Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 4: Introduction to the Health Insurance Portability and Accountability Act Hipaa

Full screen (f)
exit full mode
Question
Protected health information (PHI) can be disclosed in which of the following circumstances?

A) A coroner requests it to assist in identifying a body.
B) The U.S. Food and Drug Administration requests it in relation to a product recall.
C) An organ procurement organization requests it to facilitate the donation and transplantation of organs.
D) All of the above
Use Space or
up arrow
down arrow
to flip the card.
Question
How many days does the provider have to correct the patient's medical record once a request has been made?

A) 20
B) 30
C) 60
D) 90
Question
Providers are legally obligated to disclose protected health information (PHI) to public health authorities when a:

A) particularly severe flu epidemic has occurred.
B) person may have been exposed to certain communicable diseases.
C) patient or staff member has a prison record.
D) patient has returned from a trip to a country with poor sanitation.
Question
The process of scrambling and encoding electronic data to prevent it from being read by unauthorized users is known as:

A) encryption.
B) coding.
C) translation.
D) transcription.
Question
HIPAA guidelines grant patients the right to access their own medical records and the right to:

A) at least 10 free copies.
B) request corrections of any inaccuracies in the records.
C) designate a specific person at an insurance company who may also have access.
D) file a complaint about how long it takes to get a claim paid.
Question
Each medical practice must appoint a person to serve as its Privacy Compliance Officer, who must be familiar with federal and state privacy regulations in order to:

A) file monthly reports with the office of the state insurance commissioner.
B) respond to insurance carriers' questions and handle patient billing complaints.
C) respond to requests for medical records and handle privacy-related complaints.
D) represent the practice in any lawsuits that arise over privacy issues.
Question
Under the HIPAA Privacy Rule, a patient's medical record and payment history are considered:

A) protected health information.
B) managed care plan information.
C) secure medical data.
D) electronically transmitted data.
Question
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996, and covered entities were required to fully implement its guidelines by:

A) 2000.
B) 2002.
C) 2003.
D) 2005.
Question
A person who has a privacy complaint can file it with the:

A) Centers for Medicare and Medicaid Services (CMS).
B) Office for Civil Rights (OCR).
C) American Medical Association (AMA).
Question
The document used to authorize permission for the release of protected health information (PHI) is the:

A) designation for release of medical information form.
B) designation of beneficiary form.
C) acknowledgment of informed consent form.
D) assignment of benefits form.
Question
Under the HIPAA Privacy Rule, a physician can discuss a patient's medical condition or treatment with a family member or friend without written consent when:

A) the payment for services is past due.
B) the patient is unconscious.
C) the patient has given verbal consent.
D) both B and C.
Question
Approximately how many different formats are currently being used for electronic health claims?

A) 350
B) 400
C) 450
D) 500
Question
The advantage of using electronic data interchange standards (EDI) in the transmission of medical and claims data is:

A) improved data quality.
B) faster processing of transactions.
C) lower operating costs.
D) all of the above.
Question
The overall purpose of HIPAA Transactions and code set Rule is to:

A) require that all claims be submitted in exactly the same electronic format.
B) limit the number of methods that can be used for file encryption.
C) standardize the electronic exchange of protected health information (PHI).
D) authorize certain organizations to act as claims clearinghouses.
Question
A provider may share patient information with an interpreter when the interpreter is:

A) a friend of the patient and the patient agrees.
B) a family member of the patient and the patient agrees.
C) a staff member, contractor, or volunteer who works for the provider.
D) all of the above.
Question
The provision of HIPAA that regulates the use and disclosure of protected health information is the:

A) Administrative Rule.
B) Reimbursement Rule.
C) Privacy Rule.
D) Medical Records Rule.
Question
If the patient is a minor, consent to the disclosure of protected health information (PHI) must be provided by a parent or:

A) grandparent.
B) legal guardian.
C) sibling.
D) teacher.
Question
Under HIPAA, which of the following are covered entities?

A) health insurance plans
B) healthcare providers
C) clearinghouses
D) all of the above
Question
In the event of a security breach in regard to protected health information (PHI), providers and other covered entities must notify both the Office for Civil Rights (OCR) and the:

A) individuals whose records were affected.
B) Centers for Medicare and Medicaid Services (CMS).
C) insurance carriers whose claims were affected.
D) Consumer Protection Agency.
Question
HIPAA guidelines apply to which of the following types of healthcare administrative transactions?

