HIO-201 Online Practice Questions and Answers

The code set that must be used to describe or identil' outpatient physician services and procedures is:

A. ICD-SCM, Volumes 1 and 2

B. CPT-4

C. CDT

D. ICD-SCM, Volume 3

E. NDC

The Security Incident Procedures standard requires just one implementation specification. That implementation specification is:

A. Termination Procedures

B. Automatic Logoff

C. Emergency Access Procedure

D. Contingency Operations

E. Response and Reporting

Select the FALSE statement regarding the administrative requirements of the HIPAA privacy rule.

A. A covered entity must mitigate, to the extent practicable, any harmful effect that it becomes aware of from the use or disclosure of PHI in violation of its policies and procedures or HIPAA regulations.

B. A covered must not in any way intimidate, retaliate, or discriminate against any individual or other entity, which tiles a compliant.

C. A covered entity may not require individuals to waive their rights as a condition for treatments payment, enrollment in a health plan, or eligibility for benefits,

D. A covered entity must retain the documents required by the regulations for a period of six years

E. A covered entity must change its policies and procedures to comply with HIPAA regulations no later than three years after the change in law

Select the correct statement regarding the "Minimum Necessary" standard in the HIPAA regulations.

A. In some circumstances a covered entity is permitted, but not required, to rely on the judgment of the party requesting the disclosure as to the minimum amount of information necessary for the intended purpose. Some examples of these requesting parties are: another covered entity or a public official.

B. The privacy rule prohibits use, disclosure, or requests for an entire medical record,

C. Non-Covered entities need to redesign their facility to meet the requirement for minimum necessary uses.

D. The minimum necessary standard requires covered entities to prohibit maintenance of medical charts at bedside and to require that X-ray light boards be totally isolated.

E. If there is a request for more than the minimum necessary PHI, the privacy rule requires a covered entity to deny the disclosure of information after recording the event in the individual's case file.

Implementing policies and procedures to prevent, detect, contain, and correct security violations is required by which security standard?

A. Security incident Procedures

B. Assigned Security Responsibility

C. Access control

D. Facility Access Controls

E. Security Management Process

Security reminders, using an anti-virus program on workstations, keeping track of when users log-in and out, and password management are all part of:

A. Security incident Procedures

B. information Access Management

C. Security Awareness and Training

D. Workforce Security

E. Security Management Process

Within the context of a transaction set, the fields that comprise a hierarchical level are referred to as a(n):

A. Loop.

B. Enumerator,

C. Identifier.

D. Data segment.

E. Code set.

Select the FALSE statement regarding violations of the HIPAA Privacy rule.

A. Covered entities that violate the standards or implementation specifications will be subjected to civil penalties of up to $100 per violation except that the total amount imposed on any one person in each calendar year may not exceed $25,000 for violations of one requirement.

B. Criminal penalties for non-compliance are fines up to $65,000 and one year in prison for each requirement or prohibition violated.

C. Criminal penalties for willful violation are fines up to $60,000 and one year in prison for each requirement or prohibition violated.

D. Criminal penalties for violations committed under "false pretenses are fines up to $100,000 and five years in prison for each requirement or prohibition violated.

E. Criminal penalties for violations committed with the intent to sell, transfer, or use PHI for commercial advantage, personal gain or malicious harm are fines up to $250,000 and ten years in prison for each requirement or prohibition violated.

When using the Health Care Eligibility Request/Response (2701271), ii a provider submits certain minimum information and the patient/subscriber is in their database, the payer must generate a response. Which of the following is one of the minimum information fields?

A. Patient's country of birth

B. Patient's pet name

C. Patient's weight

D. Patient's address

E. Patient's date of birth

This code set describes drugs:

A. ICD-9-CM, Volumes 1 and 2.

B. CPT-4.

C. CDT

D. ICD-9-CM, Volume 3.

E. NDC.