Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

HIPAA HIO-201 Certified HIPAA Professional Exam Practice Test

Demo: 24 questions
Total 160 questions

Certified HIPAA Professional Questions and Answers

Question 1

Select the correct statement regarding the "Minimum Necessary" standard in the HIPAA regulations.

Options:

A.

In some circumstances a coveted entity is permitted, but not required, to rely on the judgment of the party requesting the disclosure as to the minimum amount of information necessary for the intended purpose. Some examples of these requesting parties are: another covered entity or a public official.

B.

The privacy rule prohibits use, disclosure, or requests for an entire medical record.

C.

Non-Covered entities need to redesign their facility to meet the requirement for minimum necessary uses.

D.

The minimum necessary standard requires covered entities to prohibit maintenance of medical charts at bedside and to require that X-ray light boards be totally isolated.

E.

If there is a request for more than the minimum necessary PHI, the privacy rule requires a covered entity to deny the disclosure of information after recording the event in the individual's case file.

Question 2

This rule covers the policies and procedures that must be in place to ensure that the patients' health information is respected and their rights upheld:

Options:

A.

Security rule.

B.

Privacy rule.

C.

Covered entity rule.

D.

Electronic Transactions and Code Sets rule.

E.

Electronic Signature Rule.

Question 3

HL7 is particularly involved with:

Options:

A.

NCPDP-based pharmacy standards

B.

The standard for pharmacy-health plan communication.

C.

Administering Medicare and Medicaid programs.

D.

Claims attachments.

E.

Publishing HIPAA Transactions-related Implementation Guides.

Question 4

As part of their HIPAA compliance process, a small doctor's office formally puts the office manager in charge of security related issues. This complies with which security rule standard?

Options:

A.

Security Awareness and Training

B.

Security Management Process

C.

Access Control

D.

Assigned Security Responsibility

E.

Security Incident Procedures

Question 5

Assigning a name and/or number for identifying and tracking users is required by which security rule implementation specification?

Options:

A.

Access Authentication

B.

Integrity Controls

C.

Authorization and/or Supervision

D.

Data Authentication

E.

Unique User Identification

Question 6

HIPAA defines transaction standards for:

Options:

A.

Encrypted communication between patient and provider.

B.

All patient events.

C.

Security.

D.

Benefits inquiry.

E.

Emergency treatment.

Question 7

Dr Jones, a practicing dentist, has decided to directly implement an EDI solution to comply with the HIPAA transaction rule Dr. Jones employs a small staff of 4 persons for whom he has sponsored a health care plan. Dr. Jones has revenues of less than $1 million. Select the code set that Dr. Jones should consider supporting for his EDI system.

Options:

A.

837 - Professional

B.

834

C.

CPT-4

D.

837 - Institutional

E.

CDT

Question 8

One mandatory requirement for the Notice of Privacy Practices set by HIPAA regulations is:

Options:

A.

If the notice must state that the covered entity reserves the right to disclose PHI without obtaining the individuals authorization.

B.

The notice must prominently include an expiration date.

C.

The notice must describe every potential use of PHI

D.

The notice must describe an individual's rights under the rule such as to inspect, copy and amend PHI and to obtain an accounting of disclosures of PHI

E.

The notice must clearly identify that the covered entity is in compliance with HIPAA regulations as of April 16,2003

Question 9

Workstation Use falls under which Security Rule area?

Options:

A.

Person or Entity Authentication

B.

Technical Safeguards

C.

Administrative Safeguards

D.

Physical Safeguards

E.

Transmission Security

Question 10

Policies requiring workforce members to constantly run an updated anti-virus program on their workstation might satisfy which implementation specification?

Options:

A.

Risk Management

B.

Protection from Malicious Software

C.

Facility Security Plan

D.

Response and Reporting

E.

Emergency Access Procedure

Question 11

A hospital is preparing a file of treatment information for the state of California. This file is to be sent to external medical researchers. The hospital has removed SSN, name, phone and other information that specifically identifies an individual. However, there may still be data in the file that potentially could identify the individual. Can the hospital claim "safe harbor" and release the file to the researchers?

Options:

A.

Yes - the hospital's actions satisfy the "safe harbor" method of de-identification.

B.

No - a person with appropriate knowledge and experience must determine that the information that remains can’t identify an individual.

C.

No - authorization to release the information is still required by HIPAA

D.

No - to satisfy "safe harbor" the hospital must also have no knowledge of a way to use the remaining data to identify an individual.

E.

Yes - medical researchers are covered entities and "research" is considered a part of "treatment" by HIPAA.

