Rules, Regulations, and Standards

Question 1

Maintains a list of approved accreditation organizations for health care providers, as providers and suppliers who have been accredited by one of these national accrediting agencies are exempt from state surveys in determining if they are in compliance with Medicare - mandated conditions.

Answer 1

Centers for Medicare and Medicaid Services (CMS)

Question 2

Approved Medicare accreditation organizations include:

Answer 2

The Joint Commission, Community health association program, and the Accreditation Commission for Health Care.

Question 3

Whose role is it to update documentation requirements based on changes to regulatory or accreditation standards?

Answer 3

The Nursing Informatics Specialist

Question 4

This committee created the standards associated with administrative medical insurance tasks.

Answer 4

The Accreditation Standards Committee (ASC)

Question 5

This set of standards are used nationwide, helps with claims, enrollment, and determining insurance eligibility.

Answer 5

X12N

Question 6

This council developed pharmacy standards for the U.S. Electronic claims processing under this standard was first introduced in 1992, and has gone on to make up nearly 100% of retail pharmacy claims being processed in real - time.

Answer 6

The National Council for Prescription Drugs Program (NCPDP)

Question 7

Another NCPDP set of standards, focuses on the communication of information within and between different healthcare facilities.

Answer 7

HL7

Question 8

Reimbursement systems

Answer 8

Pay for Performance (P4P) or Value - based purchasing

Question 9

What is the primary objective of P4P programs?

Answer 9

to reward the health care providers when patients have good results.

Question 10

P4P payment

Answer 10

related to quality versus quantity of service.

Question 11

Under the Medicare Inpatient Prospective Payment System (IPPS), patient must be given…

Answer 11

A present - on - admission (POA) Medicare severity diagnosis - related group (MS-DRG) diagnosis.

Question 12

What is the “Y” POA indicator on Medicare claims?

Answer 12

Medicare pays for a condition if a hospital acquired condition (HAC) is present on admission.

Question 13

What is the “N” POA indicator on Medicare claims?

Answer 13

Medicare will not pay for condition if a HAC is present on discharge but not on admission.

Question 14

What is the “U” POA indicator on Medicare claims?

Answer 14

Medicare will not pay for condition if a HAC is present and documentation is not adequate to determine if the condition was present on admission.

Question 15

What is the “W” POA indicator on Medicare claims?

Answer 15

Medicare will not pay for condition if a HAC is present and if the health care provider cannot determine if the condition was present on admission.

Question 16

Medicare instituted, what, for serious, preventable, hospital - acquired conditions and complications for which Medicare will not reimburse hospitals?

Answer 16

Do not pay list

Question 17

Why does Medicare have a Do not pay list?

Answer 17

to control quality of care and to cut costs

Question 18

How many categories are currently on the do not pay list for Medicare?

Answer 18

over forty

Question 19

What department handles negligence and malpractice?

Answer 19

Risk Management

Question 20

Indicates that improper care has not been provided.

Answer 20

Negligence

Question 21

Indicates that an individual failed to provide reasonable care or to protect/ assist another, based on the standards and expertise.

Answer 21

Negligent conduct

Question 22

Willfully providing inadequate care while disregarding the safety and security of another

Answer 22

Gross negligence

Question 23

Involves the injured parties contributing to the harm done.

Answer 23

Contributory negligence

Question 24

Attempts to determine what percentage of negligence is attributed to each individual involved.

Answer 24

Comparative Negligence

Question 25

If health care providers provide patients access to them via e-mail or messaging and do not respond promptly to those messages, then they be liable for what?

Answer 25

Malpractice

Question 26

Types of patient data misuse include:

Answer 26

Identity theft
Unauthorized access Privacy violations
Security breaches

Question 27

Health records often contain identifying information, such as Social Security numbers, credit card numbers, birthdates, and addresses, making patients vulnerable.

Answer 27

Identify theft

Question 28

Although EHRs and computerized documentation systems are password protected, providers sometimes share passwords or unwittingly expose their passwords when logging in, inadvertently allowing access to information about patients.

Answer 28

Unauthorized access

Question 29

Even professionals authorized to access a patient’s record may share private information with others, such as family or friends.

Answer 29

Privacy violations

Question 30

Data are vulnerable to security breaches of careless, inadequate security, especially when various business associates, such as billing companies, have access to private information.

Answer 30

Security breaches

Question 31

Those who use proprietary software should require all those working with the data, including third parties, sign ____________________, to prevent information regarding the software or data from being stolen or misused.

