Practice Questions for RHIT Exam: DOMAINs 1, 2, 3
City Hospital's HIM department made a decision to discontinue outsourcing its release of information (ROI) function and perform the function in house. Because of HIPAA implementation, the department wanted better control over tracking release of information. Given the graph shown here. How would you evaluate the ROI revenue growth? ***Graph is needed for question 5.*** A. The ROI function continues to cost more than revenue generated. B. Annualized revenue for YR-7 is more than the costs. C. The ROI function costs are inversely related to revenue generated. D. The ROI costs for YR-7 are greater than the revenue.
Annualized revenue for YR-7 is more than the costs. Line graphs are used to display time trends in data. A line graph is useful for plotting data to make observations. In analyzing the chart, the revenue exceeds the costs.
A family practitioner in your local physician's clinic saw 150 adults in one week for their annual physical examinations. Sixty-seven received the flu vaccine and three patients received the pneumococcal pneumonia vaccine. What is the rate of the flue vaccine administration for this physician? A. 44.7% B. 67.0% C. 20.0% D. 447%
44.7% A rate is a ratio in which there is a distinct relationship between the numerator and the denominator and the denominator often implies a large base population. (67/150) x 100 = 44.66 = 44.7%.
Community Memorial Hospital had 25 inpatient deaths, including newborns, during the month of June. The hospital had a total of 500 discharges for the same period, including deaths of adults, children, and newborns. The hospital's gross death rate for the month of June was: A. 0.05% B. 2% C. 5% D. 20%
5% The gross death rate is the proportion of all hospital discharges that ended in death. It is the basic indicator of mortality in a healthcare facility. The gross death rate is calculated by dividing the total number of deaths occurring in a given time period by the total number of discharges, including deaths, for the same period: 25/500 = 0.05 x 100 = 5%.
On October 1st, a hurricane hit a small coastal community, which has a community hospital licensed for 50 beds and two treatment room beds in order to help take care of patients. Which of the following would be the denominator used to determine the percentage of occupancy for October 1st? A. 50 B. 60 C. 63 D. 65
50 A bed count, also called an inpatient bed count, is the number of available hospital inpatient beds, both occupied and vacant, on any given day. Temporary beds are not included in the bed count for percentage of occupancy.
The HIM department at Community Hospital has three full time coders. One is considered the lead coder and his salary is $20.35 per hour. One coder is a new graduate who makes $15.50 per hour and the third coder is an experienced employee who earns $18.90 per hour. The lead coder codes four records per hour; the new coder codes three records per hour and their experienced coder codes six records per hour. Using a 7.5 hour productive day, what is the unit cost for the new graduate coder? A. $3.36 per record B. $4.49 per record C. $5.43 per record D. $5.51 per record
$5.51 per record The new graduate coder's salary is $15.50 x 2,080 (hours per year) = 32,240. Productivity is 7.5 hours per day x 3 records per hour = 22.5 records per day. 22.5 records x 5 days per week x 52 weeks per year = 5,850 records per year. $32,240 / 5,850 = $5.51 per record.
At Community Hospital, each full-time employee is required to work 2,080 hours annually. The table below shows the amount of time that five employees were absent from work over the past year. ***Graph is needed to answer Q 30.*** What is the total sick leave rate for this group of employees for the year? A. 0.29% B. 0.98% C. 1.29% D. 1.54%
0.98% A ratio is a ration in which there is a distinct relationship between the numerator and denominator and the denominator often implies a large base population. Add each employee's sick leave hours together to get a total of 102. Multiplying 2,080 (full-time equivalent) by 5 (number of employees) equals 10,400. Take the total sick leave hours (102) and multiply by 100, then divide it by the total hours for the 5 full time employees (10,400). Calculations: (6 + 16 + 8 + 32 + 40) = 102 hours total sick leave time; (2,080 x 5) = 10,400 total hours for the 5 coders; (102 x 100)/10,400 = 10,200/10,400 = 0.98% total sick leave rate.
In a frequency distribution, the lowest value is 5, and the highest value is 20. What is the range? A. 5 to 20 B. 15 C. 7.5 D. 20 to 5
15 The range is the simplest measure of spread. It is difference between the smallest and largest values in a frequency distribution. 20-5=15
The following data were derived from a comparative discharge database for hip and femur procedures: These data can be described as: ***Graph is needed to answer Q 12.*** A. Aggregate B. Identifiable C. Patient specific D. Primary
Aggregate Aggregate data include data on groups of people or patients without identifying any particular patient individually. Secondary data are considered aggregate data. Examples of aggregate data are statistics on the average length of stay (ALOS) for patients discharged within a particular diagnosis-related group (DRG).
Community Hospital had 25 inpatient deaths, including newborns, for the moth of June. The hospital performed five autopsies for the same period. What was the gross autopsy rate for the hospital for June? A. 0.02% B. 5% C. 20% D. 200%
20% The gross autopsy rate is the proportion or percentage of deaths that are followed by the performance of autopsy. In this case, (5/25)x100=20%.
Given the numbers 47, 20, 11, 33, 30, 30, 35, and 50, what is the mode? A. 30 B. 32 C. 32.5 D. 35
30 The mode is the simplest measure of central tendency. It is used to indicate the most frequent observation in a frequency distribution. The most frequent observation is 30.
Which of the following is made up of claims data from Medicare claims submitted by acute-care hospitals and skilled nursing facilities? A. NPDB B. MEDPAR C. HIPDB D. UHDDS
MEDPAR The Medicare Provider Analysis and Review (MEDPAR) file is made up of acute care hospital and SNF claims data for all Medicare claims. The MEDPAR file is frequently used for research on topics such as charges for particular types of care and DRGs. The limitation of the MEDPAR data for research purposes is that the file contains only Medicare patients.
Given the following information, from which the payer does the hospital proportionately receive the least amount of payment? ***Graph is needed to answer Q 44.*** A. BC/BS B. TRICARE C. Medicare D. Medicaid
Medicaid Medicaid charges are larger than the charges to commercial insurance and TRICARE; however, the facility receives a smaller payment from Medicaid. There is an adjustment of 36 percent, meaning that the facility had to adjust their charges 36 percent from the actual amount billed and the amount they receive in payment.
Certificates, such as those for births and fetal-deaths, are reported by hospitals to the individual state registrars and maintained permanently. State vital statistics registrars then compile the data and report them to which of the following: A. National Center for Health Statistics B. Agency for Healthcare Research and Quality C. Health Services Research D. National Statistics Research
National Center for Health Statistics Healthcare facilities are interested in births and deaths, fetal deaths, and induced terminations of pregnancy; facilities generally are responsible for completing certificates for births, fetal deaths, abortions, and occasionally, deaths. All states have laws that require this data. The certificates are reported to the individual state registrars and maintained permanently. State vital statistics registrars compile the data and report them to the NCHS.
What do the wedges or divisions in a pie graph represent? A. Frequency groups B. Various data C. Percentages D. Classes
Percentages Pie charts are best to use when you want to show each category's percentage of the total. They do not show changes over time. A circle is divided into sections such as wedges or slices. These represent percentages of the total (100 percent).
The Information Services Department has requested information about the electronic signature system being used in our facility. They would like to know the locations where physicians are accessing the system. Review the information in the table below and determine which site has the highest percentage of use. ***Graph is needed to answer Q 71.*** A. HIM department B. Obstetrics, 1 West C. Personal mobile device D. Physician home
Personal mobile device A table is an orderly arrangement of values that groups data into rows and columns. Almost any type of quantitative information can be grouped into tables. Columns allow you to read data up and down, and rows allow you to read data across. The columns and rows should be labeled. In this table, personal mobile device has the highest percent of physicians using the system.
If you want to display the parts of a whole in graphic form, what graphic technique would you use? A. Table B. Histogram C. Line graph D. Pie chart
Pie chart A pie chart is an easily understood chart in which the sizes fot the slices of the pie show the proportional contribution of each part. Pie charts can be used to show the component parts of a single group or variable.
Suppose that five patients stayed in the hospital for a total of 27 days. Which term would be used to describe the result of the calculation 27 divided by 5? A. Average length of stay B. Total length of stay C. Patient length of stay D. Average patient census
Average length of stay The average length of stay (ALOS) is calculated from the total length of stay (LOS). The total LOS divided by the number of patients discharged is the ALOS.
Which of the following is an example of how an internal user utilizes secondary data? A. State infectious disease reporting B. Birth certificates C. Death certificates D. Benchmarking with other facilities
Benchmarking with other facilities Internal users of secondary data are individuals located within the healthcare facility. Internal users include medical staff and administrative and management staff. Secondary data enable these users to identify patterns and trends that are helpful in patient care, long-term planning, budgeting, and benchmarking with other facilities.
Review of disease indexes, pathology reports, and radiation therapy reports are parts of which function in the cancer registry? A. Case definition B. Case finding C. Follow-up D. Reporting
Case finding Cancer registries were developed as an organized method to collect these data. Case Finding is a method used to identify the patients who have been seen or treated in the facility for the particular disease or condition of interest to the registry. After cases have been identified, extensive information is abstracted from the patients' paper-based health records into the registry database or extracted from other databases and automatically entered into the registry database. 1. Case Definition/Case Finding: Case definition is the process of deciding which cases should be entered into the registry. IN A CANCER REGISTRY THE FIRST STEP IS CASE-FINDING. One way to find cases is through the discharge process in the HIM department. Another case finding method is using the facility-specific disease index to identify patients with diagnoses of cancer. Additional methods may include reviews of pathology reports and list of patients receiving radiation therapy or other Cancer treatments to determine cases that have not been found by other methods. 2. Abstracting/Data Collection: Data are nationally obtained by reviewing and collecting them from the patient's health record. demographic information, type and site of cancer, diagnostic methodologies, treatment methodologies, stage at the time of diagnosis are all information that would be abstracted. 3. Reporting and Follow-up: Reporting of cancer registries are done through an annual report. The annual report includes aggregate data on the number of cases in the past year by sight and type of cancer. It also includes information on patients by gender, age, and ethnic group. Often a particular site or type of cancers featured with more in-depth data provided. For follow up, on an annual basis the registry attempts to obtain information about each patient in the registry, including whether he or she is still alive, status of the cancer, and treatment received during the period.
The number of inpatients present in a healthcare facility at any given time is called a_______________. A. Survey B. Census C. Sample D. Enumeration
Census Healthcare facilities have a census, which is the count of patients present at a specific time and in a particular place.
Which of the following uniquely identifies each record in a database table? A. Data definition B. Data element C. Foreign key D. Primary key
Primary key Primary keys ensure that each row in a table is unique. A primary key must not change in value. Typically a primary key is a number that is a one-up counter or a randomly generated number in large databases.
A record is considered a primary data source when it: A. Contains data about a patient and has been documented by the professionals who provided care to the patient B. contains data abstracted from a patient record C. Includes data stored in a computer system D. Contains data that are entered into a disease-oriented database
Contains data about a patient and has been documented by the professionals who provided care to the patient. The health record is considered a primary data source because it contains data about a patient that has been documented by the professionals who provided care or services to that patient. Data taken from the primary health record and entered into registries and databases are considered a secondary data source.
The Joint Commission and CMS have identified sets of patient care characteristics that they have determined reflect the quality of care an organization can provide for important diagnoses. These sets are called: A. Core measures B. Conditions of Participation C. Case mix D. Cost outliers
Core Measures Sets of patient care characteristics that the Joint Commission and CMS have determined to reflect the quality of care an organization can provide for important diagnoses are core measures.
Large population-based studies are used to identify the care processes or interventions that achieve the best healthcare outcomes in different types of medical practice. This research concept is called? A. Clinical pathway B. Evidence-based medicine C. Patient-centered care D. Morbidity indicators
Evidence-based medicine Evidence-based medicine attempts to identify the care processes or interventions that achieve the best outcomes in different types of medical practice. Researchers perform large population-based studies. Such studies are difficult to do without a well developed information infrastructure to provide data for analysis.
The following table compares Community Hospital's pneumonia length of stay (observed LOS) to the pneumonia LOS of similar hospitals (expected LOS). Given this data, where might Community Hospital want to focus on its pneumonia LOS? ***Graph is needed to answer Q 41.*** A. Cardiology B. Endocrinology C. Family practice D. Internal medicine
Family practice Family practice has the largest variance with the potential for the most savings.
The following data has been collected about the HIM department's coding productivity as part of the organization's total quality improvement program. Which of the following is the best assessment of this data? ***Graph is needed to answer Q 42.*** A. Part-time coders are more productive than full-time coders. B. Full-time coders are more productive than part-time coders. C. All coders produce more than the departmental average. D. Part-time coders exceed the departmental average.
Full-time coders are more productive than part-time coders. Reading this graph, the full-time coder productivity is higher than part-time coder productivity. The cause for this difference must be identified before any solution can be developed to increase the productivity of the part-time coders.
To be reliable, statistical data must: A. Have some consistency B. Be applicable to what is being measured C. Be collected from one source only D. Have multiple meanings
Have some consistency The data used in the statistics must be valid and reliable. Validity answers the question of whether one measured what one intended to measure, and reliability means that there is some consistency of results.
Given the information her, which of the following statements is correct? ***Graph is needed to answer Q 31*** A. In each MS-DRG, the geometric mean is lower than the arithmetic mean. B. In each MS-DRG, the arithmetic mean is lower than the geometric mean. C. The higher the number of patients in each MS-DRG, the greater the geometric mean for that MS-DRG. D. The geometric means are lower in MS-DRGs that are associated with a CC or MCC.
In each MS-DRG, the geometric mean is lower than the arithmetic mean. The geometric mean LOS is defined as the total days of service, excluding any outliers or transfers, divided by the total number of patients. Given the examples, the geometric means are lower than the arithmetic means.
Which rate describes the probability or risk of illness in a population over a period of time? A. Mortality B. Incidence C. Morbidity D. Prevalence
Incidence An incidence rate is used to compare the frequency of disease in different populations. Populations are compared using rates instead of raw numbers because rates adjust for differences in population size. The incidence rate is the probability or risk of illness in a population over a period of time.
The type of statistics that makes a best guess about a larger group of data by drawing conclusions from a smaller group of data is called: A. Descriptive statistics B. Inferential statistics C. Generalized statistics D. Mathematical statistics
Inferential statistics Inferential statistics help make inferences or guesses about a larger group of data by drawing conclusion from a small group of data.
Why is the MEDPAR file limited in terms of being used for research purposes? A. It only provides demographic data about patients. B. It only contains medicare patients. C. It uses diagnoses and procedure codes. D. It breaks charges down by specific types of service.
It only contains Medicare patients. The Medicare Provider Analysis and Review (MEDPAR) file is made up of acute care hospital and skilled nursing facility (SNF) claims data for all Medicare claims. The MEDPAR file is frequently used for research on topics such as charges for particular types of care and MS-DRGs. The limitation of the MEDPAR data for research purposes is that the file contains only Medicare patients.
Identify where the following information would be found in the acute-care record: "Following induction of an adequate general anesthesia, and with the patient supine on the padded table, the left upper extremity was prepped and draped in the standard fashion." a. Anesthesia report b. Physician progress notes c. Operative report d. Recovery room record
The operative report describes the surgical procedures performed on the patient. The operative report should be written or dictated by the surgeon immediately after surgery and become part of the health record.
Within the context of the inpatient prospective payment system, how is the case-mix index calculated? A. The sum of all relative weights divided by the total number of discharges B. The total number of inpatient service days divided by the total number of discharges C. The sum of all MDCs divided by the total number of discharges D. The total number of inpatient beds divided by the total number of discharges
The sum of all relative weights divided by the total number of discharges To determine the case-mix index, take the sum of all relative weights and divide by the total number of discharges. The formula for computing case-mix is: The sum of the weights of MS-DRGs for patients discharged during a given period divided by the total number of patients discharged. A facility's case mix index (CMI) is calculated as the sum of the relative weights of the facility's DRGs divided by the number of admissions for the period of time (often 1 year).
Which of the following administrative safeguards includes policies and procedures for responding to emergencies or failures in systems that contain e-PHI? a. A contingency plan b. Security training c. Workforce security d. Information access management
a. A contingency plan A contingency plan is a standard that requires the establishment and implementation of policies and procedures for responding to emergencies or failures in systems that contain e-PHI. It includes a data backup plan, disaster recovery plan, emergency mode of operation plan, testing and revision procedures, and applications and data criticality analysis to prioritize data and determine what must be maintained or restored first in an emergency.
The use of the health record by a clinician to facilitate quality patient care is considered: a. A primary purpose of the health record b. Patient care support c. A secondary purpose of the health record d. Patient care effectiveness
a. A primary purpose of the health record The primary purposes of the health record are related to providing care to the patient. Patient care includes the direct care provided and the day-to-day business of the organization.
Within the context of electronic health records, protecting data privacy means defending or safeguarding: a. Access to information b. Data availability c. Health record quality d. System implementation
a. Access to information Within the context of data security, protecting data privacy means safeguarding access to information. Only those individuals who need to know information should be authorized to access it.
The act of granting approval to a healthcare organization based on whether the organization has met a set of voluntary standards is called: a. Accreditation b. Licensure c. Acceptance d. Approval
a. Accreditation Accreditation is the act of granting approval to a healthcare organization. The approval is based on whether the organization has met a set of voluntary standards that were developed by the accreditation agency. Voluntary reviews are conducted at the request of the healthcare facility seeking accreditation or certification. The Joint Commission is an example of an accreditation agency.
