The scope of the Privacy Rule includes:
A. All Employers.
B. The Washington Publishing Company
C. Disclosure of non-identifiable demographics.
D. Oral disclosure of PHI.
E. The prevention of use of de-identified information.
This code set is used to describe or identity radiological procedures and clinical laboratory tests:
A. ICD-9-CM. Volumes 1 and 2.
B. CPT-4
C. CDT.
D. ICD-9-CM, Volume 3.
E. HCPCS.
The objective of this HIPAA security standard is to implement policies and procedures to prevent, detect, contain, and correct security Violations.
A. Security Incident Procedures
B. Assigned Security Responsibility
C. Security Management Process
D. Access Control
E. Facility Access Control
A pharmacist is approached by an individual and asked a question about an over-the-counter medication. The pharmacist needs some protected health information (PHI) from the individual to answer the question. The pharmacist will not be creating a record of this interaction. The Privacy Rule requires the pharmacist to:
A. Verbally request a consent and offer a copy of the Notice of Privacy Practices.
B. Verbally request specific authorization for the PHI.
C. Do nothing more.
D. Obtain the signature of the patient on their Notice of Privacy Practices.
E. Not respond to the request without an authorization from the primary physician.
A doctor is sending a patient's lab work to a lab That is an external business partner. The lab and the doctor's staff are all trained on the doctor's Privacy Practices. The doctor has a signed Notice from the patient, In order to use or disclose PHI, the lab MUST.
A. Request that the patient sign the lab's Notice of Privacy Practices
B. Do nothing more -- the activity is covered by the doctor's Notice of Privacy Practices,
C. Obtain a specific authorization from the patient.
D. Obtain a specific authorization from the doctor.
E. Verify that the doctor's Notice of Privacy Practices has not expired.
The Final Privacy Rule requires a covered entity to obtain an individual's prior written authorization to use his or her PHI for marketing purposes except for:
A. Situations where the marketing is for a drug or treatment could improve the health of that individual.
B. Situations where the patient has already signed the covered entity's Notice of Privacy Practices.
C. A face-to-face encounter with the sales person of a company that provides drug samples.
D. A communication involving a promotional gift of nominal value.
E. The situation where the patient has signed the Notice of Privacy Practices of the marketer.
Security reminders, using an anti-virus program on workstations, keeping track of when users log-in and out, and password management are all part of:
A. Security incident Procedures
B. information Access Management
C. Security Awareness and Training
D. Workforce Security
E. Security Management Process
Select the correct statement regarding the definition of the term "disclosure" as used in the HIPAA regulations.
A. "Disclosure" refers to employing IIHI within a covered entity.
B. "Disclosure" refers to utilizing, examining, or analyzing IIHI within a covered entity.
C. "Disclosure" refers to the release, transfer, or divulging of IIHI to another covered entity.
D. "Disclosure" refers to the movement of information within an organization.
E. "Disclosure" refers to the sharing of information within the covered entity.
The National Provider Identifier (NPI) will eventually replace the:
A. NPF .
B. NPS .
C. CDT .
D. ICD-9-CM, Volume 3 .
E. UPIN .
In addition to code sets, HIPAA transactions also contain:
A. Security information such as a fingerprint.
B. Privacy information.
C. Information on all business associates,
D. Information on all health care clearinghouses.
E. Identifiers.
