Fundementals of HIPPA Review

Question 1

T or F
Only clinical staff need to understand HIPAA.

Answer 1

False

Question 2

COBRA (Consolidated Omnibus Budget Reconciliation Act of 1985) helps workers who have coverage with a

Answer 2

group health plan.

Question 3

T or F
Health care professionals have generally found that HIPAA has simplified claims submissions.

Answer 3

True

Question 4

T or F
he Department of Health and Human Services (DHHS) is responsible to notify all health care providers of changes in the HIPAA rulings.

Answer 4

False

Question 5

The HIPAA Security Officer is responsible for

Answer 5

safeguarding all electronic patient health information.

Question 6

T or F
With the passage of HIPAA, large health care providers would be treated with faster service since their volume of claims is larger than small rural providers.

Answer 6

false

Question 7

T or F
Under HIPAA, providers may choose to submit claims either on paper or electronically.

Answer 7

It depends whether they are a small or large provider

Question 8

Medical Savings Account (now Health Savings Account) is a means to shelter funds from taxes to pay for

Answer 8

medical expenses

Question 9

T or F
Privacy of PHI and security of PHI are the same thing.

Answer 9

False

Question 10

Which group is not one of the three covered entities?

Answer 10

patients

Question 11

Written policies and procedures relating to the HIPAA Privacy Rule

Answer 11

must be available to all employees.

Question 12

The Office for Civil Rights receives complaints regarding the Privacy Rule. About what percentage of these complaints have been ruled either no violation or the entity is working toward compliance?

Answer 12

about 75%

Question 13

T or F
A covered entity does not have to disclose PHI to the Office for Civil Rights if they come to investigate a complaint. That is not allowed by HIPAA law.

Answer 13

False

Question 14

T or F
The response, “She was taken to ICU because her diabetes became acute” is an example of HIPAA-compliant disclosure of information.

Answer 14

False

Question 15

T or F
In HIPAA usage, TPO stands for treatment, payment, and optional care.

Answer 15

False

Question 16

T or F
Nursing notes are not considered PHI since th

Answer 16

False

Question 17

The Privacy Rule

Answer 17

applies only to protected health information (PHI) and details when authorization to release PHI is needed.

Question 18

typical Business Associate individuals are

Answer 18

biometric device repairmen, legal counsel to a clinic, and outside coding service.

Question 19

A hospital or other inpatient facility may include patients in their published directory

Answer 19

only when the patient or family has not chosen to “opt-out” of the published directory.

Question 20

T or F
Insurance companies who provide automobile and life insurance come under the HIPAA ruling as covered entities.

Answer 20

False

Question 21

T or F
Security and privacy of protected health information really cover the same issues.

Answer 21

False

Question 22

HIPAA Security Rule applies to data contained in

Answer 22

any computer storage media.

Question 23

Integrity of e-PHI requires confirmation that the data

Answer 23

is accurate and has not been altered, lost, or destroyed in an unauthorized manner.

Question 24

T or F
The Office of HIPAA Standards seeks voluntary compliance to the Security Rule.

Answer 24

True

Question 25

True or False Risk management for the HIPAA Security Officer is a “one-time” task.

Answer 25

False

Question 26

Business Associate contracts must include

Answer 26

implementation of safeguards to ensure data integrity.

Question 27

What step is part of reporting of security incidents?

Answer 27

Change passwords to protect from further invasion.

Question 28

T or F Compliance to the Security Rule is solely the responsibility of the Security Officer.

Answer 28

False

Question 29

Which are the five areas the DHHS has mandated each covered entity to address so that e-PHI is maintained securely?

Answer 29

Organization requirements; policies, procedures, and documentation; technical safeguards; administrative safeguards; and physical safeguards

Question 30

HIPAA training must be provided to

Answer 30

all workforce employees and non-employees.

Question 31

Strengthened restrictions on security redefineed the subcontractors of business associates who might have even incidental exposure to Personal Health Information (PHI) as

Answer 31

Business Associates

Question 32

T or F After a patient downloads personal health information, all the Security and Privacy measures of HIPAA are gone.

