Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 12: Confidentiality and Compliance

Full screen (f)
exit full mode
Question
An officer of the court's direction to produce documents is called:

A) Subpoena duces tecum
B) Subpoena ad testificandum
C) malfeasance
D) jurisdiction
Use Space or
up arrow
down arrow
to flip the card.
Question
The following providers/departments make internal requests for patient health information routinely EXCEPT:

A) Utilization review
B) Performance improvement
C) Quality assurance
D) Attending physician
Question
A 16-year-old woman presents in the emergency room for treatment of stomach pain, accompanied by her mother and husband. She is conscious, alert, and oriented. Of the following, who is the appropriate individual to sign the consent for treatment?

A) The patient
B) The patient's mother
C) The patient's husband
D) No consent is necessary for this emergency treatment.
Question
The Conditions of Admission are an example of:

A) Prospective consent
B) Retrospective consent
C) Access
D) Jurisdiction
Question
The purpose of The Joint Commission Steering Committee is to:

A) Ensure that compliance with current standards is evaluated.
B) Conduct mock surveys.
C) Prepare staff for The Joint Commission visit.
D) Do all of the above.
Question
The Privacy Rule addresses the uses and disclosure of _______ information.

A) Protected health
B) Confidential
C) Private
D) Secure
Question
Although the __________ owns the physical or electronic record, the _________ owns the information in the record.

A) patient; patient
B) facility; patient
C) facility; facility
D) patient; facility
Question
A valid consent for release of information contains all of the following EXCEPT:

A) Patient's name
B) Patient's marital status
C) Patient's date of birth
D) Date of the request
Question
Which of the following situations is NOT an exception to permitted disclosures of patient information under the Privacy Rule?

A) About victims of abuse, neglect, or domestic violence
B) For workers' compensation (as authorized by law)
C) For a journalist to verify a story
D) For judicial and administrative proceedings
Question
The new nursing supervisor is discussing her plans for the unit with you. She wants to hang a board on the wall of the nursing unit listing each patient's name, room number, working diagnosis, and medication schedule. You advise her that:

A) This is a good idea, since it will facilitate coordination of care.
B) It is a violation of confidentiality to display patient-specific information in a public place.
C) This is not a good idea, because it is a violation of prospective consent.
D) The physicians will not like it because it will show everyone who has the most patients.
Question
All of the following are elements of the business record rule EXCEPT:

A) Documentation is contemporaneous with the events it describes.
B) Records are maintained in the normal course of business.
C) Records are kept in accordance with The Joint Commission standards.
D) Documentation is recorded by those who are in a position to know the facts of the events they describe.
Question
An insurance company may obtain patient records by all of the following EXCEPT:

A) Prospective consent under the conditions of admission
B) By subpoena for disclosure of chemical dependency information
C) Prospective consent obtained when the patient became insured
D) Retrospective consent obtained after the patient is discharged
Question
In litigation, lawyers may request documentation from the HIM department during the ___________ process.

A) certification
B) filing
C) pretrial hearing
D) discovery
Question
The Notice of Privacy Practices is provided to the patient prior to each admission and contains all of the following required information EXCEPT:

A) Facility's privacy policies
B) Physician's signature
C) Discusses how the facility discloses patient information
D) Privacy officer contact information
Question
How are security breaches in electronic health records tracked?

A) Audit trails
B) Indexing
C) All health care personnel should have access to all patient medical records.
D) None of the above
Question
The responsibility for harm or damage caused by actions or inactions is known as:

A) liability
B) tort
C) negligence
D) malpractice
Question
Some of the following are common safeguards that prevent confidentiality breaches EXCEPT:

A) Automatic log-offs
B) Sharing of passwords among health care providers
C) Screen saver
D) Mandatory password updates
Question
Which of the following scenarios represents a HIPAA violation?

