Under HIPAA regulations, how many days does a covered entity have to
respond to an individual's request for access to his or her PHI when the PHI
is stored off-site? ANS✔✔ 60 days - A covered entity must act on an
individual's request for review of protected health information (PHI) no later
than 30 days after the request is made, extending the response period by
no more than 30 additional days if it gave the individual a written statement
within the 30-day time period explaining the reasons for the delay and the
date by which the covered entity will complete its action on the request.
The covered entity may extend the time for action on a request for access
only once. If PHI is not maintained or located on-site, the covered entity is
given within 60 days of receipt to respond to a request
The legal health record (LHR) is a(n) ANS✔✔ Set of patient-specific data that
is defined to be legal by state or federal statute and that is legally
permissible to provide in response to requests for patient information - The
legal health record is a defined subset of all patient-specific data. The legal
health record is the record that will be disclosed upon request by third
parties. It includes documentation about health services provided and
stored on any media
Which of the following statements is true regarding HIPAA security? ANS✔✔
Institutions are allowed flexibility in the way they implement HIPAA
standards. - HIPAA allows a covered entity to adopt security protection
measures that are appropriate for its organization as long as they meet the
minimum HIPAA security standards. Security protections in a large medical
facility will be more complex than those implemented in a small group
practice
, Solution 2024/2025
Pepper
Which of the following is considered a two-factor authentication system?
ANS✔✔ Password and swipe card - Strong authentication requires providing
information from two of the three different types of authentication
information. The three methods are something you know such as a
password or PIN; something you have, such as an ATM card, token, swipe
card, or smart card; and something you are, such as a biometric fingerprint,
voice scan, iris, or retinal scan. An individual who provides something he
knows (password) and something he has (swipe card) is called two-factor
authentication
Which of the following statements is true in regard to responding to
requests from individuals for access to their protected health information
(PHI)? ANS✔✔ A cost-based fee may be charged for making a copy of the
PHI - HIPAA allows the covered entity to impose a reasonable cost-based fee
when the individual requests a copy of PHI or agrees to accept summary or
explanatory information. The fee may include the cost of: copying, including
supplies, labor, and postage. HIPAA does not permit "retrieval fees" to be
charged to patients
A home health agency plans to implement a computer system whereby its
nurses document home care services on a laptop computer taken to the
patient's home. The laptops will connect to the agency's computer network.
The agency is in the process of identifying strategies to minimize the risks
associated with the practice. Which of the following would be the best
practice to protect laptop and network data from a virus introduced from an
external device? ANS✔✔ Personal firewall software - A firewall is a part of a
computer system or network that is designed to block unauthorized access
while permitting authorized communications. It is a software program or
device that filters information between two networks, usually between a
private network like an intranet and a public network like the Internet
Central City Clinic has requested that Ghent Hospital send its hospital
records for Susan Hall's most recent admission to the clinic for her follow-up
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Schoolflix. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £12.98. You're not tied to anything after your purchase.