The scope of the Privacy Rule includes:
A. All Employers.
B. The Washington Publishing Company
C. Disclosure of non-identifiable demographics.
D. Oral disclosure of PHI.
E. The prevention of use of de-identified information.
Which HIPAA Title is fueling initiatives within organizations to address health care priorities in the areas of transactions, privacy, and security'?
A. Title I.
B. Title II
C. Title III.
D. Title M
E. Title V.
HIPAA transaction standards apply to:
A. Employee drug tests.
B. Health component of auto insurance.
C. Stored health information data.
D. Eligibility inquiries.
E. Non-reimbursed employee medical expenses.
When PHI is sent or received over an electronic network there must be measures to guard against unauthorized access. This is covered under which security rule standard?
A. Device and Media Controls
B. Access Controls
C. Transmission Security
D. Integrity
E. Audit Controls
Use or disclosure of Protected Health Information (PHI) for Treatment, Payment, and Health care Operations (TPO) is:
A. Limited to the minimum necessary to accomplish the intended purpose.
B. Left to the professional judgment and discretion of the requestor.
C. Controlled totally by the requestor's pre-existing authorization document.
D. Governed by industry "best practices" regarding use.
E. Left in force for eighteen (18) years.
Select the FALSE statement regarding the administrative requirements of the HIPAA privacy rule.
A. A covered entity must mitigate, to the extent practicable, any harmful effect that it becomes aware of from the use or disclosure of PHI in violation of its policies and procedures or HIPAA regulations.
B. A covered must not in any way intimidate, retaliate, or discriminate against any individual or other entity, which files a complaint.
C. A covered entity may not require individuals to waive their rights as a condition for treatment, payment, enrollment in a health plan, or eligibility for benefits.
D. A covered entity must retain the documents required by the regulations for a period of six years.
E. A covered entity must change its policies and procedures to comply with HIPAA regulations no later than three years after the change in law.
An Electronic Medical Record (EMR):
A. Is another name for the Security Ruling.
B. Requires the use of biometrics for access to records.
C. Is electronically stored information about an individual's health status and health care.
D. Identifies all hospitals and health care organizations.
E. Requires a P1<1 for the provider and the patient.
Select the correct statement about the 820-Payment Order/Remittance advice transaction.
A. It can be used for the payment of provider claims.
B. It can be used to pay for insurance products (either individual or group premiums).
C. It can function solely as a remittance advice.
D. Electronic Funds Transfer is fully supported.
E. This transaction can carry either summary or detailed remittance information.
The objective of this document is to safeguard the premises and building from unauthorized physical access and to safeguard the equipment therein from unauthorized physical access, tampering and theft
A. Contingency Plan
B. Facility Security Plan
C. Emergency Mode Operation Plan
D. Accountability
E. Device and Media Controls
Implementation features of the Security Management Process include which one of the following?
A. Power Backup plan
B. Data Backup Plan
C. Security Testing
D. Risk Analysis
E. Authorization and/or Supervision