A) Nurses discussing Mrs. Logan's patient care inside Mrs. Carter's room
B) An HIM employee discusses the neighbor's medical history with their mother
C) A hospital employee reviewing the electronic medical record of a celebrity currently admitted to the facility
D) All of the above
Question
The practice of maintaining confidentiality in health care is based on:

A) Prospective consent
B) Retrospective consent
C) Physician-patient privilege
D) Attorney-client privilege
Question
The HITECH Act greatly strengthened HIPAA regulations surrounding:

A) the business record rule
B) litigation
C) business associates
D) third-party payers
Question
The period in which lawyers are preparing their case and obtaining documents and testimonies is called ______________.
Question
The right or responsibility to make legal decisions for someone else as a result of a legal document is ______________.
Question
A _________ is a law that has been passed by the legislative branch of government. Legislation dealing with confidentiality and health information varies at the state level.
Question
The legal foundation for confidentiality is ____________.
Question
A permission that is given after the event to which the permission applies is ___________.
Question
__________ is permitted disclosure in which authorization is not required as long as state law allows the exception.
Question
The giving of information to another, whether oral, photocopies, faxes, e-mails, etc., is called ________________.
Question
The process of engaging in the legal proceedings of a lawsuit is ___________.
Question
__________ is a permission given by a competent individual, of legal age, with full knowledge or understanding of the risks, potential benefits, and potential consequences of the permission.
Question
A _______________ is a facility-wide system of policies, procedures, and guidelines that help to ensure ethical business practices.
Question
Explain informed consent. List three ways that a patient can consent to medical treatment.
Question
A _____________ is the designated official in the health care organization who oversees privacy compliance and handles complaints.
Question
The _____________ brings a lawsuit against the ___________.
Question
The patient's compilation of his or her health information is called the ________________.
Question
Individually identifiable health information that is transmitted or maintained in any form or medium by covered entities or their business associates is __________.
Question
An ____________ is defined as a written document such as a living will or durable power of attorney for health care.
Question
Which of the following types of files should be separate from the medical records library in a secure file?

