The code set that must be used to describe or identify inpatient hospital services and surgical procedures is:
A. ICD-9-CM, Volumes 1 and 2
B. CPT-4
C. CDT
D. ICD-9-CM, Volume 3
E. HCPCS
Individually identifiable health information (IIHI) includes information that is:
A. Transmitted to a business associate for payment purposes only.
B. Stored on a smart card only by the patient.
C. Created or received by a credit company that provided a personal loan for surgical procedures.
D. Created or received by a health care clearinghouse for claim processing.
E. Requires the use of biometrics for access to records.
Which one of the following security standards is part of Technical Safeguards?
A. Access control
B. Security Management Process
C. Facility Access Controls
D. Workstation Use
E. Device and Media Controls
Which of the following was not established under the Administrative Simplification title?
A. National P1<1 Identifier.
B. National Standard Health Care Provider Identifier.
C. National Standard Employer Identifier.
D. Standards for Electronic Transactions and Code Sets.
E. Security Rule.
One characteristic of the Notice of Privacy Practices is:
A. It must be written in plain, simple language.
B. It must explicitly describe all uses of PHI.
C. A description about the usage of hidden security cameras for tracking patient movements for implementing privacy.
D. A description of the duties of the individual.
E. A statement that the individual must abide by the terms of the Notice.
The office manager of a small doctors office wants to donate several of their older workstations to the local elementary school. Which Security Rule Standard addresses this situation?
A. Security Management Process
B. Device and Media Controls
C. information Access Management
D. Facility Access Controls
E. Workstation Security
A covered entity that fails to implement the HIPAA Privacy Rule would risk
A. $5 .000 in fines.
B. $5000 in fines and six months in prison.
C. An annual cap of $50000 in fines.
D. A fine of up to $50000 if they wrongfully disclose PHI.
E. Six months in prison.
Policies and procedures that address the final disposition of electronic PHI (including the media on which is stored) is address by this required implementation specification.
A. Media Re-use
B. Termination Procedures
C. Risk Management
D. Maintenance Records
E. Disposal
The Integrity security standard has one addressable implementation standard which is:
A. Encryption
B. Authorization and/or Supervision
C. Mechanism to Authenticate Electronic PHI
D. Applications and Data Criticality Analysis
E. Isolating Health care Clearing House Functions
Health information is protected by the Privacy Rule as long as:
A. The authorization has been revoked by the physician
B. The patient remains a citizen of the United States.
C. The information is under the control of HHS.
D. The information is in the possession of a covered entity.
E. The information is not also available on paper forms.