UMUC HCAD 650 HCAD/650 HCAD650 Midterm Answers

$39.99

Category: Tags: ,

Description

Question 1 (1 point)

 

The three components of a security program are protecting the privacy of data, ensuring the integrity of data, and ensuring the ________.

Question 1 options:

A) 

security of hardware

 

B) 

validity of data

 

C) 

availability of data

 

D) 

security of data

 

 

Question 2 (1 point)

 

Which of the following situations violate a patient’s privacy?

Question 2 options:

A) 

The hospital provides patient names and addresses to a pharmaceutical company to be used in a mass mailing of free drug samples.

 

B) 

The physician on the quality improvement committee reviews medical records for potential quality problems.

 

C) 

The hospital sends patients who are scheduled for deliveries information on free childbirth classes.

 

D) 

The hospital uses aggregate data to determine whether or not to add a new operating room suite.

 

Question 3 (1 point)

 

A record that has been requested by subpoena duces tecum is currently located at an off-site microfilm company. By contacting the microfilm provider, you learn that the microfilm is ready and the original copy of the record still exists. What legal requirement would compel you to produce the original record for the court?

Question 3 options:

A) 

motion to quash

 

B) 

subpoena instanter

 

C) 

best evidence rule

 

D) 

hearsay rule

 

Question 4 (1 point)

 

Spoliation is the term that refers to the wrongful destruction of evidence or the failure to preserve property, which addresses which of the following methods of discovery?

Question 4 options:

A) 

interrogatories

 

B) 

e-discovery

 

C) 

deposition

 

D) 

request for admissions

 

Question 5 (1 point)

 

The patient has the right to control access to his or her health information. This is known as

Question 5 options:

A) 

confidentiality

 

B) 

security

 

C) 

privacy

 

D) 

disclosure

 

Question 6 (1 point)

 

Intentional threats to security could include

Question 6 options:

A) 

a natural disaster (flood)

 

B) 

data theft (unauthorized downloading of files).

 

C) 

human error (data entry error).

 

D) 

equipment failure (software failure)

 

Question 7 (1 point)

 

The police came to the HIM Department today and asked that a patient’s right to an accounting of disclosure be suspended for two months. What is the proper response to this request?

Question 7 options:

A) 

“Certainly officer. We will be glad to do that as soon as we have the request in writing.”

 

B) 

“I’m sorry officer, but privacy regulations do not allow us to do this.”

 

C) 

“I’m sorry officer but we can only do this for one month.”

 

D) 

“Certainly officer. We will take care of that right now.”

 

Question 8 (1 point)

 

Which of the following measures should a health care facility incorporate into its institution-wide security plan to protect the confidentiality of the patient record?

Question 8 options:

A) 

locked access to data processing and record areas

 

B) 

use of unique computer passwords, key cares, or biometric identification

 

C) 

verification of employee identification

 

D) 

Correct:All of these answers apply.

 

Question 9 (1 point)

 

Which of the following would be an inappropriate procedure for the custodian of the medical record to perform prior to taking a medical record from a health care facility to court?

Question 9 options:

A) 

Prepare an itemized list of sheets contained in the medical record.

 

B) 

Number each page of the record in ink.

 

C) 

Document in the file folder the total number of pages in the record.

 

D) 

Remove any information that might prove detrimental to the hospital or physician.

 

Question 10 (1 point)

 

Laws that limit the period during which legal action may be brought against another party are known as

Question 10 options:

A) 

summons

 

B) 

statutes of limitations.

 

C) 

case law

 

D) 

common law

 

Question 11 (1 point)

 

You are looking for potential problems and violations of the privacy rule. What is this security management process called?

Question 11 options:

A) 

risk management 

 

B) 

business continuity planning

 

 

 

 

 

 

C) 

risk assessment

 

D) 

risk aversion

 

Question 12 (1 point)

 

You have been asked to provide examples of technical security measures. Which of the following would you include in your list of examples?

Question 12 options:

A) 

training

 

B) 

locked doors

 

C) 

automatic logout

 

D) 

minimum necessity 

 

Question 13 (1 point)

 

You work for a 60-bed hospital in a rural community. You are conducting research on what you need to do to comply with HIPAA. You are afraid that you will have to implement all of the steps that your friend at a 900-bed teaching hospital is implementing at his facility. You continue reading and learn that you only have to implement what is prudent and reasonable for your facility. This is called

Question 13 options:

A) 

access control.