A) Facility employee file
B) Behavior health patient file
C) Celebrity patient file
D) Law enforcement patient file
Question
_________ is consideration of a patient as an adult even though the patient is younger than the statutory age.
Question
In some circumstances, patient-specific information can be released without the consent of the patient. List three reasons that information can be released without patient consent.
Question
Match the following terms with their descriptions.
a. Conditions of admission
b. Business record rule
c. Hearsay rule
d. Jurisdiction
e. Custodian
f. Subpoena ad testificandum
g. Subpoena duces tecum
h. Covered entity
9. A direction from an officer of the court to provide documents.
10. Under HIPAA and HITECH provisions, any organization that collects and manages health information.
11. An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
12. The authority of a court to decide certain cases. May be based on geography, money, or type of case.
13. A direction from an officer of the court to provide testimony.
14. The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
15. The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
16. The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Question
List two types of "sensitive" records. Describe what type(s) of additional controls should be in place to manage these records.
Question
Match between columns
Premises:
Responses:
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Disclosure
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Personal health record
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Right to complain
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Notice of privacy practices
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Amendment
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Accounting of disclosures
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Designated record set
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Right to revoke
Patient information that is protected by HIPAA legislation.
Disclosure
Patient information that is protected by HIPAA legislation.
Personal health record
Patient information that is protected by HIPAA legislation.
Right to complain
Patient information that is protected by HIPAA legislation.
Notice of privacy practices
Patient information that is protected by HIPAA legislation.
Amendment
Patient information that is protected by HIPAA legislation.
Accounting of disclosures
Patient information that is protected by HIPAA legislation.
Designated record set
Patient information that is protected by HIPAA legislation.
Right to revoke
A change to the original document.
Disclosure
A change to the original document.
Personal health record
A change to the original document.
Right to complain
A change to the original document.
Notice of privacy practices
A change to the original document.
Amendment
A change to the original document.
Accounting of disclosures
A change to the original document.
Designated record set
A change to the original document.
Right to revoke
The listing of the identity of those to whom certain protected health information has been disclosed.
Disclosure
The listing of the identity of those to whom certain protected health information has been disclosed.
Personal health record
The listing of the identity of those to whom certain protected health information has been disclosed.
Right to complain
The listing of the identity of those to whom certain protected health information has been disclosed.
Notice of privacy practices
The listing of the identity of those to whom certain protected health information has been disclosed.
Amendment
The listing of the identity of those to whom certain protected health information has been disclosed.
Accounting of disclosures
The listing of the identity of those to whom certain protected health information has been disclosed.
Designated record set
The listing of the identity of those to whom certain protected health information has been disclosed.
Right to revoke
When patient information is given to someone else.
Disclosure
When patient information is given to someone else.
Personal health record
When patient information is given to someone else.
Right to complain
When patient information is given to someone else.
Notice of privacy practices
When patient information is given to someone else.
Amendment
When patient information is given to someone else.
Accounting of disclosures
When patient information is given to someone else.
Designated record set
When patient information is given to someone else.
Right to revoke
The patient's right to discuss his or her concerns about privacy violations.
Disclosure
The patient's right to discuss his or her concerns about privacy violations.
Personal health record
The patient's right to discuss his or her concerns about privacy violations.
Right to complain
The patient's right to discuss his or her concerns about privacy violations.
Notice of privacy practices
The patient's right to discuss his or her concerns about privacy violations.
Amendment
The patient's right to discuss his or her concerns about privacy violations.
Accounting of disclosures
The patient's right to discuss his or her concerns about privacy violations.
Designated record set
The patient's right to discuss his or her concerns about privacy violations.
Right to revoke
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Disclosure
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Personal health record
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Right to complain
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Notice of privacy practices
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Amendment
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Accounting of disclosures
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Designated record set
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Right to revoke
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Disclosure
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Personal health record
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Right to complain
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Notice of privacy practices
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Amendment
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Accounting of disclosures
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Designated record set
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Right to revoke
Question
What information is provided when there is a breach of confidential health information? Who is responsible to conduct this investigation?
Question
Match between columns
Premises:
Responses:
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Subpoena duces tecum
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Covered entity
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Business record rule
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Jurisdiction
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Subpoena ad testificandum
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Hearsay rule
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Conditions of admission
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Custodian
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Subpoena duces tecum
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Covered entity
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Business record rule
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Jurisdiction
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Subpoena ad testificandum
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Hearsay rule
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Conditions of admission
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Custodian
A direction from an officer of the court to provide documents.
Subpoena duces tecum
A direction from an officer of the court to provide documents.
Covered entity
A direction from an officer of the court to provide documents.
Business record rule
A direction from an officer of the court to provide documents.
Jurisdiction
A direction from an officer of the court to provide documents.
Subpoena ad testificandum
A direction from an officer of the court to provide documents.
Hearsay rule
A direction from an officer of the court to provide documents.
Conditions of admission
A direction from an officer of the court to provide documents.
Custodian
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Subpoena duces tecum
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Covered entity
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Business record rule
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Jurisdiction
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Subpoena ad testificandum
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Hearsay rule
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Conditions of admission
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Custodian
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Subpoena duces tecum
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Covered entity
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Business record rule
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Jurisdiction
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Subpoena ad testificandum
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Hearsay rule
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Conditions of admission
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Custodian
A direction from an officer of the court to provide testimony.
Subpoena duces tecum
A direction from an officer of the court to provide testimony.
Covered entity
A direction from an officer of the court to provide testimony.
Business record rule
A direction from an officer of the court to provide testimony.
Jurisdiction
A direction from an officer of the court to provide testimony.
Subpoena ad testificandum
A direction from an officer of the court to provide testimony.
Hearsay rule
A direction from an officer of the court to provide testimony.
Conditions of admission
A direction from an officer of the court to provide testimony.
Custodian
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Subpoena duces tecum
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Covered entity
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Business record rule
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Jurisdiction
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Subpoena ad testificandum
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Hearsay rule
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Conditions of admission
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Custodian
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Subpoena duces tecum
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Covered entity
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Business record rule
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Jurisdiction
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Subpoena ad testificandum
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Hearsay rule
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Conditions of admission
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Custodian
Question
What HIPAA provisions did the HITECH extend? Name and discuss at least two.
Question
There are some exceptions to the rules surrounding notification when protected health information is breached. List the three exceptions, providing examples.
Question
What is the routine process to prepare for a Joint Commission survey?
Question
Compare and contrast privacy, security, and confidentiality. Provide an example of each in a health care situation.
Question
Under what circumstances will a release of information be denied? Name at least four.
Question
What are the five major categories of HIPAA legislation? What is the difference between the Privacy rule and the Security rule?
Question
How is a PHR different from a medical record? How can the PHR assist in maintaining continuity of patient care?
Question
What is jurisdiction? List examples of issues over which municipal, state, and federal courts may have jurisdiction.
Question
List and describe the steps in processing a request for a copy of a health record.
Question
A patient has been admitted to your facility for treatment of pneumonia. He gave insurance information to the patient registration department. During the course of treatment, the patient is found to have AIDS. After discharge, the patient's insurance company asks for a copy of the record. Can the insurance company obtain the record at this point? What are the issues?
Question
What is the process if there is a breach of unsecured health information? What is the process if the breach includes more than 500 patients?
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/55
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 12: Confidentiality and Compliance
1
An officer of the court's direction to produce documents is called:

