HIO-201 Practice Questions

A.  

Detail specifically all activities that are considered a use or disclosure.

B.  

Describe in plain language what is meant by treatment, payment, and health care operations (TPO)

C.  

Inform the individual that protected health information (PHI) may only be used for valid medical research.

D.  

Inform the individual that this version of the Notice will always cover them, regardless of subsequent changes.

E.  

State the expiration date of the Notice.

A.  

The social security number has been selected as the National Health Identifier for individuals.

B.  

The COT code set is maintained by the American Medical Association.

C.  

Preferred Provider Organizations (PPO) are not covered by the definition of "health plan" for purposes of the National Health Plan Identifier

D.  

HIPAA requires health plans to accept every valid code contained in the approved code sets

E.  

An important objective of the Transaction Rule is to reduce the risk of security breaches through identifiers.

A.  

Annual Audits

B.  

Claims Management

C.  

Salary disbursement to the workforce having direct treatment relationships.

D.  

Life Insurance underwriting

E.  

Cash given to the pharmacist for the purchase of an over-the-counter drug medicine

A.  

Access Control

B.  

Audit Controls

C.  

Authorization Controls

D.  

Data Authentication

E.  

Person or Entity Authentication

A.  

A covered entity must obtain an authorization for any use or disclosure of protected health information for marketing, except if the communication is in the form allowed by the regulations.

B.  

A face-to-face communication made by a covered entity to an individual is allowed by the regulations without an authorization

C.  

A promotional gift of nominal value provided by the covered entity is NOT allowed by the regulations without an authorization.

D.  

If the marketing is expected to result in direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is expected

E.  

Disclosure of PHI for marketing purposes is limited to disclosure to business associates (which could be a telemarketer) that undertakes marketing activities on behalf of the covered entity

A.  

The protected health information must be removed from the information. A substitute "key" may be supplied to allow re-identification, if needed.

B.  

Limit the information to coverage, dates of treatment, and payment amounts to avoid collecting any protected data.

C.  

Nothing. An oversight agency has the right to access this information without prior authorization.

D.  

Request that the insurance commissioner ask for an exception from HIPAA from the Department of Health and Human Services.

E.  

A written authorization is required from the patient.

A.  

Is required for all Chain of Trust Agreements.

B.  

Must allow for the patient's written acknowledgement of receipt.

C.  

Must always be signed by the patient.

D.  

Must be signed in order for the patient's name to be sold to a mailing list organization

E.  

Is not required if an authorization is being developed

A.  

A list of authorized entities, together with their access rights.

B.  

Corroborating your identity.

C.  

The prevention of an unauthorized use of a resource.

D.  

Proving that nothing regarding your identity has been altered

E.  

Being unable to deny you took pan in a transaction.

A.  

Creation and modification of health information during and after an emergency.

B.  

Integrity of health information during and after an emergency.

C.  

Accountability of health information during and after an emergency.

D.  

Vulnerability of health information during and after an emergency.

E.  

Non-repudiation of the entity.

A.  

Security information such as a fingerprint.

B.  

Privacy information.

C.  

Information on all business associates.

D.  

Information on all health care clearinghouses.

E.  

Identifiers.