 

B) 

scalable.

 

C) 

technology neutral.

 

D) 

risk assessment.

 

Question 14 (1 point)

 

Which of the following is considered confidential information if the patient is seeking treatment in a substance abuse facility?

Question 14 options:

A) 

patient’s name

 

B) 

patient’s address

 

C) 

patient’s diagnosis

 

D) 

All of these answers apply

 

Question 15 (1 point)

 

Before a user is allowed to access protected health information, the system confirms that the patient is who he or she says they are. This is known as

Question 15 options:

A) 

authentication

 

B) 

authorization

 

C) 

notification

 

D) 

access control

 

Question 16 (1 point)

 

Which of the following set(s) is an appropriate use of the emergency access procedure?

Question 16 options:

A) 

The coder who usually codes the emergency room charts is out sick and the charts are left on a desk in the ER admitting area.

 

 

 

 

 

 

 

 

B) 

One of the nurses is at lunch. The nurse covering for her needs patient information.

 

C) 

A patient is crashing. The attending physician is not in the hospital, so a physician who is available helps the patient.

 

D) 

Both B and C.

 

 

Question 17 (1 point)

 

In a court of law, Attorney A, the attorney for Sun City Hospital, introduces the medical record from the hospital as evidence. However, Attorney B, the attorney for the defendant, objects on the grounds that the medical record is subject to the hearsay rule, which prohibits its admission as evidence. Attorney B’s objection is overridden. Why?

Question 17 options:

A) 

The doctrine of res ipsa loquitur prevails; therefore, reference to the medical record is moot.

 

B) 

The medical record may be admitted as business records or as an explicit exception to hearsay rule.

 

C) 

It would violate physician-patient privilege, even though the patient signed a proper release of information form.

 

D) 

The medical record does not belong to the hospital; therefore, the hospital has no right to release the medical record as evidence.

 

Question 18 (1 point)

 

In a negligence or malpractice case, all of the following elements must be present in order to shift the burden of proof onto the defendant EXCEPT the

Question 18 options:

A) 

defendant had exclusive control over the instrumentality that caused the injury.

 

B) 

event would not normally have occurred in the absence of negligence.

 

C) 

plaintiff did not contribute to the injury.

 

D) 

health care facility does not have a risk management program.

 

Question 19 (1 point)

 

All of the following are elements of a contract EXCEPT

Question 19 options:

A) 

price/consideration.

 

B) 

offer/communication.

 

C) 

duty.

 

D) 

acceptance.

 

Question 20 (1 point)

 

The surgeon comes out to speak to a patient’s family. He tells them that the patient came through the surgery fine. The mass was benign and they could see the patient in an hour. He talks low so that the other people in the waiting room will not hear but someone walked by and heard. This is called a(n)

Question 20 options:

A) 

incidental disclosure

 

B) 

privacy incident

 

C) 

privacy breach

 

D) 

violation of privacy

 

Question 21 (1 point)

 

What source or document is considered the “supreme law of the land”?

Question 21 options:

A) 

Constitution of the United States

 

 

 

 

 

 

 

 

B) 

Bill of Rights

 

C) 

Supreme Court decisions

 

D) 

Presidential powers

 

Question 22 (1 point)

 

Someone accessed the covered entity’s electronic health record and sold the information that was accessed. This person is known as which of the following?

Question 22 options:

A) 

a hacker

 

B) 

a virus

 

C) 

a cracker

 

D) 

a malware

 

Question 23 (1 point)

 

Which statement is true about when a family member can be provided with protected health information (PHI)?

Question 23 options:

A) 

The family member is directly involved in the patient’s care.

 

B) 

The family member is a health care professional.

 

C) 

The patient’s mother can always receive PHI on their child.

 

D) 

The family member lives out of town and cannot come to the facility to check on the patient.

 

Question 24 (1 point)

 

Case Study #4

William is a 16-year-old male who lives at home with his parents and works part-time as a dishwasher at one of the local restaurants. While emptying the dishwasher, William is severely scalded and rendered unconscious. He is taken to the emergency room of the local acute care hospital for emergency treatment.

Referring to Case Study #4, given the emergency of the situation, who should the health care provider seek consent from in order to provide treatment to William?

Question 24 options:

A) 

the employer

 

 

 

 

 

 

 

 

B) 

no consent is needed for emergency care

 

C) 

the parents

 

D) 

the provider

 

Question 25 (1 point)

 

The failure to obtain the written consent of the patient before performing a surgical procedure may constitute

Question 25 options:

A) 

contempt.

 

B) 

battery.

 

C) 

malpractice.

 

D) 

libel.

 

Question 26 (1 point)

 

All of the following need a proper authorization to access a patient’s health information EXCEPT

Question 26 options:

A) 

FBI agents.

 

 

 

 

 

 

 

 

B) 

IRS agents.

 

C) 

local and state law enforcement officers.

 

D) 

medical examiners or coroners.

 

Question 27 (1 point)

 

Fraud and abuse in health care can described as_____

 

Question 27 options:

A) 

patient abuse, fraudulent billing practices and falsification of records.

 

 

B) 

falsification of records, malpractice and lack of consent.

 

 

C) 

criminal intent, bodily harm and fraudulent billing practices.

 

D) 

fraudulent billing practices, lack of consent and employment discrimination.

 

Question 28 (1 point)

 

The extent to which the HIPAA privacy rule may regulate an individual’s rights of access is not meant to preempt other existing federal laws and regulations. This means that if an individual’s rights of access

Question 28 options:

A) 

are greater under another existing federal law, HIPAA can obstruct freedoms of the other federal law when using electronic health records.

 

B) 

are refused by a federal facility, HIPAA must also refuse the individual of the access.

 

C) 

are less under another existing federal law, HIPAA must follow the directions of that law.

 

D) 

are greater under another applicable federal law, the individual should be afforded the greater access.

 

Question 29 (1 point)

 

In general, which of the following statements is correct?

Question 29 options:

A) 

When federal and state laws conflict, valid federal laws supersede state laws.

 

B) 

When federal and state laws conflict, valid corporate policies supersede federal and state laws.

 

C) 

When federal and state laws conflict, valid local laws supersede federal and state laws.

 

D) 

When federal and state laws conflict, valid state laws supersede federal laws.

 

Question 30 (1 point)

 

Mandatory reporting requirements for vital statistics generally

Question 30 options:

A) 

do not require authorization by the patient

 

B) 

require authorization by the payer

 

C) 

require authorization by the physician

 

D) 

do not apply to health care facilities.

 

Question 31 (1 point)

 

The physician office you go to has a data integrity issue. What does this mean?

Question 31 options:

A) 

A break-in attempt has been identified.

 

B) 

The user’s access has not been defined.

 

C) 

There has been unauthorized alteration of patient information.

 

D) 

Someone in the practice has released information inappropriately.

 

Question 32 (1 point)

 

In which of the following circumstances would release of information without the patient’s authorization be permissible?

Question 32 options:

A) 

release to insurance companies

 

B) 

release to an attorney

 

C) 

release to third-party payers

 

D) 

release to state workers’ compensation agencies

 

Question 33 (1 point)

 

When patients are able to obtain a copy of their health record, this is an example of which of the following?

Question 33 options:

A) 

a preemption

 

 

 

 

 

 

 

 

B) 

an addressable requirement

 

C) 

a required standard

 

D) 

a patient right

 

Question 34 (1 point)

 

Which of the following claims of negligence fits into the category of res ipsa loquitur?

Question 34 options:

A) 

improper use of x-rays

 

B) 

incorrect administration of anesthesia

 

C) 

failure to refer patient to a specialist

 

D) 

leaving a foreign body inside a patient

 

Question 35 (1 point)

 

Which of the following documents is subject to the HIPAA security rule?

Question 35 options:

A) 

document faxed to the facility

 

B) 

copy of discharge summary

 

C) 

paper medical record

 

D) 

scanned operative report stored on CD

 

Question 36 (1 point)

 

Under traditional rules of evidence, a medical/health record is considered ______________ and is ___________________ into evidence.

Question 36 options:

A) 

hearsay; admissible

 

B) 

reliable; admissible

 

C) 

reliable; inadmissible

 

D) 

hearsay; inadmissible

 

Question 37 (1 point)

 

Which of the following should be required to sign a confidentiality statement before having access to patients’ medical information?