A) Subpoena duces tecum
B) Subpoena ad testificandum
C) malfeasance
D) jurisdiction
Subpoena duces tecum
2
The following providers/departments make internal requests for patient health information routinely EXCEPT:

A) Utilization review
B) Performance improvement
C) Quality assurance
D) Attending physician
Attending physician
3
A 16-year-old woman presents in the emergency room for treatment of stomach pain, accompanied by her mother and husband. She is conscious, alert, and oriented. Of the following, who is the appropriate individual to sign the consent for treatment?

A) The patient
B) The patient's mother
C) The patient's husband
D) No consent is necessary for this emergency treatment.
The patient
4
The Conditions of Admission are an example of:

A) Prospective consent
B) Retrospective consent
C) Access
D) Jurisdiction
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
5
The purpose of The Joint Commission Steering Committee is to:

A) Ensure that compliance with current standards is evaluated.
B) Conduct mock surveys.
C) Prepare staff for The Joint Commission visit.
D) Do all of the above.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
6
The Privacy Rule addresses the uses and disclosure of _______ information.

A) Protected health
B) Confidential
C) Private
D) Secure
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
7
Although the __________ owns the physical or electronic record, the _________ owns the information in the record.

A) patient; patient
B) facility; patient
C) facility; facility
D) patient; facility
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
8
A valid consent for release of information contains all of the following EXCEPT:

A) Patient's name
B) Patient's marital status
C) Patient's date of birth
D) Date of the request
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
9
Which of the following situations is NOT an exception to permitted disclosures of patient information under the Privacy Rule?

A) About victims of abuse, neglect, or domestic violence
B) For workers' compensation (as authorized by law)
C) For a journalist to verify a story
D) For judicial and administrative proceedings
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
10
The new nursing supervisor is discussing her plans for the unit with you. She wants to hang a board on the wall of the nursing unit listing each patient's name, room number, working diagnosis, and medication schedule. You advise her that:

A) This is a good idea, since it will facilitate coordination of care.
B) It is a violation of confidentiality to display patient-specific information in a public place.
C) This is not a good idea, because it is a violation of prospective consent.
D) The physicians will not like it because it will show everyone who has the most patients.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
11
All of the following are elements of the business record rule EXCEPT:

A) Documentation is contemporaneous with the events it describes.
B) Records are maintained in the normal course of business.
C) Records are kept in accordance with The Joint Commission standards.
D) Documentation is recorded by those who are in a position to know the facts of the events they describe.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
12
An insurance company may obtain patient records by all of the following EXCEPT:

A) Prospective consent under the conditions of admission
B) By subpoena for disclosure of chemical dependency information
C) Prospective consent obtained when the patient became insured
D) Retrospective consent obtained after the patient is discharged
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
13
In litigation, lawyers may request documentation from the HIM department during the ___________ process.

