HIO-201 Practice Exam Questions and Answers

A.  

Security Incident Procedures

B.  

Integrity

C.  

Person or Entity Authentication

D.  

Assigned Security Responsibility

E.  

Business Associate Contracts and other Arrangements

A.  

270

B.  

835

C.  

837 - Professional

D.  

CPT-4

E.  

UB-92

A.  

Title IX: Employer sponsored group health plans.

B.  

Title III: Tax-related Health Provisions.

C.  

Title II: Administrative Simplification.

D.  

Title I: Health Care Insurance Access, Portability, and Renewability.

E.  

Title V: Revenue Offsets.

A.  

Security Awareness and Training

B.  

Security Incident Procedure

C.  

Information Access Management

D.  

Security Management Process

E.  

Contingency Plan

A.  

De-identified information is IIHI that has had all individually (patient) identifiable information removed.

B.  

Oil may be used only with the authorization of the individual.

C.  

Oil remains PHI.

D.  

The only approved method of de-id entitle at ion is to have a person with “appropriate knowledge and experience” de-identify the IIHI.

E.  

All PHI use and disclosure requirements do not apply to re-identified DII.

A.  

Accountants

B.  

Hospital employees

C.  

A covered entity's internal IT department

D.  

CEO of the covered entity

E.  

The covered entity's billing service department

A.  

The types of financial information to be disclosed.

B.  

The specific individuals or entities to which disclosure would be made.

C.  

The types of persons who would receive PHI.

D.  

The conditions that would not apply to disclosure of PHI

E.  

The criteria for reviewing requests for routine disclosure of PHI.

A.  

277.

B.  

278.

C.  

271.

D.  

82.

E.  

270.

A.  

"Disclosure" refers lo employing IIHI within a covered entity.

B.  

"Disclosure" refers to utilizing, examining, or analyzing IIHI within a covered entity.

C.  

"Disclosure" refers to the release, transfer, or divulging of IIHI to another covered entity.

D.  

"Disclosure" refers to the movement of information within an organization.

E.  

"Disclosure" refers to the sharing of information within the covered entity.

A.  

A coveted entity must change its policies and procedures to complywith HIPPPregulations, standards, and implementation specifications.

B.  

A covered entity must reasonably safeguard PHI from any intentional or unintentional use or disclosure that is in violation of the regulations.

C.  

A covered entity must provide a process for individuals to make complaints concerning privacy issues.

D.  

A covered entity must document all complaints received regarding privacy issues.

E.  

The Privacy Rule requires that the covered entity has a documented security policy.

A.  

Detail specifically all activities that are considered a use or disclosure.

B.  

Describe in plain language what is meant by treatment, payment, and health care operations (TPO)

C.  

Inform the individual that protected health information (PHI) may only be used for valid medical research.

D.  

Inform the individual that this version of the Notice will always cover them, regardless of subsequent changes.

E.  

State the expiration date of the Notice.

A.  

The social security number has been selected as the National Health Identifier for individuals.

B.  

The COT code set is maintained by the American Medical Association.

C.  

Preferred Provider Organizations (PPO) are not covered by the definition of "health plan" for purposes of the National Health Plan Identifier

D.  

HIPAA requires health plans to accept every valid code contained in the approved code sets

E.  

An important objective of the Transaction Rule is to reduce the risk of security breaches through identifiers.

A.  

Annual Audits

B.  

Claims Management

C.  

Salary disbursement to the workforce having direct treatment relationships.

D.  

Life Insurance underwriting

E.  

Cash given to the pharmacist for the purchase of an over-the-counter drug medicine

A.  

Access Control

B.  

Audit Controls

C.  

Authorization Controls

D.  

Data Authentication

E.  

Person or Entity Authentication

A.  

A covered entity must obtain an authorization for any use or disclosure of protected health information for marketing, except if the communication is in the form allowed by the regulations.

B.  

A face-to-face communication made by a covered entity to an individual is allowed by the regulations without an authorization

C.  

A promotional gift of nominal value provided by the covered entity is NOT allowed by the regulations without an authorization.

D.  

If the marketing is expected to result in direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is expected

E.  

Disclosure of PHI for marketing purposes is limited to disclosure to business associates (which could be a telemarketer) that undertakes marketing activities on behalf of the covered entity

A.  

The protected health information must be removed from the information. A substitute "key" may be supplied to allow re-identification, if needed.

B.  

Limit the information to coverage, dates of treatment, and payment amounts to avoid collecting any protected data.

C.  

Nothing. An oversight agency has the right to access this information without prior authorization.

D.  

Request that the insurance commissioner ask for an exception from HIPAA from the Department of Health and Human Services.

E.  

A written authorization is required from the patient.

A.  

Is required for all Chain of Trust Agreements.

B.  

Must allow for the patient's written acknowledgement of receipt.

C.  

Must always be signed by the patient.

D.  

Must be signed in order for the patient's name to be sold to a mailing list organization

E.  

Is not required if an authorization is being developed

A.  

A list of authorized entities, together with their access rights.

B.  

Corroborating your identity.

C.  

The prevention of an unauthorized use of a resource.

D.  

Proving that nothing regarding your identity has been altered

E.  

Being unable to deny you took pan in a transaction.

A.  

Creation and modification of health information during and after an emergency.

B.  

Integrity of health information during and after an emergency.

C.  

Accountability of health information during and after an emergency.

D.  

Vulnerability of health information during and after an emergency.

E.  

Non-repudiation of the entity.

A.  

Security information such as a fingerprint.

B.  

Privacy information.

C.  

Information on all business associates.

D.  

Information on all health care clearinghouses.

E.  

Identifiers.

A.  

Establish a business partner relationship with the other provider.

B.  

Obtain a signed authorization from the patient to cover the disclosure.

C.  

Make a copy of the signed Notice available to the other provider.

D.  

Obtain the patients signature on the second provider's Notice of Privacy Practices.

E.  

Do nothing more -the Notice of Privacy Practices covers treatment activities.

A.  

Encryption

B.  

Authorization and/or Supervision

C.  

Mechanism to Authenticate Electronic PHI

D.  

Applications and Data Critically Analysis

E.  

Isolating Health care Clearing House Functions

A.  

Security Incident Procedures

B.  

Response and Reporting

C.  

Assigned Security Responsibility

D.  

Termination Procedures

E.  

Facility Access Controls

A.  

3070

B.  

3050

C.  

3045

D.  

4010

E.  

4020