Weekend Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

HIO-201 Sample Questions Answers

Questions 4

Health information is protected by the Privacy Rule as long as:

Options:

A.

The authorization has been revoked by the physician.

B.

The patient remains a citizen of the United States.

C.

The information is under the control of HHS.

D.

The information is in the possession of a covered entity.

E.

The information is not also available on paper forms.

Buy Now
Questions 5

The objective of this document is to safeguard the premises and building from unauthorized physical access and to safeguard the equipment therein from unauthorized physical access, tampering and theft

Options:

A.

Contingency Plan

B.

Facility Security Plan

C.

Emergency Mode Operation Plan

D.

Accountability

E.

Device and Media Controls

Buy Now
Questions 6

A business associate must agree to:

Options:

A.

Report to the covered entity any security incident of which it becomes aware

B.

Ensure the complete safety of all electronic protected health information

C.

Compensate the covered entity for penalties incurred because of the business associate's security incidents.

D.

Register as a business associate with HHS

E.

Submit to periodic audits by HHS of critical systems containing electronic protected health information

Buy Now
Questions 7

As part of their HIPAA compliance process, a small doctor's office formally puts the office manager in charge of security related issues. This complies with which security rule standard?

Options:

A.

Security Awareness and Training

B.

Security Management Process

C.

Access Control

D.

Assigned Security Responsibility

E.

Security Incident Procedures

Buy Now
Questions 8

Once a year, a team at ABC Hospital reviews environmental and operational changes that may have had an impact on the security of electronic PHI. This is an example of:

Options:

A.

Transmission Security

B.

Evaluation

C.

Audit Controls

D.

Integrity

E.

Security Management Process

Buy Now
Questions 9

A pharmacist is approached by an individual and asked a question about an over-the-counter medication. The pharmacist needs some protected health information (PHI) from the individual to answer the question. The pharmacist will not be creating a record of this interaction. The Privacy Rule requires the pharmacist to:

Options:

A.

Verbally request 3 consent and offer a copy of the Notice of Privacy Practices.

B.

Verbally request specific authorization for the PHI.

C.

Do nothing more.

D.

Obtain the signature of the patient on their Notice of Privacy Practices.

E.

Not respond to the request without an authorization from the primary physician.

Buy Now
Questions 10

The transaction number assigned to the Health Care Claim Payment/Advice transaction is:

Options:

A.

270

B.

276

C.

834

D.

835

E.

837

Buy Now
Questions 11

The Final Privacy Rule requires a covered entity to obtain an individual's prior written authorization to use his or her PHI for marketing purposes except for:

Options:

A.

Situations where the marketing is for a drug or treatment could improve the health of that individual.

B.

Situations where the patient has already signed the covered entity's Notice of Privacy Practices.

C.

A face-to-face encounter with the sales person of a company that provides drug samples

D.

A communication involving a promotional gift of nominal value.

E.

The situation where the patient has signed the Notice of Privacy Practices of the marketer.

Buy Now
Questions 12

Information in this transaction is generated by the payer's adjudication system:

Options:

A.

Eligibility (270/271)

B.

Premium Payment (820)

C.

Unsolicited Claim Status (277)

D.

Remittance Advice (835)

E.

Functional Acknowledgment (997)

Buy Now
Questions 13

The code set that must be used to describe or identify outpatient physician services and procedures is:

Options:

A.

ICD-9-CM, Volumes 1 and 2

B.

CPT-4

C.

CDT

D.

ICD-9-CM, Volume 3

E.

NDC

Buy Now
Questions 14

Conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI is:

Options:

A.

Risk Analysis

B.

Risk Management

C.

Access Establishment and Modification

D.

Isolating Health care Clearinghouse Function

E.

Information System Activity Review

Buy Now
Questions 15

Select the FALSE statement regarding health-related communications and marketing in the HIPAA regulations:

Options:

A.

A covered entity must obtain an authorization for any use or disclosure of protected health information for marketing, except if the communication is in the form allowed by the regulations.

B.

A face-to-face communication made by a covered entity to an individual is allowed by the regulations without an authorization

C.

A promotional gift of nominal value provided by the covered entity is NOT allowed by the regulations without an authorization.

D.

If the marketing is expected to result in direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is expected

E.