A) certification
B) filing
C) pretrial hearing
D) discovery
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
14
The Notice of Privacy Practices is provided to the patient prior to each admission and contains all of the following required information EXCEPT:

A) Facility's privacy policies
B) Physician's signature
C) Discusses how the facility discloses patient information
D) Privacy officer contact information
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
15
How are security breaches in electronic health records tracked?

A) Audit trails
B) Indexing
C) All health care personnel should have access to all patient medical records.
D) None of the above
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
16
The responsibility for harm or damage caused by actions or inactions is known as:

A) liability
B) tort
C) negligence
D) malpractice
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
17
Some of the following are common safeguards that prevent confidentiality breaches EXCEPT:

A) Automatic log-offs
B) Sharing of passwords among health care providers
C) Screen saver
D) Mandatory password updates
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following scenarios represents a HIPAA violation?

A) Nurses discussing Mrs. Logan's patient care inside Mrs. Carter's room
B) An HIM employee discusses the neighbor's medical history with their mother
C) A hospital employee reviewing the electronic medical record of a celebrity currently admitted to the facility
D) All of the above
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
19
The practice of maintaining confidentiality in health care is based on:

A) Prospective consent
B) Retrospective consent
C) Physician-patient privilege
D) Attorney-client privilege
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
20
The HITECH Act greatly strengthened HIPAA regulations surrounding:

A) the business record rule
B) litigation
C) business associates
D) third-party payers
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
21
The period in which lawyers are preparing their case and obtaining documents and testimonies is called ______________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
22
The right or responsibility to make legal decisions for someone else as a result of a legal document is ______________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
23
A _________ is a law that has been passed by the legislative branch of government. Legislation dealing with confidentiality and health information varies at the state level.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
24
The legal foundation for confidentiality is ____________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
25
A permission that is given after the event to which the permission applies is ___________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
26
__________ is permitted disclosure in which authorization is not required as long as state law allows the exception.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
27
The giving of information to another, whether oral, photocopies, faxes, e-mails, etc., is called ________________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
28
The process of engaging in the legal proceedings of a lawsuit is ___________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
29
__________ is a permission given by a competent individual, of legal age, with full knowledge or understanding of the risks, potential benefits, and potential consequences of the permission.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
30
A _______________ is a facility-wide system of policies, procedures, and guidelines that help to ensure ethical business practices.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
31
Explain informed consent. List three ways that a patient can consent to medical treatment.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
32
A _____________ is the designated official in the health care organization who oversees privacy compliance and handles complaints.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
33
The _____________ brings a lawsuit against the ___________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
34
The patient's compilation of his or her health information is called the ________________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
35
Individually identifiable health information that is transmitted or maintained in any form or medium by covered entities or their business associates is __________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
36
An ____________ is defined as a written document such as a living will or durable power of attorney for health care.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
37
Which of the following types of files should be separate from the medical records library in a secure file?

