RHIT Domain 5 Exam with Revised
Answers
Which of the following issues compliance program guidance?
a. AHIMA
b. CMS
c. Federal Register
d. HHS Office of Inspector General - Answer-d
From February 1998 until the present, the Office the Inspector General (OIG) continues
to issue compliance program guidance for various types of healthcare organizations.
The OIG website (www.oig.hhs.gov) posts the documents that most healthcare
organizations need to develop fraud and abuse compliance plans (Casto and Forrestal
2015, 37).
In a typical acute-care setting, the Explanation of Benefits, Medicare Summary Notice,
and Remittance Advice documents (provided by the payer) are monitored in which
revenue cycle area?
a. Preclaims submission
b. Claims processing
c. Accounts receivable
d. Claims reconciliation and collections - Answer-d
The last component of the revenue cycle is reconciliation and collections. The
healthcare facility uses the EOB, MSN, and RA to reconcile accounts. These are
monitored in the claims reconciliation and collections area of the revenue cycle (Casto
and Forrestal 2015, 256).
If an HIM department acts in deliberate ignorance or in disregard of official coding
guidelines, it may be committing:
a. Abuse
b. Fraud
c. Malpractice
d. Kickbacks - Answer-b
Medicare defines fraud as an intentional representation that an individual knows to be
false or does not believe to be true but makes, knowing that the representation could
result in some unauthorized benefit to himself or herself or some other person.
Disregard for official coding guidelines would be considered fraud (Casto and Forrestal
2015, 36).
In Medicare, the most common forms of fraud and abuse include all except which of the
following?
,a. Billing for services not furnished
b. Misrepresenting the diagnosis to justify payment
c. Unbundling or exploding charges
d. Implementing a clinical documentation improvement program - Answer-d
In Medicare, the most common forms of fraud and abuse include billing for services not
furnished; misrepresenting the diagnosis to justify payment; soliciting, offering, or
receiving a kickback; unbundling; falsifying certificates of medical necessity; and billing
for a service not furnished as billed, known as upcoding (Casto and Forrestal 2015, 36).
Medical identity theft includes which of the following:
a. Using another person's name to obtain durable medical equipment
b. Purchasing an EHR
c. Purchasing surgical equipment
d. Using another healthcare provider's national provider identifier to submit a claim -
Answer-a
Medical identity theft is a crime that challenges healthcare organizations and the health
information profession. A type of healthcare fraud that includes both financial fraud and
identity theft, it involves either (a) the inappropriate or unauthorized misrepresentation of
one's identity (for example, the use of one's name and Social Security number) to obtain
medical services or goods, or (b) the falsifying of claims for medical services in an
attempt to obtain money (Rinehart-Thompson 2016b, 247).
A laboratory employee forgot his password to the computer system while trying to
record the results for a STAT request. He asked his coworker to log in for him so that he
could record the results and said he would then contact technical support to reset his
password. What controls should have been in place to minimize this security breach?
a. Access controls
b. Security incident procedures
c. Security management process
d. Workforce security awareness training - Answer-d
A strategy included in a good security program is employee security awareness training.
Employees are often responsible for threats to data security. Consequently, employee
awareness is a particularly important tool in reducing security breaches (Rinehart-
Thompson 2016c, 272).
Which step of risk analysis identifies information assets that need protection?
a. Identifying vulnerabilities
b. Control analysis
c. System characterization
d. Likelihood determination - Answer-c
The first step of risk analysis is system characterization. It focuses on what the
organization possesses by identifying which information assets need protection. The
,assets may be identified either because they are critical to business operations (for
example, the data itself, such as e-PHI) or because critical data is processed and stored
on the system (such as hardware) (Rinehart-Thompson 2013, 117).
Sarah, a new graduate of a health information technology program, sits for the
registered health information technician (RHIT) exam and fails. She does not want her
employer to know she failed and tells her coworkers she passed the examination. Sarah
then starts using the RHIT credential after her name in work correspondence. A
coworker, Nancy, discovers that Sarah is using the RHIT credential fraudulently and
notifies the supervisor, Joan. What is the responsibility of Nancy and Joan in this
situation?
a. Contact AHIMA and report the abuse
b. Contact the state licensing division
c. Contact the office of the inspector general
d. Contact the HIT program - Answer-a
HIM professionals should be guided by the AHIMA Code of Ethics in making ethical
decisions that relate to the HIM profession. In this situation, Joan and Nancy should
contact AHIMA and report the abuse (Gordon and Gordon 2016c, 614).
Which plan should be devised to respond to issues arising from the clinical
documentation improvement (CDI) compliance and operational audit process?
a. CDI response plan
b. Quality assurance plan
c. CDI plan
d. Corrective action plan - Answer-d
Most audits should identify some issues, either operational or compliance, in the clinical
documentation improvement (CDI) process, even if they are minor issues. An
organization needs to develop a corrective action plan for any identified issues (Hess
2015, 214).
Events that occur in a healthcare organization that do not necessarily affect an outcome
but carry significant chance of being a serious adverse event if they were to recur are:
a. Time-out
b. Serious events
c. Sentinel events
d. Near misses - Answer-d
Near misses include occurrences that do not necessarily affect an outcome but if they
were to recur they would carry significant chance of being a serious adverse event.
Near misses fall under the definition of a sentinel event, but are not reviewable by The
Joint Commission under its current sentinel event policy (Shaw and Carter 2015, 221).
What is one key component of a compliant clinical documentation improvement
program?
, a. Detailed review of Joint Commission findings
b. Documented, mandatory physician education
c. Revenue cycle team involvement
d. Exceeding query response targets - Answer-b
There are three components an organization should include early in the implementation
of a compliant clinical documentation improvement (CDI) program. These include:
documented, mandatory physician education; detailed query documentation; CDI
policies and procedures with annual sign-off from all program staff (Hess 2015, 208).
What is the most constant threat to health information integrity?
a. Natural threats
b. Environmental threats
c. Internal threats
d. Humans - Answer-d
Health information can be threatened by humans as well as by natural and
environmental factors. Threats posed by humans can be either unintentional or
intentional. Threats to health information can result in compromised integrity (that is,
alteration of information, either intentional or unintentional), theft (intentional by nature),
loss (unintentional) or intentional misplacement, other wrongful uses or disclosures
(either intentional or unintentional), and destruction (intentional or unintentional)
(Rinehart-Thompson 2013, 118).
The overutilization or inappropriate utilization of services and misuse of resources,
typically not a criminal or intentional act is called which of the following?
a. Fraud
b. Abuse
c. Waste
d. Audit - Answer-c
Waste is the overutilization or inappropriate utilization of services and misuse of
resources, and typically is not a criminal or intentional act. Waste includes practice like
over prescribing and ordering tests inappropriately (Foltz et al. 2016, 448).
Examples of high-risk billing practices that create compliance risks for healthcare
organizations include all except which of the following?
a. Altered claim forms
b. Returned overpayments
c. Duplicate billings
d. Unbundled procedures - Answer-b
Fraudulent billing practices represent a major compliance risk for healthcare
organizations. High-risk billing practices include: billing for noncovered services, altered
claim forms, duplicate billing, misrepresentation of facts on a claim form, failing to return
overpayments, unbundling, billing for medically unnecessary services, overcoding and
