CDEO CHAPTER 2 UPDATED 2024-2025
/QUESTIONS WITH COMPLETE SOLUTIONS
(A+)
The _______ standards address how an individual's protected
health information (PHI) may be used. Its purpose is to protect
individual Correct Answer Privacy Rule
Correct Answer privacy, while promoting high-quality healthcare
and public health and well-being.
The Privacy Rule was designed to be ______ and ______, to
allow for the various uses and disclosures the healthcare
community must address. Correct Answer flexible,
comprehensive
____ covered entities are required to follow the Privacy Rule.
Correct Answer All
Covered entities are defined as health _____, healthcare
________, and any healthcare _________ who transmits health
Correct Answer plans, clearinghouses, provider
Correct Answer information in an electronic format.
Health ______ covered entities are organizations that pay
providers on behalf of an individual receiving medical care. These
plans include health, dental, vision, and prescription drug
insurers. Some examples include health maintenance
organizations (HMOs), Medicare, Medicaid, Correct Answer plan
Correct Answer and Medicare supplement insurers, as well as
employer, government, and church-sponsored group health plans.
There are exceptions: An employer who solely establishes and
,maintains the plan with fewer than 50 participants is exempt. Two
types of government-funded programs
Correct Answer are not health plans: food stamps and
community health centers. Insurers providing only worker's
compensation, automobile insurance, and property and casualty
insurance are not considered to be health plans.
All healthcare ________ who electronically transmit health
information through certain transactions are covered entities.
Some examples of transactions that may be submitted
electronically are claim forms, inquiries about the eligibility of
benefits, and requests for authorization of referrals. Simply using
electronic technology, such as sending emails, does not mean a
healthcare provider is a covered entity; the transmission must be
in connection with a standard transaction. The rule applies to all,
regardless of whether they transmit the transactions directly, or
use a billing service or other third party to transmit on their behalf.
They are defined as providers of services, such as hospitals, and
providers of medical or health services, such as physicians,
dentists, and other practitioners who furnish, bill, or receive
payment for healthcare. Correct Answer providers
Healthcare ________ include billing services, repricing
companies, and community health management information
systems that process nonstandard information, received from
another entity, into a standard (ie, standard format or data
content) or vice versa. In most instances, healthcare
clearinghouses receive individually identifiable information for
processing services to a health plan or healthcare provider as a
business associate. In these cases, only certain provisions are
applicable to the clearinghouses' uses and disclosures of
protected health information. Correct Answer clearinghouses
,_______ occur through electronic exchanges, which allow
information to be transferred between two parties for specific
purposes. Correct Answer Transactions
A healthcare provider will send a claim to a health _____ to
request payment for the medical services he or she provides.
Correct Answer plan
_____ regulations standardized transactions for Electronic Data
Interchange (EDI) of healthcare data. These transactions are:
claims and encounter information, payment and remittance
advice, claims status, eligibility, enrollment and disenrollment,
referrals and authorizations, coordination of benefits, and
premium payment. Correct Answer HIPAA
Under _______, electronic transactions must use the adopted
standard and adhere to the content and format requirements of
ASC X12N or NCPDP (used for certain pharmacy transactions)
for each transaction. An additional rule was adopted to
standardize the code sets for diagnoses and procedures. These
code sets include: HCPCS (Healthcare Common Procedure
Coding System—ancillary services and procedures); CPT®
(Current Procedural Terminology—physician's procedures);
CDT® (Current Dental Terminology—dental procedures); ICD-9
(International Classification of Diseases-9th revision— diagnosis
and inpatient hospital procedures); ICD-10 (International
Classification of Diseases-10th Revision, which replaced ICD-9
on October 1, 2015); and NDC (National Drug Codes). Correct
Answer HIPAA
In addition to the standardization of the codes used to request
payment for medical services, a _______ for employers and
providers must be used on all transactions. Correct Answer
unique identifier
, _______ perform certain functions or activities, which involve the
use or disclosure of individually identifiable health information, on
behalf of another person or organization, without being a member
of the entity's workforce. These services include claims
processing or administration, data analysis, utilization review,
billing, benefit management, and re-pricing. Correct Answer
Business associates
_______ associate services to a covered entity are limited to
legal, actuarial, accounting, consulting, data aggregation,
management, administrative, accreditation, or financial services.
Correct Answer Business
To be considered a business associate, the persons or
organizations would involve the use or disclosure of ________
between the two parties. Correct Answer protected health
information
A covered entity ____ be a business associate of another covered
entity. Correct Answer can
HITECH Correct Answer Health Information Technology for
Economic and Clinical Health Act
The ______ enacted as part of the American Recovery and
Reinvestment Act (ARRA) of 2009, also specifies that an
organization that provides data transmission of PHI to a covered
entity and that requires access to PHI routinely, such as a Health
Information Exchange Organization, will be treated as a business
associate. Correct Answer HITECH
A _______ is required between business associates to impose
specified written safeguards on the individually identifiable health
information used or disclosed by the business associate. It must
describe the permitted and required uses of protected health