A) health insurance claims
B) claim status requests and reports
C) eligibility requests and verifications
D) all of the above
Question
Which type of safeguard involves the use of encryption when data is transmitted over open networks?

A) administrative
B) procedural
C) physical
D) technical
Question
HIPAA requires that diagnoses and services be reported in a standard, consistent manner; this is accomplished by using uniform:

A) claim forms.
B) code sets.
C) descriptors.
D) modifiers.
Question
The electronic record that documents a patient's encounters with physicians and other clinicians that is stored within one provider's system is the electronic:

A) data interchange.
B) health record.
C) medical record.
D) patient database.
Question
The three types of safeguards that must be in place to be in compliance with the HIPAA Security Rule are:

A) technical, training, and administrative.
B) physical, administrative, and technical.
C) administrative, physical, and electronic.
D) physical, technical, and procedural.
Question
Which type of safeguard involves establishing and maintaining authentication systems such as digital signatures, double keying, and token systems?

A) administrative
B) procedural
C) physical
D) technical
Question
The unique identifier for physicians, nurses, and other healthcare professionals, organizations, and facilities that provide healthcare services or supplies is the:

A) Federal Employer Identification Number (EIN).
B) Social Security number.
C) National Provider Identifier (NPI).
D) National Health Plan Identifier.
Question
The unique identifier for insurance plans and third-party payers and administrators is the:

A) Federal Employer Identification Number (EIN).
B) Social Security number.
C) National Provider Identifier (NPI).
D) National Health Plan Identifier.
Question
Code set CPT stands for:

A) child protective terminology.
B) current physician terminology.
C) cognitive performance terminology.
D) current procedural terminology.
Question
The unique identifier for employers (business entities) that sponsor health insurance plans is the:

A) Federal Employer Identification Number (EIN).
B) Social Security number.
C) National Provider Identifier (NPI).
D) National Health Plan Identifier.
Question
Which type of safeguard involves limiting access to computer hardware and software only to properly authorized personnel?

A) administrative
B) procedural
C) physical
D) technical
Question
Which type of safeguard involves having procedures that clearly identify which employees have access to electronic protected health information (EPHI)?

A) administrative
B) procedural
C) physical
D) technical
Question
Which of the following is a current HIPAA-approved code set?

A) ICD-10
B) NDC
C) HCPCS
D) all of the above
Question
The HIPAA Unique Identifiers Rule requires that standard formats be used to identify:

A) healthcare providers.
B) health insurance plans.
C) employers that sponsor health insurance plans.
D) all of the above.
Question
Which provision of HIPAA deals with procedures for investigations and hearings related to compliance issues and penalties for violations?

A) Privacy Rule
B) Unique Identifiers Rule
C) Enforcement Rule
D) Security Rule
Question
The HIPAA Security Rule complements the Privacy Rule but applies exclusively to:

A) protected health information.
B) electronic protected health information.
C) medical claims.
D) hospital claims.
Question
Under the Civil Monetary Penalties Law (CMPL), physicians who pay or accept kickbacks face penalties of up to:

A) $50,000 per kickback plus three times the amount of the remuneration.
B) $250,000 per kickback.
C) $100,000 per kickback plus three times the amount of remuneration.
D) $500 set fine plus up to 5 years in prison.
Question
The electronic record that includes documentation of patient care across multiple healthcare organizations that can be viewed by all providers who have a relationship with the patient is the electronic:

A) data interchange.
B) health record.
C) medical record.
D) patient database.
Question
Which type of safeguard involves controlling access to facility security plans and maintenance records and requiring all visitors to sign in?

A) administrative
B) procedural
C) physical
D) technical
Question
Which type of safeguard involves having disaster recovery procedures in place to secure data in the event of a disaster or emergency?

A) administrative
B) procedural
C) physical
D) technical
Question
A criminal penalty for HIPAA violations with intent to sell or use individually identifiable health information for commercial advantage, personal or financial gain can carry a maximum prison sentence of:

A) 5 years.
B) 8 years.
C) 10 years.
D) 15 years.
Question
Which stage of HITECH focuses on securing electronic messaging to communicate relevant health information to patients?

A) Stage 1
B) Stage 2
C) Stage 3
D) Stage 4
Question
The HIPAA Privacy rule forbids providers from ever disclosing protected health information (PHI) without the patient's permission, even in response to a court order.
Question
A healthcare provider is not allowed to discuss a patient's medical condition or payment with a person over the phone.
Question
Criminal penalties for HIPAA violations can include prison time and financial penalties up to what maximum amount?