Which of the following is an example of clinical data? a. Admitting diagnosis b. Date and time of admission c. Insurance information d. Health record number
a. Admitting diagnosis The health record generally contains two types of data: clinical and administrative. Clinical data document the patient's health condition, diagnosis, and procedures performed as well as the healthcare treatment provided. Administrative data include demographic and financial information as well as various consents and authorizations related to the provision of care and the handling of confidential patient information.
A physician is reviewing lab results on a patient in his office. The EHR screen displays one set of results in red with a flashing asterisk and also shows that this result is three times higher than the expected value. This is an example of a(n) _______. a. Alert b. Reminder c. Structured data d. Unstructured data
a. Alert These alerts and reminders are controlled by clinical decision support built into the system, which is able to help prevent medication errors, notification of abnormal test results, and improve the quality of care through its validation mechanisms.
Which of the following is the best definition of system of record (SOR)? a. Authoritative source for data about an entity b. Master entity application c. Exact match logic d. Primary data about an entity
a. Authoritative source for data about an entity Once the organization identifies sources, it lists the most trusted ones. Usually these are the sources with the most volume of master data records associated with a specific entity. In some instances, the master data will have their own unique system of record. A system of record is usually a specialized application system and the authoritative source for data about an entity.
What makes the indexing of scanned health record more efficient because it can enter metadata automatically? a. Barcodes b. Interoperability c. Scanning d. Deficiency management
a. Barcodes The barcode makes indexing more efficient because the barcode can enter metadata automatically. Standards for the use of barcodes must be established to facilitate scanning. These standards should include the size of the barcode, the standardized location of the barcode, and the amount of white space between the barcode and any text.
What type of health records may contain family and caregiver input? a. Behavioral health records b. Ambulatory surgery health records c. Emergency department health records d. Obstetric health record
a. Behavioral health records Behavioral health records are more commonly referred to as mental health records and contain much of the same content as a non-behavioral health record such as discharge summary, H&P, or physician's orders. Behavioral health records contain a treatment plan that often includes family and caregiver input and information as well as assessments geared toward the transition to outpatient, nonacute treatment.
What is the general name for Medicare rules affecting healthcare organizations? a. Conditions of Participation b. Regulations for licensure c. Requirements for service d. Terms of accreditation
a. Conditions of Participation Called the Medicare Conditions of Participation, these rules are set forth by CMS. Facilities that must meet the standards in the Conditions of Participation include hospitals, home health agencies, ambulatory surgical centers, and hospices.
Which of the following is an example of a business associate? a. Contract coder b. Environmental services department c. Hospital security officer d. Employee with access to e-PHI
a. Contract coder Although business associates are not directly regulated by the Privacy Rule, they do come under the Privacy Rule's requirements by virtue of their association with one or more covered entities. Some examples of business associates are contract coder, billing companies, consultants, accounting firms, and the like.
What is the term used to identify a separate database or system within a department that does not integrate into the main organizational system nor can it be accessed by others outside that specific department? a. Data silo b. Information system c. Information technology d. Data architecture
a. Data silo A data silo is a separate database or system within a department that does not integrate into the main organizational system nor can others access it outside of that specific department.
What are the patient data such as name, age, and address called? a. Demographic data b. Secondary data c. Aggregate data d. Identification data
a. Demographic data Information about a patient is collected during the course of receiving healthcare services. This includes demographic data used to identify an individual.
Identify where the following documentation would be found in the acute-care record: "CBC: WBC 12.0, RBC 4.65, HGB 14.8, HCT 43.3, MCV 93." a. Laboratory report b. Pathology report c. Physical examination d. Physician orders
a. Laboratory report The results of all diagnostic and therapeutic procedures become part of the patient's health record. The laboratory report includes tests performed on blood, urine, and other samples from the patient.
A nurse is responsible for which of the following types of acute-care documentation? a. Medication administration record b. Radiology report c. Operative report d. Therapy assessment
a. Medication administration record Nurses maintain chronological records of the patient's vital signs (blood pressure, heart rate, respiration rate, and temperature) and separate logs that show what medications were ordered and when they were administered on the medication administration record (MAR).
An audit log is an example of: a. Metadata b. Encryption c. Admissibility d. Data integrity
a. Metadata Metadata are data about data and include information that track actions such as when and by whom a document was accessed or changed, such as in an audit log.
Amanda uploads her diet and fitness log from her smartwatch to her record. She also adds information about her previous medical history. What type of system is Amanda using? a. PHR b. CCR c. CPOE d. DMS
a. PHR The personal health record (PHR) is an electronic or paper health record maintained and updated by individuals that can be used to collect, track, and share past and current information about their health or the health of someone in their care. PHR information includes a wide range of data including allergies, diagnoses, medications, health status tracking (such as a diet, nutrition, and fitness activities, blood pressure or glucose monitoring), healthcare provider contact information, and social and family history.
How long should the MPI be retained? a. Permanently b. 25 years c. 50 years d. 10 years
a. Permanently The master patient index (MPI) is the permanent record of all patients treated at a healthcare facility. It is used by the HIM department to look up patient demographics, dates of care, the patient's health record number, and other information.
A notation for a diabetic patient in a physician progress note reads: "Occasionally gets hungry. No insulin reactions. She says she is following her diabetic diet." In which part of a problem-oriented health record progress note would this be written? a. Subjective b. Objective c. Assessment d. Plan
a. Subjective Some providers also use a SOAP format for their problem-oriented progress notes. A subjective (S) entry relates significant information in the patient's words or from the patient's point of view.
Why should the copy and paste function not be used in the electronic health record? a. The content may contain outdated information b. Joint Commission standards prevent this practice c. This feature is never found in the electronic health record d. Medicare has a regulation against this practice
a. The content may contain outdated information In the EHR, the user is able to copy and paste free text from one patient or patient encounter to another. This practice is dangerous as inaccurate information can easily be copied and information can be outdated.
An audit trail may be used to detect which of the following? a. Unauthorized access to a system b. Loss of data c. Presence of a virus d. Successful completion of a backup
a. Unauthorized access to a system An audit trail is a software program that tracks every single access or attempted access of data in the computer system. It logs the name of the individual who accessed the data, terminal location or IP address, the date and time accessed, the type of data, and the action taken (for example, modifying, reading, or deleting data).
Which of the following are policies and procedures required by HIPAA that address the management of computer resources and security? a. Access controls b. Administrative safeguards c. Audit safeguards d. Role-based controls
b. Administrative safeguards Administrative safeguards include policies and procedures that address the management of computer resources. For example, one such policy might direct users to log off the computer system when they are not using it or employ automatic logoffs after a period of inactivity.
General documentation guidelines apply to: a. Only electronic health records b. All categories of health records c. All emergency health records d. Only paper-based health records
b. All categories of health records General documentation guidelines apply to all categories of health records.
Jennifer's widowed mother is elderly and often confused. She has asked Jennifer to accompany her to the physician office visits because she often forgets to tell the physician vital information. Under the Privacy Rule, the release of her mother's PHI to Jennifer is: a. Never allowed b. Allowed when the information is directly relevant to Jennifer's involvement in her mother's care or treatment c. Allowed only if Jennifer's mother is declared incompetent by a court of law d. Any family member is always allowed access to PHI
b. Allowed when the information is directly relevant to Jennifer's involvement in her mother's care or treatment The Privacy Rule lists two circumstances where protected health information (PHI) can be used or disclosed without the individual's authorization (although the individual must be informed in advance and given an opportunity to agree or object). One of these circumstances is disclosing PHI to a family member or a close friend that is directly relevant to his or her involvement with the patient's care or payment. Likewise, a covered entity may disclose PHI, including the patient's location, general condition, or death, to notify or assist in the notification of a family member, personal representative, or some other person responsible for the patient's care.
Which of the following provide the objective and scope for the HIPAA Security Rule as a whole? a. Administrative provisions b. General rules c. Physical safeguards d. Technical safeguards
b. General rules The General Rules provide the objective and scope for the HIPAA Security Rule as a whole. They specify that covered entities must develop a security program that includes a range of security safeguards that protect individually identifiable health information maintained or transmitted in electronic form.
When served with a court order directing the release of health records, an individual: a. May ignore it b. Must comply with it c. Must request patient authorization before disclosing the records d. May determine whether or not to comply with it
b. Must comply with it A court order is a document issued by a judge that compels a certain action, such as testimony or the production of documents such as health records. If a document requesting the production of health records is determined to be a court order, it must be complied with regardless of the presence or absence of patient authorization.
Mrs. Bolton is an angry patient who resents her physicians "bossing her around." She refuses to take a portion of the medications the nurses bring to her pursuant to physician orders and is verbally abusive to the patient care assistants. Of the following options, the most appropriate way to document Mrs. Bolton's behavior in the patient medical record is: a. Mean b. Noncompliant and hostile toward staff c. Belligerent and out of line d. A pain in the neck
b. Noncompliant and hostile toward staff When entries are made in the health record regarding a patient who is particularly hostile or irritable, general documentation principles apply, such as charting objective facts and avoiding the use of personal opinions, particularly those that are critical of the patient. The degree to which these general principles apply is heightened because a disagreeable patient may cause a provider to use more expressive and inappropriate language. Further, a hostile patient may be more likely to file legal action in the future if the hostility is a personal attribute and not simply a manifestation of his or her medical condition.
Jeremy Lykins was required to undergo a physical exam prior to becoming employed by San Fernando Hospital. Jeremy's medical information is: a. Protected by the Privacy Rule because it is individually identifiable b. Not protected by the Privacy Rule because it is part of a personnel record c. Protected by the Privacy Rule because it contains his physical exam results d. Protected by the Privacy Rule because it is in the custody of a covered entity
b. Not protected by the Privacy Rule because it is part of a personnel record Although a person or organization may, by definition, be subject to the Privacy Rule by virtue of the type of organization it is, not all information that it holds or comes into contact with is protected by the Privacy Rule. For example, the Privacy Rule has specifically excluded from its scope employment records held by the covered entity in its role as employer (45 CFR 160.103). Under this exclusion, employee physical examination reports contained within personnel files are specifically exempted from this rule.
Who owns the health record? a. Patient b. Provider who generated the information c. Insurance company who paid for the care recorded in the record d. No one
b. Provider who generated the information Ownership of the health record has traditionally been granted to the provider who generates the record.
At the time a hospital implemented an electronic health record, the Health Record Committee determined that all records of patients who have not been treated at the facility in the past two years would be moved to an inactive file area. These patient records are considered ________ from the active filing area. a. Inactivated b. Purged c. Cleared d. Reactivated
b. Purged Files of patients who have not been at the facility for a specified period, such as two years, may be purged or removed from the active filing area. The time period and frequency of purging depends on the space available, patient readmission rate, and the need for access to the health record.
Which of the following technologies would reduce the risk that information is not accessible during a server crash? a. RAID b. Server redundancy c. Storage area network d. Tape or disk backup
b. Server redundancy As EHRs are being implemented without paper backup, contingency planning and disaster recovery is becoming increasingly important. Not only must a healthcare organization be able to replace data if a server or storage device is destroyed in some manner, but organizations need to be able to instantaneously failover to another server during a server crash. Back up of stored data has been routinely performed by most healthcare organizations. To reduce the risk of downtime, healthcare organizations now must also have server redundancy with server failover.
The director of health information services is allowed access to the health record tracking system when providing the proper log-in and password. What is this access security mechanism called? a. Context based b. User-based c. Situation based d. Role based
b. User-based User-based access is a security mechanism that grants users of a system access based on their identity.
Which of the following is an individual user of the health record? a. Public health department b. State data bank c. Coding and billing staff d. Third-party payer
c. Coding and billing staff Individual users are those who depend on the health record in order to complete their job. Documentation in the health record is the basis for reimbursement or payment for the care provided. The coding and billing staff use patient specific information in their day-to-day work.
OASIS-C data are used to assess the ________ of home health services. a. Core measure b. Financial performance c. Outcome d. Utilization
c. Outcome The Outcomes and Assessment Information Set (OASIS-C) consists of data elements that represent core items for the comprehensive assessment of an adult home care patient and form the basis for measuring patient outcomes for the purpose of outcome-based quality improvement
A secure method of communication between the healthcare provider and the patient is a(n): a. Personal health record b. E-mail c. Patient portal d. Online health information
c. Patient portal A secure patient portal allows for the communication between the provider and the patient and is not just a site for patients to access information. This is part of the effort to engage patients in their care.
In data matching which of the following best describes an overlap? a. When one entity in a database has multiple unique identifiers b. When one entity is assigned another entity's unique identifier c. When one entity has different unique identifiers in different databases d. When one database overlaps with another database
c. When one entity has different unique identifiers in different databases An overlap is when one entity has different unique identifiers in different databases.
Which of the following is not a characteristic of high-quality healthcare data? a. Data relevancy b. Data currency c. Data consistency d. Data accountability
d. Data accountability The data quality model applies the following quality characteristics: data accuracy, data accessibility, data comprehensiveness, data consistency, data currency, data definition, data granularity, data precision, data relevancy, and data timeliness.
The data set designed to organize data about public health issues to inform purchasers and consumers about the performance of healthcare plans is: a. UHDDS b. DEEDS c. MDS d. HEDIS
d. HEDIS The Healthcare Effectiveness Data and Information Set (HEDIS) is sponsored by the National Committee for Quality Assurance (NCQA). HEDIS is a set of standard performance measures designed to provide healthcare purchasers and consumers with the information they need to compare the performance of healthcare plans
A special web page that offers secure access to data is a(n): a. Internet b. Home page c. Intranet d. Portal
d. Portal A portal is a special application to provide secure remote access to specific applications.
The process of releasing health record documentation originally created by a different provider is called: a. Privileged communication b. Subpoena c. Jurisdiction d. Redisclosure
d. Redisclosure The process of releasing health record documentation originally created by a different provider is called redisclosure. Federal and state regulations provide specific redisclosure guidelines; however, when in doubt, follow the same principles as the release and disclosure guidelines for other types of health record information.
Which accrediting organization has instituted continuous improvement and sentinel event monitoring and uses tracer methodology during survey visits? a. Accreditation Association for Ambulatory Healthcare b. Commission on Accreditation of Rehabilitation Facilities c. American Osteopathic Association d. The Joint Commission
d. The Joint Commission The Joint Commission requires healthcare organizations to conduct in-depth investigations of occurrences that resulted—or could have resulted—in life-threatening injuries to patients, medical staff, visitors, and employees. The Joint Commission uses the term sentinel event for such occurrences.
Susan is completing her required high school community service hours by serving as a volunteer at the local hospital. Relative to the hospital, she is a(n): a. Business associate b. Covered entity c. Employee d. Workforce member
d. Workforce member Covered entities (CEs) are responsible for their workforce, which consists not only of employees but also volunteers, student interns, and trainees. Workforce members are not limited to those who receive wages from the CE.
One of the questions on the patient satisfaction survey that is sent to the patient after discharge asks for the number of times the nurses checked the patient's vital sign in a day. This is an example of which type of data? A. Nominal B. Interval C. Qualitative D. Quantitative
Quantitative Healthcare data are divided into two broad categories of quantitative and qualitative data. Quantitative data are numeric while qualitative data describe observations. Quantitative data can be numerically counted. They deal with measurements.
Community Hospital is using a system that will help them detect when intracranial pressure becomes high in patients with a recent CVA that will quickly send an alert to the physician. This is an example of___________. A. Descriptive analytics B. Predictive analytics C. Prescriptive analytics D. Real-time analysis
Real-time analysis Unlike retrospective analytical tools, such as predictive modeling, real-time analytics refers to data that can be accessed as they come into a computer system. Real-time analytics, also referred to as streaming analytics, implies instantaneous results; however, the data may not be immediately available, but rather available within a few minutes. The most valuable data in this category are those that are collected and analyzed during the customer interaction, not the review afterward.
A report that lists the ICD-10-CM codes associated with each physician in a healthcare facility can be used to assess the quality of the physician's services before he or she is: A. Scheduled for a coding audit B. Subjected to corrective action C. recommended for staff reappointment D. Involved in an in-house training program
Recommended for staff reappointment The medical staff department is particularly interested in the ICD-10-CM codes associated with each physician. Because diagnostic codes can identify untoward events that occur during hospitalization, the quality of a physician's services can identified through reports called physician reappointment summaries. These summaries outline the number of cases by diagnosis and procedure type, LOS, and infection and mortality statistics. At reappointment to a facility's medical staff, code-based reports are required. The medical staff department accumulates these reports and works with the elected or appointed medical staff leadership to ensure that a thorough analysis of each physician's activities takes place before he or she is reappointed to the staff.
The HIM data analytics professional is reviewing a chart on nosocomial infections presented by the hospitals infection control committee. The committee is reporting that the decrease in infection rate has accelerated during the past 10 years. What comments should the data analytics professional make? ***Graph is needed to answer Q 4.*** A. Concur with the conclusion of the committee B. State that the greatest decrease in infection rate in a year took place in 2005 C. State that the greatest decrease in infection rate occurred in 1960 and 1970 D. Request a new data chart be presented that accurately reflects the trend of infection rate
Request a new data chart be presented that accurately reflects the trend of infection rate Both x and y axes are in unequal measures, so data are not accurately represented. Line graphs are used to display time trends as opposed to a histogram or bar chart.
