For which of the following is an audit trail not a good tool?

Determining revenue from a particular DRG

Holding an individual employee accountable for actions

Reconstructing electronic events

A health information management professional may attend legal proceedings and testify as to:

The authenticity of the patient’s health record

The reason a patient was treated

Reasons a defendant healthcare provider should not be sued

The medical necessity of any procedures performed

A legal hold serves to:

Subject records to a search warrant

The organization that employs you just concluded an investigation of a laptop computer that was lost and contained a file with the information of 765 patients on it, including names, addresses, telephone numbers, and social security numbers. As the privacy officer, you are required to manage the notification process for the data breach. Which of the following would not need to be notified of this data breach within 60 days of the discovery?

Attending physicians of the patients

Department of Health and Human Services

A patient requests that disclosures made from her health record are limited to specific clinical notes and reports. Given HIPAA requirements, how must the hospital respond?

The hospital must accept the request but does not have to agree to it.

The hospital must honor the request.

The hospital must guarantee that the request will be followed.

The hospital must agree to the request, providing that state or federal law does not prohibit it.

The HIPAA-recognized “consent” is a patient’s agreement to:

Use or disclosure of PHI for treatment, payment, or operations

Disclosure for fundraising purposes

Which of the following does not have to be included in a covered entity’s notice of privacy practices?

Signature of the patient and date the notice was given to the patient

Description with one example of disclosures made for treatment, payment, and healthcare operations

Description of all the other purposes for which a covered entity is permitted or required to disclose PHI without consent or authorization

Statement of individual’s rights with respect to PHI and how the individual can exercise these rights

Which of the following is the best definition of a security vulnerability?

A weakness or gap in security protection

Something that can exploit a security weakness

Which of the following statements about compiling a directory of patients being treated in the hospital is true?

The patient must be informed that certain information is maintained in a directory and to whom this information may be disclosed.

A written authorization from the patient is required before any information about him or her is placed in a hospital directory of patients.

An individual may not restrict or prohibit any uses of the directory.

Only the patient’s first and last names may be placed in a directory without his or her consent or authorization.

An employee forgot his password and uses another employee’s user ID and password to access the EHR. What controls should have been in place to minimize this security breach?

Workforce security awareness and training

Which of the following actions by a physician requires the patient’s authorization?

Giving the name of an expectant mother to a baby formula manufacturer

Giving a patient a pen with the name of a pharmaceutical product on it

Giving a sample product to a patient to use for a diagnosed condition

Recommending acupuncture as an alternative treatment for a patient’s condition

Which of the following entities owns the physical hospital health record?

Hospital that maintains the record

Health information management department

A small counseling center received notification that a laptop that contained PHI was stolen out of a workforce member’s car. Upon investigation, it was determined that the workforce member’s laptop contained information on approximately 980 individuals. The laptop that was stolen was password protected; however, it did not contain any encryption software. While no reports of identity theft have been reported, it is unknown what has been done with the laptop or the information on the laptop. How long does this counseling center have to notify these patients of this breach?

Within 60 days of the discovery

RHIT Practice Domain 2 Access, Disclosure, Privacy, and Security

Authored by Rachel D

Other

University

RHIT Practice Domain 2 Access, Disclosure, Privacy, and Security

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

27 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

At Wildcat Hospital, paper-based documents not already included in the EHR are scanned into the EHR at the time of discharge. These paper-based documents are then stored for 60 days before being destroyed. Which of the following statements is true?

The scanned documents do not need to added to the patient’s EHR.

The scanned documents can never be part of the legal record so we should not destroy the paper documentation.

The scanned documents become part of the legal record as soon as the original documentation is destroyed.

The paper-based documentation must be retained for the statute of limitations.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An admitting clerk arrives early every morning to snoop through the EHR for information about neighbors and friends. What security mechanisms could minimize this security breach?

Information access controls

Facility access controls

Audit controls

Workstation security

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Sally Mitchell was treated for kidney stones at Graham Hospital last year. She now wants to review her health record in person. She has requested to review it by herself in a private room. Which of the following is true based on this scenario?

Sally’s request does not have to be granted because the hospital is responsible for the integrity of the health record.

Failure to accommodate her wishes will be a violation under the HIPAA Privacy Rule.

Sally owns the information in her record, so she must be granted her request.

Patients should never be given access to their actual health records.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

The outpatient clinic of a large hospital is reviewing its patient sign-in procedures. The registration clerks say it is essential that they know if the patient has health insurance and the reason for the patient’s visit. The clerks maintain having this information on a sign-in sheet will make their jobs more efficient and reduce patient waiting time in the waiting room. What should the HIM director advise in this case?

Patient name, insurance status, and diagnoses are permitted by HIPAA.

To be HIPAA compliant, sign-in sheets should contain the minimum information necessary such as patient name only.

Patient name, insurance status, and the reason for the visit would be considered incidental.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An employee observes a non-employee putting a flash drive in a bag. The employee does not report this security breach. What security measures should have been in place to help ensure that such a case is reported?

Access controls

Audit controls

Authentication controls

Security incident procedures

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following would be used to encode textual material and convert it to scrambled data that must be decoded for the recipient to understand it?

Encoding

Encryption

Firewall

Virtual private network

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A visitor walks through the IT department and picks up a flash drive from an employee’s desk. What security controls should have been implemented to prevent this security breach?

Workstation security controls

Facility access controls

Workstation use controls

Device and media controls

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

26 questions

Food allergies

Quiz

•

3rd Grade - Professio...

22 questions

My Singing Monsters

Quiz

•

KG - Professional Dev...

24 questions

CTE Router Test

Quiz

•

7th Grade - Professio...

24 questions

Engineering Economics - Elements (Exercise 4)

Quiz

•

University

24 questions

Impacts of tourism

Quiz

•

8th Grade - Professio...

23 questions

PSY 327!

Quiz

•

University

23 questions

MUSIC AND MOVEMENT Session-I

Quiz

•

11th Grade - Professi...

23 questions

Vocabulary test

Quiz

•

University

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

15 questions

Hargrett House Quiz: Community & Service

Quiz

•

5th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Other

18 questions

Informative or Argumentative essay

Quiz

•

5th Grade - University

20 questions

Disney Trivia

Quiz

•

University

20 questions

8.II_Review_TEACHER

Quiz

•

University

39 questions

Unit 7 Key Terms

Quiz

•

11th Grade - University

20 questions

Subject verb agreement practice

Quiz

•

University

20 questions

Quadrilaterals

Quiz

•

KG - University

5 questions

Examining Theme

Interactive video

•

4th Grade - University

25 questions

WWI, Great Depression, WWII

Quiz

•

KG - University