CAHIMS UNIT 7 QUESTIONS WITH CORRECT ANSWERS 100- VERIFIED.
9 views 0 purchase
Course
RN - Registered Nurse
Institution
RN - Registered Nurse
CAHIMS UNIT 7 QUESTIONS WITH CORRECT ANSWERS 100- VERIFIED.
CAHIMS UNIT 7 QUESTIONS WITH CORRECT ANSWERS 100- VERIFIED.
CAHIMS UNIT 7 QUESTIONS WITH CORRECT ANSWERS 100- VERIFIED.
CAHIMS UNIT 7 QUESTIONS WITH CORRECT ANSWERS 100%
VERIFIED
1. True or false? Administrative activities, fraud and abuse investigations, and health insurance policy underwriting
are not covered by the HIPAA Privacy Rule.: false
In general, patient authorization is not required in order to disclose personal health information for
the purposes of treatment, payment, and healthcare operations (TPO). Healthcare operations are all
activities that support the treatment and pay- ment activities of healthcare. Administrative activities,
fraud and abuse investiga- tions, and health insurance policy underwriting are just a few examples of
healthcare operations.
2. The National Research Council (NRC) recommends that all organizations that handle protected health
information (PHI) should have --authentica- tion/access/audit-- controls in place to ensure that users can access only
the information they need to perform their job.: access
3. True or false? Under the HIPAA compliance audit program, entities that the Office for Civil Rights (OCR) finds not
to be in good faith compliance with HIPAA could face large penalties.: true
4. True or false? Although it is resource intensive, humans must directly verify the accuracy of data stored in
databases to ensure their integrity.: false
5. --Nonrepudiation/Integrity/Availability-- provides proof that a certain action has taken place or that something
or someone is what or who they claim to be.: Nonrepudiation
Nonrepudiation requires that those who access protected health information are allowed to do so and
,that they prove they are who they say they are.
6. When Minjoon received a statement from his insurance company regarding his recent eye surgery, he noticed
that it said he had surgery on his right eye, but the surgery was actually performed on his left eye. It turns out that
the mistake was in the provider's records, which he eventually had corrected. Which of the following principles
underlying HIPAA privacy and security came into play when the records were changed?
Accountability Public
responsibility Consumer
control
Security: consumer control
7. Under the HITECH Act, covered entities must maintain a log of breaches and annually report them to
--HHS/affected patients/local media--.: HHS
8. Providing patients with a copy of their paper health record poses a security safeguard challenge because the data
must be encrypted.: false
Data encryption is a security safeguard for electronic data, not paper data.
9. An example of a public health agency that functions primarily as a --cov- ered/hybrid/noncovered-- entity is one
that is mandated by state law to receive protected health information (PHI) from healthcare providers in order to
con- duct an epidemiological investigation.: noncovered
10. In cases of --international disease outbreaks/births and deaths/workplace medical surveillance--, public health
agencies must notify patients of disclo- sure of their protected health information (PHI) even though patient
authoriza- tion is not required.: workplace medical surveillance
,11. Acme Health Informatics is a company that receives medical claim informa- tion from providers who do not have
systems that can process standard code sets electronically. Acme converts this information into standard electronic
format and submits it to the appropriate health insurance plan for processing. True or false? Acme Health
Informatics is not a covered entity according to HIPAA.: false
Acme Health Informatics is a healthcare clearinghouse and so is a covered entity according to HIPAA.
12. True or false? The Privacy Act of 1974 applied only to federal agencies, not to state or local governments.: true
13. Sonja is a data entry clerk for American Health Insurance Corporation. Her sole job function is to type
information from paper claims into the company's computer system so it can be processed. She cannot view records
of cus- tomer service calls or previously submitted claims. Which recommendation of the National Research Council
(NRC) is the company following?
Software discipline Backup
plans Audit trails
Access controls: access controls
14. General Hospital has an automated process in place that records all ac- cesses to its computer systems.
Designated staff are charged with running reports to break down and review these accesses to ensure that any
access to and creation or modification of protected health information (PHI) complies with regulations and hospital
guidelines. Which of the following safeguards is the hospital implementing in maintaining this record of all accesses
to its PHI?
Administrative
Physical Technical:
technical
, 15. Which of the following best ensures health information database integrity? Restricting database access only to
individuals who need it to do their job. Analyzing information stored in databases to promote public health.
Verifying the accuracy of the information retrieved from a database.
Training employees who must access databases on privacy and security requirements.: Verifying the accuracy of
the information retrieved from a database.
16. True or false? Accountability is the ethical expectation of privacy between a patient and healthcare provider.:
false
Accountability stipulates that individuals and groups will be held responsible for their actions.
Confidentiality is the ethical expectation of privacy between a patient and healthcare provider. It
means that protected health information is not to be made available or disclosed to unauthorized
persons.
17. The recommendations for punishments for privacy or security violations relates to which principle?
Boundaries Security
Consumer control
Accountability
Public responsibility: Accountability
18. True or false? A subcontractor that creates, receives, maintains, or trans- mits protected health information
(PHI) on behalf of a covered entity's busi- ness associate is also defined as a business associate under the HITECH
Act.: TRUE
19. Under the HITECH Act, some breached information does not have to
be reported if it is unreadable, unusable, or indecipherable to unauthorized individuals by either encryption or
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller examiner123. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.
