Black Friday Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > HIPAA > CHP > HIO-201

HIO-201 Certified HIPAA Professional Question and Answers

Question # 4

HIPAA Security standards are designed to be:

A.

Technology specific

B.

State of the art

C.

Non-Comprehensive

D.

Revolutionary

E.

Scalable

Full Access
Question # 5

As part of their HIPAA compliance process, a small doctor's office formally puts the office manager in charge of security related issues. This complies with which security rule standard?

A.

Security Awareness and Training

B.

Security Management Process

C.

Access Control

D.

Assigned Security Responsibility

E.

Security Incident Procedures

Full Access
Question # 6

A doctor is sending a patient's lab work to a lab that is an external business partner. The lab and the doctor's staff are all trained on the doctor's Privacy Practices. The doctor has a signed Notice from the patient. In order to use or disclose PHI, the lab MUST:

A.

Request that the patient sign the lab's Notice of Privacy Practices.

B.

Do nothing more - the activity is covered by the doctor's Notice of Privacy Practices.

C.

Obtain a specific authorization from the patient

D.

Obtain a specific authorization from the doctor.

E.

Verify that the doctor's Notice of Privacy Practices has not expired.

Full Access
Question # 7

The implementation specifications for this HIPAA security standard (within Technical Safeguards) must support emergency access and unique user identification:

A.

Audit Control

B.

Integrity

C.

Access Control

D.

Person or Entity Authentication

E.

Transmission Security

Full Access
Question # 8

The Final Privacy Rule requires a covered entity to obtain an individual's prior written authorization to use his or her PHI for marketing purposes except for:

A.

Situations where the marketing is for a drug or treatment could improve the health of that individual.

B.

Situations where the patient has already signed the covered entity's Notice of Privacy Practices.

C.

A face-to-face encounter with the sales person of a company that provides drug samples

D.

A communication involving a promotional gift of nominal value.

E.

The situation where the patient has signed the Notice of Privacy Practices of the marketer.

Full Access
Question # 9

Select the phrase that makes the following statement FALSE. The 270 Health Care Eligibility Request can be used to inquire about:

A.

Eligibility status

B.

Benefit maximums

C.

Participating providers

D.

Deductibles & exclusions

E.

Co-pay amounts

Full Access
Question # 10

Title 1 of the HIPAA legislation in the United States is about:

A.

PKI requirements for hospitals and health care providers.

B.

Encryption algorithms that must be supported by hospitals and health care providers.

C.

Fraud and abuse in the health care system and ways to eliminate the same.

D.

Guaranteed health insurance coverage to workers and their families when they change employers.

E.

The use of strong authentication technology that must be supported by hospitals and health care providers.

Full Access
Question # 11

This transaction, which is not a HIPAA standard, may be used as the first response when receiving a Health Care Claim (837):

A.

Eligibility (270/271).

B.

Premium Payment (820).

C.

Unsolicited Claim Status (277).

D.

Remittance Advice (835).

E.

Functional Acknowledgment (997).

Full Access
Question # 12

The Privacy Rule has broad administrative requirements. Which one of the following requirements is defined under the Privacy Rule?

A.

Designate a security officer.

B.

Document termination procedures.

C.

Use biometrics to authenticate transactions.

D.

Deploy tokens and smart cards to all medical personnel.

E.

Verify that business associates treat patient information respectfully.

Full Access
Question # 13

The code set that must be used to describe or identify dentists services and procedures is:

A.

ICD-9-CM, Volumes 1 and 2

B.

CPT-4

C.

CDT

D.

ICD-9-CM, Volume 3

E.

HCPCS

Full Access
Question # 14

Select the correct statement regarding the requirements of HIPAA regulations.

A.

A covered entity must have and apply sanction against members of its workforce who fail to comply with the privacy policies and procedures of the covered entity)

B.

A covered entity does not need to train all members of its workforce whose functions areaffected by a change in policy or procedure.

C.

A covered entity must designate, and document, a privacy officer, and a HIPAA compliance officer

D.

A covered entity may require individuals to waive their rights.

