HIO-201 Online Practice Questions and Answers

Patient identifiable information may include:

A. Country of birth.

B. Telephone number,

C. Information on past 3 employers.

D. Patient credit reports.

E. Smart card-based digital signatures.

Select the FALSE statement regarding the administrative requirements of the HIPAA privacy rule.

A. A covered entity must mitigate, to the extent practicable, any harmful effect that it becomes aware of from the use or disclosure of PHI in violation of its policies and procedures or HIPAA regulations.

B. A covered must not in any way intimidate, retaliate, or discriminate against any individual or other entity, which tiles a compliant.

C. A covered entity may not require individuals to waive their rights as a condition for treatments payment, enrollment in a health plan, or eligibility for benefits,

D. A covered entity must retain the documents required by the regulations for a period of six years

E. A covered entity must change its policies and procedures to comply with HIPAA regulations no later than three years after the change in law

A business associate:

A. Requires PKI for the provider and the patient.

B. Is electronically stored information about an individual's lifetime health status and health care.

C. Is another name for an HMO.

D. Identifies all non-profit organizations.

E. Is a person or an entity that on behalf of the covered entity performs or assists in the performance of a function or activity involving the use or disclosure of health-related information.

Select the correct statement regarding the "Minimum Necessary" standard in the HIPAA regulations.

A. In some circumstances a covered entity is permitted, but not required, to rely on the judgment of the party requesting the disclosure as to the minimum amount of information necessary for the intended purpose. Some examples of these requesting parties are: another covered entity or a public official.

B. The privacy rule prohibits use, disclosure, or requests for an entire medical record,

C. Non-Covered entities need to redesign their facility to meet the requirement for minimum necessary uses.

D. The minimum necessary standard requires covered entities to prohibit maintenance of medical charts at bedside and to require that X-ray light boards be totally isolated.

E. If there is a request for more than the minimum necessary PHI, the privacy rule requires a covered entity to deny the disclosure of information after recording the event in the individual's case file.

Which of the following is example of "Payment" as defined in the HIPAA regulations?

A. Annual Audits

B. Claims Management

C. Salary disbursement to the workforce having direct treatment relationships.

D. Life Insurance underwriting

E. Cash given to the pharmacist for the purchase of an over-the-counter drug medicine

A valid Notice of Privacy Practices must

A. Detail specifically all activities that are considered a use or disclosure

B. Describe in plain language what is meant by treatment, payment, and health care operations (TPO).

C. Inform the individual that protected health information (PHI) may only be used for valid medical research.

D. Inform the individual that this version of the Notice will always cover them, regardless of subsequent changes.

E. State the expiration date of the Notice.

Which of the following is a required implementation specification associated with the Contingency Plan Standard?

A. Integrity Controls

B. Access Control and Validation Procedures

C. Emergency Mode Operation Plan

D. Response and Reporting

E. Risk Analysis

Select the correct statement regarding the transaction rule.

A. The Transaction standards apply to electronic transactions.

B. ERISA plans are exempted from the standard.

C. Data stored by a covered entity must meet the transaction standards if the covered entity is directly submitting standard transactions.

D. A covered entity (e.g. provider, health plan) may submit non-standard transactions to a clearinghouse that converts them into standard transactions. In this case the covered entity still needs to store its data in transaction standard formats.

E. State Medicaid programs need not meet the same requirements as private health plans.

ANSI ASO X12 is the standard for

A. Security requirements.

B. Privacy requirements.

C. Is another name for the Security Rule.

D. Representation of all health care claims.

E. Encrypting all information for use over a P1<1.

HIPAA establishes a civil monetary penalty for violation of the Administrative Simplification provisions. The penalty may not be more than.

A. $1 000000 per person per violation of a single standard for a calendar year

B. $10 per person per violation of a single standard for a calendar year.

C. $25000 per person per violation of a single standard for a calendar year.

D. $2,500 per person per violation of a single standard for a calendar year

E. $1000 per person per violation of a single standard for a calendar year