Question 12

Select the best statement regarding the definition of a business associate of a covered entity. A business associate is:

Options:

A.

A person who acts on behalf of a non-covered entity.

B.

A person who's function may involve claims processing, administration, data analysis or practice management with access to PHI.

C.

A person who is a member of the covered entity's workforce.

D.

A clearinghouse.

E.

A person that performs or assists in the performance of a function or activity that involves the use or disclosure of de-identified health information.

Question 13

ANSI X12 specifies the use of a (an):

Options:

A.

Simple flat file structure for transactions.

B.

Envelope structure for transactions.

C.

Employer identifier.

D.

Health plan identifier

E.

Provider identifier.

Question 14

Select the correct statement regarding the requirements of HIPAA regulations.

Options:

A.

A covered entity must have and apply sanction against members of its workforce who fail to comply with the privacy policies and procedures of the covered entity)

B.

A covered entity does not need to train all members of its workforce whose functions areaffected by a change in policy or procedure.

C.

A covered entity must designate, and document, a privacy officer, and a HIPAA compliance officer

D.

A covered entity may require individuals to waive their rights.

E.

A covered entity must require the individual to sign the Notice of Privacy Practices prior to delivering any treatment related service.

Question 15

In an emergency treatment situation, a health care provider:

Options:

A.

Must obtain the signature of the patient before disclosing PHI to another provider.

B.

Must contact a relative of the patient before disclosing PHI to another provider.

C.

May use their best judgment in order to provide appropriate treatment.

D.

May use PHI but may not disclose it to another provider.

E.

Must inform the patient about the Notice of Privacy Practices before delivering treatment.

Question 16

To comply with the Final Privacy Rule, a valid Notice of Privacy Practices:

Options:

A.

Is required for all Business Associate Contracts.

B.

Must always be associated with a valid authorization.

C.

Must be signed before providing treatment to a patient.

D.

Must be associated with a valid Business Associate Contract.

E.

Must describe the individual's rights under the Privacy Rule.

Question 17

Information in this transaction is generated by the payer's adjudication system:

Options:

A.

Eligibility (270/271)

B.

Premium Payment (820)

C.

Unsolicited Claim Status (277)

D.

Remittance Advice (835)

E.

Functional Acknowledgment (997)

Question 18

This HIPAA security area addresses the use of locks, keys and procedures used to control access to computer systems:

Options:

A.

Administrative Safeguards

B.

Physical Safeguards

C.

Technical Safeguards

D.

Audit Controls

E.

Information Access Management

Question 19

Select the correct statement regarding the administrative requirements of the HIPAA privacy rule.

Options:

A.

A covered entity must designate, and document, a privacy official, security officer and a HIPAAcompliance officer

B.

A covered entity must designate, and document, the same person to be both privacyofficial and as the contact person responsible for receiving complaints and providing further information about the notice required by the regulations.

C.

A covered entity must implement and maintain written or electronic policies and procedures with respect to PHI that are designed to comply with HIPM standards, implementation specifications and other requirements.

D.

A covered entity must train, and document the training of, at least one member of its workforce on the policies and procedures with regard to PHI as necessary and appropriate for them to carry out their function within the covered entity no later than the privacy rule compliance date

E.

A covered entity must retain the document required by the regulations for a period often years from the time of it's creation or the time it was last in effect, which ever is later.

Question 20

The transaction number assigned to the Health Care Claim Payment/Advice transaction is:

Options:

A.

270

B.

276

C.

834

D.

835

E.

837

Question 21

The applicable methods for HIPAA-related EDI transactions are:

Options:

A.

Remote and enterprise.

B.

Claim status and remittance advice.

C.

Subscriber and payer

D.

Batch and real-time.

E.

HCFA-1500and837.

Question 22

The office manager of a small doctor's office wants to donate several of their older workstations to the local elementary school. Which Security Rule Standard addresses this situation?

Options:

A.

Security Management Process

B.

Device and Media Controls

C.

Information Access Management

D.

Facility Access Controls

E.

Workstation Security

Question 23

The Data Backup Plan is part of which Security Standard?

Options:

A.

Contingency Plan

B.

Evaluation

C.

Security Management Procedures

D.

Facility Access Control

E.

Security Incident Procedures

Question 24

When PHI is sent or received over an electronic network there must be measures to guard against unauthorized access. This is covered under which security rule standard?

Options:

A.

Device and Media Controls

B.

Access Controls

C.

Transmission Security

D.

Integrity

E.

Audit Controls

Demo: 24 questions
Total 160 questions