A) $100,000
B) $150,000
C) $250,000
D) $400,000
Question
Healthcare providers who achieve the standards of each HITECH stage by a designated date are eligible for:

A) free license renewals as long as they remain in practice.
B) Medicare incentive payments.
C) Medicaid incentive payments.
D) Medicare and Medicaid incentive payments.
Question
Providers who do NOT achieve the HITECH meaningful use standards in 2017 will face penalties that consist of a:

A) 1% reduction of Medicare reimbursement.
B) 2 % reduction of Medicare reimbursement.
C) 3 % reduction of Medicare reimbursement.
D) 4 % reduction of Medicare reimbursement.
Question
When patients ask a family member to remain with them in a treatment room, this implies that they have given permission for the doctor and/or staff to discuss their condition in front of the family member.
Question
ICD-10-CM is not approved as a uniform code set according to HIPAA guidelines.
Question
Protected health information (PHI) can be released to interpreters in situations when the patient has given consent.
Question
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 2003.
Question
Pharmacies and durable medical equipment have medical devices that store PHI and contain an operating system, such as Microsoft Windows.
Question
The HITECH Act is part of the:

A) Health Insurance Portability and Accountability Act.
B) American Recovery and Reinvestment Act.
C) Tax Relief and Health Care Act.
D) Occupational Health and Safety Act.
Question
Patients have the right to access and copy their medical records, but they cannot dispute anything in the record.
Question
The HITECH requirements for the implementation of standardized, certified, interoperable electronic health records and related technologies are known as:

A) standard code sets.
B) meaningful use.
C) certification.
D) computerized provider order entry.
Question
HITECH Stage 1 requirements include the implementation of a computerized:

A) medical coding system.
B) medical practice management system.
C) provider order entry system.
D) accounting system.
Question
Stage 3 of the HITECH ACT will become mandatory for physicians and hospitals beginning in:

A) 2017.
B) 2018.
C) 2019.
D) 2020.
Question
Providers may be asked to provide protected health information (PHI) as part of FDA investigations related to product defects or recalls.
Question
The HITECH Act expands the privacy provisions of HIPAA to include:

A) corporate owners of covered entities.
B) business associates of covered entities.
C) friends and family of providers.
D) friends and family of patients.
Question
Under HIPAA, medical schools are considered covered entities.
Question
The HITECH Act introduced which concept in regard to electronic health information?

A) hacking prevention
B) authorized use
C) fraud prevention
D) meaningful use
Question
The Omnibus Rule requires standards for the disclosure and use of protected health information (PHI), including established standards of enforcement for penalties and breach notification.
Question
Data that has been scrambled and/or encoded to prevent it from being readable by unauthorized users is ________.
Question
The Department of Health and Human Services agency that handles privacy complaints is the Office for ________.
Question
Pharmacies and ________ equipment (DME) companies can be more flexible than providers' offices in their requirements for authorizations for the release of information.
Question
Physical safeguards are measures put in place to control or limit physical access to protected data.
Question
The Centers for Medicare and Medicaid Services issued a report of numerous errors related to a case with patient demographics similar to those of Joan Rivers.
Question
The electronic transfer of information in a standardized format between trading partners is called ________.
Question
Technical safeguards are rules and policies related to documenting time-consuming, complex medical procedures.
Question
Electronic documentation of patient care that can include multiple providers, services, and facilities is referred to as an electronic ________.
Question
Under HIPAA, health plans, providers, and clearinghouses are considered ________.
Question
The person in medical practice who handles requests for medical records and serves as the primary contact person in regard to HIPAA confidentiality issues is the ________ Officer.
Question
Under HIPAA, any information related to patient identity, patient health status, the provision of care, or payment for services is considered ________.
Question
The HITECH Act is a subset of the original HIPAA legislation.
Question
The three types of protections of electronic data that must be in place to be in compliance with the HIPAA Security Rule are administrative, physical, and technical ________.
Question
Each individual health plan must use a unique National Provider Identifier.
Question
HHS is prohibited from imposing civil penalties if the violation is unintentional and corrected within 30 days.
Question
Compliance with the HITECH Act is to occur in three stages, and organizations can receive financial incentives for achieving compliance objectives by the designated dates.
Question
A HIPAA complaint must be filed with the OCR within 60 days of when the complainant knew or should have known that the act had occurred.
Question
Technical safeguards include data corroboration, authentication, and data security measures.
Question
The HIPAA Privacy Rule regulates the use and ________ of protected health information (PHI).
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/101
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 4: Introduction to the Health Insurance Portability and Accountability Act Hipaa
1
Protected health information (PHI) can be disclosed in which of the following circumstances?