Answer 32

True

Question 33

Meaningful Use program included incentives for physicians to begin using which of the following?

Answer 33

E-prescribing Computerized order entry Instant messaging to patients Patient portal

Question 34

T or F The Personal Health Record (PHR) is the legal medical record.

Answer 34

False

Question 35

T or F HIPAA in 1996 enacted security measures that do not need updating and are valid today as written.

Answer 35

False

Question 36

The Health Information Technology for Economic and Clinical Health (HITECH) is part of

Answer 36

American Recovery and Reinvestment Act (ARRA) of 2009.

Question 37

What is the name of the format that allows other providers to access another physician’s record of a patient?

Answer 37

Health Information Exchange (HIE)

Question 38

T or F When there is a difference in state law and HIPAA, HIPAA will always supersede the local or state law.

Answer 38

False

Question 39

What information is not to be stored in a Personal Health Record (PHR)?

Answer 39

Tax return information

Question 40

What is the difference between Personal Health Record (PHR) and Electronic Medical Record (EMR)?

Answer 40

PHR can be modified by the patient; EMR is the legal medical record

Question 41

T or F The Department of Health and Human Services (DHHS) is responsible to notify all health care providers of changes in the HIPAA rulings.

Answer 41

False

Question 42

Which department would need to help the Security Officer most?

Answer 42

Information Services and Technology

Question 43

Industry-wide standards for health claims bring simplification because

Answer 43

all transactions are the same format and any payer will accept claims.

Question 44

The HIPAA Privacy Officer is responsible for

Answer 44

tracking who has access to PHI.

Question 45

T or F With the passage of HIPAA, large health care providers would be treated with faster service since their volume of claims is larger than small rural providers.

Answer 45

False

Question 46

T or F Nursing notes are not considered PHI since they are not physician’s notes and therefore are not protected by HIPAA.

Answer 46

False

Question 47

T or F The HIPAA Privacy Rule gives patients assurance that their personal health information will be treated the same no matter which state or organization receives their medical information.

Answer 47

True

Question 48

When there is an alleged violation to HIPAA Privacy Rule

Answer 48

there is no option to sue a health care provider for HIPAA violations.

Question 49

Use and disclosure of PHI is permitted without authorization with the EXCEPTION of which of the following?

Answer 49

When releasing process or psychotherapy notes

Question 50

According to AHIMA report, the most common problem that health care providers face in relation to PHI is

Answer 50

lack of a standardized process to release PHI.

Question 51

T or F “At home” workers such as transcriptionists are not required to follow the workstation security rules for passwords, viewing of monitors by others, or locking of computer screens.

Answer 51

False

Question 52

Information access is a required administrative safeguard under HIPAA Security Rule. It is defined as

Answer 52

limiting access to the minimum necessary for the particular job assigned to the particular login.

Question 53

T or F Only a serious security incident is to be documented and measures taken to limit further disclosure.

Answer 53

False

Question 54

Investigation of complaints of violations to the Security Rule are under the direction of the

Answer 54

Office of HIPAA Standards.

Question 55

The Administrative Safeguards mandated by HIPAA include which of the following?

Answer 55

Workforce security training

Question 56

T or F The Personal Health Record (PHR) is the legal medical record.

Answer 56

False

Question 57

What is the difference between Personal Health Record (PHR) and Electronic Medical Record (EMR)?

Answer 57

PHR can be modified by the patient; EMR is the legal medical record

Question 58

The Centers for Medicare and Medicaid Services (CMS) set up the ICD-9-CM Coordination and maintenance Committee to

Answer 58

Maintain a crosswalk between ICD-9-CM and ICD-10-CM.

Question 59

The Medicare Electronic Health Record Incentive Program is part of Affordable Care Act (ACA) and is under the direction of

Answer 59

Centers for Medicare and Medicaid Services (CMS).