has _____ elements.

seven

Some specific types of information is required by ______ law to be released to state or social services.

state

regulate the operations and compliance of health insurance companies.

states

is an order of the court directing a party to appear and testify.

subpena

There are five _____ in HIPAA that focus on various aspects of healthcare.

titles

Unprotected health information that is not secured through the use of technologies or methods that HHS has specified is called _____ PHI.

unsecured


Related study sets

AP Biology-Chapter 12.2: The Cell Cycle

View Set

Chap 3 Quiz Interpersonal / Perceptions

View Set

Biology 237 Unit 4 Exam Chap 12-15

View Set

Unit 2 CH 14 A Simplified Account of Kant's Ethics, Onora O'Neill

View Set