RHIA Domain 2|133 Questions with Verified Answers
Legal Health Record - CORRECT ANSWER Formal business record to be utilized during legal
... [Show More] procedings
If privacy issues emerge... - CORRECT ANSWER Determine source of problem and issue HIPAA training
If patient is unable to sign... - CORRECT ANSWER Implied Consent
Psychiatric patients may view records if physician determines... - CORRECT ANSWER Seeing record is not harmful to their condition or treatment
Facility Directory - CORRECT ANSWER General Condition
Acknowledgement of admission
HIPAA's Expert Determination and Safe Harbor - CORRECT ANSWER Deidentification
Log-in with standard ID and password - CORRECT ANSWER Access Control Standard
Legal Hold - CORRECT ANSWER Special tracking of patient records involved in litigation to ensure no changes are made
Security Risk Analysis First Consideration - CORRECT ANSWER Consider entity's characteristics and environment
Audit Trail - CORRECT ANSWER Reconstructing electronic events
Entity Authentication - CORRECT ANSWER Reads pre-determined criteria to ensure a user is who they claim to be
Password systems
Inherent Weakness of a Safeguard - CORRECT ANSWER Vulnerability
Informed Consent - CORRECT ANSWER Risks and benefits of procedure
Alternatives
Description of procedure
Done by phyisician
Ensuring employees understand security measures - CORRECT ANSWER Workforce Security Awareness Training
Provides entities with structural framework to build a HIPAA security plan - CORRECT ANSWER Security Risk Analysis
Pre-Employment Physicals - CORRECT ANSWER Not protected by HIPAA bc part of personnel record
HIPAA identifier that has not been implemented - CORRECT ANSWER Individual
Preventing theft of PHI - CORRECT ANSWER Facility Access Controls
Improved security of EHR - CORRECT ANSWER Access Controls
Audit Trails
Authentication Systems
Designated Record Set - CORRECT ANSWER Includes records from other hospitals that were involved in episode of care decisions
HIPAA Record Retention - CORRECT ANSWER 6 years
Rendering PHI unreadable and unusable to unauthorized individuals - CORRECT ANSWER Encryption and Destruction
Goal of HIPAA Administrative Simplification - CORRECT ANSWER Standardizing electronic transmission of health data
Technology policies, protocols, and access controls - CORRECT ANSWER Technical Safeguards
Patient Accounting of Disclosures - CORRECT ANSWER Must include disclosure requires patient authorization
HIPAA Training - CORRECT ANSWER Privacy and security training should not be seperated
Darling vs. Charleston Community Memorial Hospital - CORRECT ANSWER Hospital is responsible for the quality of care given by its physicians
Not a Business Associate Under HITECH - CORRECT ANSWER Housekeeping
Fundraising solicitations may not - CORRECT ANSWER Target a specific group or diagnosis
Most Constant Threat to Health Information Integrity - CORRECT ANSWER Humans
Device and Media Controls - CORRECT ANSWER Security breaches from lack of wiping data from devices
Employee Physical - CORRECT ANSWER Should report family history unless specifically excluded
Virtual Privacy - CORRECT ANSWER Private tunnel with Internet as transport medium for secure transmission
Role-Based - CORRECT ANSWER Access determined by employee's job title and responsibilities
Administrative Safeguard - CORRECT ANSWER More people-focused in nature
Most of the safeguards
Healthcare Integrity and Protection Data Bank - CORRECT ANSWER Legal action taken against healthcare provider
Privileged Communication - CORRECT ANSWER Between patient and provider based on medical condition
Privacy - CORRECT ANSWER Patient can maintain control over certain personal information
Authorizations - CORRECT ANSWER Must be signed for every disclosure of PHI
Consent - CORRECT ANSWER Sound mind or legal directive
Deidentified - CORRECT ANSWER Not protected by HIPAA Privacy Rule
NPP - CORRECT ANSWER Only informational
Patients can not object to TPO uses
Must inform patients of disclosures to foundations
Patient Review of Records - CORRECT ANSWER Cannot dictate place bc org is responsible for integrity
Privacy Rule Identifier - CORRECT ANSWER Vehicle License Plate
PCP - CORRECT ANSWER Patients cannot deny PCP access to their records
Office of Civil Rights - CORRECT ANSWER Oversight and enforcement of HIPAA
Workforce - CORRECT ANSWER Perform functions on behalf of covered entities and business associates
Includes volunteers and external orgs
When federal and state law are different - CORRECT ANSWER Choose the stricter one
Addressable Security Rule - CORRECT ANSWER Should be implemented unless an entity determines it is not reasonable and appropriate
500 days - CORRECT ANSWER DHHS secretary must be informed of breaches greater than this
Workforce Security Standard Addressable Standards - CORRECT ANSWER Authorization and supervision
Workforce clearance procedures
Termination procedures
Spoilation - CORRECT ANSWER Destroying a record outside of destruction standards and regulations
PHR - CORRECT ANSWER In LHR when used by org to provide treatment
Granting Privileges - CORRECT ANSWER Defining what services providers may perform
Most Common Security Threat - CORRECT ANSWER Internal to org
Employees viewing own record - CORRECT ANSWER Violates minimum necessary, Must follow standard procedure
Regulation - CORRECT ANSWER From admin agency of govt
Security Incident Procedure Standard - CORRECT ANSWER Identifying and responding to security events