A) A coroner requests it to assist in identifying a body.
B) The U.S. Food and Drug Administration requests it in relation to a product recall.
C) An organ procurement organization requests it to facilitate the donation and transplantation of organs.
D) All of the above
All of the above
2
How many days does the provider have to correct the patient's medical record once a request has been made?

A) 20
B) 30
C) 60
D) 90
20
3
Providers are legally obligated to disclose protected health information (PHI) to public health authorities when a:

A) particularly severe flu epidemic has occurred.
B) person may have been exposed to certain communicable diseases.
C) patient or staff member has a prison record.
D) patient has returned from a trip to a country with poor sanitation.
person may have been exposed to certain communicable diseases.
4
The process of scrambling and encoding electronic data to prevent it from being read by unauthorized users is known as:

A) encryption.
B) coding.
C) translation.
D) transcription.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
5
HIPAA guidelines grant patients the right to access their own medical records and the right to:

A) at least 10 free copies.
B) request corrections of any inaccuracies in the records.
C) designate a specific person at an insurance company who may also have access.
D) file a complaint about how long it takes to get a claim paid.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
6
Each medical practice must appoint a person to serve as its Privacy Compliance Officer, who must be familiar with federal and state privacy regulations in order to:

A) file monthly reports with the office of the state insurance commissioner.
B) respond to insurance carriers' questions and handle patient billing complaints.
C) respond to requests for medical records and handle privacy-related complaints.
D) represent the practice in any lawsuits that arise over privacy issues.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
7
Under the HIPAA Privacy Rule, a patient's medical record and payment history are considered:

A) protected health information.
B) managed care plan information.
C) secure medical data.
D) electronically transmitted data.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
8
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 1996, and covered entities were required to fully implement its guidelines by:

A) 2000.
B) 2002.
C) 2003.
D) 2005.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
9
A person who has a privacy complaint can file it with the:

A) Centers for Medicare and Medicaid Services (CMS).
B) Office for Civil Rights (OCR).
C) American Medical Association (AMA).
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
10
The document used to authorize permission for the release of protected health information (PHI) is the:

A) designation for release of medical information form.
B) designation of beneficiary form.
C) acknowledgment of informed consent form.
D) assignment of benefits form.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
11
Under the HIPAA Privacy Rule, a physician can discuss a patient's medical condition or treatment with a family member or friend without written consent when:

A) the payment for services is past due.
B) the patient is unconscious.
C) the patient has given verbal consent.
D) both B and C.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
12
Approximately how many different formats are currently being used for electronic health claims?

A) 350
B) 400
C) 450
D) 500
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
13
The advantage of using electronic data interchange standards (EDI) in the transmission of medical and claims data is:

A) improved data quality.
B) faster processing of transactions.
C) lower operating costs.
D) all of the above.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
14
The overall purpose of HIPAA Transactions and code set Rule is to:

A) require that all claims be submitted in exactly the same electronic format.
B) limit the number of methods that can be used for file encryption.
C) standardize the electronic exchange of protected health information (PHI).
D) authorize certain organizations to act as claims clearinghouses.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
15
A provider may share patient information with an interpreter when the interpreter is:

A) a friend of the patient and the patient agrees.
B) a family member of the patient and the patient agrees.
C) a staff member, contractor, or volunteer who works for the provider.
D) all of the above.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
16
The provision of HIPAA that regulates the use and disclosure of protected health information is the:

A) Administrative Rule.
B) Reimbursement Rule.
C) Privacy Rule.
D) Medical Records Rule.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
17
If the patient is a minor, consent to the disclosure of protected health information (PHI) must be provided by a parent or:

A) grandparent.
B) legal guardian.
C) sibling.
D) teacher.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
18
Under HIPAA, which of the following are covered entities?

A) health insurance plans
B) healthcare providers
C) clearinghouses
D) all of the above
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
19
In the event of a security breach in regard to protected health information (PHI), providers and other covered entities must notify both the Office for Civil Rights (OCR) and the:

A) individuals whose records were affected.
B) Centers for Medicare and Medicaid Services (CMS).
C) insurance carriers whose claims were affected.
D) Consumer Protection Agency.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
20
HIPAA guidelines apply to which of the following types of healthcare administrative transactions?

A) health insurance claims
B) claim status requests and reports
C) eligibility requests and verifications
D) all of the above
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
21
Which type of safeguard involves the use of encryption when data is transmitted over open networks?

