Download Healthcare Compliance and Security: Exam Prep Questions with Solutions and more Exams Nursing in PDF only on Docsity!
Dom5 exam prep Questions With Complete Solutions A laboratory employee forgot his password to the computer system while trying to record the results for a STAT request. He asked his coworker to log in for him so that he could record the results and said he would then contact technical support to reset his password. What controls should have been in place to minimize this security breach? a. Access controls b. Security incident procedures c. Security management process d. Workforce security awareness training Correct Answers d. Workforce security awareness training . When performing a coding audit, a health record technician discovers that an inpatient coder is assigning diagnosis and procedure codes specifically for the purpose of obtaining a higher level of reimbursement. The coder believes that this practice helps the hospital increase its revenue. Which of the following should be done in this case? a. Compliment the coder for taking initiative in helping the hospital b. Report the coder to the FBI for coding fraud c. Counsel the coder and stop the practice immediately d. Provide the coder with incentive pay for her actions Correct Answers c. Counsel the coder and stop the practice immediately A coder's misrepresentation of the patient's clinical picture through intentional incorrect coding or the omission of diagnosis or procedure codes would be an example of:
a. Healthcare fraud b. Payment optimization c. Payment reduction d. Healthcare creativity Correct Answers a. Healthcare fraud A facility recently submitted two claims for the same service for a patient's recent encounter for chemotherapy. If the third-party payer pays both of these claims, the facility will receive a higher reimbursement than deserved. This is called: a. Appropriate payment b. Overpayment c. Unbundling d. Waste Correct Answers b. Overpayment A group practice has hired an HIT as its chief compliance officer. The current compliance program includes written standards of conduct and policies, and procedures that address specific areas of potential fraud. It also has audits in place to monitor compliance. Which of the following should the compliance officer also ensure are in place? a. A bonus program for coders who code charts with higher paying MS-DRGs b. A hotline to receive complaints and adoption of procedures to protect whistleblowers from retaliation c. Procedures to adequately identify individuals who make complaints so that appropriate followup can be conducted d. A corporate compliance committee that reports directly to the CFO Correct Answers b. A hotline to receive complaints and adoption of procedures to protect whistleblowers from retaliation
A local nonprofit community hospital is looking to do a fundraiser to add to their surgical center. HIPAA rules restrict activities related to fundraising for healthcare organizations. Which of the following must the hospital do to comply with the HIPAA requirements for fundraising? a. Fundraising materials do not have to include opt-out instructions b. Prior authorization is only required if individuals are not targeted based on diagnosis c. Individuals must be informed in the notice of privacy practices that their information may be used for fundraising purposes d. Authorization is never required for fundraising solicitations Correct Answers c. Individuals must be informed in the notice of privacy practices that their information may be used for fundraising purposes A new mother placed her baby in the bassinet in her hospital room while she used the restroom in her room. When she returned, she went to pick up her baby and found the bassinet empty. She immediately called the nurse to inquire as to the whereabouts of her child. The nurse replied that she had not taken the baby and immediately issued a hospital-wide security alert for a possible infant abduction. Although all procedures were followed to locate the baby, the baby was not found within the hospital. This situation describes a ________. a. near miss b. sentinel event c. security incident d. time out Correct Answers b. sentinel event
A notice that suspends the process or destruction of health records is called a: a. Subpoena b. Consent form c. Rule d. Legal hold Correct Answers d. Legal hold A patient requested a copy of a payment made by her insurance company for a surgery she had last month. The business office copied the remittance advice (RA) notice the organization received from the insurance company but failed to delete or remove the PHI for 10 other patients listed on the same RA. This is an example of: a. Double billing b. Stereotyping c. Retrospective review d. Security breach Correct Answers d. Security breach A patient was taken into surgery at a local hospital for treatment of colon cancer. A large section of the colon was removed during surgery and the patient was taken to the medical floor after surgery. Within the first 24 hours post-op, the patient developed fever, chills, and abdominal pain. An abdominal CT scan revealed the presence of a foreign body. This situation describes a: a. Near miss b. Sentinel event c. Security incident d. Time out Correct Answers b. Sentinel event
refused to release the emergency department records without a written authorization from the patient. Was this action in compliance? a. No; the records are needed for continued care of the patient, so no authorization is required b. Yes; the release of all records requires written authorization from the patient c. No; permission of the ER physician was not obtained d. Yes; one covered entity cannot request the records from another covered entity Correct Answers a. No; the records are needed for continued care of the patient, so no authorization is required A Recovery Auditing Contractor (RAC) is conducting a review of claims for improper payment at Wildcat Hospital. The review is performed electronically utilizing a software program that analyzes claims data to identify proper payments. This type of review is referred to as: a. Automated review b. Complex review c. Semi-automated review d. Semi-complex review Correct Answers a. Automated review A risk manager is called in to evaluate a situation in which a visitor to the hospital slipped on spilled water, fell, and fractured his femur. This situation was referred to the risk manager because it involves a: a. Medical error b. Claims management issue c. Potentially compensable event
d. Sentinel event Correct Answers c. Potentially compensable event A visitor to the hospital looks at the screen of the admitting clerk's computer workstation when she leaves her desk to copy some admitting documents. What security mechanism would best have minimized this security breach? a. Document controls b. Audit controls c. Automatic logoff controls d. Device and media controls Correct Answers c. Automatic logoff controls A(n) __________ is imposed on providers by the OIG when fraud and abuse is discovered through an investigation. a. Corporate Integrity Agreement b. OIG Workplan c. Red Flags Rule d. Resource Agreement Correct Answers a. Corporate Integrity Agreement All of the following are measures used to track and assess clinical documentation improvement (CDI) programs except: a. Record review rate b. Physician query rate c. Record agreement rate d. Query agreement rate Correct Answers c. Record agreement rate Calling out patient names in a physician's office is: a. An incidental disclosure
c. Provide physicians the opportunity to add addenda to their reports to clarify documentation issues d. Conduct a retrospective review of all query opportunities for the year Correct Answers d. Conduct a retrospective review of all query opportunities for the year Community Hospital is identifying strategies to minimize the security risks associated with employees leaving their workstations unattended. Which of the following solutions will minimize the security risk of unattended workstations? a. Use biometrics for access to the system. b. Implement firewall and virus protection. c. Implement automatic session terminations. d. Install encryption and similar devices. Correct Answers c. Implement automatic session terminations. Community hospital is looking for ways to increase physician referrals. One board member suggested that they offer local physician $100 for every patient referred to the hospital for care. If the hospital goes ahead with the board member's suggestion, what statute is the hospital violating? a. Anti-Kickback Statute b. False Claims Act c. Health Insurance Portability and Accountability Act d. Red Flags Rule Correct Answers a. Anti-Kickback Statute Corporate compliance programs became common after adoption of which of the following? a. False Claims Act b. Federal Sentencing Guidelines c. Office of the Inspector General for HHS
d. Federal Physician Self-Referral Statute Correct Answers b. Federal Sentencing Guidelines Detailed query documentation can be used to: a. Protect the hospital from lawsuits b. Protect the hospital against claims from physicians about leading queries c. Show the effects of follow-up training d. Protect the auditor from corrective action Correct Answers b. Protect the hospital against claims from physicians about leading queries Dr. Smith always orders the same 10 things when a new patient is admitted to the hospital in addition to some patient-specific orders. What would assist in assuring that the specific patient is not allergic to a drug being ordered? a. Clinical decision support b. Electronic medication administration record system c. Pharmacy information system d. Standard order set Correct Answers c. Pharmacy information system During a review of documentation practices, the HIM director finds that nurses are routinely using the copy and paste functionality of the hospital's EHR system for documenting nursing notes. Which of the following should the HIM director do to ensure that the nurses are following acceptable documentation practices? a. Inform the nurses that copy and paste is not acceptable and to stop this practice immediately b. Determine how many nurses are involved in this practice
a. Time-out b. Serious events c. Sentinel events d. Near misses Correct Answers d. Near misses Every healthcare organization's risk management plan should include the following components except: a. Loss prevention and reduction b. Risk identification and analysis c. Peer review d. Claims management Correct Answers c. Peer review Examples of high-risk billing practices that create compliance risks for healthcare organizations include all except which of the following? a. Altered claim forms b. Returned overpayments c. Duplicate billings d. Unbundled procedures Correct Answers b. Returned overpayments Exceptions to the Federal Anti-Kickback Statute that allow legitimate business arrangements and are not subject to prosecution are: a. Qui tam practices b. Safe practices c. Safe harbors d. Exclusions Correct Answers c. Safe harbors From an evidentiary standpoint, incident reports: a. Are universally nonadmissible during trial proceedings
b. May be referenced in the patient's health record c. Should not be placed in a patient's health record d. Are universally nondiscoverable during litigation Correct Answers c. Should not be placed in a patient's health record Healthcare abuse relates to practices that may result in: a. False representation of fact b. Failure to disclose a fact c. Performing medically unnecessary services d. Knowingly submitting altered claim forms Correct Answers c. Performing medically unnecessary services Healthcare fraud is all except which of the following? a. Damage to another party that reasonably relied on misrepresentation b. False representation of fact c. Failure to disclose a material fact d. Unnecessary costs to a program Correct Answers d. Unnecessary costs to a program Healthcare organizations conduct regular campaigns and educational sessions for all employees on the proper methods and procedure of working with patients with blood-borne pathogens like Hepatitis or HIV. These large-scale educational efforts are used to protect patients and employees against possible exposure to infectious agents is called ________. a. Infectious deterrents b. Standard measures c. Standard precautions d. Infectious measures Correct Answers c. Standard precautions
c. Nine d. Three Correct Answers b. Seven How many identifiers must be removed for a data to be considered de-identified under the Safe Harbor Method? a. 12 b. 15 c. 18 d. 20 Correct Answers c. 18 If a patient notices an unknown item in the explanation of benefits they receive from an insurance company and they do not recognize the service being paid for, the patient should: a. Not do anything b. Contact the insurer and the provider who billed for the services to correct the information c. Contact the police d. Contact human resources and let them know there has been a mistake Correct Answers b. Contact the insurer and the provider who billed for the services to correct the information If a patient receives a ________ from a healthcare organization it indicated that the patient's protected health information was involved in a data breach. a. Notice of Breach b. Release of Information c. Protected Health Breach Notice d. Receipt of Breach Notice Correct Answers d. Receipt of Breach Notice
If an HIM department acts in deliberate ignorance or in disregard of official coding guidelines, it may be committing: a. Abuse b. Fraud c. Malpractice d. Kickbacks Correct Answers b. Fraud In a typical acute-care setting, the Explanation of Benefits, Medicare Summary Notice, and Remittance Advice documents (provided by the payer) are monitored in which revenue cycle area? a. Preclaims submission b. Claims reconciliation and collections c. Accounts receivable d. Claims processing Correct Answers b. Claims reconciliation and collections In developing a coding compliance program, which of the following would not be ordinarily included as participants in coding compliance education? a. Current coding personnel b. Medical staff c. Newly hired coding personnel d. Nursing staff Correct Answers d. Nursing staff In developing a monitoring program for inpatient coding compliance, which of the following should be regularly audited? a. ICD-10-CM and ICD-10-PCS coding b. CPT/HCPCS and LOINC coding c. ICD-10-CM and SNOMED coding
d. Perform a root cause analysis of records denied for insufficient documentation and then develop a plan based on the findings. Correct Answers d. Perform a root cause analysis of records denied for insufficient documentation and then develop a plan based on the findings. Mary's PHI has been breached. She must be informed of all of the following except: a. Who committed the breach b. Date the breach was discovered c. Types of unsecured PHI involved d. What she may do to protect herself Correct Answers a. Who committed the breach Medical identity theft includes which of the following: a. Using another person's name to obtain durable medical equipment b. Purchasing an EHR c. Purchasing surgical equipment d. Using another healthcare provider's national provider identifier to submit a claim Correct Answers a. Using another person's name to obtain durable medical equipment n developing an internal audit review program, which of the following would be risk areas that should be targeted for audit? a. Admission diagnosis and complaints b. Chargemaster description c. Clinical laboratory results d. Radiology orders Correct Answers b. Chargemaster description
One way for a hospital to demonstrate compliance with OIG guidelines is to: a. Designate a privacy officer b. Continuously monitor PEPPER reports c. Develop, implement, and monitor written policies and procedures d. Obtain ABNs for all Medicare registrations Correct Answers c. Develop, implement, and monitor written policies and procedures Organizations use of audits in data analysis in order to ensure compliance with policies and procedures is a component of: a. Internal monitoring b. Benchmarking c. Corrective action d. Educating staff Correct Answers a. Internal monitoring Our computer system just notified us that Mary Burchfield has just looked up another patient with the same last name. This notification is called a(n): a. Trigger b. Audit reduction tool c. Integrity d. Audit control Correct Answers a. Trigger Pam is a nursing supervisor in the newborn intensive care unit. During her shift several parents of newborns in the unit are visiting and the neonatologist has also recently been in and has provided orders for several of the newborns. Because of the current workload another nurse in the unit, Jackie, has asked Pam to help her complete the orders. Pam is asked to administer
