CHPC EXAM STUDY SET 1 QUESTIONS WITH CORRECT DETAILED ANSWERS VERIFIED A+ ALREADY GRADED, Exams of Advanced Education

Download CHPC EXAM STUDY SET 1 QUESTIONS WITH CORRECT DETAILED ANSWERS VERIFIED A+ ALREADY GRADED and more Exams Advanced Education in PDF only on Docsity!

Anew privacy officer is reviewing an organization's current policy on patient requests for amendments. Which of the following is the MOST critical to the evaluation process? A. effective and revision dates of the policy B. accurate description of the regulatory requirements C. nature of complaints related to the policy D. description of the form letters used to respond to requests - correct answers-B. accurate description of the regulatory requirements As part of due diligence on Business Associates, a privacy officer would be MOST concerned with confirming that they conduct: A. criminal background checks. B. credit history checks. C. provider credentialing checks. D. health screening checks. - correct answers-A. criminal background checks. Data breach response training is required by which of the following regulations? A. HITECH B. GLBA C. FMLA D. Privacy Act - correct answers-A. HITECH A business associate has contacted an organization's privacy officer to alert him that some of the patient information that they hold in relation to the BAA may have been breached. An employee took a laptop that contained patient information from several vendors and misplaced it at an airport. They are not 100% sure that information from the organization was on the laptop. Which of the following is the MOST appropriate response by the privacy officer? A. Rely on the business associate to conduct any needed notifications. B. Notify each individual whose PHI has been possibly disclosed. C. Determine if the breach involved more than 500 individuals. D. Assure that all notifications occur no later than 90 days after discovery. - correct answers-C. Determine if the breach involved a. Accounting disclosures b. Office visit documentation c. Psychotherapy notes d. Medication list - correct answers-c. Psychotherapy notes The "Notice of Privacy Practices" explains the ways the practice will use patient information and describes patients’ rights regarding their information. a. True b. False - correct answers-a. True There are three things that a practice must do regarding communicating with the patient about privacy practices and procedures, except for one of the following: a. Give every patient a notice describing the physician office privacy practices b. Make a "good faith" effort to obtain the patient's written acknowledgment of receiving the notice c. Obtain the patient's authorization for disclosures or uses not covered by the "Notice of Privacy Practices" d. Give every patient a copy of his or her medical record - correct answers-d. Give every patient a copy of his or her medical record Sign-in sheets include protected health information. However, they may be used without violating privacy rules for this reason: a. Patient name is not protected health information b. The sign-in sheet is used for health care operations and is considered an incidental disclosure c. The patient name is usually not legible d. Not all persons signing the sheet are patients - correct answers-b. The sign-in sheet is used for health care operations and is considered an incidental disclosure A physician office employee sees her neighbor at the office. It is acceptable for the employee to mention to another friend that she saw the patient at the doctor's office, as long as the employee did not mention why the patient was there. a. True b. False - correct answers-b. False The rights of individual patients under HIPAA rules cover their access to their information and its disclosure to others. Which of the following is not a patient right under HIPAA rules? a. To inspect and copy his or her health information b. To request changes to his or her records c. To obtain an accounting of disclosures of his or her information d. To inspect the protected health information of his or her spouse - correct answers-d. To inspect the protected health information of his or her spouse When must the patient authorize the use or disclosure of health information? a. At every visit b. Only when the information will be provided to law enforcement c. Only when used for purposes other than treatment, day-to-day operations, or to comply with a request to which the practice is legally obligated to respond d. Only in emergency situations - correct answers-c. Only when used for purposes other than treatment, day-to-day operations, or to comply with a request to which the practice is legally obligated to respond HIPAA rules and regulations cover what kind of information? a. All personal health information in any format, for any person b. Protected health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral c. Diagnoses and procedure information d. All health information for persons who have insurance - correct answers-b., Protected health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral Under what circumstances are employees allowed to repeat to others PHI that is heard or seen on the job? a. Only when authorized for their job duties b. Once they have been terminated c. After a patient dies d. If they do not think the patient would mind - correct answers-a. Only when authorized for their job duties What should an employee do when he or she suspects another employee is in violation of the privacy or security policies? a. Gather solid evidence against the person b. Visitors should not be able to view information on computer screens c. Administrator workstations that can enable or disable security features located in secure areas d. Computer stations located in a patient waiting room - correct answers-d. Computer stations located in a patient waiting room Before faxing PHI or confidential information, which of the following should an employee do? Select all that apply. a. Use a fax cover sheet with approved confidentiality statement b. Confirm the fax number before sending c. Send the minimum information necessary d. Use any cover sheet as long as it contains the organization's name and contact information - correct answers-a. Use a fax cover sheet with approved confidentiality statement b. Confirm the fax number before sending c. Send the minimum information necessary The HIPAA security regulations apply only to protected health information in electronic form. What about the HIPAA privacy regulations? a. These also apply only to information in electronic form b. Privacy regulations apply to information being faxed c. Privacy regulations do not apply to Medicare patients d. Privacy regulations apply to both paper and electronic formatted information - correct answers-d. Privacy regulations apply to both paper and electronic formatted information Why is giving away old computer equipment used by a health care provider's office more of a security risk than just placing the equipment in the trash? a. Recipients of ald computer equipment will ultimately destroy the equipment b. PHI may remain on the equipment c. Equipment may contain blood-borne pathogen contamination d. Once given away, the equipment cannot be tracked - correct answers-b. PHI may remain on the equipment What is the definition of a breach of protected health information? a. Access, use, or disclosure of PHI that compromises security or privacy of the PHI b. Inadvertent release of clinical information c. An incident in which PHI leaves the physician practice d. Theft of any equipment from a physician office or hospital - correct answers-a. Access, use, or disclosure of PHI that compromises security or privacy of the PHI A physician employee is working at a satellite office on Tuesday. On Monday, he takes a laptop home so he can go straight to the satellite office the next morning. What is the best practice to secure the laptop overnight? a. Lock it in the trunk of the car b. Cover it up with something and lock it inside the car c. Leave it in the car, but pull inside the garage d. Take it inside and keep it in a secure location - correct answers-d. Take it inside and keep it in a secure location When using email to communicate with patient, what method out of the following is an appropriate safeguard per the Security Rule guidelines? a. Asking the patient to delete the message immediately after he or she reads it b. If a patient emails the employee first, the Rule does not apply c. Using encryption to send the email to the patient d. Only using patient's medical record number in the email not his or her name - correct answers-c. Using encryption to send the email to the patient