A) administrative
B) procedural
C) physical
D) technical
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
22
HIPAA requires that diagnoses and services be reported in a standard, consistent manner; this is accomplished by using uniform:

A) claim forms.
B) code sets.
C) descriptors.
D) modifiers.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
23
The electronic record that documents a patient's encounters with physicians and other clinicians that is stored within one provider's system is the electronic:

A) data interchange.
B) health record.
C) medical record.
D) patient database.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
24
The three types of safeguards that must be in place to be in compliance with the HIPAA Security Rule are:

A) technical, training, and administrative.
B) physical, administrative, and technical.
C) administrative, physical, and electronic.
D) physical, technical, and procedural.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
25
Which type of safeguard involves establishing and maintaining authentication systems such as digital signatures, double keying, and token systems?

A) administrative
B) procedural
C) physical
D) technical
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
26
The unique identifier for physicians, nurses, and other healthcare professionals, organizations, and facilities that provide healthcare services or supplies is the:

A) Federal Employer Identification Number (EIN).
B) Social Security number.
C) National Provider Identifier (NPI).
D) National Health Plan Identifier.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
27
The unique identifier for insurance plans and third-party payers and administrators is the:

A) Federal Employer Identification Number (EIN).
B) Social Security number.
C) National Provider Identifier (NPI).
D) National Health Plan Identifier.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
28
Code set CPT stands for:

A) child protective terminology.
B) current physician terminology.
C) cognitive performance terminology.
D) current procedural terminology.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
29
The unique identifier for employers (business entities) that sponsor health insurance plans is the:

A) Federal Employer Identification Number (EIN).
B) Social Security number.
C) National Provider Identifier (NPI).
D) National Health Plan Identifier.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
30
Which type of safeguard involves limiting access to computer hardware and software only to properly authorized personnel?

A) administrative
B) procedural
C) physical
D) technical
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
31
Which type of safeguard involves having procedures that clearly identify which employees have access to electronic protected health information (EPHI)?

A) administrative
B) procedural
C) physical
D) technical
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following is a current HIPAA-approved code set?

A) ICD-10
B) NDC
C) HCPCS
D) all of the above
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
33
The HIPAA Unique Identifiers Rule requires that standard formats be used to identify:

A) healthcare providers.
B) health insurance plans.
C) employers that sponsor health insurance plans.
D) all of the above.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
34
Which provision of HIPAA deals with procedures for investigations and hearings related to compliance issues and penalties for violations?

A) Privacy Rule
B) Unique Identifiers Rule
C) Enforcement Rule
D) Security Rule
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
35
The HIPAA Security Rule complements the Privacy Rule but applies exclusively to:

A) protected health information.
B) electronic protected health information.
C) medical claims.
D) hospital claims.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
36
Under the Civil Monetary Penalties Law (CMPL), physicians who pay or accept kickbacks face penalties of up to:

A) $50,000 per kickback plus three times the amount of the remuneration.
B) $250,000 per kickback.
C) $100,000 per kickback plus three times the amount of remuneration.
D) $500 set fine plus up to 5 years in prison.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
37
The electronic record that includes documentation of patient care across multiple healthcare organizations that can be viewed by all providers who have a relationship with the patient is the electronic:

A) data interchange.
B) health record.
C) medical record.
D) patient database.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
38
Which type of safeguard involves controlling access to facility security plans and maintenance records and requiring all visitors to sign in?

A) administrative
B) procedural
C) physical
D) technical
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
39
Which type of safeguard involves having disaster recovery procedures in place to secure data in the event of a disaster or emergency?

A) administrative
B) procedural
C) physical
D) technical
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
40
A criminal penalty for HIPAA violations with intent to sell or use individually identifiable health information for commercial advantage, personal or financial gain can carry a maximum prison sentence of:

A) 5 years.
B) 8 years.
C) 10 years.
D) 15 years.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
41
Which stage of HITECH focuses on securing electronic messaging to communicate relevant health information to patients?

A) Stage 1
B) Stage 2
C) Stage 3
D) Stage 4
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
42
The HIPAA Privacy rule forbids providers from ever disclosing protected health information (PHI) without the patient's permission, even in response to a court order.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
43
A healthcare provider is not allowed to discuss a patient's medical condition or payment with a person over the phone.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
44
Criminal penalties for HIPAA violations can include prison time and financial penalties up to what maximum amount?

