New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium HIPAA HIO-201 Dumps Questions Answers

Page: 1 / 6
Total 160 questions

Certified HIPAA Professional Questions and Answers

Question 1

A State insurance commissioner is requesting specific, individually identifiable information from an insurer as a part of a routine review of the insurer's practices. What must the insurer do to deidentify the information?

Options:

A.

The protected health information must be removed from the information. A substitute "key" may be supplied to allow re-identification, if needed.

B.

Limit the information to coverage, dates of treatment, and payment amounts to avoid collecting any protected data.

C.

Nothing. An oversight agency has the right to access this information without prior authorization.

D.

Request that the insurance commissioner ask for an exception from HIPAA from the Department of Health and Human Services.

E.

A written authorization is required from the patient.

Buy Now
Question 2

The Privacy Rule interacts with Federal and State laws by:

Options:

A.

Establishing an orderly hierarchy where HIPAA applies, then other Federal law, then State law.

B.

Defining privacy to be a national interest that is best protected by Federal law

C.

Allowing State privacy laws to provide a cumulative effect lower than HIPAA.

D.

Mandating that Federal laws preempt State laws regarding privacy.

E.

Establishing a "floor" for privacy protection.

Question 3

This requires records of the movement of hardware and electronic media that contain PHI.

Options:

A.

Business Associate Contract

B.

Data Backup Plan

C.

Media Re-use

D.

Disposal

E.

Accountability

Question 4

Some of the information that an authorization must include is:

Options:

A.

The date on which any automatic extension occurs.

B.

Covered entity's signature.

C.

A statement that federal privacy laws still protect the information after it is disclosed.

D.

A statement that the individual has no right to revoke the authorization.

E.

The date signed.

Question 5

Select the phrase that makes the following statement FALSE. The 270 Health Care Eligibility Request can be used to inquire about:

Options:

A.

Eligibility status

B.

Benefit maximums

C.

Participating providers

D.

Deductibles & exclusions

E.

Co-pay amounts

Question 6

A covered entity must adopt policies and procedures governing disclosures of PHI that identify

Options:

A.

The types of financial information to be disclosed.

B.

The specific individuals or entities to which disclosure would be made.

C.

The types of persons who would receive PHI.

D.

The conditions that would not apply to disclosure of PHI

E.

The criteria for reviewing requests for routine disclosure of PHI.

Question 7

Select the correct statement regarding the requirements for oral communication in the HIPAA regulations.

Options:

A.

Covered entities must reasonably safeguard PHI, including oral communications, from any intentional or unintentional use or disclosure that is in violation of the Privacy Rule.

B.

Covered entities must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of de-Identified data.

C.

Covered entities are prohibited from marketing through oral communications

D.

The Privacy Rule requires covered entities to document any information, including oral communications, which is used or disclosed for TPO purposes.

E.

The Privacy Rule will often require major structural changes, such as soundproof rooms and encryption of telephone systems, to provide the "reasonable safeguards" of oral communications required by the regulations

Question 8

Workstation Use falls under which Security Rule area?

Options:

A.

Person or Entity Authentication

B.

Technical Safeguards

C.

Administrative Safeguards

D.

Physical Safeguards

E.

Transmission Security

Question 9

HPAA establishes a civil monetary penalty for violation of the Administrative Simplification provisions. The penalty may not be more than:

Options:

A.

$1,000,000 per person pet violation

B.

$10 per person pet violation

C.

$10,000 per person per violation

D.

$100 per person per violation

E.

$1000 per person per violation

Question 10

Formal, documented instructions for reporting security breaches are referred to as:

Options:

A.

Business Associate Contract

B.

Response and Reporting

C.

Emergency Access Procedure

D.

Sanction policy

E.

Risk Management

Question 11

A grouping of functional groups, delimited by' a header/trailer pair, is called a:

Options:

A.

Data element

B.

Data segment

C.

Transaction set

D.

Functional envelope

E.

Interchange envelope

Question 12

In terms of Security, the best definition of "Access Control" is:

Options:

A.

A list of authorized entities, together with their access rights.

B.

Corroborating your identity.

C.

The prevention of an unauthorized use of a resource.

D.

Proving that nothing regarding your identity has been altered

E.

Being unable to deny you took pan in a transaction.