Answer 31

a Nondisclosure agreement

Question 32

Stealing proprietary data is most common when …

Answer 32

people leave an organization and is often used to benefit a new employer.

Question 33

Stealing legally protected information is an act of?

Answer 33

Fraud

Question 34

The Health insurance portability and accountability act of 1996 mandates ____________ and _______________ to ensure that health information and individual privacy are protected.

Answer 34

Privacy and Security

Question 35

Protected information includes any information included in the medical record (electronic or paper), conversations between the physician and other health care providers, billing information, and any other form of health information. Procedures must be in place to limit access and disclosures.

Answer 35

Privacy Rule

Question 36

Any electronic health information must be secure and protected against threats, hazards, or nonpermitted disclosures, in compliance with established standards.

Answer 36

Security Rule

Question 37

Limiting access to those authorized, use of unique identifiers for each user, automatic logoff, encryption and decryption of protected health care information, authentication that health care data have not been altered or destroyed, monitoring of logins and security of transmission.

Answer 37

Security Requirements

Question 38

This must include a unique identifier, procedures to access the system in emergencies, time out, and encryption/ decryption

Answer 38

Access controls

Question 39

The two major factors for security of patient information include:

Answer 39

Information should be transmitted accurately and quickly.
Clinical and non - clinical systems should be fully integrated.

Question 40

Requested information should be supplied within _______________ of the request.

Answer 40

24 hours

Question 41

Passed in 1996 to protect patient privacy rights

Answer 41

Health Insurance Portability and Accountability Act (HIPAA)

Question 42

Compliance dates: Electronic transactions and code sets are to be identified.

Answer 42

October 16, 2002

Question 43

Compliance dates: Privacy standards are to be set.

Answer 43

April 14, 2003

Question 44

Compliance dates: Standards for employer identification are to be set.

Answer 44

July 30, 2004

Question 45

Compliance dates: Standards for system and data security are to be set.

Answer 45

April 21, 2005

Question 46

Compliance dates: Standards for provider identification are to be set.

Answer 46

May 23, 2007

Question 47

Freedom from intrusion, or control over the exposure of self or personal information. In Healthcare, an individual’s right to privacy includes remaining anonymous by request, deciding what information is collected and that information is used.

Answer 47

Privacy

Question 48

The careful sharing of private information to people who have a valid interest in helping the individual.

Answer 48

Confidentiality

Question 49

Occurs when someone other than the authorized system personnel access a private computer system.

Answer 49

System Penetration

Question 50

The willful destruction of computer equipment (or database records).

Answer 50

Sabatoge

Question 51

Majority of sabotage occurrences come from?

Answer 51

Angry or unhappy employees

Question 52

There are several ways that __________ occur in computer systems: poor design, incorrect data entry, or retrieval of an incorrect entry.

Answer 52

Error

Question 53

May cause the system to shut down entirely for an undefined length of time.

Answer 53

Disasters

Question 54

The biggest security problem for health database systems is. …

Answer 54

Unauthorized User

Question 55

An employee of the company that has legitimate access to the database system, but access of information beyond what is needed for their job or task.

Answer 55

Unauthorized User

Question 56

Five types of malicious computer programs:

Answer 56

Viruses
Worms
Trojan Horses
Logic Bombs
Bacteria

Question 57

Can damage data, but may only be an annoyance.

Answer 57

Viruses

Question 58

Computer must be running in order for these to spread

Answer 58

Viruses

Question 59

Named after the pattern of damage they perform

Answer 59

Worms

Question 60

Use LAN and WAN practices to spread and reproduce

Answer 60

Worms

Question 61

Appear to be performing a legitimate task, but actually do something else.

Answer 61

Trojan Horse

Question 62

These malicious programs do not self- replicate.

Answer 62

Trojan Horse

Question 63

These malicious programs can be easily confined once found.

Answer 63

Trojan Horse

Question 64

Triggered by a specific bit of data.

Answer 64

Logic Bombs

Question 65

Can be hidden in a normal program.

Answer 65

Logic Bombs

Question 66

Type of virus

Answer 66

Logic bombs & Bacteria

Question 67

Are not attached to existing programs

Answer 67

Bacteria

Question 68

Malicious software

Answer 68

Viruses or Trojan horses

Question 69

Two types of programs are essential to the security of today’s computers

Answer 69

Antivirus software and spyware detection software

Question 70

The process of using mathematical formulas to code data so that it is unrecognizable if it is intercepted by someone outside of the system.