A celebrity injured while on vacation was admitted to the local community hospital for treatment of a fracture. On day two of the admission, the hospital was contacted by several media agencies stating that they were aware the patient was at the facility and requesting information about the current medical condition of this high profile celebrity patient. The CEO is concerned that an employee has shared information to the media regarding the patient. The facility privacy officer was tasked with determining if a facility employee leaked this information to the press. How would the privacy officer begin with analysis? A. Create a new policy about high-profile patient privacy B. Start by discussing the situation with the media to resovle their inquiries C. Make contact with employees in the facility D. Review audit trail information to determine which employees have accessed this patient's information
Review audit trail information to determine which employees have accessed this patient's information The HIPAA Security Rule requires that access to electronic PHI in information systems is monitored. Included in the same standard is the requirement that covered entities examine the activity using access audit logs. Often they record time stamps that record access and use of the data elements and documents; what was viewed, created, updated, or deleted; the user's identification; the owner of the record; and the physical location on the network where the access occurred. Reviewing the audit trail information would be the first step to identify all employees who have accessed this patient's information.
Which of the following is used to plot the points for two variables that may be related to each other in some way? A. Force-field analysis B. Pareto chart C. Root cause analysis D. Scatter diagram
Scatter diagram Scatter diagrams are used to plot the points for two continuous variables that may be related to each other in some way. For example, one might want to look at whether age and blood pressure are related. One variable, age, would be plotted on the vertical axis of the graph, and the other variable, blood pressure, would be plotted on the horizontal axis.
Given the following information, in which city is the GPCI the highest for practice expense? ***Graph is needed to answer Q 32.*** A. St. Louis B. Dallas C. Seattle D. Philadelphia
Seattle Geographic practice cost index (GPCI) is the number used to multiply each RVU so that it better reflects a geographical area's relative costs. The practice expense GPCI is higher in Seattle at 1.098.
Data found on sites such as Hospital Compare use aggregated data to describe the experiences of unique types of patients with one or more aspects of their care. This data collection is called? A. Patient-specific B. Aggregated C. Comparative D. Detailed
Comparative Comparative data uses aggregate data to describe the experiences of unique types of patients with one or more aspects of their care.
A statewide data base is used by your performance improvement department each month to compare other facilities' readmission rates to your facility's rates. This is an example of __________. A. Internal data B. External data C. Ration data D. Nominal data
External data External data sources refers to data collected outside an organization. For example, a census, reports from the Centers for Medicare and Medicaid Services (CMS) or the Centers for Disease Control (CDC), economic databases, journals, even social media have links to outside data.
Which autopsy rate compares the number of autopsies performed on hospital inpatients to the total number of inpatient deaths for the same period of time? A. Net B. Gross C. Hospital D. Average
Gross A gross autopsy rate is the proportion or percentage of deaths that are followed by the performance of autopsy.
Which unit of measure is used to indicate the services received by one inpatient in a 24 hour period? A. Inpatient service day B. Volume of services C. Average occupancy charges D. Length of services provided
Inpatient service day A unit of measure that reflects the services received by one inpatient during a 24-hour period is an inpatient service day (IPSD). The number of inpatient service days for a 24-hour period is equal to the daily inpatient census, that is, one service day for each patient treated.
Given the following information, which of the following has the lowest work RVU? ***Graph is needed to answer Q 83.***. A. Office visit B. I&D of pilonidal cyst, simple C. Colonoscopy with biopsy D. TURP, complete
I&D of pilonidal cyst, simple When analyzing this table one is able to determine that 1.22 is the lowest relative value unit.
Case finding is a method used to: A. Identifying patients who have been seen or treated in a facility for a particular disease or condition for inclusion in a registry B. Define which cases are to be included in a registry C. Identify trends and changes in the incidence of disease D. Identify facility-based trends
Identify patients who have been seen or treated in a facility for a particular disease or condition for inclusion in a registry Case finding is a method used to identify the patients who have been seen or treated in the facility for the particular disease or condition of interest to the registry. After cases have been identified, extensive information is abstracted from the patients' paper-based health records into the registry database or extracted from other databases and automatically entered into the registry database.
What is (are) the format problem(s) with the following table? ***Graph is needed to answer Q 16.*** A. The title is missing B. Variable names are missing. C. There are blank cells. D. Row totals are inaccurate
There are blank cells A table should contain all the information the user needs to understand the data in it. A table should not have blank cells. When no information is available for a particular cell, the cell should contain a zero.
In the relational database shown here, the patient table and the visit table are related by: ***Graph is needed to answer Q 61.*** A. Visit number B. Date of visit C. Patient number D. Practitioner number
Patient number Relations are established in a relational database by the primary key of one table becoming a foreign key in another table. In this case, the patient number is the primary key in the patient table and used as the foreign key in the visit table.
Which of the following is the unique identifier in the relational database patient table? ***Graph is needed to answer Q 34*** A. Patient last name B. Patient last and first name C. Patient date of birth D. Patient number
Patient number The unique identifier in the patient table is the patient number. It is unique to each patient. Patient last name, first name, and date of birth can be shared with other patients, but the identifier will not be shared.
The statement, "the unique patient identifier must be numeric," is an example of which of the following business rule categories? a. Constraint b. Definition c. Derivation d. Relational
a. Constraint A constraint is a condition that determines what values an attribute or relationship can or must have which is one of the business rule categories.
Which of the following best describes data accessibility? a. Data are correct. b. Data are easy to obtain. c. Data include all required elements. d. Data are reliable.
b. Data are easy to obtain. Data accessibility means that the data are obtainable. Any organization that maintains health records for individual patients must have systems in place that identify each patient and support efficient access to information on each patient. Authorized users of the health record must be able to access information easily when and where they need it.
Which of the following security controls are built into a computer software program? a. Physical safeguards b. Administration safeguards c. Application safeguards d. Media safeguards
c. Application safeguards One security strategy is to implement application safeguards. These are controls contained in the application software or computer programs. One common application control is password management. It involves keeping a record of end users' identifications and passwords and then matching the passwords to each end user's privileges.
The HIM supervisor suspects that a departmental employee is accessing the EHR for personal reasons, but has no specific data to support this suspicion. In this case, what should the supervisor do? a. Confront the employee. b. Send out a memorandum to all department employees reminding them of the hospital policy on Internet use. c. Ask the security officer for audit trail data to confirm or disprove the suspicion. d. Transfer the employee to another job that does not require computer usage.
c. Ask the security officer for audit trail data to confirm or disprove the suspicion. The HIM supervisor should determine if a breach has occurred before action is taken. This can be done using an audit trail, which is a software program that tracks access to data in the EHR. It logs the name of the individual who accessed the data, the date and time, and the action taken (for example, modifying, reading, or deleting data).
Which of the following is an example of data security? a. Contingency planning b. Fire protection c. Automatic logoff after inactivity d. Card key for access to data center
c. Automatic logoff after inactivity Data security includes insuring that workstations are protected from unauthorized access. If a workstation is inactive for a period of time specified by the organization, it should log itself off automatically. The automatic log off helps prevent unauthorized users from accessing e-PHI when an authorized user walks away from the computer without logging out of the system.
What term describes the processing of scanning past health records into the information system so there is an existing database of patient information, making the information system valuable to the user from the first day of implementation? a. CPOE b. Analysis c. Backscanning d. Barcoding
c. Backscanning Backscanning is the process of scanning past health records into the document management system (DMS) so there is an existing database of patient information, making the DMS valuable to the user from the first day of implementation.
Which specialized type of progress note provides healthcare professionals impressions of patient problems with detailed treatment action steps? a. Flow record b. Vital signs record c. Care plan d. Surgical note
c. Care plan A care plan is a summary of the patient's problems from the nurse or other professional's perspective with a detailed plan for interventions that may follow the assessment.
A record that fails quantitative analysis is missing the quality criterion of: a. Legibility b. Reliability c. Completeness d. Clarity
c. Completeness Quantitative analysis is used by health information management professionals as a method to detect whether elements of the patient's health record are missing, or not complete.
Which of the following data quality characteristics means all data items are included within the information collected? a. Accuracy b. Consistency c. Comprehensiveness d. Relevancy
c. Comprehensiveness Data comprehensiveness means that all the required data elements are included in the health record. In essence, comprehensiveness means that the record is complete. In both paper-based and computer-based systems, having a complete health record is critical to the organization's ability to provide excellent patient care and to meet all regulatory, legal, and reimbursement requirements.
Which of the following is not an element that makes information "PHI" under the HIPAA Privacy Rule? a. Identifies an individual b. In the custody of or transmitted by a CE or its BA c. Contained within a personnel file d. Relates to one's health condition
c. Contained within a personnel file To meet the individually identifiable element of PHI, the information must meet all three portions of a three-part test: it must either identify the person or provide a reasonable basis to believe the person could be identified from the information given; it must relate to one's past, present, or future physical or mental health condition, the provision of healthcare, or payment for the provision of healthcare; and it must be held or transmitted by a covered entity or its business associate.
Dr. Jones entered a progress note in a patient's health record 24 hours after he visited the patient. Which quality element is missing from the progress note? a. Data completeness b. Data relevancy c. Data currency d. Data precision
c. Data currency Data currency and data timeliness mean that healthcare data should be up-to-date and recorded at or near the time of the event or observation. Because care and treatment rely on accurate and current data, an essential characteristic of data quality is the timeliness of the documentation or data entry.
The HIM department at Community Hospital has three full time coders. One is considered the lead coder and his salary is $20.35 per hour. One coder is a new graduate who makes $15.50 per hour and the third coder is an experienced employee who earns $18.90 per hour. The lead coder codes four records per hour; the new coder codes three records per hour and their experienced coder codes six records per hour. Using a 7.5 hour productive day, what is the unit cost for the lead coder? A. $3.36 per record B. $4.49 per record C. $5.43 per record D. $5.51 per record
$5.43 per record The lead coder's annual salary is $20.35 x 2,080 (hours per year) = 42,328. The lead Coder's productivity is 7.5 hours per day x 4 records per hour = 30 records per day. 30 records per day x 5 days a week x 52 weeks per year = 7,800 records per year. Yearly salary of $42,328 / 7,800 records per year = $2.556 = $5.43 per record.
In the community clinic Dr. Simpson, an interventional cardiologist, saw 270 patients last quarter. Of those, he performed stent procedures on 182 patients and angioplasty procedures on 88 patients. What is the proportion of Dr. Simpson's patients who have had stent procedures? A. 0.67 B. 0.45 C. 0.33 D. Unable to determine
0.67 A proportion is a type of ratio in which x is a portion of the whole (x+y). In a proportion, the numerator is always included in the denominator. 182 / 270 = 0.67.
The Information Services Department has requested information about the electronic signature system being used in your facility. they would like to know the locations where physicians are accessing the system. Review the information in the table below. What is the percentage of physicians not using the electronic signature system? ***Graph is needed to answer Q 81.*** A. 2.2% B. 2.45% C. 18.81% D. 99.99%
2.2% The ratio of a part to the whole is often expressed as a percentage. Percentages are a useful way to make fair comparisons. The percentage of physicians not using the system is 2.2%. (11 physicians not using the system x 100) / 500 = 1,100 / 500 = 2.2%.
Mr. Jones was admitted to the hospital on March 21 and discharged on April 1. What was the length of stay for Mr. Jones? A. 5 days B. 10 days C. 11 days D. 15 days
11 days Length of stay (LOS) is calculated for each patient after he or she is discharged from the hospital. It is the number of calendar days from the day of patient admission to the day of discharge (31-21)+1=11 days.
What is the mean for the following frequency distribution: 10, 15, 20, 25, 25? A. 47.5 B. 20 C. 19 D. 95
19 The mean is the arithmetic average of frequency distribution. Put simply, it is the sum of all the values in a frequency distribution divided by the frequency: (10 + 15 + 20 + 25 + 25) / 5 = 19.
Analyze the following report of physician deficiency rates and determine which physician has the lowest deficiency rate for H&Ps completed within 24 hours of admission. ***Graph is needed to answer Q 68.*** A. 102 B. 237 C. 391 D. 637
637 A table is an orderly arrangement of values that groups data into rows and columns. Almost any type of quantitative information can be grouped into tables. Columns allow you to read data up and down, and rows allow you to read data across. The columns and rows should be labeled. IN this, table the physician with the lowest rate of deficiency is number 637.
Using the information in the table below, calculate the C-section rate at University Hospital for the semiannual period. ***Graph is needed to answer Q 49.*** A. 15.03% B. 19.24% C. 20.04% D. 25.06%
20.04% C-section rate: (101 x 100) / 504 = 10,100/504 = 20.039=20.04%.
The coding department at Community Physician's Clinic developed the following report for the denials committee at the clinic. The billing report shows the following information. How many hours will it take to reconcile these denials if each denial takes 1.5 hours to review and resubmit the bill? ***Graph is needed to answer Q 78.*** A. 11.46 hours B. 264 hours C. 3450 hours D. Unable to determine
264 hours A table is an orderly arrangement of values that groups data into rows and columns. Almost any type of quantitative information can be grouped into tables. Columns allow you to read data up and down, and rows allow you to read data across. The columns and rows should be labeled. In order to determine the amount of time it will take to reconcile all of the denials the number of denials is multiplied by the amount of time it takes to complete each denial (1.5 hours). 1.5 hours x 176 denials = 264 hours.
The HIM professional reported to the quality improvement committee at Community Hospital that there were 58 patients with influenza discharged from the hospital in January. Of those, 3 died. What is the case fatality rate for influenza for January? A. 1.60% B. 5.17% C. 0.10% D. 94.8%
5.17% The case fatality rate is the total number of deaths due to a specific illness during a given time period divided by the total number of cases during the same period. (3 x 100) / 58 = 300 / 58 = 5.17%.
Using the information in the table below, calculate the vaginal delivery rate at University Hospital for the semiannual period. ***Graph is needed to answer Q 76.*** A. 20.04% B. 59.97% C. 84.13% D. 79.96%
79.96% Vaginal delivery rate: (403 x 100) / 504 = 40,300 / 504 = 79.96%.
Community Hospital discharged nine patients on April 1. The length of stay for each of the patients was as follows: for patient A, 1 day; for patient B, 5 days; for patient C, 3 days; for patient D, 3 days; for patient E, 8 days; for patient F, 8 days; for patient G, 8 days; for patient H, 9 days; patient I, 9 days. What was the median length of stay? A. 5 days B. 6 days C. 8 days D. 9 days
8 days The median is the midpoint of a frequency distribution. It is the point at which 50 percent of observations fall above and 50 percent fall below. Eight is the mid-point of the distribution where 50 percent of the observations fall above and below eight.
The Medical Staff Executive Committee has requested a report that identifies all medical staff members who have been suspended in the last six months due to delinquent health records. This is an example of what type of report? A. Ad hoc or demand B. Annual report C. Exception D. Periodic scheduled
Ad hoc or demand As opposed to periodic and exception reports, demand reports, also known as ad hoc reports, are produced as needed, whenever a manager demands or asks for it. Usually, demand reports are produced through report generators or database query languages and are customized by the manager.
Information that has been taken from the health records of injured patients and entered into the trauma registry database has been: A. Aggregated B. Mapped C. Abstracted D. Queried
Abstracted After trauma cases have been identified, information is abstracted from the health records of the injured patients and entered into the trauma registry database.
After the types of cases to be included in a trauma registry have been determined, what is the next step in data acquisition? A. Registering B. Defining C. Abstracting D. Reporting
Abstracting After the cases have been identified, information is abstracted from the health records of the injured patients and entered into the trauma registry database. The data elements collected in the abstracting process vary from registry to registry but usually include: demographic information on the patient; information on the injury; care the patient received before hospitalizations (such as care at another transferring hospital or care from an emergency medical technician who provided care at the scene of the accident or in transport from the accident site to the hospital); status of the patient at the time of admission; patient's course in the hospital; and diagnosis and procedure codes. 1. Case Definition/Case Finding: Case definition for the trauma registry varies but frequently involves inclusion of cases with diagnosis from the trauma diagnosis codes from the ICD. Case finding, to find cases with trauma diagnosis, the trauma registrar can access the disease indexes looking for cases with codes from this section of ICD. 2. Abstracting/Data Collection: After the cases have been identified, information is abstracted from the health records of the injured patients and entered into the trauma registry database. abstracting can be either the process of extracting information from a document to create a brief summary of a patient's illness, treatment, and outcome, or extracting elements of data from a source document or database. 3. Reporting and Follow-up: An annual report is often develop to show the activity of the trauma registry. Other reports may be generated as part of the performance improvement process, such as self extubation and delays in abdominal surgery or patient complications. Follow-up may or may not happen in trauma registries. When follow-up is done, emphasis is frequently on the patient's quality of life after a period of time.
What term is used for the number of inpatients present at any one time in a healthcare facility? A. Average daily census B. Census C. Inpatient service day D. Length of stay
Census Even though much of the data collection process has been automated, an ongoing responsibility of the HIM professional is to verify the census data that are collected daily. The census reports patient activity for a 24-hour reporting period. Included in the census report are the number of inpatients admitted and discharged for the previous 24-hour period and the number of intrahospital transfers. An intrahospital is a patient who is moved from one patient care unit (for example, the intensive care unit) to another (for example, the surgical unit). The usual 24-hour reporting period begins at 12:01 a.m. and ends at 12:00 am (midnight). In the census count, adults and children are reported separately from newborns.
Community Hospital performed a cost-savings analysis between its current paper-based, on-site coding processes and an e-WebCoding telecommuting model. Given the graph here, what does the cost analysis show? ***Graph is needed to answer Q 43.*** A. The current system saves more than the e-WebCoding system would. B. The current system reduces DNFB significantly. C. Cost comparison reflects a net reduction in overall expenses on a monthly basis for the e-WebCoding system. D. There is not enough information to make a determination.
Cost comparison reflects a net reduction in overall expenses on a monthly basis for the e-Webcoding system. The data on the graph show there is a net reduction in overall expenses on a monthly basis for the e-WebCoding system. Learning to use data analysis tools and data aggregation techniques is important for improvement decisions. Making decisions based on actual experience and aggregate data is much better than making decisions based on intuition or gut feelings.
What is the official count of inpatients taken at midnight called? A. Average daily census B. Census C. Daily inpatient census D. Inpatient service days
Daily inpatient census The result of the official count taken at midnight is the daily inpatient census.
Which term is used to describe the number of inpatients present at the census-taking time each day plus the number of inpatients who were both admitted and discharged after the census-taking time the previous day? A. Inpatient bed occupancy rate B. Bed count C. Average daily census D. Daily inpatient census
Daily inpatient census The result of the official count taken at midnight is the daily inpatient census. This is the number of inpatients present at the official census-taking time each day. Also included in the daily inpatient census are any patients who were admitted and discharged the same day.
One of the pediatricians at Community Physician's Clinic worked with a software vendor to get a display of the patients she currently has in the hospital on her smart phone that lets her know current information such as lab results, vital signs, medications given. This is called a ________. A. Big data B. Descriptive analytics screen C. Dashboard D. Descriptive tablet
Dashboard A dashboard is a visual display of the most important information that a physician would need to see about his patients. These can usually be customized by facility or an individual.
Which of the following is a technique for graphically depicting the structure of a computer database? A. Data model B. Data flow diagram C. Foreign key D. Primary key
Data model Data models provide a contextual framework and graphical representation that aid in the definition of data elements.
Your administrator has asked you to generate a report that gives the number of hypertension patients last year. This is an example of_______________. A. Descriptive analytics B. Predictive analytics C. Prescriptive analytics D. Real-time analysis
Descriptive analytics Data analytics is the science of examining raw data with the purpose of drawing conclusions about that information. Analytics can be descriptive, predictive, or prescriptive. Descriptive analytics is just the summarization of data. DESCRIPTIVE ANALYTICS answers the question "what happened."PREDICTIVE ANALYTICS answers "what will happen." DIAGNOSTIC ANALYTICS answers the question "why did it happen." PRESCRIPTIVE ANALYTICS answers "how can we make it happen."
Community Hospital has compared its admission-type patient-profile data for two consecutive years. From a performance improvement standpoint, which admission types should the hospital examine for possible changes in capacity handling? ***Graph is needed to answer Q 39*** A. Elective B. Emergency C. Newborn D. Urgent
Emergency A pie chart is used to show the relationship of each part to the whole, in other words, how each part contributes to the total product or process. The 360 degrees of the circle, or pie, represent the total, or 100 percent. The pie is divided into "slices" proportionate to each component's percentage of the whole. Review of the pie chart shows that the emergency department has had significant patient growth over the five-year period. By using this patient profile data for performance improvement, the hospital should examine capacity changes for this department.
At Community Hospital, each full-time employee is required to work 2,080 hours annually. The table shows the amount of time that four employees were absent from work over the past year. Which employee had the highest absentee rate? ***Graph is needed for question 11.*** A. Employee A B. Employee B C. Employee C D. Employee D
Employee D A rate is a ratio in which there is a distinct relationship between the numerator and the denominator and the denominator often implies a large base population. Coder D had the highest absentee rate. In this situation the vacation hours used is added to the sick leave hours used and multiplied by 100 divided by 2,080 hours (for a full time employee). The absentee rate for each employee is calculated as follows: Coder A: [(40+6)x100]/2,080=4,600/2080=2.21%; Coder B: [(22+16)x100]/2,080=3,800/2,080=1.83%; Coder C [(36+8) x100]/2,080=4,400/2,080=2.115=2.12%; Coder D: [(80+32)x100]/2,080=11,200/2,080=5.38%.
Which rate is used to compare the number of inpatient deaths to the total number of inpatient deaths and discharges? A. Net hospital death rate B. Fetal/newborn/maternal hospital death rate C. Gross hospital death rate D. Adjusted hospital death rate
Gross hospital death rate The gross hospital death rate is the proportion of all hospital discharges that ended in death. It is the basic indicator of mortality in a healthcare facility. The gross death rate is calculated by dividing the total number of death occurring in a given time period by the total number of discharges, including deaths, for the same time period.
Which term is used to describe the number of calendar days that a patient is hospitalized? A. Average length of stay B. Length of stay C. Occupancy rate D. Level of service
Length of stay Length of stay (LOS) is calculated for each patient after he or she is discharged from the hospital. It is the number of calendar days from the day of patient admission to the day of discharge. When the patient is admitted and discharged in the same month, the LOS is determined by subtracting the date of admission from the date of discharge.
Which of the following reportable diseases usually requires telephone reporting as opposed to other methods of reporting? A. Chicken pox B. Influenza C. Measles D. Pertussis
Measles All states have a health department with a division that is required to track and record communicable diseases. When a patient is diagnosed with one of the diseases from the health department's communicable disease list, the healthcare organization must notify the public health department. Measles usually requires immediate notification to the public health department. The other three need to be reported, but not necessarily immediately.
Which of the following types of data does not have a natural order? A. Nominal B. Ordinal C. Ratio D. Interval
Nominal Qualitative data are divided into the nominal scale and ordinal scale. Nominal data observations are organized into categories in which there is no recognition of order, and ordinal data are types of data where the values are in ordered categories and the order of the numbers is meaningful, but no the numbers themselves.
The business office at community hospital is looking at software that can help them with decreasing their fraud and abuse cases. The software claims to be able to flag those patients that would most likely be involved in fraud by examining many data bases at the same time and finding those patients with demographic discrepancies. This is an example of______________. A. Descriptive analytics B. Predictive analytics C. Inferential statistics D. Descriptive statistics
Predictive analytics Predictive analytics is a branch of data mining concerned with the prediction of future probabilities and trends, also called forecasting. PREDICTIVE ANALYTICS answers "what will happen." DESCRIPTIVE ANALYTICS answers the question "what happened." DIAGNOSTIC ANALYTICS answers the question "why did it happen." PRESCRIPTIVE ANALYTICS answers "how can we make it happen."
A managed care organization is using a system that examines the past healthcare behaviors of their patients to determine their future costs for their healthcare. This is an example of_____________. A. Descriptive analytics B. Predictive modeling C. Prescriptive analytics D. Real-time analysis
Predictive modeling Predictive modeling is a process used in predictive analysis to identify patterns that can be used to determine the odds of a particular outcome based on the observed data. That is, statistics from the past are reviewed to determine what is likely to happen in the future. Predictive modeling is used by many companies that want to predict future trends.
This type of analytics allows users to prescribe a number of different possible actions: A. Descriptive analytics B. Predictive analytics C. Prescriptive anaytics D. Real-time analytics
Prescriptive analytics Prescriptive analytics is a relatively new field of analytics that allows users to prescribe a number of different possible actions. This type of analytics predicts what will happen, but also provides recommendations that will take advantage of the predictions.
Suppose that 6 males and 14 females are in a class of 20 students with the data reported as 3/1. What term could be used to describe the comparison? A. Average B. Percentage C. Proportion D. Rate
Proportion A proportion is a particular type of ratio in which x is portion of the whole (x + y).
Hospital A discharges 10,000 patients per year. Hospital B is located in the same town and discharges 5,000 patients per year. At Hospital B's medical staff committee meeting, a physician reports that he is concerned about the quality of care at Hospital B because the hospital has double the number of deaths per year than hospital A. The HIM director is attending the meeting in a staff position. Which of the following actions should the director take? A. Make no comment since this is a medical staff meeting. B. Agree with the physician that the data suggest a quality issue. C. Suggest that the data be adjusted for possible differences in type and volume of patients treated. D. Suggest that an audit be done immediately to determine the cause of deaths within the hospital.
Suggest that the data be adjusted for possible differences in type and volume of patients treated. When doing external benchmarking, the other organizations need not be in the same region of the country, but they should be comparable in terms of patient mix and size. The data from the two hospitals are not comparable because Hospital A discharges more patients than Hospital B. In addition, data on the comparability of severity of illness between the two hospitals is lacking and an informed decision cannot be made.
A secondary data source includes______________. A. Vital statistics B. The medical record C. The physician's index D. A videotape of a counseling session
The physician's index Secondary data sources are data derived from primary sources and may be collected by someone other than the primary user. Secondary data sources are facility specific. The physician index is an example of a secondary data source.
Recently, a state senator was admitted to your facility for a serious medical condition. The facility privacy officer has been tasked with reviewing access logs daily to determine which of the following? A. Whether or not the patient is fit to continue public service. B. What information should be shared with the media. C. that the patient has received adequate care. D. Whether all access by hospital employees was appropriate
Whether all access by hospital employees was appropriate In order to maintain patient privacy certain audits may need to be completed daily. If a high profile patient is currently in a facility, for example, access logs may need to be checked daily to determine whether all access to this patient's information by workforce is appropriate.
The HIM manager at Community Hospital is responsible for reviewing audit trails detailing potential access issues within the EHR. Which one of the following would be a type of activity that the manager would want to review? A. Every access to every data element or document type that occurred within the facility B. Whether the person viewed, created, updated, or deleted information belonging to a patient with the same last name. C. Physical location of the redundant servers used for back up. D. Whether all patients setup accounts in the patient portal
Whether the person viewed, created, updated, or deleted information belonging to a patient with the same last name The HIPAA Security Rule requires that access to electronic PHI in information systems is monitored. Included in the same standard is the requirement that covered entities examine the activity using access audit logs. Often they record time stamps that record access and use of the data elements and documents; what was viewed, created, updated, or deleted; the user's identification; the owner of the record; and the physical location on the network where the access occurred. Reviewing the audit trail information would be the first step to identify all employees who have accessed this patient's information.
The facility privacy officer is visited at the hospital by a recent patient that is concerned that her nosy neighbor, who happens to be a hospital employee, accessed her electronic health record inappropriately in order to tell other neighbors about the patient's health conditions. In order to determine this occurred, the privacy officer requests and audit log of activity within the patient's health record. What part of the audit log would the privacy officer need to first analyze to determine if this patient complaint is valid? A. The physician documentation from her recent stay regarding the patient's health conditions B. Whether the patient had requested any amendments to her record. C. If the record has any deficiencies that would cause the record to be deliquent D. Which employees viewed, created, updated, or deleted information
Which employees viewed, created, updated, or deleted information It is a requirement of the HIPAA Security Rule to implement ways that document access to information systems that contain electronic PHI. One of the ways to do this is to review the individuals that have viewed, created, updated, or deleted information within a health record. In this instance the Privacy Officer should review this information to determine if the patient complaint is valid.
The coding department at Community Physician's Clinic developed the following report for the denials committee at the clinic. The billing report shows the following information. Using the information below, identify which payment source has the highest denial rate. ***Graph is needed to answer Q 75.*** A. Medicare B. Commercial payers C. Worker's Compensation D. Tricare/Military
Workers Compensation A table is an orderly arrangement of values that groups data into rows and columns. Almost any type of quantitative information can be grouped into tables. Columns allow you to read data up and down, and rows allow you to read data across. The columns and rows should be labeled. In this table, the payment source with the highest denial rate is Worker's Compensation.
Which of the following is not an identifier under the Privacy Rule? a. Age 75 b. Vehicle license plate BZ LITYR c. Street address 265 Cherry Valley Road d. Visa account 2773 985 0468
a. Age 75 One of the most fundamental terms in the Privacy Rule is protected health information (PHI), defined by the rule as "individually identifiable health information that is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium" (45 CFR 160.103). To meet the individually identifiable element of PHI, information must meet all three portions of a three-part test. It must either identify the person or provide a reasonable basis to believe the person could be identified from the information given. It must relate to one's past, present, or future physical or mental health condition; the provision of healthcare; or payment for the provision of healthcare. It must be held or transmitted by a covered entity or its business associate.
A secretary in the Nursing Office was recently hospitalized with ketoacidosis. She comes to the HIM department and requests to review her health record. Of the options here, what is the best course of action? a. Allow her to review her record after obtaining authorization from her. b. Refer the patient to her physician for the information. c. Tell her to go through her supervisor for the information. d. Tell her that hospital employees cannot access their own medical records.
a. Allow her to review her record after obtaining authorization from her. Review of records by the patient is permitted after the authorization for use and disclosure is verified. Usually hospital personnel should be present during on-site reviews to assist the requester with the paper record or working with the EHR if necessary. Assistance would not be needed if the people requesting on-site review work for the facility.
Under the HIPAA Privacy rule, which of the following statements is true? a. An authorization must contain an expiration date or event. b. A consent for use and disclosure of information must be obtained from every patient. c. An authorization must be obtained for uses and disclosures for treatment, payment, and operations. d. A notice of privacy practices must give 10 examples of a use or disclosure for healthcare operations.
a. An authorization must contain an expiration date or event. In order for an authorization to be valid, it must contain an expiration date or event that relates to the individual or the purpose of the use or disclosure.
A healthcare provider organization, when defining its legal health record must: a. Assess the legal environment, system limitations, and standards of care b. Determine what other healthcare provider organizations are doing c. Determine if a legal health record is needed d. Include only the paper components of the health record
a. Assess the legal environment, system limitations, and standards of care As part of the process to identify the legal health record, the facility should assess the legal environment, system limitations, and standards of care.
A notation for a hypertensive patient in a physician ambulatory care progress note reads: "Blood pressure adequately controlled." In which part of a problem-oriented health record progress note would this be written? a. Assessment b. Objective c. Plan d. Subjective
a. Assessment Some providers also use a SOAP format for their problem-oriented progress notes. Professional conclusions reached from evaluation of the subjective or objective information make up the assessment.
What committee usually oversees the development and approval of new forms for the health record? a. Clinical forms committee b. Executive committee c. Medical staff committee d. Quality review committee
a. Clinical forms committee Every healthcare organization should have a clinical forms or design (for EHR systems) committee. This committee should provide oversight for the development, review, and control of all enterprise-wide information capture tools, including paper forms and design of computer screens.
This private, not-for-profit organization is committed to developing and maintaining practical, customer-focused standards to help organizations measure and improve the quality, value, and outcomes of behavioral health and medical rehabilitation programs. a. Commission on Accreditation of Rehabilitation Facilities b. American Osteopathic Association c. National Committee for Quality Assurance d. The Joint Commission
a. Commission on Accreditation of Rehabilitation Facilities The Commission on Accreditation of Rehabilitation Facilities (CARF) is a private, not-for-profit organization committed to developing and maintaining practical, customer-focused standards to help organizations measure and improve the quality, value, and outcomes of behavioral health and medical rehabilitation programs. CARF accreditation is based on an organization's commitment to continually enhance the quality of its services and programs and to focus on customer satisfaction.
Which of the following is necessary to ensure that each term used in an EHR has a common meaning to all users? a. Controlled vocabulary b. Data exchange standards c. Encoded vocabulary d. Proprietary standards
a. Controlled vocabulary The vocabulary used in an electronic health record (EHR) system should, at a minimum, be a controlled vocabulary, which is essential in ensuring a common meaning for all users. A controlled vocabulary means that a specific set of terms in the EHR's data dictionary may be used and that a central authority approves any additions or changes.
Which of the following are clear guidelines for the acceptable values of specific data fields and makes it possible to exchange health information using electronic networks? What type of standards provide clear descriptors of data elements to be included in an electronic health record system? a. Data content standard b. Messaging standards c. Interoperability standards d. Vocabulary standards
a. Data content standard Data and content standards are clear guidelines for the acceptable values for specified data fields. These standards make it possible to exchange health information using electronic networks.
Multiple users entering data may have different definitions or perceptions about what goes into a data field, thereby confounding the data. For example, one department may use the term "PATIENT" while another department my use the term "CLIENT" to define the same entity. Which of the following would be used to provide standardization? a. Data dictionary b. Data mining c. Data model d. Database
a. Data dictionary The data dictionary is a central building block that supports communication across business processes. Defining a data dictionary supports the creation of well-structured and defined data sets by creating standardized definitions of data elements to help ensure consistency of collection and use of the data. For example, the data element "PATIENT" would have the same field length and definition across all applications in the organization.
Which of the following Enterprise Information Management (EIM) functions is the overarching authority for managing an organization's data assets? a. Data governance b. Clinical quality management c. Data security management d. Master data management
a. Data governance Data governance is the overarching authority that ensures the cohesive operation and integration of all EIM domains. Data governance includes a formal organizational structure with both authority and responsibility for managing an organization's data assets
Which of the following individuals would serve as a bridge between information technology and business and clinical areas while managing each key area? a. Data steward b. Systems analyst c. Data scientist d. Systems administrator
a. Data steward Data stewards serve as the bridge between information technology, and business and clinical areas. They are assigned to manage key data areas and are responsible for tasks such as data definition and information quality activities.
What is it called when accrediting bodies, such as the Joint Commission, rather than the government can survey facilities for compliance with the Medicare Conditions of Participation for Hospitals? a. Deemed status b. Licensure c. Subpoena d. Credentialing
a. Deemed status Hospitals accredited through the Joint Commission or another accrediting body may participate in the Medicare program because the accrediting agency has been granted deemed status by the Medicare program. Deemed status means accrediting bodies such as the Joint Commission can survey facilities for compliance with the Medicare Conditions of Participation for Hospitals instead of the government.
The legal health record (LHR) is a(n): a. Defined subset of all patient-specific data created or accumulated by a healthcare provider that may be released to third parties in response to a legally permissible request for patient information b. Entire set of information created or accumulated by a healthcare provider that may be released to third parties in response to a legally permissible request for patient information c. Set of patient-specific data created or accumulated by a healthcare provider that is defined to be legal by the local, state, or federal authorities d. Set of patient-specific data that is defined to be legal by state or federal statute and that is legally permissible to provide in response to requests for patient information
a. Defined subset of all patient-specific data created or accumulated by a healthcare provider that may be released to third parties in response to a legally permissible request for patient information The legal health record is a defined subset of all patient-specific data. The legal health record is the record that will be disclosed upon request by third parties. It includes documentation about health services provided and stored on any media.
The HIPAA Security Awareness and Training administrative safeguard requires all of the following addressable implementation programs for an entity's workforce except: a. Disaster recovery plan b. Log-in monitoring c. Password management d. Security reminders
a. Disaster recovery plan Another administrative safeguard specification requires that a covered entity implement a security awareness and training program for all members of its workforce. Special protections must be taken to ensure information is not inappropriately released or accessed. These protections include log-in monitoring, password management, and security reminders.
Which of the following data sets would be most useful in developing a matrix for identification of components of the legal health? a. Document name, media type, source system, electronic storage start date, stop printing start date b. Document name, media type c. Document name, medical record number, source system d. Document name, source system
a. Document name, media type, source system, electronic storage start date, stop printing start date Create a matrix that defines each document type in the legal health record and determine the medium in which each element will appear. Such a matrix could include a column indicating the transition date of a particular document from the paper-based to the electronic environment. It is important that specific state guidelines are incorporated when a facility matrix is developed.
Which of the following is a primary purpose of the health record? a. Document patient care delivery b. Regulation of healthcare facilities c. Aid in education of nurses and physicians d. Assist in process redesign
a. Document patient care delivery Patient care delivery is a primary purpose of the health record. Other primary purposes are patient care management, patient care support processes, financial and other administrative processes, and patient self-management.
A patient's birth date and gender documented in the health record are examples of a data ________. a. Element b. Map c. Dictionary d. Definition
a. Element A data element can be a single or individual fact that represents the smallest unique subset of a larger database, sometimes referred to as the raw facts and figures.
Specific performance expectations, structures, and processes that provide detailed information and the intent for each of the Joint Commission standards are called: a. Elements of performance b. Fact sheets c. Ad hoc reports d. Registers
a. Elements of performance Within each chapter, the standards associated with each topic are cited and then elaborated upon with "elements of performance" (EP) that directly communicate the intent of the Joint Commission with respect to each standard. In addition, a scoring guideline is provided that allows the organization to score itself on each EP and thus get a sum total on each standard.
Authentication of a record refers to: a. Establishment of its baseline trustworthiness b. The type of electronic operating system on which it was created c. The identity of the individual who notarized it d. Its relevance
a. Establishment of its baseline trustworthiness Even if evidence appears to be relevant, it must also be authenticated. As with health records, the evidence itself must be shown to have a baseline authenticity or trustworthiness.
How do patient care managers use the data documented in the health record? a. Evaluate the services provided by their employees b. Communicate vital information among departments and across disciplines and settings c. Generate patient bills or third-party payer claims for reimbursement d. Determine the extent and effects of occupational hazards
a. Evaluate the services provided by their employees It is the role of the patient care managers and support staff to evaluate the services provided by their employees.
This data set was developed by the National Committee for Quality Assurance to aid consumers with health-related issues with information to compare performance of clinical measures for health plans: a. HEDIS b. UHDDS c. UACDS d. ORYX
a. HEDIS Healthcare Effectiveness Data and Information Set (HEDIS) is overseen by the National Committee for Quality Assurance. HEDIS is a standardized set of performance measures designed to allow purchasers to compare the performance of managed-care plans.
Which of the following statements represents an example of nonmaleficence? a. HITs must ensure that patient-identifiable information is not released to unauthorized parties. b. HITs must apply rules fairly and consistently to every case. c. HITs must ensure that patient-identifiable information is released to the parties who need it to provide services to their patients. d. HITs must ensure that patients themselves, and not other parties, are authorizing access to the patients' individual health information.
a. HITs must ensure that patient-identifiable information is not released to unauthorized parties. Nonmaleficence would require the HIM professional to ensure that the information is not released to someone who does not have authorization to access it and who might harm the patient if access were permitted (for example, a newspaper seeking information about a famous person).
An electronic health record risk analysis is useful to: a. Identify security threats b. Identify which employees should have access to data c. Establish password controls d. Establish audit controls
a. Identify security threats Risk management begins by conducting a risk analysis. Identifying security threats or risks, determining how likely it is that any given threat may occur, and estimating the impact of an untoward event are all parts of a risk assessment.
Which of the following should be taken into consideration when designing a health record form? a. Including original and revised dates b. Number of clicks to access data c. Choosing the field type such as radio buttons d. Difference between paper and screen
a. Including original and revised dates One example of effective form design principles is that each form should include original and revised dates for the tracking and purging of obsolete forms.
Which of the following statements about the directory of patients maintained by a covered entity is true? a. Individuals must be given an opportunity to restrict or deny permission to place information about them in the directory. b. Individuals must provide a written authorization before information about them can be placed in the directory. c. The directory may contain only identifying information such as the patient's name and birth date. d. The directory may contain private information as long as it is kept confidential.
a. Individuals must be given an opportunity to restrict or deny permission to place information about them in the directory. A patient has the opportunity to agree or disagree with being placed in a patient directory. They must be given the opportunity to determine if they want to be placed in the directory or not, but it does not need to be in writing.
Mary's PHI was breached by her physician office when it was disclosed in error to another patient. Which of the following breach notification statements is correct regarding the physician office's required action? a. It must report the breach to HHS within 60 days after the end of the calendar year in which the breach occurred b. It must report the breach to HHS within 60 days of the breach c. It must notify all local media outlets and HHS immediately d. It is not required to take any action since the breach affected only one person
a. It must report the breach to HHS within 60 days after the end of the calendar year in which the breach occurred Since this breach applies to one patient, it must be reported to HHS within 60 days after the end of the calendar year.
If a patient wants to amend his or her health record, the covered entity may require the individual to: a. Make an amendment request in writing and provide a rationale for the amendment. b. Ask the attending physician for his or her permission to amend their record. c. Require the patient to wait 30 days before their request will be considered and processed. d. Provide a court order requesting the amendment.
a. Make an amendment request in writing and provide a rationale for the amendment. The covered entity may require the individual to make an amendment request in writing and provide a rationale for their amendment request. Such a process must be communicated in advance to the individual.
The HIPAA Privacy Rule requires that covered entities must limit use, access, and disclosure of PHI to only the amount needed to accomplish the intended purpose. What concept is this an example of? a. Minimum necessary b. Notice of privacy practices c. Authorization d. Consent
a. Minimum necessary The Privacy Rule introduced the standard of minimum necessary to limit the amount of PHI used, disclosed, and requested. This means that healthcare providers and other covered entities must limit uses, disclosures, and requests to only the amount needed to accomplish the intended purpose. For example, for payment purposes, only the minimum amount of information necessary to substantiate a claim for payment should be disclosed.
Which of the following contains the physician's findings based on an examination of the patient? a. Physical exam b. Discharge summary c. Medical history d. Patient instructions
a. Physical exam The physical examination report represents the attending physician's assessment of the patient's current health status. This report should document data on all the patient's major organ systems.
In healthcare, data sets serve two purposes. The first is to identify data elements to be collected about each patient. The second is to: a. Provide uniform data definitions b. Guide efforts toward computerization c. Determine statistical formulas d. Provide a research database
a. Provide uniform data definitions Healthcare data sets have two purposes. The first is to identify the data elements that should be collected for each patient. The second is to provide uniform definitions for common terms. The use of uniform definitions ensures that data collected from a variety of healthcare settings will share a standard definition. Standardizing data elements and definitions makes it possible to compare the data collected at different facilities.
The primary purpose of a data set in healthcare is to: a. Recommend common data elements to be collected in health records b. Mandate all data that must be contained in a health record c. Define reportable data for federally funded programs d. Standardize medical vocabulary
a. Recommend common data elements to be collected in health records A data set is a recommended list of data elements that have defined and uniformed definitions that are relevant for a particular use or are specific to a type of healthcare industry.
The following descriptors about the data element PATIENT_LAST_NAME are included in a data dictionary: definition: legal surname of the patient; field type: numeric; field length: 50; required field: yes; default value: none; input mask: none. Which of the following is true about the definition of this data element? a. The field type should be changed to alphanumeric. b. The input mask should be changed from None to Required. c. The field length should be shortened. d. A default value should be Required.
a. The field type should be changed to alphanumeric. The data element PATIENT_LAST_NAME must be stored as alphanumeric data because the data are character-based.
As the corporate director of HIM services and enterprise privacy officer, you are asked to review a patient's health record in preparation for a legal proceeding for a malpractice case. The lawsuit was brought by the patient 72 days after the procedure. Health information contains a summary of two procedures that were dictated 95 days after the procedure. The physician in question has a longstanding history of being lackadaisical with record completion practices. Previous concerns regarding this physician's record maintenance practices had been reported to the facility's Credentialing Committee. Is this information admissible in court? a. This information could be rejected because the physician dictated the procedure note after the malpractice suit was filed. b. This information will be admissible in court because it is part of the patient's health record. c. This information could be rejected because it is not relevant to the malpractice case. d. This information will be rejected because the patient did not authorize its release.
a. This information could be rejected because the physician dictated the procedure note after the malpractice suit was filed. The health record may be valuable evidence in a legal proceeding. To be admissible, the court must be confident that the record is: complete, accurate, and timely (recorded at the time the event occurred); was documented in the normal course of business; and was made by healthcare providers who have knowledge of the "acts, events, conditions, opinions, or diagnoses appearing in it".
How do accreditation organizations use the health record? a. To determine whether standards are being met b. To determine whether the documentation supports the provider's claim for reimbursement c. To provide healthcare services d. To serve as a source for case study information
a. To determine whether standards are being met In order to be granted and maintain accreditation, a healthcare organization must show compliance with the accrediting body standards. This frequently requires review of the health record to determine compliance with documentation and patient care standards.
Which of the following statements is true in regard to responding to requests from individuals for access to their protected health information (PHI)? a. A cost-based fee may be charged for retrieval of the PHI. b. A cost-based fee may be charged for making a copy of the PHI. c. No fees of any type may be charged. d. A minimal fee may be charged for retrieval and copying of PHI.
b. A cost-based fee may be charged for making a copy of the PHI. HIPAA allows the covered entity to impose a reasonable cost-based fee when the individual requests a copy of PHI or agrees to accept summary or explanatory information. The fee may include the cost of: copying, including supplies, labor, and postage. HIPAA does not permit "retrieval fees" to be charged to patients.
Which of the following laws created the HITECH act? a. Health Insurance Portability and Accountability Act b. American Recovery and Reinvestment Act c. Consolidated Omnibus Budget Reconciliation Act d. Healthcare Quality Improvement Act
b. American Recovery and Reinvestment Act The American Recovery and Reinvestment Act of 2009 (ARRA) is considered one of the major health information technology laws that provided stimulus funds to the US economy in the midst of a major economic downturn. A substantial portion of the bill, Title XIII of the Act entitled the Health Information Technology for Economic and Clinical Health (HITECH) Act, was part of ARRA.
Which of the following is a software program that tracks every access to data in the computer system? a. Access control b. Audit trail c. Edit check d. Risk assessment
b. Audit trail The audit trail is a software program that tracks every single access to data in the computer system. It logs the name of the individual who accessed the data, the date and time, and the action taken (for example, modifying, reading, or deleting data). Review of audit trails can help detect whether a breach of security has occurred.
Which of the following is considered a secondary data source? a. Urinalysis laboratory report b. Cancer registry c. Pathology report d. Patient problem list
b. Cancer registry Secondary data sources are data collected or extracted from a primary data source and used for purposes other than their original intended use. Secondary data sources are frequently maintained in registries, databases or indexes, such a cancer registry.
What is the legal term used to define the protection of health information in a patient-provider relationship? a. Access b. Confidentiality c. Privacy d. Security
b. Confidentiality Confidentiality, as recognized by law and professional codes of ethics, stems from a relationship such as physician and patient, and pertains to the information resulting from that relationship. Privileged communication is a legal concept designed to protect the confidentiality between two parties.
Which of the following is an organization's planned response to protect its information in the case of a natural disaster? a. Administrative controls b. Contingency plan c. Audit trail d. Physical controls
b. Contingency plan Disaster planning occurs through a contingency plan—a set of procedures, documented by the organization to be followed when responding to emergencies. It encompasses what an organization and its personnel need to do both during and after events that limit or prevent access to facilities and patient information.
A core data set developed by ASTM to communicate a patient's past and current health information as the patient transitions from one care setting to another is: a. Ambulatory Care Data Set b. Continuity of care record c. Minimum Data Set d. Uniform Hospital Discharge Data Set
b. Continuity of care record The continuity of care record (CCR) standard (ASTM E2369-05) is a core data set of relevant administrative, demographic, and clinical information elements about a patient's health status and healthcare treatment. It was created to help communicate that information from one provider to another for referral, transfer, or discharge of the patient.
Mrs. Smith's admitting data indicates that her birth date is March 21, 1948. On the discharge summary, Mrs. Smith's birth date is recorded as July 21, 1948. Which quality element is missing from Mrs. Smith's health record? a. Data completeness b. Data consistency c. Data accessibility d. Data comprehensiveness
b. Data consistency Data consistency means that the data are reliable. Reliable data do not change no matter how many times or in how many ways they are stored, processed, or displayed. Data values are consistent when the value of any given data element is the same across applications and systems. Related data items also should be reliable.
The protection measures and tools for safeguarding information and information systems is a definition of: a. Confidentiality b. Data security c. Informational privacy d. Informational access control
b. Data security Data security can be defined as the protection measures and tools for safeguarding information and information systems.
Which of the following is the best example of a data governance business case? a. Improves processes and productivity by reducing rework b. Data silos and fragmented data inhibit data integration c. Reduces organizational risk by providing better data d. Improves business intelligence by providing consistent data
b. Data silos and fragmented data inhibit data integration The case for data governance is compelling if we look at the degree to which business processes are dependent on access to good data. The best example for a data governance business case is data in silos or fragmented data which inhibit data integration.
The evaluation of data collected based on business needs and strategy is part of ________. a. Data ownership b. Data stewardship c. Data quality d. Data modeling
b. Data stewardship Data stewardship is the evaluation of the data collection based on business need and strategy to ensure the data meets the requirements of patient care and organizational needs. Data stewardship and data ownership are closely connected.
Which of the following would be a discriminating attribute used to disqualify two or more similar records? a. Phone number b. Date of birth c. E-mail address d. Last name
b. Date of birth Discriminating attributes are used to disqualify two or more similar records, rather than match them. These should be static attributes that do not normally change such as date of birth.
Burning, shredding, pulping, and pulverizing are all acceptable methods in which process? a. Deidentification of electronic documents b. Destruction of paper-based health records c. Deidentification of records stored on microfilm d. Destruction of computer-based health records
b. Destruction of paper-based health records Because of cost and space limitations, permanently storing paper and microfilm-based health record documents is not an option for most hospitals. Acceptable destruction methods for paper documents include burning, shredding, pulping, and pulverizing.
The attending physician is responsible for which of the following types of acute-care documentation? a. Consultation report b. Discharge summary c. Laboratory report d. Pathology report
b. Discharge summary The discharge summary is a concise account of the patient's illness, course of treatment, response to treatment, and condition at the time the patient is discharged (officially released) from the hospital. The summary also includes instructions for follow-up care to be given to the patient or his or her caregiver at the time of discharge. It provides an overview of the entire health encounter. The discharge summary is the responsibility of, and must be signed by, the attending physician.
What is the function of a consultation report? a. Provides a chronological summary of the patient's medical history and illness b. Documents opinions about the patient's condition from the perspective of a physician not previously involved in the patient's care c. Concisely summarizes the patient's treatment and stay in the hospital d. Documents the physician's instructions to other parties involved in providing care to a patient
b. Documents opinions about the patient's condition from the perspective of a physician not previously involved in the patient's care The consultation report documents the clinical opinion of a physician other than the primary or attending physician. The consultation is requested by the primary or attending physician. The report is based on the consulting physician's examination of the patient and a review of his or her health record.
A transition technology used by many hospitals to increase access to health record content is: a. Electronic health record b. Electronic document management system c. Electronic signature authentication d. Electronic data interchange
b. Electronic document management system When electronic document management systems (EDMSs) are well indexed, certain content within the documents can be uniquely retrieved making EDMS a good transition for the healthcare organization on their way to a fully interactive EHR.
Which type of health record contains information about the means by which the patient arrived at the healthcare setting and documentation of care provided to stabilize the patient? a. Ambulatory care b. Emergency care c. Long-term care d. Rehabilitative care
b. Emergency care The emergency department record is a health record that is generated when a patient visits an emergency department (ED) seeking treatment. Documentation in the emergency department records includes the means by which the patient arrived at the healthcare facility and documentation of care provided to stabilize the patient.
An audit of a hospital's electronic health system shows that diagnostic codes are not being reported at the correct level of detail. This indicates a problem with data: a. Consistency b. Granularity c. Comprehensiveness d. Relevancy
b. Granularity Data granularity requires that the attributes and values of data be defined at the correct level of detail for the intended use of the data.
When meeting with the HIM professional during an on-site review, the surveyor would be looking for what type of information? a. Written policies and procedures on document imaging b. HIM department's success in documentation compliance c. Document type matrix d. Attendance policy
b. HIM department's success in documentation compliance An on-site review by experienced surveyor from the accrediting organization would meet with the HIM leader to review their written policies and procedures and ask for some examples of the HIM department's successes in areas of quality improvement and patient safety. The type of successes the surveyor would be looking for might be that the signing, dating, and timing of physician verbal orders went from 95 percent compliance to 99 percent. Another success would be the reduction of duplicate or overlaid medical record numbers (MRN).
What does the term access control mean? a. Identifying the greatest security risks b. Identifying which data employees should have a right to use c. Implementing safeguards that protect physical media d. Restricting access to computer rooms and facilities
b. Identifying which data employees should have a right to use The term access control means being able to identify which employees should have access to what data. The general practice is that employees should have access only to data they need to do their jobs. For example, an admitting clerk and a healthcare provider would not have access to the same kinds of data.
Which of the following are data that have been filtered and put into context? a. Data b. Information c. Knowledge d. System
b. Information Information moves beyond data and consists of sets of data that are related and have been placed in context, are filtered, manipulated, or formatted in some way and are useful to a particular task.
When a user keys in 10101963, the computer displays it as 10/10/1963. What enables this? a. Toolkit b. Input mask c. Check box d. Radio button
b. Input mask Data is collected in a number of ways. The information system should have measures in place to control the data entered into the EHR. In this example, the birth date of 10101963 is displayed in the computer as 10/10/1963 because an input mask was used in the information system to show the format in which the data will be displayed.
Which of the following is not an individual user of the health record? a. Clinical professionals who provide direct patient care b. Insurance companies that cover healthcare expenses c. Billers in the healthcare facility's business office d. Patient care managers
b. Insurance companies that cover healthcare expenses Individual users are those who depend on the health record in order to complete their job. Documentation in the health record is the basis for reimbursement or payment for the care provided. Patient care providers and the coding and billing staff use patient specific information in their day-to-day work. An insurance company would be considered an institutional user of the health record and only needs access to process the claim.
The ability to electronically send data from one information system to another while maintaining the original meaning is called: a. Data comparability b. Interoperability c. National data exchange d. Data architecture
b. Interoperability Interoperability refers to the use of standard protocols to enable two different computer systems to share data with each other.
In a cancer registry, the accession number: a. Identifies all the cases of cancer treated in a given year b. Is the number assigned to each case as it is entered into a cancer registry c. Identifies the pathologic diagnosis of an individual cancer d. Is the number assigned for the diagnosis of a cancer patient that is entered into the cancer registry treatments and at different stages of cancer
b. Is the number assigned to each case as it is entered into a cancer registry When a case is first entered in the registry, an accession number is assigned. This number consists of the first digits of the year the patient was first seen at the facility, and the remaining digits are assigned sequentially throughout the year. The first case in the year, for example, might be 10-0001. The accession number may be assigned manually or by the automated cancer database used by the organization.
Which of the following statements is NOT true about a business associate agreement? a. It prohibits the business associate from using or disclosing PHI for any purpose other than that described in the contract with the covered entity. b. It allows the business associate to maintain PHI indefinitely. c. It prohibits the business associate from using or disclosing PHI in any way that would violate the HIPAA Privacy Rule. d. It requires the business associate to make available all of its books and records relating to PHI use and disclosure to the Department of Health and Human Services or its agents.
b. It allows the business associate to maintain PHI indefinitely. Agreements between the covered entity and a business associate include: requiring the business associate to make available all of its books and records relating to protected health information (PHI) use and disclosure to the Department of Health and Human Services or its agent; prohibiting the business associate from using or disclosing PHI in any way that would violate the HIPAA Privacy Rule; and prohibiting the business associate from using or disclosing PHI for any purpose other than that described in the contract with the covered entity; and other agreements. But it does not allow the business associate to maintain PHI indefinitely.
Results of a urinalysis and all blood tests performed would be found in what part of a healthcare record? a. Autopsy report b. Laboratory findings c. Pathology report d. Surgical report
b. Laboratory findings The results of all diagnostic and therapeutic procedures become part of the patient's health record. Diagnostic procedures include laboratory tests performed on blood, urine, and other samples from the patient which would be documented in the laboratory findings.
Which of the following is the best definition of a forward map in data mapping? a. Linking of two systems in the opposite direction b. Linking an older version of a code set to a newer version c. Linking a newer version of a code set to an older version d. Linking a source system to a target system
b. Linking an older version of a code set to a newer version In a forward map, an older version of a code set is mapped to a newer version.
An RAI/MDS and care plan are found in records of patients in what setting? a. Home healthcare b. Long-term care c. Behavioral healthcare d. Rehabilitative care
b. Long-term care The long-term care health record contains the patient's registration forms, personal property list, RAI/MDS, care plan and discharge or transfer information.
Which of the following indexes is an important source of patient health record numbers? a. Physician index b. Master patient index c. Operation index d. Disease index
b. Master patient index The master patient index (MPI) is the permanent record of all patients treated at a healthcare facility. It is used by the HIM department to look up patient demographics, dates of care, the patient's health record number, and other information.
Which of the following represents documentation of the patient's current and past health status? a. Physical exam b. Medical history c. Physician orders d. Patient consent
b. Medical history A complete medical history documents the patient's current complaints and symptoms and lists his or her past health, personal, and family history. In acute care, the health history is usually the responsibility of the attending physician.
To comply with HIPAA regulations, a hospital would make its membership in an HIE known to its patients through which of the following? a. Press release b. Notice of Privacy Practices c. Consent form d. Website notice
b. Notice of Privacy Practices The Privacy Rule introduced the standard that individuals should be informed how covered entities use or disclose protected health information (PHI). Section 164.520 requires that, except for certain variations or exceptions for health plans and correctional facilities, an individual has the right to a notice explaining how his or her PHI will be used and disclosed. This is the notice of privacy practices.
The home health prospective payment system uses the ________ data set for patient assessments. a. HEDIS b. OASIS-C c. MDS d. UHDDS
b. OASIS-C The Outcomes and Assessment Information Set (OASIS-C) is a standardized data set designed to gather data about Medicare beneficiaries who are receiving services from a home health agency. OASIS-C includes a set of core data items that are collected on all adult home health patients.
To ensure relevancy, an organization's security policies and procedures should be reviewed at least: a. Once every six months b. Once a year c. Every two years d. Every five years
b. Once a year All data security policies and procedures should be reviewed and evaluated annually to make sure they are up-to-date and still relevant to the organization.
In which department or unit is the health record number typically assigned? a. HIM b. Patient registration c. Nursing d. Billing
b. Patient registration The health record number is a key data element in the MPI. It is used as a unique personal identifier and is also used in paper-based numerical filing systems to locate records and in electronic systems to link records. Although it is typically assigned at the point of patient registration, the HIM department is usually responsible for the integrity of health record number assignment and for ensuring that no two patients receive the same number.
Which of the following are security safeguards that protect equipment, media, and facilities? a. Administrative controls b. Physical safeguards c. Audit controls d. Role based safeguards
b. Physical safeguards Physical safeguards protect physical equipment, media, or facilities. For example, doors leading to the areas that house mainframes and other principal computing equipment should have locks on them.
The coding manager at Community Hospital is seeing an increased number of physicians failing to document the cause and effect of diabetes and its manifestations. Which of the following will provide the most comprehensive solution to handle this documentation issue? a. Have coders continue to query the attending physician for this documentation. b. Present this information at the next medical staff meeting to inform physicians on documentation standards and guidelines. c. Do nothing because coding compliance guidelines do not allow any action. d. Place all offending physicians on suspension if the documentation issues continue.
b. Present this information at the next medical staff meeting to inform physicians on documentation standards and guidelines. The quality of the documentation entered in the health record by providers can have major impacts on the ability of coding staff to perform their clinical analyses and assign accurate codes. In this situation, the best solution would be to educate the entire medical staff on their roles in the clinical documentation improvement process. Explaining to them the documentation guidelines and what documentation is needed in the record to support the more accurate coding of diabetes and its manifestations will reduce the need for coders to continue to query for this clarification.
Which of the following has access to personally identifiable data without authorization or subpoena? a. Insurance company for life insurance eligibility b. Public health department for disease reporting purposes c. The patient's attorney d. Workers' compensation for disability claim settlement
b. Public health department for disease reporting purposes Covered entities may disclose PHI to public health entities even if the law does not specifically require the disclosure is for the purpose of preventing or controlling disease; injury; or disability; including, but not limited to, the reporting of disease; injury; vital events such as birth or death; and the conduct of public health surveillance.
Joan reviewed the health record of Sally Williams and found the physician stated on her post-op note, "examined after surgery." This review process would be an example of: a. Quantitative analysis b. Qualitative analysis c. Data mining d. Data warehousing
b. Qualitative analysis Qualitative analysis is a detailed review of a patient's health record for the quality of the documentation contained therein.
HIM departments may be the hub of identifying, mitigating, and correcting MPI errors, but that information often is not shared with other departments within the healthcare organization. After identifying procedural problems with admitting patients that contribute to the creation of the MPI errors, which department should the MPI manager work with to correct these procedural problems? a. Administration b. Registration c. Risk Management d. Radiology and Laboratory
b. Registration A review of the identified duplicates and overlays often reveals procedural problems that contribute to the creation of errors. Although health information management (HIM) departments may be the hub of identifying, mitigating, and correcting master patient index (MPI) errors, that information may never be shared with the registration department. If the registration staff is not aware of the errors, how can they begin to proactively prevent the errors from occurring in the first place? Registration process improvement activities can eventually reduce work for HIM departments. In addition, monitoring new duplicates is a critical process, and tracking reports should be created and implemented. Identifying and reporting MPI errors is important; however, tracking who made the error and why will decrease the number of duplicates.
Which of the following is considered a clinical documentation best practice? a. Allowing clinicians to backdate physician orders b. Restricting use of abbreviations to a list approved by hospital and medical staff bylaws, rules, and regulations c. Allowing clinicians to delete documentation errors in an electronic record d. Prohibiting all verbal orders
b. Restricting use of abbreviations to a list approved by hospital and medical staff bylaws, rules, and regulations Clinical documentation best practices establish policies and guidelines that ensure uniformity of both content and format of the patient record. One example of a clinical documentation best practice would be to stipulate abbreviations and symbols in the patient record to be permitted only when approved according to hospital and medical staff bylaws, rules, and regulations.
Which of the following would be considered a derivation business rule? a. Upon admission a patient must be assigned to a clinical service b. The average length of stay is the sum of inpatient days for a period divided by the number of discharges for a period c. Date of birth must be documented as DD/MM/YYYY d. The hospital census is taken at midnight each day
b. The average length of stay is the sum of inpatient days for a period divided by the number of discharges for a period Derivation is an attribute that is derived through a mathematical calculation of inference from other attributes or systems variables.
When creating requirements of documentation for the hospital bylaws, which of the following should be evaluated? a. The personal preferences of the healthcare practitioner b. The documentation needs based on accrediting bodies c. Information taught in the local nursing programs d. The wants of the department chairs in a hospital
b. The documentation needs based on accrediting bodies Outside of the medical staff bylaws, hospital bylaws are written documents that govern the staff members who create data within the record for additional support of patient care and reimbursement. Since providers are not the sole authors in the creation of clinical documentation, it is important for hospitals to define who can document within the record, the type of documentation that can occur, and the timeliness and completeness of that documentation. The documentation must also be based on accrediting bodies' expectations.
Which of the following is not a characteristic of the common healthcare data sets such as UHDDS and UACDS? a. They define minimum data elements to be collected. b. They provide a complete and exhaustive list of data elements that must be collected. c. They provide a framework for data collection to which an individual facility can add data items. d. The federal government recommends, but does not mandate, implementation of most of the data sets.
b. They provide a complete and exhaustive list of data elements that must be collected. A data set is a list of recommended data elements with uniform definitions that are relevant for a particular use. The contents of data sets vary by their purpose. However, data sets are not meant to limit the number of data elements that can be collected. Most healthcare organizations collect additional data elements that have meaning for their specific administrative and clinical operations. Standardizing data elements and definitions makes it possible to compare the data collected at different facilities. A number of data reporting requirements come from federal initiatives.
A healthcare system wants to map ICD-10-CM to ICD-9-CM. Which of the following would be true about this effort? a. ICD-10-CM would be considered the target system b. This is an example of reverse mapping c. This is an example of forward mapping d. This is an example of bidirectional mapping
b. This is an example of reverse mapping A reverse map links two systems in the opposite direction, from the newer version of a code set to an older version.
Which of the following elements of coding quality represent the degree to which codes accurately reflect the patient's diagnoses and procedures? a. Reliability b. Validity c. Completeness d. Timeliness
b. Validity Validity is the degree to which codes accurately reflect the patient's diagnoses and procedures.
To comply with HIPAA, under usual circumstances, a covered entity must act on a patient's request to review or copy his or her health information within ________ days. a. 10 b. 20 c. 30 d. 60
c. 30 A covered entity must act on an individual's request for review of PHI no later than 30 days after the request is made, extending the response period by no more than 30 additional days if it gave the individual a written statement within the 30-day time period explaining the reasons for the delay and the date by which the covered entity will complete its action on the request. The covered entity may extend the time for action on a request for access only once.
Under HIPAA regulations, how many days does a covered entity have to respond to an individual's request for access to his or her PHI when the PHI is stored off-site? a. 10 days beyond the original requirement b. 30 days c. 60 days d. 90 days
c. 60 days A covered entity must act on an individual's request for review of protected health information (PHI) no later than 30 days after the request is made, extending the response period by no more than 30 additional days if it gave the individual a written statement within the 30-day time period explaining the reasons for the delay and the date by which the covered entity will complete its action on the request. The covered entity may extend the time for action on a request for access only once. If PHI is not maintained or located on-site, the covered entity is given within 60 days of receipt to respond to a request.
Which of the following best describes the function of kiosks? a. A computer station that physicians can use to order medications b. A computer station that unlocks workstations c. A computer station that facilitates integrated communications within the healthcare organization d. A computer station that promotes the healthcare organization's services
c. A computer station that facilitates integrated communications within the healthcare organization A kiosk is a special form of input device geared to people less familiar with computers that is located in a provider's waiting room allowing patients to have access to some of their health information and other services.
Which of the following represents an example of data granularity? a. A progress note recorded at or near the time of the observation b. An acceptable range of values defined for a clinical characteristic c. A numerical measurement carried out to the appropriate decimal place d. A health record that includes all of the required components
c. A numerical measurement carried out to the appropriate decimal place Data granularity requires that the attributes and values of data be defined at the correct level of detail for the intended use of the data. For example, numerical values for laboratory results should be recorded to the appropriate decimal place as required for the meaningful interpretation of test results—or in the collection of demographic data, data elements should be defined appropriately to determine the differences in outcomes of care among various populations.
St. Joseph's Hospital has a psychiatric service on the sixth floor of the hospital. A 31-year-old male has come to the HIM department and requested to see a copy of his medical record. He indicated he was a patient of Dr. Schmidt, a psychiatrist, and that he was on the sixth floor of St. Joseph's for the past two months. These records are not psychotherapy notes. Of the options here, what is the best course of action? a. Prohibit the patient from accessing his record, as it contains psychiatric diagnoses that may greatly upset him. b. Allow the patient to access his record. c. Allow the patient to access his record if, after contacting his physician, his physician does not think it will be harmful to the patient. d. Deny access because HIPAA prevents patients from reviewing their psychiatric records.
c. Allow the patient to access his record if, after contacting his physician, his physician does not think it will be harmful to the patient. The HIPAA Privacy Rule provides patients with significant rights that allow them to have some measure of control over their health information. As long as state laws or regulations or the physician do not state otherwise, competent adult patients have the right to access their health record.
Which of the following statements is false with regard to the HIPAA Privacy Rule? a. A notice of privacy practices must be written in plain language. b. A notice of privacy practices must have a statement that other uses and disclosures will be made only with the individual's written authorization and that the individual may revoke such authorization. c. An authorization must be obtained for uses and disclosures for treatment, payment, and operations. d. A notice of privacy practices must give an example of a use or disclosure for healthcare operations.
c. An authorization must be obtained for uses and disclosures for treatment, payment, and operations. Under the Privacy Rule, healthcare providers are not required to obtain patient consent to use or disclose personal identifiable information for treatment, payment, and healthcare operations.
Which of the following best describes data comprehensiveness? a. Data are correct. b. Data are easy to obtain. c. Data include all required elements. d. Data are reliable.
c. Data include all required elements. Data comprehensiveness means that all the required data elements are included in the health record. In essence, comprehensiveness means that the record is complete. In both paper-based and computer-based systems, having a complete health record is critical to the organization's ability to provide excellent patient care and to meet all regulatory, legal, and reimbursement requirements.
Which of the following is the best definition of a data governance framework? a. Lists successive steps of growth to measure a program's progression b. Supports high level business imperatives c. Describes a real or conceptual structure that organizes a system or concept d. Targets an end point to achieve
c. Describes a real or conceptual structure that organizes a system or concept A data governance framework is a real or conceptual structure that organizes a system or concept. A framework typically describes and shows the synergy and interrelation among different part of an approach.
Which one of the following indexes contains a list maintained in diagnosis code number order for patients who are discharged from a facility during a particular time period? a. Physician b. Master patient c. Disease d. Operation
c. Disease The disease index is a listing in diagnosis code number order for patients discharged from the facility during a particular time period. Each patient's diagnosis is converted from a verbal description to a numerical code, usually using the International Classification of Diseases. The patient's diagnosis codes are entered into the facility's health information system as part of the discharge processing of the patient's health record.
What is the biggest threat to the security of healthcare data? a. Natural disasters b. Fires c. Employees d. Equipment malfunctions
c. Employees Employees are the biggest threat to the security of healthcare data. Whether it is disgruntled employees destroying computer hardware, snooping employees accessing information without authorization to do so, or employees accessing information for fraudulent purposes, employees are a real threat to data security.
Covered entities must do which of the following to comply with HIPAA security provisions? a. Appoint an individual who has the title of chief security officer who is responsible for security management b. Conduct employee security training sessions every six months for all employees c. Establish a contingency plan d. Conduct technical and nontechnical evaluations every six years
c. Establish a contingency plan Administrative safeguards are documented, formal practices to manage data security measures throughout the organization. Basically, they require the facility to establish a security management process. The administrative provisions detail how the security program should be managed from the organization's perspective. Administrative safeguards have nine standards, including the development and testing of a contingency plan. This is to ensure that procedures are in place to handle an emergency response in the event of an untoward event such as a power outage.
The primary goal of the Hospital Standardization Program, established in 1918 by the American College of Surgeons, was to: a. Standardize the educational curricula of American medical schools b. Train physicians and nurses for American hospitals c. Establish minimum quality standards for hospitals d. Force substandard hospitals to close
c. Establish minimum quality standards for hospitals In 1918, the hospital standardization movement was inaugurated by the American College of Surgeons (ACS). The purpose of the Hospital Standardization Program was to raise the standards of surgery by establishing minimum quality standards for hospitals. The ACS realized that one of the most important items in the care of any patient was a complete and accurate report of the care and treatment provided during hospitalization.
The function used to provide access controls, authentication, and audit logging in an HIE is: a. Patient identification b. Record location service c. Identity management d. Consent management
c. Identity management Identity management provides security functionality, including determining who (or what information system) is authorized to access information, authentication services, audit logging, encryption, and transmission controls.
What is the key piece of data needed to link a patient's information who is seen in a variety of care settings? a. Facility medical record number b. Facility identification number c. Identity matching algorithm d. Patient birth date
c. Identity matching algorithm Because the United States does not have a national patient identifier, an identity matching algorithm process must be used by organizations to identify any patient for whom data are to be exchanged. This algorithm uses sophisticated probability equations to identify patients.
In which of the following examples does the gender of the patient constitute information rather than a data element? a. As an entry to be completed on the face sheet of the health record b. In the note "50-year-old white male" in the patient history c. In a study comparing the incidence of myocardial infarctions in black males as compared to white females d. In a study of the age distribution of lung cancer patients
c. In a study comparing the incidence of myocardial infarctions in black males as compared to white females Data are the raw elements that make up our communications. Humans have the innate ability to combine data they collect and, through all their senses, produce information (which is data that have been combined to produce value) and enhance that information with experience and trial-and-error that produces knowledge. In this example, the gender is tied to race in the data collection that constitutes information and not a data element.
The term used to describe controlling information is ________. a. Information power b. Information authority c. Information governance d. Information policy
c. Information governance Information governance is the accountability framework and decision rights to achieve enterprise information management. In other words, the information must be controlled to ensure the needs of the organization are met.
Which of the following statements best describes the difference between a hospital inpatient and a hospital outpatient? a. Outpatients are treated in the emergency department; inpatients receive services in the regular clinical departments of the hospital. b. Inpatients always stay in the hospital overnight; outpatients never do. c. Inpatients receive room, board, and continuous nursing services in areas of the hospital where patients generally stay overnight; outpatients receive ambulatory diagnostic and therapeutic services. d. Outpatients primarily receive diagnostic services; inpatients receive mostly therapeutic services.
c. Inpatients receive room, board, and continuous nursing services in areas of the hospital where patients generally stay overnight; outpatients receive ambulatory diagnostic and therapeutic services. A hospital inpatient is a person who is provided room, board, and continuous general nursing service in an area of the hospital where patients generally stay at least overnight. A hospital outpatient is a hospital patient who receives services in one or more of the outpatient facilities when not currently an inpatient or home care patient.
long-term care, the resident's care plan is based on data collected in the: a. UHDDS b. OASIS-C c. MDS d. HEDIS
c. MDS The data collected by the Minimum Data Set (MDS) are used to develop care plans for residents and to document placement at the appropriate level of care. The MDS provides a structured way to organize resident information and develop a resident care plan
Which of the following systems is the key to identifying a patient's multiple hospitalizations? a. CDR b. CPOE c. MPI d. R-ADT
c. MPI The master patient index assigns a unique patient identifier to a patient. This facilitates managing a patient's multiple encounters as a "unit" over the course of a lifetime.
Which of the following is not true of Notices of Privacy Practices? a. Must be made available at the site where the individual is treated b. Must be posted in a prominent place c. Must contain content that may not be changed d. Must be prominently posted on the covered entity's website when the entity has one
c. Must contain content that may not be changed Healthcare providers with a direct treatment relationship with an individual must provide the notice of privacy practices no later than the date of the first service delivery (for example, first visit to a physician's office, first admission to a hospital, or first encounter at a clinic), including service delivered electronically. Notices must be available at the site where the individual is treated and must be posted in a prominent place where patients can reasonably be expected to read it. If the facility has a website with information on the covered entity's services or benefits, the notice of privacy practices must be prominently posted to it.
Dr. Hall is an orthopedic surgeon performing a knee replacement on Mary. Mary was seen in Dr. Hall's office two months before the surgery and Dr. Hall documented her history and physical (H&P) at that point. Does this H&P meet documentation requirements for the surgery? a. No, the first H&P must be documented within 60 days before admission, and another H&P must be documented within 48 hours after admission to the hospital b. Yes, there are no requirements on when an H&P must be performed c. No, the H&P must be documented within 30 days before admission with an update within 24 hours after admission d. Yes, because the H&P was documented within 60 days
c. No, the H&P must be documented within 30 days before admission with an update within 24 hours after admission Dr. Hall must document a new history and physical for Mary because the last history and physical was completed 60 days ago. A history and physical must be completed within 30 days of admission or within 24 hours after admission. If a history and physical is completed within 30 days of a surgery, an updated exam must be documented within 24 hours of admission and prior to the surgery or procedure.
Which of the following is considered a two-factor authentication system? a. User ID with a password b. User ID with voice scan c. Password and swipe card d. Password and PIN
c. Password and swipe card Strong authentication requires providing information from two of the three different types of authentication information. The three methods are something you know such as a password or PIN; something you have, such as an ATM card, token, swipe card, or smart card; and something you are, such as a biometric fingerprint, voice scan, iris, or retinal scan. An individual who provides something he knows (password) and something he has (swipe card) is called two-factor authentication.
Which of the following materials is not documented in an emergency medical care record? a. Patient's instructions at discharge b. Time and means of the patient's arrival c. Patient's complete medical history d. Emergency care administered before arrival at the facility
c. Patient's complete medical history Information typically included in the patient's health record for an emergency visit includes: patient's instructions at discharge, time and means of patient's arrival, emergency care administered before arrival at the facility, clinical observations, and the like. The patient's complete health history would not be included in the record.
Placing locks on computer room doors is considered what type of security control? a. Access control b. Workstation control c. Physical safeguard d. Security breach
c. Physical safeguard Physical safeguards protect physical equipment, media, or facilities. For example, doors leading to the areas that house mainframes and other principal computing equipment should have locks on them.
The legal term used to describe when a patient has the right to maintain control over certain personal information is referred to as: a. Access b. Confidentiality c. Privacy d. Security
c. Privacy Privacy is when a patient has the right to maintain control over certain health information.
George reviewed the patient record of Mr. Brown and found there was no H&P on the record at seven hours past this patient's admission time. This review process would be an example of: a. Data mining b. Qualitative analysis c. Quantitative analysis d. Data warehousing
c. Quantitative analysis Quantitative analysis is used by health information management technicians as a method to detect whether elements of the patient's health record are missing.
What is the primary purpose of structured data entry? a. Provide providers with as many options as possible b. Speed up data entry c. Reduce documentation variability d. Comply with regulatory rules
c. Reduce documentation variability Structured data entry techniques constrain data capture into a common format or vocabulary. A purpose of structured data entry is to reduce variability in terminology, allowing for standardization.
The sister of a patient requests the HIM department to release copies of her brother's health record to her. She states that because the physician documented her name as her brother's caregiver that HIPAA regulations apply and that she may receive copies of her brother's health record. In this case, how should the HIM department proceed? a. Provide the copies as requested since the sister was a caregiver. b. Provide only copies of the reports where the sister's name is mentioned. c. Refuse the request. d. Refer the individual to legal counsel.
c. Refuse the request. The Privacy Rule addresses the issue of personal representatives. Personal representatives are those who are legally authorized to make healthcare decisions on an individual's behalf or to act on behalf of a deceased individual or that individual's estate. Under the Privacy Rule, then, a personal representative must be treated the same as the individual regarding the use and disclosure of the individual's PHI. In this instance, the fact that the sister is listed in the health record as the caregiver does not make her legally authorized as a personal representative under the Privacy Rule. Her request should be refused.
Two HIM professionals are abstracting data for the same case for a registry. When their work is checked, discrepancies are found. Which data quality component is lacking? a. Completeness b. Validity c. Reliability d. Timeliness
c. Reliability Reliability refers to the degree to which a selection test produces consistent scores on a test and retest. Reliability is frequently checked by having more than one person abstract data for the same case. The results are then compared to identify any discrepancies.
A secondary purpose of the health record is to provide support for which of the following? a. Provider reimbursement b. Education for patients c. Research activities d. Delivery of patient care
c. Research activities The secondary purposes of the health record are not associated with specific encounters between patient and healthcare professional. Rather, they are related to the environment in which patient care is provided. Some secondary purposes are: support for research, to serve as evidence in litigation, to allocate resources, to plan market strategy, and the like.
What type of health record policy dictates how long individual health records must remain available for authorized use? a. Disclosure policies b. Legal policies c. Retention policies d. Redisclosure policies
c. Retention policies Hospitals and other healthcare facilities develop health record retention policies to ensure that health records comply with all applicable state and federal regulations, accreditation standards, as well as meet future patient care needs. Most states have established regulations that address how long health records and other healthcare-related documents must be maintained before they can be destroyed.
During user acceptance testing of a new EHR system, physicians are complaining that they must use multiple log-on screens to access all the system modules. For example, they must use one log-on for CPOE and another log-on to view laboratory results. One physician suggests having a single sign-on that would provide access to all the EHR system components. However, the hospital administrator thinks that one log-on would be a security issue. What information should the HIM director provide? a. Single sign-on is not supported by HIPAA security measures. b. Single sign-on is discouraged by the Joint Commission. c. Single sign-on is less frustrating for the end user and can provide better security. d. Single sign-on is not possible given today's technology.
c. Single sign-on is less frustrating for the end user and can provide better security. Single sign-on allows sign-on to multiple related, but independent, software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems.
What resource should be consulted in terms of who may authorize access, use, or disclose the health records of minors? a. HIPAA because it has strict rules regarding minors b. Hospital attorneys because they know the rules of the hospital c. State law because HIPAA defers to state laws on matters related to minors d. Federal law because HIPAA overrides state laws on matters related to minors
c. State law because HIPAA defers to state laws on matters related to minors Because HIPAA defers to state laws on the issue of minors, applicable state laws should be consulted regarding appropriate authorization. In general, the age of maturity is 18 years or older. This is the legal recognition that an individual is considered responsible for, and has control over, his or her actions.
Which document directs an individual to bring originals or copies of records to court? a. Summons b. Subpoena ad testificandum c. Subpoena duces tecum d. Deposition
c. Subpoena duces tecum A subpoena duces tecum means to bring documents and other records with oneself. Such subpoenas may direct the heath information technology (HIT) professional to bring originals or copies of health records, laboratory reports, x-rays, or other records to a deposition or to court. Each state has different rules governing the production of health records in litigation. Often, the component state HIM association of AHIMA has a legal handbook that outlines the various conditions and how HITs should respond to a subpoena.
Community Hospital is discussing restricting the access that physicians have to electronic health records. The medical record committee is divided on how to approach this issue. Some committee members maintain that all information should be available, whereas others maintain that HIPAA restricts access. The HIM director is part of the committee. Which of the following should the director advise the committee? a. HIPAA restricts the access of physicians to all information. b. The "minimum necessary" concept does not apply to disclosures made for treatment purposes; therefore, physician access should not be restricted. c. The "minimum necessary" concept does not apply to disclosures made for treatment purposes, but the organization must define what physicians need as part of their treatment role. d. The "minimum necessary" concept applies only to attending physicians, and therefore, restriction of access must be implemented.
c. The "minimum necessary" concept does not apply to disclosures made for treatment purposes, but the organization must define what physicians need as part of their treatment role. The HIPAA Privacy Rule concept of "minimum necessary" does not apply to disclosures made for treatment purposes. However, the covered entity must define, within the organization, what information physicians need as part of their treatment role.
Central City Clinic has requested that Ghent Hospital send its hospital records for Susan Hall's most recent admission to the clinic for her follow-up appointment. Which of the following statements is true? a. The Privacy Rule requires that Susan Hall complete a written authorization. b. The hospital may send only the discharge summary, history and physical, and operative report. c. The Privacy Rule's minimum necessary requirement does not apply. d. This "public interest and benefit" disclosure does not require the patient's authorization.
c. The Privacy Rule's minimum necessary requirement does not apply. There are certain circumstances where the minimum necessary requirement does not apply, such as to healthcare providers for treatment; to the individual or his personal representative; pursuant to the individual's authorization to the secretary of the HHS for investigations, compliance review, or enforcement; as required by law; or to meet other Privacy Rule compliance requirements.
For HIPAA implementation specifications that are addressable, which of the following statements is true? a. The covered entity must implement the specification. b. The covered entity may choose not to implement the specification if implementation is too costly. c. The covered entity must conduct a risk assessment to determine whether the specification is appropriate to its environment. d. If the covered entity is a small hospital, the specification does not have to be implemented.
c. The covered entity must conduct a risk assessment to determine whether the specification is appropriate to its environment. Implementation specifications define how standards are to be implemented. Implementation specifications are either "required" or "addressable." Covered entities must implement all implementation specifications that are "required." For those implementation specifications that are labeled addressable, the covered entity must conduct a risk assessment and evaluate whether the specification is appropriate to its environment.
Which Joint Commission survey methodology involves an evaluation that follows the hospital experiences of past or current patients? a. Priority focus process review b. Periodic performance review c. Tracer methodology d. Performance improvement
c. Tracer methodology The Joint Commission uses tracer methodology for on-site surveys. The tracer methodology incorporates the use of the priority focus process (PFP) review, follows the experience of care through the organization's entire healthcare process, and allows the surveyor to identify performance issues.
What type of registry maintains a database on patients injured by an external physical force? a. Implant registry b. Birth defects registry c. Trauma registry d. Transplant registry
c. Trauma registry Trauma registries maintain databases on patients with severe traumatic injuries. A traumatic injury is a wound or other injury caused by an external physical force such as an automobile accident, a shooting, a stabbing, or a fall.
Which of the following is not true of good electronic forms design? a. Minimizes keystrokes by using pop-up menus b. Performs completeness check for all required data c. Uses radio buttons to select multiple items from a set of options d. Uses text boxes to enter text
c. Uses radio buttons to select multiple items from a set of options Good forms design is needed within an EHR to create ease of use. The use of a selection box allows the user to select a value from a predefined list. Check boxes are used for multiple selections and radio buttons are used for single selections
Which of the following is NOT a true statement about a hybrid health record system? a. Development of processes for both manual and computer processes is a challenge. b. Creation of a definition of what constitutes a health record in manual and electronic format must be developed. c. Version control is easy to implement. d. Security safeguards must be developed for both paper and electronic processes.
c. Version control is easy to implement. As the electronic system develops, different versions of documents may exist, and these also must be monitored and logged for both legal and practice purposes. Version control in a hybrid record environment is challenging as both the paper and electronic documents must be controlled.
In which of the following situations must a covered entity provide an appeals process for denials to requests from individuals to see their own health information? a. Any time access is requested b. When the covered entity is a correctional institution c. When a licensed healthcare professional has determined that access to PHI would likely endanger the life or safety of the individual d. When the covered entity is unable to produce the health record
c. When a licensed healthcare professional has determined that access to PHI would likely endanger the life or safety of the individual The HIPAA Privacy Rule provides patients with significant rights that allow them to have some measure of control over their health information. As long as state laws or regulations or the physician does not state otherwise (such as when a licensed healthcare professional has determined that access would likely endanger the life or safety of the individual) competent adult patients have the right to access their health record.
An HIT using her password can access and change data in the hospital's master patient index. A billing clerk, using his password, cannot perform the same function. Limiting the class of information and functions that can be performed by these two employees is managed by: a. Network controls b. Audit trails c. Administrative controls d. Access controls
d. Access controls Determining what data to make available to an employee usually involves identifying classes of information based on the employee's role in the organization. Every role in the organization should be identified, along with the type of information required to perform it. This is often referred to as role-based access. Although there are other types of access control strategies, role-based access is probably the one used most often in healthcare organizations. Access to information and information resources (such as computers) must be restricted to those authorized to access the information or the associated resources.
Cancer registries receive approval as part of the facility cancer program from which of the following agencies? a. American Cancer Society b. National Cancer Registrar's Association c. National Cancer Institute d. American College of Surgeons
d. American College of Surgeons Several organizations have developed standards or approval processes for cancer programs. The American College of Surgeons (ACS) Commission on Cancer has an approval process for cancer programs. One of the requirements of this process is the existence of a cancer registry as part of the program.
Written business associate agreements are required with: a. Every company where work is outsourced b. Any outside company that handles electronic data c. Every outside company d. Any outside company that handles electronic PHI
d. Any outside company that handles electronic PHI Covered entities must obtain a written contract with business associates or other entities who handle e-PHI. The written contract must stipulate that the business associate will implement HIPAA administrative, physical, and technical safeguards and procedures and documentation requirements that safeguard the confidentiality, integrity, and availability of the e-PHI that it creates, receives, maintains, or transmits on behalf of the covered entity.
The medical record of Kathy Smith, the plaintiff, has been subpoenaed for a deposition. The plaintiff's attorney wishes to use the records as evidence to prove his client's case. In this situation, although the record constitutes hearsay, it may be used as evidence based on the: a. Admissibility exception b. Discovery exception c. Direct evidence exception d. Business records exception
d. Business records exception The Business Records Exception is the rule under which a record is determined not to be hearsay if it was made at or near the time by, or from information transmitted by, a person with knowledge; it was kept in the course of a regularly conducted business activity; and it was the regular practice of that business activity to make the record.
Which group focuses on accreditation of rehabilitation programs and services? a. HFAP b. Joint Commission c. AAAHC d. CARF
d. CARF The Joint Commission accredits rehabilitation programs and services but they do not focus on it like CARF does.
Under HIPAA rules, when an individual asks to see his or her own health information, a covered entity: a. Must always provide access b. Can always deny access c. Can demand that the individual pay to see his or her record d. Can deny access to psychotherapy notes
d. Can deny access to psychotherapy notes Section 164.524 of the Privacy Rule states that an individual has a right of access to inspect and obtain a copy of his or her own protected health information (PHI) that is contained in a designated record set, such as a health record. The individual's right extends for as long as the PHI is maintained. However, there are exceptions to what PHI may be accessed. For example, psychotherapy notes; information compiled in reasonable anticipation of a civil, criminal, or administrative action or proceeding; or PHI subject to the Clinical Laboratory Improvements Act (CLIA) are all exceptions.
When all required data elements are included in the health record, the quality characteristic for data ________ is met. a. Security b. Accessibility c. Flexibility d. Comprehensiveness
d. Comprehensiveness Data comprehensiveness means that all the required data elements are included in the health record. In essence, comprehensiveness means that the record is complete. In both paper-based and computer-based systems, having a complete health record is critical to the organization's ability to provide excellent patient care and to meet all regulatory, legal, and reimbursement requirements.
What is the status conferred by a national professional organization that is dedicated to a specific area of healthcare practice? a. Degree b. Certificate c. License d. Credential
d. Credential Credentials are the recognition by healthcare organizations of previous professional practice responsibilities and experiences commonly accorded to licensed independent practitioners and are usually conferred by a national professional organization dedicated to a specific area of healthcare practice.
A crucial early step in designing an electronic health record (EHR) is to develop a(n) ________ in which the characteristics of each data element are defined. a. Accreditation manual b. Core content c. Continuity of care record d. Data dictionary
d. Data dictionary A data dictionary improves data validity and reliability within, across, and outside the enterprise because it ensures that each piece of data can only mean one thing. A critical early step in implementing the EHR is to develop a data dictionary.
The patient's address is the same in the master patient index, electronic health record, laboratory information system, and other systems. This means that the data values are consistent and therefore indicative of which of the following? a. Data availability b. Data accessibility c. Data privacy d. Data integrity
d. Data integrity Data integrity means that data are complete, accurate, consistent, and up-to-date so it is reliable.
Electronic systems used by nurses and physicians to document assessments and findings are called: a. Computerized provider order entry b. Electronic document management systems c. Electronic medication administration record d. Electronic point-of-care charting
d. Electronic point-of-care charting There are important applications that support electronic health record (EHR) functionality. Many hospitals begin their EHR implementation with point-of-care (POC) charting systems. These might include nursing admission assessments, nursing progress notes, vital signs charting, intake and output records, and the like.
Which of the following would be used to track data movement from one system to another? a. Administrative metadata b. Business metadata c. Context metadata d. Embedded metadata
d. Embedded metadata Embedded metadata are most often associated with automated records of operations (such as audit trails) and are stored with the date themselves. If data move from a source system to another system, then the system can attach metadata that identify where the data originated. In this way, metadata helps track data movement from one system to another.
What is the primary benefit of point-of-care charting? a. Eases duplicate data entry burden b. Eliminates intermediary paper forms c. Eliminates the need for provider documentation d. Ensures that appropriate data are collected timely
d. Ensures that appropriate data are collected timely Many hospitals begin their EHR implementation with point of care (POC) charting systems. These might include nursing admission assessments, nursing progress notes, vital signs charting, intake and output records, and the like.
Which of the following is not a guideline for maintaining integrity in the health record? a. Specifying consequences for the falsification of information b. Requiring periodic training covering the falsification of information and information security c. Prohibiting the entry of false information into any of the organizations' records d. Ensuring documentation that is being changed is permanently deleted from the record
d. Ensuring documentation that is being changed is permanently deleted from the record Data integrity is the assurance that the data entered into an electronic system or maintained on paper are only accessed and amended by individuals with the authority to do so. Data integrity includes data governance, patient identification, authorship validation, amendments and record correction, and audit validation for reimbursement purposes. These functions ensure that the data is protected and altered by authorized individuals as per policy.
Ensuring data are not altered during transmission across a network or during storage is called: a. Media control b. Audit controls c. Mitigation d. Integrity
d. Integrity Technology has advanced to a point at which an unauthorized user can capture data in transit and alter it. Therefore, CEs must confirm the integrity of data passed across a network. Integrity is the security principle that protects data from inappropriate modification or corruption. This includes both unintentional and intentional modifications and destructions. Unintentional modifications and destruction could occur if the wrong data are destroyed, the wrong backup is used to restore data, or an electrical fire destroys the computer.
When a patient revokes authorization for release of information after a healthcare facility has already released the information, the facility in this case: a. May be prosecuted for invasion of privacy b. Has become subject to civil action c. Has violated the security regulations of HIPAA d. Is protected by the Privacy Act
d. Is protected by the Privacy Act An individual may revoke an authorization at any time, provided that he or she does so in writing. However, the revocation does not apply when the covered entity has already taken action on the authorization.
Which of the following is not true about the Notice of Privacy Practices? a. It must include a description of the patient's right to amend PHI. b. It must include a description of the right to request restrictions on certain uses and disclosures. c. It must explain the patient's right to inspect and copy PHI. d. It must include at least two examples of how information is used for both treatment and operations.
d. It must include at least two examples of how information is used for both treatment and operations. AHIMA outlines the requirements for the content of the notice of privacy practices. One requirement is that a description (including at least one example) is to be given of the types of uses and disclosures the covered entity is permitted to make for treatment, payment, and healthcare operations.
A patient's registration forms, personal property list, RAI, care plan, and discharge or transfer documentation would be found most frequently in which type of health record? a. Rehabilitative care b. Ambulatory care c. Behavioral health d. Long-term care
d. Long-term care The following list identifies some of the most common components of long-term care records: registration forms including resident identification data, personal property list, history and physical and hospital records, advance directives, bill of rights, and other legal records, and RAI and care plan.
Which of the following statements represents knowledge? a. Hematocrit is 48 today b. Mary Jones had a blood pressure of 120/100 c. The hospital has an 89 percent occupancy rate d. Mary Jones's hemoglobin of 13 is within normal range
d. Mary Jones's hemoglobin of 13 is within normal range Knowledge consists of a combination of rules, relationships, ideas, and experiences applied to information. The statement "Mary Jones's hemoglobin of 13 is within normal range" identifies the patient, specific information about that patient and how it relates to normal parameters which makes it knowledge rather than information.
Which of the following describe criteria with specific objectives and measures that hospitals must meet to demonstrate they are using EHRs that positively affect patient care? a. Approved certified EHR technology b. Hospital standardization program c. Interoperability standards d. Meaningful use
d. Meaningful use Meaningful use is criteria with specific objectives and measures to be met by hospitals to demonstrate they are using EHRs that positively affect patient care.
Lane Hospital has a contract with Ready-Clean, a local company, to come into the hospital to pick up all of the facility's linens for off-site laundering. Ready-Clean is: a. A business associate because Lane Hospital has a contract with it b. Not a business associate because it is a local company c. A business associate because its employees may see PHI d. Not a business associate because it does not use or disclose individually identifiable health information
d. Not a business associate because it does not use or disclose individually identifiable health information Vendors who have a presence in a healthcare facility, agency, or organization will often have access to patient information in the course of their work. If the vendor meets the definition of a business associate (that is, it is using or disclosing an individual's PHI on behalf of the healthcare organization), a business associate agreement must be signed. If a vendor is not a business associate, employees of the vendor should sign confidentiality agreements because of their routine contact with and exposure to patient information. In this situation, Ready-Clean is not a business associate.
Which one of the following indexes contains a list maintained in procedure code number order for patients who are discharged from a facility during a particular time period? a. Physician b. Master patient c. Disease d. Operation
d. Operation The Operation Index is similar to the Disease Index except that it is arranged in numerical order by the patient's procedure code(s) using International Classification of Diseases or Current Procedural Terminology (CPT) codes.
Under HIPAA, which of the following is not named as a covered entity? a. Attending physician b. Healthcare clearinghouse c. Health plan d. Outsourced transcription company
d. Outsourced transcription company An outsourced transcription company and vendor would be business associates of a covered entity (CE). Although business associates are not directly regulated by the Privacy Rule, they do come under the Privacy Rule's requirements by virtue of their association with one or more CEs. A business associate is a person or organization other than a member of a CE's workforce that performs functions or activities on behalf of or affecting a CE that involve the use or disclosure of individually identifiable health information.
Bob Smith is a 56-year-old white male. This is an example of what type of data? a. Secondary b. Primary c. Aggregate d. Patient-identifiable
d. Patient-identifiable Data also are categorized as either patient identifiable data, or aggregate data. With patient identifiable data, the patient is identified within the data either by name or number. The health record consists entirely of patient-identified data.
The following is documented in an acute-care record: "HEENT: Reveals the tympanic membranes, nares, and pharynx to be clear. No obvious head trauma. CHEST: Good bilateral chest sounds." In which of the following would this documentation appear? a. Medical history b. Pathology report c. Operation report d. Physical examination
d. Physical examination Information usually documented in the physical examination includes vital signs and examinations of the head, eyes, ears, nose, throat (HEENT).
Which of the following is not part of data governance? a. Ensuring control and accountability for enterprise data b. Establishing and monitoring data policies c. Assigning data decision rights and accountabilities for data d. Promoting the sale of enterprise data
d. Promoting the sale of enterprise data Data governance is the enterprise authority that ensures control and accountability for enterprise data through the establishment of decision rights and data policies and standards that are implemented and monitored through a formal structure of assigning roles, responsibilities, and accountabilities. Promoting the sale of data would not be a role of data governance.
A competent individual has the following rights concerning his or her healthcare: a. Right to consent to treatment and the right to destroy their original health record b. Right to destroy their original health record and the right to refuse treatment c. Right to access his or her own PHI and the right to take the original record with them d. Right to consent to treatment and the right to access his or her own PHI
d. Right to consent to treatment and the right to access his or her own PHI Competent adults have a general right to consent to or refuse medical treatment. In general, a competent adult has the right to request, receive, examine, copy, and authorize disclosure of the patient's healthcare information.
An individual designated as an inpatient coder may have access to an electronic health record to code the record. Under what access security mechanism is the coder allowed access to the system? a. Situation based b. User based c. Context based d. Role based
d. Role based Access to e-PHI can be controlled through the use of the following: user-based access, role- based access, and context-based access. Role-based access control decisions are based on the roles individual users have as part of an organization. Each user is given various privileges to perform their role or function.
Which of the following is not an automatic control that helps preserve data confidentiality and integrity in an electronic system? a. Edit checks b. Audit trails c. Password management d. Security awareness program
d. Security awareness program Security awareness requires entities to provide security training for all staff. They must address security reminders, detection and reporting of malicious software, login monitoring, and password management. Edit checks, audit trails, and password management can all be programmed to be automatic controls where a security awareness program cannot.
The HIPAA Privacy Rule: a. Protects only medical information that is not already specifically protected by state law b. Supersedes all state laws that conflict with it c. Is federal common law d. Sets a minimum (floor) of privacy requirements
d. Sets a minimum (floor) of privacy requirements With the passage of the Privacy Rule, a minimum amount of protection (that is, a floor) was achieved uniformly across all the states through the establishment of a consistent set of standards that affected providers, healthcare clearinghouses, and health plans.
The following is documented in an acute-care record: "Spoke to the attending re: my assessment. Provided adoption and counseling information. Spoke to CPS re: referral. Case manager to meet with patient and family." In which of the following would this documentation appear? a. Admission note b. Dietary note c. Physician progress note d. Social service note
d. Social service note This documentation would typically be found in social service notes.
Which of the following provides a standardized vocabulary for facilitating the development of computer-based patient records? a. Current Procedural Terminology b. Healthcare Common Procedure Coding System c. International Classification of Diseases, Tenth Revision, Clinical Modification d. Systematized Nomenclature of Medicine Clinical Terminology
d. Systematized Nomenclature of Medicine Clinical Terminology Standardized vocabulary is needed to facilitate the indexing, storage, and retrieval of patient information in an electronic health record (EHR). Systematized Nomenclature of Medicine Clinical Terminology (SNOMED CT) creates a standardized vocabulary. The Computerbased Patient Record Institute (CPRI) has studied the ability of current nomenclatures to capture information for EHRs. The institute has determined that SNOMED CT is the most comprehensive controlled vocabulary for coding the contents of the health record and facilitating the development of computerized records.
The "custodian of health records" refers to the individual within an organization who is responsible for all except which of the following actions? a. Authorized to certify records b. Supervising inspection and copying of record c. Testifying to the authenticity of records d. Testifying regarding the care of the patient
d. Testifying regarding the care of the patient The custodian of health records is the individual who has been designated as having responsibility for the care, custody, control, and proper safekeeping and disclosure of health records for such persons or institutions that prepare and maintain records of healthcare. The custodian of the health record does not have the responsibility or expertise to testify regarding the care of the patient.
Which of the following is the healthcare industry's leading standards-setting body in the country? a. Agency for Healthcare Research and Quality b. National Guideline Clearinghouse c. National Committee for Quality Assurance d. The Joint Commission
d. The Joint Commission Although there are many high quality accreditation organizations in existence today, all with the common goals of patient safety and the delivery of high quality healthcare to patients, the Joint Commission has been an industry leader in the area of healthcare provider organization accreditation.
Which of the following has been responsible for accrediting healthcare organizations since the mid-1950s and determines whether the organization is continually monitoring and improving the quality of care provided? a. Commission on Accreditation of Rehabilitation Facilities b. American Osteopathic Association c. National Committee for Quality Assurance d. The Joint Commission
d. The Joint Commission The Joint Commission has been the most visible organization responsible for accrediting healthcare organizations since the mid-1950s. The primary focus of the Joint Commission at this time is to determine whether organizations seeking accreditation are continually monitoring the quality of the care they provide. The Joint Commission requires that this continual improvement process be in place throughout the entire organization, from the governing body down, as well as across all department lines.
A health information technician is responsible for designing a data collection form to collect data on patients in an acute-care hospital. The first resource that she should use is: a. ORYX b. UACDS c. MDS d. UHDDS
d. UHDDS The purpose of the UHDDS is to list and define a set of common, uniform data elements. The data elements are collected from the health records of every hospital inpatient and later abstracted from the health record and included in national databases.
Which of the following would be the best course of action to take to ensure continuous availability of electronic data? a. Acquire storage management software. b. Send data to a remote site using the Internet. c. Store data on RAID. d. Use redundant servers.
d. Use redundant servers. Data must be available continuously. When paper as a backup no longer exists in a paperless electronic health record (EHR) environment, users must be assured that the computer system is available to them at all times. To achieve such availability, an EHR should have server redundancy. This means that as data are entered and processed by one server, they are entered and processed simultaneously by a second server. Should the primary server crash, the system should be designed to "fail over" to the second server and can continue processing as if, at least from the user's point of view, nothing had happened.