HIO-201 Online Practice Questions and Answers

Implementation features of the Security Management Process include which one of the following?

A. Power Backup plan

B. Data Backup Plan

C. Security Testing

D. Risk Analysis

E. Authorization and/or Supervision

Select the correct statement regarding the responsibilities of providers and payers under HIPAA's privacy rule.

A. Optionally, they might develop a mechanism of accounting for all disclosures of PHI for purposes other than TPO.

B. They must redesign their offices, workspaces, and storage systems to afford maximum protection to PHI from intentional and unintentional use and disclosure.

C. They must develop methods for disclosing only the minimum amount of protected information necessary to accomplish any intended purpose.

D. They must obtain a "top secret" security clearance for all member of their workforce.

E. They must identify business associates that need to use PHI to accomplish their function and develop authorization forms to allow PHI to be shared with these business associates.

A covered entity' that fails to implement the HIPAA Privacy Rule would risk:

A. $50O0 in fines.

B. $5000 in fines and six months in prison.

C. An annual cap of $5000 in fines.

D. A fine of up to $50000 if they wrongfully disclose PHI.

E. Six months in prison.

This rule facilitates information exchange, such as Benefits Inquiry, between providers and payers:

A. The HHS rule

B. The Transaction rule

C. The Privacy rule

D. The Security rule

E. The Electronic Signature rule

Assigning a name and/or number for identifying and tracking users is required by which security rule implementation specification?

A. Access Authentication

B. Integrity Controls

C. Authorization and/or Supervision

D. Data Authentication

E. Unique User Identification

The State of Nebraska's Medicaid Program has decided to implement an EDI solution to comply with the HIPAA transaction rule. Select the transaction or code set that would not apply to them.

A. 270

B. 835

C. 837 - Professional

D. CPT-4

E. U8-92

A covered entity that fails to implement the HIPAA Privacy Rule would risk

A. $5 .000 in fines.

B. $5000 in fines and six months in prison.

C. An annual cap of $50000 in fines.

D. A fine of up to $50000 if they wrongfully disclose PHI.

E. Six months in prison.

Select the correct statement regarding the administrative requirements of the HIPAA privacy rule.

A. A covered entity must apply disciplinary sanctions against members of its workforce who fail to comply with the privacy policies and procedures of the covered entity.

B. A covered entity need not train all members of its workforce whose functions are materially affected by a change in policy or procedure.

C. A covered entity must designate, and document, a contact person responsible for receiving acknowledgements of Notice of Privacy Practice

D. A covered entity may require individuals to waive their rights.

E. A covered entity must provide maximum safeguards for PHI from any intentional or unintentional use or disclosure that is in violation of the regulations and to limit incidental uses and disclosures made pursuant to permitted or required use or disclosure.

Processes enabling an enterprise to restore any lost data in the event of fire, vandalism, natural disaster, or system failure are defined under:

A. Risk Analysis

B. Contingency Operations

C. Emergency Mode Operation Plan

D. Data Backup Plan

E. Disaster Recover Plan

Policies and procedures that address the final disposition of electronic PHI (including the media on which is stored) is address by this required implementation specification.

A. Media Re-use

B. Termination Procedures

C. Risk Management

D. Maintenance Records

E. Disposal