Redisclosure - CORRECT ANSWER Releasing docs originally created by another provider/facility
Willful and Knowing HIPAA violation - CORRECT ANSWER $250,000, 10 yrs in jail
PDSA - CORRECT ANSWER Inform patients they are entitled to advanced directive and document presence
Advance Directive - CORRECT ANSWER Must be followed even if patient is declared incompetent after it is made
Divorced Parents - CORRECT ANSWER Only one must consent
Trigger - CORRECT ANSWER System response and notification
Info Access Mgmt Standard - CORRECT ANSWER Controlling access to workstation, transaction, program, or process
Utilization Review - CORRECT ANSWER Use for Operations
Sending records to physician - CORRECT ANSWER Disclosure
Custodian of Health Records - CORRECT ANSWER Testifies to authenticity of records
Amendments cannot be made on records not in - CORRECT ANSWER DRS
Automatic Session Terminations - CORRECT ANSWER Minimizes data breaches when computer is unattended
Person or Entity Authentication Standard - CORRECT ANSWER No unit level password
Minimum Necessary - CORRECT ANSWER Define what staff needs to complete their role
ROIs must be responded to within - CORRECT ANSWER 30 days
If patient private pays - CORRECT ANSWER Can restrict insurance info to info
Contingency Planning - CORRECT ANSWER Disaster Recovery Planning
Not redisclosure - CORRECT ANSWER If external and within DRS
Private Endeavours - CORRECT ANSWER Physician needs business associate agreement with hospital
If patient requests hybrid - CORRECT ANSWER Give both forms
Saying name in waiting room - CORRECT ANSWER Not a HIPAA violation, but change process
Social Security Number - CORRECT ANSWER Never show on documentation
Accidental Deaths - CORRECT ANSWER Reported to medical examiner
Documentation Retention Guidelines - CORRECT ANSWER Admin Safeguard
HIPAA Security Rule - CORRECT ANSWER Ensure confidentiality, integrity, and availability
UHCDA - CORRECT ANSWER Spouse, adult child, parent, adult sibling
Accounting of Disclosures Timeframe - CORRECT ANSWER 3 years
Respondeat Superior - CORRECT ANSWER Employer is responsible for employees negligence
Job Shadowing - CORRECT ANSWER Only in areas with no PHI
No Info in Directory - CORRECT ANSWER Deny requests bc that is difficult to manage and HIPAA violation can occur
Revokes ROI after release - CORRECT ANSWER Protected by privacy rule
QI - CORRECT ANSWER Protected from disclosure
Documentation of Security Policies - CORRECT ANSWER Six years from effect
HIPAA Record Charges - CORRECT ANSWER State formula
Best-Of-Breed - CORRECT ANSWER Best from each vendor then interface
Federated-Consistent Databases - CORRECT ANSWER HIE operates like ASP
Best-Of-Fit - CORRECT ANSWER One vendor
Person Identification - CORRECT ANSWER HIE matches info to individual
Parallel Processing - CORRECT ANSWER Paper processing occurs until EHR works as planned
Messaging Standards - CORRECT ANSWER Support communication between applications
Normalization - CORRECT ANSWER Breaking data elements into detail to retrieve data
Median - CORRECT ANSWER Based on whole distribution
Infrared Light - CORRECT ANSWER Connecting portable devices to network
Patient Portal - CORRECT ANSWER Secure communication with provider
PHI - CORRECT ANSWER Relates to ones condition
Releasing to another faculity - CORRECT ANSWER Minimum necessary does not apply
Accounting of disclosures contains - CORRECT ANSWER Info from infectious reporting
Privacy Rule - CORRECT ANSWER Will preempt state law with medical record charges
Two Factor Authentication System - CORRECT ANSWER Password and Swipe Card
Patient Limiting Disclosure - CORRECT ANSWER Must accept request but not agree to it
Don't report HIPAA violation if - CORRECT ANSWER No hard copy info
Reporting Requirements - CORRECT ANSWER Not for competent adults
Duces Tecum - CORRECT ANSWER Compels recipient to bring records to a legal proceding
Not signed by plaintiff and defendant
Business Record Exception - CORRECT ANSWER Record does not constitute hearsay
PHI Breach - CORRECT ANSWER Must tell types of unsecured PHI that were involved
Accounting of Disclosures - CORRECT ANSWER Ex: faxed to the bank
Training in PHI - CORRECT ANSWER Every member of workforce must attend
Federal Rules of Civil Procedure - CORRECT ANSWER e-discovery rules changed
Security Audit - CORRECT ANSWER Helps entity ensure that info is only being accessed for org purposes
Security Rule - CORRECT ANSWER Provisions for access in emergency
Biggest Risk of Breaches - CORRECT ANSWER Laptop Theft
Protecting Data Privacy - CORRECT ANSWER Defending or safeguarding patient data
Charging for PHI - CORRECT ANSWER To make a copy
Chain of Trust Partner Agreements - CORRECT ANSWER Admin provision for security measures
Confidentiality - CORRECT ANSWER Limiting disclosures
Minor - CORRECT ANSWER Authorized to release venereal info
Info Policy - CORRECT ANSWER Openness of comm w/in org
Over telephone with police - CORRECT ANSWER No info
Best Monitoring System - CORRECT ANSWER Random sample of each employee monthly
Even if employer is paying - CORRECT ANSWER They need auth
Married Minor - CORRECT ANSWER Can consent for self
When on phone with hospital - CORRECT ANSWER Confirm with callback and give all info
Stark Law - CORRECT ANSWER No physician self referral
Right to PHI - CORRECT ANSWER For as long as it is maintained
Authorization Management - CORRECT ANSWER Limiting user access [Show Less]