A) Facility employee file
B) Behavior health patient file
C) Celebrity patient file
D) Law enforcement patient file
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
38
_________ is consideration of a patient as an adult even though the patient is younger than the statutory age.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
39
In some circumstances, patient-specific information can be released without the consent of the patient. List three reasons that information can be released without patient consent.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
39
Match the following terms with their descriptions.
a. Conditions of admission
b. Business record rule
c. Hearsay rule
d. Jurisdiction
e. Custodian
f. Subpoena ad testificandum
g. Subpoena duces tecum
h. Covered entity
9. A direction from an officer of the court to provide documents.
10. Under HIPAA and HITECH provisions, any organization that collects and manages health information.
11. An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
12. The authority of a court to decide certain cases. May be based on geography, money, or type of case.
13. A direction from an officer of the court to provide testimony.
14. The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
15. The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
16. The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
40
List two types of "sensitive" records. Describe what type(s) of additional controls should be in place to manage these records.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
41
Match between columns
Premises:
Responses:
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Disclosure
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Personal health record
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Right to complain
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Notice of privacy practices
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Amendment
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Accounting of disclosures
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Designated record set
The right to withdraw consent or approval for a previously agreed on or approved procedure.
Right to revoke
Patient information that is protected by HIPAA legislation.
Disclosure
Patient information that is protected by HIPAA legislation.
Personal health record
Patient information that is protected by HIPAA legislation.
Right to complain
Patient information that is protected by HIPAA legislation.
Notice of privacy practices
Patient information that is protected by HIPAA legislation.
Amendment
Patient information that is protected by HIPAA legislation.
Accounting of disclosures
Patient information that is protected by HIPAA legislation.
Designated record set
Patient information that is protected by HIPAA legislation.
Right to revoke
A change to the original document.
Disclosure
A change to the original document.
Personal health record
A change to the original document.
Right to complain
A change to the original document.
Notice of privacy practices
A change to the original document.
Amendment
A change to the original document.
Accounting of disclosures
A change to the original document.
Designated record set
A change to the original document.
Right to revoke
The listing of the identity of those to whom certain protected health information has been disclosed.
Disclosure
The listing of the identity of those to whom certain protected health information has been disclosed.
Personal health record
The listing of the identity of those to whom certain protected health information has been disclosed.
Right to complain
The listing of the identity of those to whom certain protected health information has been disclosed.
Notice of privacy practices
The listing of the identity of those to whom certain protected health information has been disclosed.
Amendment
The listing of the identity of those to whom certain protected health information has been disclosed.
Accounting of disclosures
The listing of the identity of those to whom certain protected health information has been disclosed.
Designated record set
The listing of the identity of those to whom certain protected health information has been disclosed.
Right to revoke
When patient information is given to someone else.
Disclosure
When patient information is given to someone else.
Personal health record
When patient information is given to someone else.
Right to complain
When patient information is given to someone else.
Notice of privacy practices
When patient information is given to someone else.
Amendment
When patient information is given to someone else.
Accounting of disclosures
When patient information is given to someone else.
Designated record set
When patient information is given to someone else.
Right to revoke
The patient's right to discuss his or her concerns about privacy violations.
Disclosure
The patient's right to discuss his or her concerns about privacy violations.
Personal health record
The patient's right to discuss his or her concerns about privacy violations.
Right to complain
The patient's right to discuss his or her concerns about privacy violations.
Notice of privacy practices
The patient's right to discuss his or her concerns about privacy violations.
Amendment
The patient's right to discuss his or her concerns about privacy violations.
Accounting of disclosures
The patient's right to discuss his or her concerns about privacy violations.
Designated record set
The patient's right to discuss his or her concerns about privacy violations.
Right to revoke
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Disclosure
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Personal health record
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Right to complain
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Notice of privacy practices
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Amendment
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Accounting of disclosures
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Designated record set
A notice, written in clear and simple language, summarizing a facility's privacy policies and the conditions for use or disclosure of patient health information.
Right to revoke
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Disclosure
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Personal health record
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Right to complain
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Notice of privacy practices
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Amendment
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Accounting of disclosures
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Designated record set
A specific portion of the patient's health information, consisting of medical records, reimbursement and payer information, and other information used to make health care decisions, all of which may be accessed by the patient under HIPAA provisions.
Right to revoke
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
42
What information is provided when there is a breach of confidential health information? Who is responsible to conduct this investigation?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
43
Match between columns
Premises:
Responses:
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Subpoena duces tecum