E.

A covered entity must require the individual to sign the Notice of Privacy Practices prior to delivering any treatment related service.

Full Access
Question # 15

This implementation specification might include actions such as revoking passwords, and collecting keys

A.

Sanction Policy

B.

access Authorization

C.

Facility Security Plan

D.

Termination Procedures

E.

Unique User Identification

Full Access
Question # 16

The transaction number assigned to the Benefit Enrollment and Maintenance transaction is:

A.

270

B.

276

C.

278

D.

280

E.

834

Full Access
Question # 17

A doctor sends patient records to another company for data entry services. A bonded delivery service is used for the transfer. The records are returned to the doctor after entry is complete, using the same delivery service. The entry facility and the network they use are secure. The doctor is named as his own Privacy Officer in written policies. The doctor has written procedures for this process and all involved parties are documented as having been trained in them. The doctor does not have written authorizations to disclose Protected Health Information (PHI). Is the doctor in violation of the Privacy Rule?

A.

No - This would be considered an allowed "routine disclosure" between the doctor and his business partner

B.

Yes - There is no exception to the requirement for an authorization prior to disclosure, no matter how well intentioned or documented.

C.

Yes - a delivery service is not considered a covered entity

D.

Yes - to be a “routine disclosure” all the parties must have their own Privacy Officer as mandated by HIPAA

E.

Yes - this is not considered a part of "treatment", which is one of the valid exceptions to the Privacy Rule

Full Access
Question # 18

Select the correct statement regarding the administrative requirements of the HIPAA privacy rule.

A.

A covered entity must designate, and document, a privacy official, security officer and a HIPAAcompliance officer

B.

A covered entity must designate, and document, the same person to be both privacyofficial and as the contact person responsible for receiving complaints and providing further information about the notice required by the regulations.

C.

A covered entity must implement and maintain written or electronic policies and procedures with respect to PHI that are designed to comply with HIPM standards, implementation specifications and other requirements.

D.

A covered entity must train, and document the training of, at least one member of its workforce on the policies and procedures with regard to PHI as necessary and appropriate for them to carry out their function within the covered entity no later than the privacy rule compliance date

E.

A covered entity must retain the document required by the regulations for a period often years from the time of it's creation or the time it was last in effect, which ever is later.

Full Access
Question # 19

Which of the following is not one of the HIPAA Titles?:

A.

Title IX: Employer sponsored group health plans.

B.

Title III: Tax-related Health Provisions.

C.

Title II: Administrative Simplification.

D.

Title I: Health Care Insurance Access, Portability, and Renewability.

E.

Title V: Revenue Offsets.

Full Access
Question # 20

Implementation features of the Security Management Process include which one of the following?

A.

Power Backup plan

B.

Data Backup Plan

C.

Security Testing

D.

Risk Analysis

E.

Authorization and/or Supervision

Full Access
Question # 21

ABC Hospital implements policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information. These policies and procedures satisfy which HIPAA security standard?

A.

Security Management Process

B.

Facility Access Control

C.

Security Awareness and Training

D.

Workforce Security

E.

Security Management Process

Full Access
Question # 22

This transaction type is a "response" transaction that may include information such as accepted/rejected claim, approved claim(s) pre-payment, or approved claim(s) post-payment:

A.

270.

B.

820

C.

837.

D.

277.

E.

278.

Full Access
Question # 23

This transaction supports multiple functions. These functions include: telling a bank to move money OR telling a bank to move money while sending remittance information:

A.

277.

B.

278.

C.

271.

D.

82.

E.

270.

Full Access
Question # 24

The Privacy Rule interacts with Federal and State laws by:

A.

Establishing an orderly hierarchy where HIPAA applies, then other Federal law, then State law.

B.

Defining privacy to be a national interest that is best protected by Federal law

C.

Allowing State privacy laws to provide a cumulative effect lower than HIPAA.

D.

Mandating that Federal laws preempt State laws regarding privacy.

E.

Establishing a "floor" for privacy protection.

Full Access
Copyright myexamcollection.com. All Right Reserved.