Question 37 options:

A) 

HIM students

 

B) 

HCAD students

 

C) 

Nursing students

 

D) 

All of these apply

 

Question 38 (1 point)

 

You have been asked what should be done with the notice of privacy practice acknowledgment when the patient had been discharged before it was signed. Your response is to

Question 38 options:

A) 

File the blank form in the chart.

 

B) 

shred it.

 

 

 

 

 

 

C) 

keep trying to get the document signed until you succeed, even if you must go to the patient’s home.

 

D) 

try to get it signed, and if not, to document the action taken.

 

Question 39 (1 point)

 

In case your system crashes, your facility has defined the policies and procedures necessary to keep your business going. This is known as:

Question 39 options:

A) 

 

data recovery

 

 

 

 

 

 

 

 

B) 

core operations

 

C) 

business continuity plan

 

D) 

data backup

 

Question 40 (1 point)

 

Miles has asked you to explain the rights he has via HIPAA privacy standards. Which of the following is one of his HIPAA-given rights?

 

Question 40 options:

A) 

He can review his bill.

 

 

 

 

 

 

 

 

B) 

He can ask a patient advocate to sit in on all appointments at the facility.

 

C) 

He can discuss financial arrangements with business office staff.

 

D) 

He can ask to be contacted at an alternative site.

 

Question 41 (1 point)

 

Which of the following examples is an exception to the definition of a breach?

Question 41 options:

A) 

The wrong patient information was sent to the patient’s attorney.

 

 

 

 

 

 

 

 

B) 

Information was erroneously sent to another healthcare facility.

 

C) 

Information was loaded on the Internet inappropriately.

 

D) 

A coder accidently sends PHI to a billing clerk in the same facility.

 

Question 42 (1 point)

 

Who determines the retention period for health records?

Question 42 options:

A) 

state and federal governments

 

B) 

commercial storage vendors

 

C) 

city and state governments

 

D) 

medical staff

 

Question 43 (1 point)

 

Which of the following statements are true?

Question 43 options:

A) 

All patients except inmates must be given a notice of privacy practices.

 

 

 

 

 

 

 

 

B) 

All patients except outpatients must be given a notice of privacy practices.

 

C) 

All patients must be given a notice of privacy practices.

 

D) 

All patients except home health patients must be given a notice of privacy practices.

 

Question 44 (1 point)

 

Internal disclosures of patient information for patient care purposes should be granted

Question 44 options:

A) 

to legal counsel.

 

 

 

 

B) 

to any physician on staff.

 

 

 

 

 

 

C) 

 

to a family member who is an employee.

 

 

D) 

on a need to know basis.

 

Question 45 (1 point)

 

The legislation that required all federally funded facilities to inform patients of their rights under state law to accept or refuse medical treatment is known as

Question 45 options:

A) 

durable power of attorney

 

B) 

advance directives

 

C) 

living will

 

D) 

Patient Self Determination Act

 

Question 46 (1 point)

 

Which of the following is an example of the breach of confidentiality?

 

Question 46 options:

A) 

the hospital operator paging code blue in room 3 north

 

 

 

B) 

staff members discussing patients in the elevator

 

C) 

a nurse speaking with the physician in the patient’s room

 

D) 

the admission clerk verifying over the phone that the patient is in-house

 

Question 47 (1 point)

 

The body of law founded on custom, natural justice and reason, and sanctioned by usage and judicial decision is known as

Question 47 options:

A) 

common law

 

B) 

lien law

 

C) 

statutory law

 

D) 

constitutional law

 

Question 48 (1 point)

 

Two types of general business organizations are 

Question 48 options:

A) 

Limited liability companies and state survey agencies.

 

 

B) 

The Centers for Medicare and Medicaid services and sole proprietorships.

 

C) 

 corporations and limited liability companies.

 

D) 

small businesses and corporations

 

Question 49 (1 point)

 

Which of the following health care systems have to comply with the requirements of the Freedom of Information Act?

Question 49 options:

A) 

single-day surgery clinics

 

 

B) 

veterans’ hospitals

 

C) 

physicians’ hospitals

 

D) 

private hospitals

 

Question 50 (1 point)

 

The facility had a security breach. The breach was identified on October 10, 2015. The investigation was completed on October 15, 2015. What is the deadline that the notification must be completed?

Question 50 options:

A) 

60 days from October 15

 

B) 

30 days from October 10

 

 

 

C) 

30 days from October 15

 

D) 

60 days from October 10