A) $100,000
B) $150,000
C) $250,000
D) $400,000
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
45
Healthcare providers who achieve the standards of each HITECH stage by a designated date are eligible for:

A) free license renewals as long as they remain in practice.
B) Medicare incentive payments.
C) Medicaid incentive payments.
D) Medicare and Medicaid incentive payments.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
46
Providers who do NOT achieve the HITECH meaningful use standards in 2017 will face penalties that consist of a:

A) 1% reduction of Medicare reimbursement.
B) 2 % reduction of Medicare reimbursement.
C) 3 % reduction of Medicare reimbursement.
D) 4 % reduction of Medicare reimbursement.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
47
When patients ask a family member to remain with them in a treatment room, this implies that they have given permission for the doctor and/or staff to discuss their condition in front of the family member.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
48
ICD-10-CM is not approved as a uniform code set according to HIPAA guidelines.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
49
Protected health information (PHI) can be released to interpreters in situations when the patient has given consent.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
50
The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in 2003.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
51
Pharmacies and durable medical equipment have medical devices that store PHI and contain an operating system, such as Microsoft Windows.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
52
The HITECH Act is part of the:

A) Health Insurance Portability and Accountability Act.
B) American Recovery and Reinvestment Act.
C) Tax Relief and Health Care Act.
D) Occupational Health and Safety Act.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
53
Patients have the right to access and copy their medical records, but they cannot dispute anything in the record.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
54
The HITECH requirements for the implementation of standardized, certified, interoperable electronic health records and related technologies are known as:

A) standard code sets.
B) meaningful use.
C) certification.
D) computerized provider order entry.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
55
HITECH Stage 1 requirements include the implementation of a computerized:

A) medical coding system.
B) medical practice management system.
C) provider order entry system.
D) accounting system.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
56
Stage 3 of the HITECH ACT will become mandatory for physicians and hospitals beginning in:

A) 2017.
B) 2018.
C) 2019.
D) 2020.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
57
Providers may be asked to provide protected health information (PHI) as part of FDA investigations related to product defects or recalls.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
58
The HITECH Act expands the privacy provisions of HIPAA to include:

A) corporate owners of covered entities.
B) business associates of covered entities.
C) friends and family of providers.
D) friends and family of patients.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
59
Under HIPAA, medical schools are considered covered entities.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
60
The HITECH Act introduced which concept in regard to electronic health information?

A) hacking prevention
B) authorized use
C) fraud prevention
D) meaningful use
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
61
The Omnibus Rule requires standards for the disclosure and use of protected health information (PHI), including established standards of enforcement for penalties and breach notification.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
62
Data that has been scrambled and/or encoded to prevent it from being readable by unauthorized users is ________.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
63
The Department of Health and Human Services agency that handles privacy complaints is the Office for ________.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
64
Pharmacies and ________ equipment (DME) companies can be more flexible than providers' offices in their requirements for authorizations for the release of information.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
65
Physical safeguards are measures put in place to control or limit physical access to protected data.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
66
The Centers for Medicare and Medicaid Services issued a report of numerous errors related to a case with patient demographics similar to those of Joan Rivers.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
67
The electronic transfer of information in a standardized format between trading partners is called ________.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
68
Technical safeguards are rules and policies related to documenting time-consuming, complex medical procedures.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
69
Electronic documentation of patient care that can include multiple providers, services, and facilities is referred to as an electronic ________.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
70
Under HIPAA, health plans, providers, and clearinghouses are considered ________.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
71
The person in medical practice who handles requests for medical records and serves as the primary contact person in regard to HIPAA confidentiality issues is the ________ Officer.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
72
Under HIPAA, any information related to patient identity, patient health status, the provision of care, or payment for services is considered ________.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
73
The HITECH Act is a subset of the original HIPAA legislation.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
74
The three types of protections of electronic data that must be in place to be in compliance with the HIPAA Security Rule are administrative, physical, and technical ________.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
75
Each individual health plan must use a unique National Provider Identifier.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
76
HHS is prohibited from imposing civil penalties if the violation is unintentional and corrected within 30 days.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
77
Compliance with the HITECH Act is to occur in three stages, and organizations can receive financial incentives for achieving compliance objectives by the designated dates.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
78
A HIPAA complaint must be filed with the OCR within 60 days of when the complainant knew or should have known that the act had occurred.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
79
Technical safeguards include data corroboration, authentication, and data security measures.
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
80
The HIPAA Privacy Rule regulates the use and ________ of protected health information (PHI).
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 101 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree