Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Select the best statement regarding de-identified information (DII).

A.

De-identified information is IIHI that has had all individually (patient) identifiable information removed.

B.

Oil may be used only with the authorization of the individual.

C.

Oil remains PHI.

D.

The only approved method of de-id entitle at ion is to have a person with “appropriate knowledge and experience” de-identify the IIHI.

E.

All PHI use and disclosure requirements do not apply to re-identified DII.

Signed authorization forms must be retained:

A.

Indefinitely, because the life of a signed authorization isindefinite.

B.

Six (6) years from the time it expires.

C.

For as long as the patient's records are kept.

D.

Until it is specifically revoked by the individual.

E.

Ten (10) years from the date it was signed.

Security reminders, using an anti-virus program on workstations, keeping track of when users log-in and out, and password management are all part of:

A.

Security Incident Procedures

B.

Information Access Management

C.

Security Awareness and Training

D.

Workforce Security

E.

Security Management Process

In addition to code sets, HIPAA transactions also contain:

A.

Security information such as a fingerprint.

B.

Privacy information.

C.

Information on all business associates.

D.

Information on all health care clearinghouses.

E.

Identifiers.

This Administrative Safeguard standard implements policies and procedures to ensure that all members of its workforce have appropriate access to electronic information.

A.

Security Awareness Training

B.

Workforce Security

C.

Facility Access Controls

D.

Workstation Use

E.

Workstation Security

The best example of a party that would use the 835 - Health Care Claim Payment/Advice transaction is:

A.

HHS.

B.

A community health management information system.

C.

Health statistics collection agency.

D.

Government agency

E.

Insurance Company.

The Stale of Nebraska's Medicaid Program has decided to implement an EDI solution to comply with the HIPAA transaction rule Select the transaction or code set that would not apply to them.

A.

270

B.

835

C.

837 - Professional

D.

CPT-4

E.

UB-92

Select the FALSE statement regarding violations of the HIPAA Privacy rule.

A.

Covered entities that violate the standards or implementation specifications will be subjected to civil penalties of up to $100 per violation except that the total amount imposed on any one person in each calendar year may not exceed $25,000 for violations of one requirement

B.

Criminal penalties for non-compliance are fines up to $65,000 and one year in prison for each requirement or prohibition violated

C.

Criminal penalties for willful violation are fines up to $50,000 and one year in prison for each requirement or prohibition violated.

D.

Criminal penalties for violations committed under “false pretenses” are fines up to $100,000 and five years in prison for each requirement or prohibition violated

E.

Criminal penalties for violations committed with the intent to sell, transfer, or use PHI for commercial advantage, personal gain or malicious harm are fines up to $250,000 and ten years in prison for each requirement or prohibition violated

This implementation specification might include actions such as revoking passwords, and collecting keys

A.

Sanction Policy

B.

access Authorization

C.

Facility Security Plan

D.

Termination Procedures

E.

Unique User Identification

A doctor is sending a patient's lab work to a lab that is an external business partner. The lab and the doctor's staff are all trained on the doctor's Privacy Practices. The doctor has a signed Notice from the patient. In order to use or disclose PHI, the lab MUST:

A.

Request that the patient sign the lab's Notice of Privacy Practices.

B.

Do nothing more - the activity is covered by the doctor's Notice of Privacy Practices.

C.

Obtain a specific authorization from the patient

D.

Obtain a specific authorization from the doctor.

E.

Verify that the doctor's Notice of Privacy Practices has not expired.