Question 13

Ensuring that physical access to electronic information systems and the facilities in which they are housed is limited, is addressed under which security rule standard?

Options:

A.

Security Management Process

B.

Transmission Security

C.

Person or Entity Authentication

D.

Facility Access Controls

E.

Information Access Management

Question 14

Dr Jones, a practicing dentist, has decided to directly implement an EDI solution to comply with the HIPAA transaction rule Dr. Jones employs a small staff of 4 persons for whom he has sponsored a health care plan. Dr. Jones has revenues of less than $1 million. Select the code set that Dr. Jones should consider supporting for his EDI system.

Options:

A.

837 - Professional

B.

834

C.

CPT-4

D.

837 - Institutional

E.

CDT

Question 15

Within the context of a transaction set, the fields that comprise a hierarchical level are referred to as a(n):

Options:

A.

Loop.

B.

Enumerator.

C.

Identifier

D.

Data segment.

E.

Code set.

Question 16

This final security rule standard addresses encryption of data.

Options:

A.

Security Management Process

B.

Device and Media Controls

C.

Information Access Management

D.

Audit Controls

E.

Transmission Security

Question 17

A doctor sends patient records to another company for data entry services. A bonded delivery service is used for the transfer. The records are returned to the doctor after entry is complete, using the same delivery service. The entry facility and the network they use are secure. The doctor is named as his own Privacy Officer in written policies. The doctor has written procedures for this process and all involved parties are documented as having been trained in them. The doctor does not have written authorizations to disclose Protected Health Information (PHI). Is the doctor in violation of the Privacy Rule?

Options:

A.

No - This would be considered an allowed "routine disclosure" between the doctor and his business partner

B.

Yes - There is no exception to the requirement for an authorization prior to disclosure, no matter how well intentioned or documented.

C.

Yes - a delivery service is not considered a covered entity

D.

Yes - to be a “routine disclosure” all the parties must have their own Privacy Officer as mandated by HIPAA

E.

Yes - this is not considered a part of "treatment", which is one of the valid exceptions to the Privacy Rule

Question 18

The security standard that has the objective of implementing mechanisms to record and examine system activity is:

Options:

A.

Access Control

B.

Audit Controls

C.

Authorization Controls

D.

Data Authentication

E.

Person or Entity Authentication

Question 19

Select the correct statement regarding the definition of the term "disclosure" as used in the HIPAA regulations.

Options:

A.

"Disclosure" refers lo employing IIHI within a covered entity.

B.

"Disclosure" refers to utilizing, examining, or analyzing IIHI within a covered entity.

C.

"Disclosure" refers to the release, transfer, or divulging of IIHI to another covered entity.

D.

"Disclosure" refers to the movement of information within an organization.

E.

"Disclosure" refers to the sharing of information within the covered entity.

Question 20

The scope of the Privacy Rule includes:

Options:

A.

All Employers.

B.

The Washington Publishing Company

C.

Disclosure of non-identifiable demographics.

D.

Oral disclosure of PHI.

E.

The prevention of use of de-identified information.

Question 21

A health care clearinghouse is an entity that:

Options:

A.

Requires PKI for the provider and the patient.

B.

Is exempt from HIPAA regulations.

C.

Is a not-for-profit operation.

D.

Identifies all hospitals and health care organizations.

E.

Performs the functions of format translation and data conversion.

Question 22

Conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI is:

Options:

A.

Risk Analysis

B.

Risk Management

C.

Access Establishment and Modification

D.

Isolating Health care Clearinghouse Function

E.

Information System Activity Review

Question 23

A key date in the transaction rule timeline is:

Options:

A.

October 16, 2003 - small health plans to begin testing without ASCA extension

B.

October 16, 2004 - full compliance deadline for small health plans

C.

April 16, 2004 - small health plans to begin testing with ASCA extension

D.

April 16, 2003 - deadline to begin testing with ASCA extension

E.

April 14, 2003; deadline to begin testing with the ASCA extension.

Question 24

To comply with the Final Privacy Rule, a valid Notice of Privacy Practices:

Options:

A.

Is required for all Business Associate Contracts.

B.

Must always be associated with a valid authorization.

C.

Must be signed before providing treatment to a patient.

D.

Must be associated with a valid Business Associate Contract.

E.

Must describe the individual's rights under the Privacy Rule.

Page: 1 / 6
Total 160 questions