Answer 70

Encryption

Question 71

Three ways that encryption can be handled by the company:

Answer 71

At the desktop, administrated, or server wide.

Question 72

How many levels are there for user authentication security?

Answer 72

Three

Question 73

What level of Authentication Security:
Once an individual is logged into the system (using their name and password), their name appears on the screen and their access is tracked as they use the system.

Answer 73

Level One

Question 74

What level of Authentication Security:
Users are automatically logged out after some period of inactivity and must log in again.

Answer 74

Level One

Question 75

What level of Authentication Security:
Must update their password on a regular basis.

Answer 75

Level One

Question 76

What level of Authentication Security:
Most Secured level

Answer 76

Level Three

Question 77

What level of Authentication Security:
Encrypted key- based authentication

Answer 77

Level Two

Question 78

What level of Authentication Security:
User must present computer access card (CAC) to the system before they can log in.

Answer 78

Level Two

Question 79

What level of Authentication Security:
Automatic log out if CAC is too far from the computer.

Answer 79

Level Two

Question 80

What level of Authentication Security:
Uses something unique to the individual such as: fingerprint, retinal scan, or face recognitition

Answer 80

Level Three; Biometric authentication

Question 81

What level of Authentication Security:
Cannot be lost or stolen

Answer 81

Level Three

Question 82

How many characters for a secured password?

Answer 82

Eight

Question 83

Records of activity related to systems and applications, users’ access, and use of systems and applications.

Answer 83

Audit Trials

Question 84

A security tool that allows administrators to track individual users, identify the cause of problems, note data modification and misuse of equipment, and reconstruct computer events.

Answer 84

Audit Trials

Question 85

Include event records and keystroke monitoring

Answer 85

Audit trials

Question 86

Audit trials at this level generally record any logins, including identification, date, and time, devices used, and functions.

Answer 86

System Level

Question 87

Audit trials at this level monitor activity within the application, including opened files, editing, reading, deleting, and printing.

Answer 87

Application Level

Question 88

items used to authenticate a person’s identity and allow access to a system.

Answer 88

Tokens

Question 89

Generate one time passwords

Answer 89

SecureID by RSA

Question 90

These include driver’s licenses and employee badges but provide very little security as they can easily be falsified or stolen.

Answer 90

ID cards

Question 91

These combine use of the token with other information, such as user name and password.

Answer 91

Challenge- response tokens

Question 92

These contain microchips with information that can be programmed to allow access, like a debit card.

Answer 92

Smart cards

Question 93

Track who is accessing a system and the duration of access.

Answer 93

Databases

Question 94

May occur as the result of a number of different problems.

Answer 94

Security failures

Question 95

Penetration can result from undetected vulnerabilities.

Answer 95

System Penetration

Question 96

System penetration perpretrators

Answer 96

cyberhackers, hackers, computer specialists, authorized users, unauthorized users, and opportunists.

Question 97

This includes physical damage to the system or purposeful alterations in applications

Answer 97

Destruction/ sabotage

Question 98

May result from poor design, incorrect entries, system changes, poorly trained personnel, and absence of adequate procedures, policies and education

Answer 98

Password management

Question 99

How many categories of threats to a computer system are there?

Answer 99

Four

Question 100

Can be either natural or man made.

Answer 100

Environmental Disasters

Question 101

These include blizzards, earthquakes, epidemics, floods, tornadoes, and hurricanes.

Answer 101

Natural Disaster

Question 102

Chemical contamination, power outages, accidents when hardware is being transported, and toxic fumes.

Answer 102

Man- made environmental disasters

Question 103

One of the major causes of problems with a computer system.

Answer 103

Human errors

Question 104

Includes overwriting files, accidently deleting files, and overloading the system with unnecessary programs.

Answer 104

Human errors

Question 105

Includes theft, malicious programs, terrorism, and cybercrime.

Answer 105

Human mischieft

Question 106

Includes disconnecting wiring, CPU crashes, and storage drive failure

Answer 106

Equipment failure

Question 107

the American Recovery and Reinvestment Act of 2009 included:

Answer 107

Health Information Technology and Economic and Clinical Health Act (HITECH)

Question 108

Provides incentive payments to Medicare practitioners to adopt electronic health records (EHRs)

Answer 108

HITECH

Question 109

Provides penalties in the form of reduced Medicare payments for those who do not adopt EHRs, unless exempted by hardship.

Answer 109

HITECH