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Covered entity
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Business record rule
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Jurisdiction
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Subpoena ad testificandum
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Hearsay rule
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Conditions of admission
The person entrusted with the responsibility to care for the confidentiality, privacy, and security of medical records.
Custodian
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Subpoena duces tecum
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Covered entity
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Business record rule
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Jurisdiction
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Subpoena ad testificandum
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Hearsay rule
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Conditions of admission
Under HIPAA and HITECH provisions, any organization that collects and manages health information.
Custodian
A direction from an officer of the court to provide documents.
Subpoena duces tecum
A direction from an officer of the court to provide documents.
Covered entity
A direction from an officer of the court to provide documents.
Business record rule
A direction from an officer of the court to provide documents.
Jurisdiction
A direction from an officer of the court to provide documents.
Subpoena ad testificandum
A direction from an officer of the court to provide documents.
Hearsay rule
A direction from an officer of the court to provide documents.
Conditions of admission
A direction from an officer of the court to provide documents.
Custodian
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Subpoena duces tecum
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Covered entity
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Business record rule
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Jurisdiction
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Subpoena ad testificandum
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Hearsay rule
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Conditions of admission
An exception to the hearsay rule. It allows health records to be admitted as evidence in legal proceedings because they are kept in the normal course of business, recorded concurrently with the events that they describe, and are recorded by individuals who are in a position to know the facts of the events that are described.
Custodian
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Subpoena duces tecum
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Covered entity
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Business record rule
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Jurisdiction
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Subpoena ad testificandum
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Hearsay rule
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Conditions of admission
The authority of a court to decide certain cases. May be based on geography, money, or type of case.
Custodian
A direction from an officer of the court to provide testimony.
Subpoena duces tecum
A direction from an officer of the court to provide testimony.
Covered entity
A direction from an officer of the court to provide testimony.
Business record rule
A direction from an officer of the court to provide testimony.
Jurisdiction
A direction from an officer of the court to provide testimony.
Subpoena ad testificandum
A direction from an officer of the court to provide testimony.
Hearsay rule
A direction from an officer of the court to provide testimony.
Conditions of admission
A direction from an officer of the court to provide testimony.
Custodian
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Subpoena duces tecum
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Covered entity
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Business record rule
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Jurisdiction
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Subpoena ad testificandum
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Hearsay rule
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Conditions of admission
The legal agreement between the health care facility and a patient (or the patient's legal agent) to perform routine services. It may also include the statement of the patient's financial responsibility and prospective consent for release of information and examination and disposal of tissue.
Custodian
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Subpoena duces tecum
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Covered entity
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Business record rule
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Jurisdiction
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Subpoena ad testificandum
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Hearsay rule
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Conditions of admission
The court rule that prohibits most testimony regarding events by parties who were not directly involved in the event.
Custodian
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
44
What HIPAA provisions did the HITECH extend? Name and discuss at least two.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
45
There are some exceptions to the rules surrounding notification when protected health information is breached. List the three exceptions, providing examples.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
46
What is the routine process to prepare for a Joint Commission survey?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
47
Compare and contrast privacy, security, and confidentiality. Provide an example of each in a health care situation.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
48
Under what circumstances will a release of information be denied? Name at least four.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
49
What are the five major categories of HIPAA legislation? What is the difference between the Privacy rule and the Security rule?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
50
How is a PHR different from a medical record? How can the PHR assist in maintaining continuity of patient care?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
51
What is jurisdiction? List examples of issues over which municipal, state, and federal courts may have jurisdiction.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
52
List and describe the steps in processing a request for a copy of a health record.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
53
A patient has been admitted to your facility for treatment of pneumonia. He gave insurance information to the patient registration department. During the course of treatment, the patient is found to have AIDS. After discharge, the patient's insurance company asks for a copy of the record. Can the insurance company obtain the record at this point? What are the issues?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
54
What is the process if there is a breach of unsecured health information? What is the process if the breach includes more than 500 patients?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree