Practice Quiz 9.1

Ace your homework & exams now with Quizwiz!

Which of the following is an example of a security incident?

A hacker accessed PHI from off site.

You have been asked to provide an example of a trigger that might be used to reduce auditing. The example you should provide is:

A patient and user have the same last name.

The patient was admitted and discharged before a notice of privacy practices could be provided to him. The proper action to take is

Mail the notice of privacy practices to the patient.

Mary processed a request for information and mailed it out last week. Today, the requestor, an attorney, called and said that all of the requested information was not provided. Mary pulls the documentation, including the authorization and what was sent. She believes that she sent everything that was required based on what was requested. She confirms this with her supervisor. The requestor still believes that some extra documentation is required. Given the above information, which of the following statements is true?

Mary is not required to release the extra documentation because the facility has the right to interpret a request and apply the minimum standard rule.

The physician office you go to has a data integrity issue. What does this mean?

There has been unauthorized alteration of patient information.

Alisa has trouble remembering her password. She taped the password to the bottom of her keyboard. As the chief privacy officer, your appropriate response is:

This is inappropriate and must be removed.

You have been given some data. The patient's name, address, social security number have all been removed. It does include the patient's account number. Identify the true statement.

This is not de-identified information, because it is possible to identify the patient.

Your department was unable to provide a patient with a copy of his health record within HIPAA's 30-day limitation. What should you do?

Write the patient and tell him that you will need a 30-day extension.

The nurse needs to look up new physician orders. First, the nurse should confirm that she has access to this information. This process is known as

aunthentication

The three components of a data security program are confidentiality, integrity, and

availability

The chief security officer has recommended a security measure that utilizes fingerprints or retina scans. He recommended

biometrics

When developing the security plan, the plan must address the records subject to the security rule. This would include

cancer registry

You have been asked to provide examples of technical security measures. Identify what you would include in your list of examples.

encrytion

Which of the following can be released without consent or authorization?

de-identified health information

You are writing the policy that will be used to determine a valid authorization. You are basing the policy in the HIPAA Privacy Rule. The policy will require the authorizations to have a(n)

expiration date

The HIPAA security rule term for instructions on how to comply with security standards is known as

implementation specification.

The company's policy states that audit logs, access reports, and security incident reports should be reviewed daily. This review is known as a(n)

information system activity review

You are asked by an HIM student to provide him or her an example of an administrative safeguard under the security rule. The appropriate response is

monitoring the computer access activity of the user

I have been asked if I want to be in the directory. The admission clerk explains that if I am in the directory,

my friends and family can find out my room number.

Identify the requester that requires patient authorization before releasing PHI.

patient's attorney

The physician office has set the information systems so that they will log out after 5 minutes of inactivity. This is an example of which of the following?

physical safeguard

Your new employee asked you which disclosures would require patient authorization. What will you say?

release to patient's family

You job is to determine the documents subject to the HIPAA Security Rule. The document that you identify is

scanned operative report stored on CD.

Bob submitted his resignation from Coastal Hospital. His last day is today. He should no longer have access to the EHR and other information systems as of 5:00 PM today. The removal of his information system privileges is known as

terminating access.

The coder reviewed 10 patients' health records in order to assign diagnosis and procedure codes. Select the term used for this practice.

use


Related study sets

Upper-Intermediate - English File - Unit 3a

View Set

ATI Hepatobiliary and Pancreatic Disorder Questions

View Set

Chapter 30: Mental Health Care for Survivors of Violence

View Set

MGMT-464: Chapter 5 - Foundations of Employee Motivation

View Set

Abeka 6th Grade Language Test #9 (Use pages 241-246 to study)

View Set

Chapter 1 Quiz, Chapter 2 Quiz, Micro Chapter 3 Quiz, Micro Chapter 4 Quiz, Micro Chapter 5 Quiz

View Set

Chapter 11: transaction costs, scope, and vertical integration

View Set