Download NHA- CEHRS CERTIFIED Electronic Health Record System Notes, EXAM QUESTIONS & ANSWERS Prep and more Exams Nursing in PDF only on Docsity!
NHA- CEHRS CERTIFIED Electronic Health Record System Notes,
EXAM QUESTIONS & ANSWERS Prep 2025 Complete| University
of California, San Francisco (UCSF) School of Nursing
Access report Report of all persons within a facility who have had access to a patient's protected health information Audit trail Report which shows accesses by user to each function of the software - users who reviewed a patient's record Data integrity Maintaining the accuracy and consistency of data User rights Limitations of one's access to the functionality of software as defined by job description Password Unique code that is used to gain access to computer applications Select all that apply Which of HIPAA's original rules were made more stringent by the HITECH Act? Multiple select question. Safety Privacy Security Reimbursement Privacy Security Select all that apply The Omnibus Final Rule to the HITECH Act made which of the following types of changes? Multiple select question. Enhancements to protect patient privacy Denial of patients' requests for electronic health records when asked for them Elimination of sharing of information between multiple providers caring for one patient Strengthening the government's power to enforce the law
Additions to individual patient rights Enhancements to protect patient privacy Strengthening the government's power to enforce the law Additions to individual patient rights The patient's right to expect that a patient's health information will not be released to any other entity without written authorization or as required by law is considered ________. privacy security confidentiality safety confidentiality Information about a patient's hospital status and his or her location in the hospital or facility is called _______. security information Master Patient Index directory information public knowledge directory information Accounting of disclosures Providing the patient with a listing of all disclosures of his or her health information Breach of confidentiality Releasing information without a required, properly executed authorization Malware Viruses and Trojan horses that attack computer programs Data integrity Maintaining the accuracy and consistency of data Notice of Privacy Practices Written document that makes patients aware of their rights under HIPAA Select all that apply Which of the following apply to HITECH? Multiple select question.
confidentiality privacy _______ should be used to deter access to computer systems by unauthorized individuals. Decryption Malware Firewalls Trojan horses Firewalls Select all that apply Which of the following should be addressed by electronic privacy and confidentiality policies? Multiple select question. Release of directory information Release of information to outside sources Insurance reimbursement information Hard-copy documents should be discarded in trash bins Signing of Notices of Privacy Practices Release of directory information Release of information to outside sources Signing of Notices of Privacy Practices The tangible items used in automation are considered ______. hardware malware firewalls software hardware Hardware Tangible items that are used in automation Privacy The right to expect that one's personal space is respected while undergoing healthcare Covered entity
Any healthcare entity that captures or utilizes health information Confidentiality Patient's right to expect that his or her health information will not be released without written authorization Where should you use portable devices? In a room with the door shut In the cafeteria In the lobby of the office In a busy area In a room with the door shut What is a HIPAA requirement that a patient must sign so they are aware of how their personal health information will be used? Notice of HIPAA Health Privacy Practices Health Insurance Portability Act Notice of Privacy Practices Notice of Privacy Practices A report that shows who accessed a person's medical record, is called: encrypted password report accounting of disclosures access report access report What comes in the form of worms, viruses, and Trojan horses, all of which attack computer programs? CD virus Malware Computer virus Phishing Malware What does ARRA stand for? American Recovery and Reinvestment Act
Multiple select question. Sign out of the device when unattended Store passwords on or near the device Encrypt PHI Leave the device open for easy access Use portable devices in secure areas Sign out of the device when unattended Encrypt PHI Use portable devices in secure areas Those choosing the EHR system should always keep which of the following in mind? Multiple select question. Facility needs Target date or timeline for implementation Office needs Patient contributions for payment Staff and training needs Types of insurance accepted by practice Facility needs Office needs Staff and training needs Target date or timeline for implementation When you provide the patient with a listing of all disclosures of his/her health information, both internally and externally, is called: accounting of disclosures What did HITECH offer from the ARRA? Multiple choice question. Made the rules for billing and coding more stringent Made the rules for security and privacy of electronic systems more stringent Made the rules for healthcare reimbursement more stringent Made the rules for security of paper systems more stringent
Made the rules for security and privacy of electronic systems more stringent What two agencies have established standards that EHRs must use to qualify for incentive programs for an upgrade or purchasing a new one? Multiple choice question. CMS and ONC OSHA and CMS HL7 and ONC CMS and The Joint Commission CMS and ONC Password protection Must be assigned to all users and meet certain criteria to access software applications User identification Each user has one to log in and it often consists of person's first initial and last name Access rights Policies that are dependent on each user's need to know are written and adhered to for functionality within the EHR Accounting of disclosures Need authorized request, goes back a minimum of six years Security/Backup/Storage Kept in secure location and must be possible at any given time Auditing Ability to run reports by user or by patient that specify the menu, module, or function accessed Code sets EHR must use ICD-10 codes, CPT codes, and HCPCS codes What does AHIMA stand for? American Health Information Management Association Select all that apply Of the following, who should be involved in choosing and implementing an EHR within a particular medical practice? Multiple select question. Health information staff
To provide limited functionality to users To provide a user ID to staff To provide limited functionality to users What does ONC stand for? Multiple choice question. Office of National Compliance for Health Information Technology Office of the National Coordinator for Health Information Technology Office of the Natural Coordination for Health Information Technology Office of the National Coding Coordinator for Health Insurance Technology Office of the National Coordinator for Health Information Technology Select all that apply Which of the following would be considered factors of sensitive information? Multiple select question. Patient record of someone's relative who works at the facility Patient who had a heart attack STD listed in patient chart Patient who is well known to the community Patient record of someone's relative who works at the facility STD listed in patient chart Patient who is well known to the community What does HIMSS stand for? Multiple choice question. Healthcare Information and Management Systems Society Healthcare Infrastructure and Management Systems Security Healthcare Information and Maintenance Systems Society Healthcare Information and Management Security Systems Healthcare Information and Management Systems Society Who usually sets up the basic security measures, or access, in a practice management or EHR program? Multiple choice question. Chief Financial Officer
Office manager Chief Technology Officer Nurse Office manager The accuracy and timeliness of data collection is called ________. Multiple choice question. consistent charting limited data data interface data integrity data integrity Select all that apply Which of the following factors dictate the privileges of a user? Multiple select question. Hourly rate of pay Length of employment Position Job description Position Job description You have been asked to provide continuity of care for Mr. Johnson who was seen by Dr. Ingram and is going to see Dr. Jorgenson. What do you need to do to provide continuity of care? Release information about Dr. Ingram to Dr. Jorgenson Release information about Mr. Johnson to Dr. Ingram Release information about Dr. Jorgenson to Mr. Johnson Release information about Mr. Johnson to Dr. Jorgenson Release information about Mr. Johnson to Dr. Jorgenson When only certain people have access to information, it is considered _______. Multiple choice question. full-user access
OSHA
Meaningful Use HIPAA compliance plans Meaningful Use Select all that apply Which of the following describes continuity of care? Multiple select question. Sharing of information regarding patients' care Sharing of information regarding patients' bills The passing of information of one patient to another The passing of information from one provider to another Sharing of information regarding patients' care The passing of information from one provider to another Select all that apply Which of the following are examples of social media? Multiple select question. YouTube Twitter Texting Email Facebook YouTube Twitter Facebook Healthcare facilities are required to report breaches as part of which regulatory act? Multiple choice question. HIPAA HITECH ACA
OSHA
HITECH
Which of the following should be included in a social media policy? Multiple select question. Comments should not violate the privacy of patients or their families. Comments should not be offensive. Comments should be on topic. Comments can include specific details about patients. Comments can be inflammatory as long as an alias is used. Comments should not violate the privacy of patients or their families. Comments should not be offensive. Comments should be on topic. When do releases of information need to be accounted for? Multiple choice question. Internal staff members only External requesters only Internal or external requesters Upon insurance company request Internal or external requesters Select all that apply Which of the following apply to health information exchange? Multiple select question. There are no regulations addressing networking security. It is a Meaningful Use requirement. Care providers can access information from other providers immediately. Shared information is done through a secure environment. Information can only be shared between physicians and patients. It is a Meaningful Use requirement. Care providers can access information from other providers immediately. Shared information is done through a secure environment.
Support groups and blogs Facts and figures about patient populations Links to related sites Patient test results Social media policy Support groups and blogs Facts and figures about patient populations Links to related sites Select all that apply At a minimum, written compliance policies should cover which of the following? Multiple select question. Computer access Coding and billing Housekeeping schedule Daily operations Claim payments Security breaches Computer access Coding and billing Daily operations Security breaches Interactive communication sites via the Internet are considered to be _______. Multiple choice question. social media Internet media social networking media outlets social media What is a disaster recovery plan? Multiple choice question.
A plan that will help recover information and keep sensitive information secure A plan for replacement of key personnel A plan that is not necessary but can be done just in case something happens A plan that will help employees continue to be paid A plan that will help recover information and keep sensitive information secure Accounts Receivable Patient bills for services that have already been provided that legally are due to a facility. Autopsy Rates The percent of autopsies performed on patients who die in the hospital; reasons for not performing an autopsy in the hospital may include legal inquiry or family preference. Average Length of Stay (ALOS) The total number of patient days in a period divided by the number of patients; for example, the ALOS for cardiology services in February was 6.1 days. Benchmarks Goals or metrics a facility wants to meet; for example, if the industry standard is 90% of patients should have advance directives entered into their patient record within 24 hour of admission, and a hospital was only meeting this for 45% of the patients, they would use the external benchmark of 90% as a goal and track performance toward that goal by month or quarter. Centers for Disease and Control and Prevention (CDC) A division of the Department of Health and Human Services. Chief Executive Officer (CEO) Leader of a facility who reports to the Board of Directors. Chief Financial Officer (CFO) Leader who oversees all financial and fiscal decisions and issues for a facility; generally reports to the CEO. Commercial Insurers Private, non-government insurers; these are often the insurance options available through employers. Comorbidity Disease that exists at the same time as a primary disease that a patient is being treated for at the time; for example, a patient who has cancer is receiving cancer specific treatment and is also a diabetic - diabetes mellitus would be considered the comorbid condition. Complications
For the purpose of census data, a PCU has a defined number of beds and is staff assigned; also called floors, units, or wards. Prospective Payment System (PPS) System initially implemented by Medicare in the early 1980's that replaced fee-for-service payments for the provision of health services with predetermined payments based on the principal diagnosis of the patient. Service Lines Groups of patient services by specialty; hospitals define these individually, and they vary by facility with some similarities, such as obstetrics; examples include cardiology, neurology, thoracic surgery, general surgery, and the gynecology; some facilities choose to combine similar or related lines, such as obstetrics and neonatology, obstetrics and gynecology, and cardio-thoracic surgery; they are useful for compiling financial, compliance, and other in-house reports. Total Inpatient Service Days The number of inpatients receiving care each day summed for the days in the period under study; for example, if you are reviewing the total inpatient service days for the month of September, which has 30 days, add the patients for Sept 1 (125), Sept 2 (119), and so on; the total is the sum of all patients per day. az Which of the following describes the impact on legacy systems when implementing an EHR system? They were not built to work with other health information technology solutions. CPOE Allows a provider to order medications, diagnostic testing, rehabilitation, and other services for inpatients. ePrescribing Is the tool providers use in the outpatient setting to send prescriptions to the patient's pharmacy. It replaces the paper prescription pad. eFax Is a software application that allows EHR specialists to send a document from the computer to a fax machine. HIS Refers to the sum total of all information systems that support operations in a facility. CCHIT Approves and certifies EHR technology and is the required standard for facilities and providers wanting to participate in the Meaningful Use incentive program. Hybrid Record A record that is partially paper and partially electronic. Affordable Care Act Mandates comprehensive health insurance reform.
American Recovery and Reinvestment Act of 2009 (ARRA) Consists of three major goals: create and save jobs, spur economic activity and invest in long-term growth, and support accountability and transparency in recovery spending. Authorization Required for any release of patient PHI; consists of specific elements that make it legal and appropriate to release information. Business associate An organization or individual who provides specific services to a covered entity involving the use or disclosure of PHI; for example, an off-site storage company that houses EMR data. Centers for Medicare and Medicaid Services (CMS) Federal agency charged with administration of the Medicare and Medicaid programs, as well as the Children's Health Insurance Program; operating division of the Department of Health and Human Service (HHS). Certification Commission for Health Information Technology (CCHIT) Established to evaluate and approve EHR and EMR systems; to participate in incentive programs for EHR adoption and use, facilities must use a certified EHR or EMR product. Computer on Wheels (COW) Most often refers to a laptop computer that sits on a cart with wheels that can be rolled from patient room to patient room and facilitates real time documentation or charting of patient care; often called COW's. Computerized Provider Order Entry (CPOE) Allows providers to order prescription medication, including IV therapies, laboratory tests, imaging studies, rehabilitation services, dietary requirements in the inpatient environment. Conditions of Participation (CoPs) Specific practices that CMS mandates for facilities to follow if they treat patients covered under Medicare or Medicaid; similar to the Joint Commission's accreditation requirements. Continuity of Care Document (CCD) The widely-accepted and federally-mandated document for sharing patient health information across facilities; replaced the CCR and CDA, which were earlier attempts at addressing the continuity of patient care between facilities. Continuity of Care Record (CCR) An early form of a document developed to make communication about patients' course of care available across facilities; CCD replaced it. Covered entities Providers who transmit PHI in an electronic format, health plans, and health care clearinghouses. Credentialing