Disclosure of PHI for marketing purposes is limited to disclosure to business associates (which could be a telemarketer) that undertakes marketing activities on behalf of the covered entity

Buy Now
Questions 16

The transaction number assigned to the Payment Order/Remittance Advice transaction is:

Options:

A.

270

B.

835

C.

278

D.

820

E.

834

Buy Now
Questions 17

Which of the following is a required implementation specification associated with the Contingency Plan Standard?

Options:

A.

Integrity Controls

B.

Access Control and Validation Procedures

C.

Emergency Mode Operation

D.

Plan Response and Reporting

E.

Risk Analysis

Buy Now
Questions 18

Which HIPAA Title is fueling initiatives within organizations to address health care priorities in the areas of transactions, privacy, and security?

Options:

A.

Title I.

B.

Title II

C.

Title III

D.

Title IV.

E.

Title V.

Buy Now
Questions 19

When limiting protected health information (PHI) to the minimum necessary for a use or disclosure, a covered entity can use:

Options:

A.

Their professional judgment and standards.

B.

The policies set by the security rule for the protection of the information.

C.

Specific guidelines set by WEDI.

D.

Measures that are expedient and reduce costs.

E.

The information for research and marketing purposes only.

Buy Now
Questions 20

Policies requiring workforce members to constantly run an updated anti-virus program on their workstation might satisfy which implementation specification?

Options:

A.

Risk Management

B.

Protection from Malicious Software

C.

Facility Security Plan

D.

Response and Reporting

E.

Emergency Access Procedure

Buy Now
Questions 21

HIPAA Security standards are designed to be:

Options:

A.

Technology specific

B.

State of the art

C.

Non-Comprehensive

D.

Revolutionary

E.

Scalable

Buy Now
Questions 22

A State insurance commissioner is requesting specific, individually identifiable information from an insurer as a part of a routine review of the insurer's practices. What must the insurer do to deidentify the information?

Options:

A.

The protected health information must be removed from the information. A substitute "key" may be supplied to allow re-identification, if needed.

B.

Limit the information to coverage, dates of treatment, and payment amounts to avoid collecting any protected data.

C.

Nothing. An oversight agency has the right to access this information without prior authorization.

D.

Request that the insurance commissioner ask for an exception from HIPAA from the Department of Health and Human Services.

E.

A written authorization is required from the patient.

Buy Now
Questions 23

Conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI is:

Options:

A.

Risk Analysis

B.

Risk Management

C.

Access Establishment and Modification

D.

Isolating Health care Clearinghouse Function

E.

Information System Activity Review

Buy Now
Questions 24

This final security rule standard addresses encryption of data.

Options:

A.

Security Management Process

B.

Device and Media Controls

C.

Information Access Management

D.

Audit Controls

E.

Transmission Security

Buy Now
Questions 25

Individually identifiable health information (IIHI) includes information that is:

Options:

A.

Transmitted to a business associate for payment purposes only.

B.

Stored on a smart card only by the patient.

C.

Created or received by a credit company that provided a personal loan for surgical procedures.

D.

Created or received by a health care clearinghouse for claim processing.

E.

Requires the use of biometrics for access to records.

Buy Now
Questions 26

This transaction is the response to a Health Care Claim (837):

Options:

A.

Eligibility (270/271)

B.

Premium Payment (820)

C.

Claim Status Notification (277)

D.

Remittance Advice (835)

E.

Functional Acknowledgment (997)

Buy Now
Questions 27

The transaction number assigned to the Health Care Eligibility Request transaction is:

Options:

A.

270

B.

276

C.

278

D.

271

E.

834

Buy Now
Questions 28

This transaction supports multiple functions. These functions include: telling a bank to move money OR telling a bank to move money while sending remittance information:

Options:

A.

277.

B.

278.

C.

271.

D.

82.

E.

270.

Buy Now
Questions 29

Select the correct statement regarding the "Minimum Necessary" standard in the HIPAA regulations.

Options:

A.

In some circumstances a coveted entity is permitted, but not required, to rely on the judgment of the party requesting the disclosure as to the minimum amount of information necessary for the intended purpose. Some examples of these requesting parties are: another covered entity or a public official.

B.

The privacy rule prohibits use, disclosure, or requests for an entire medical record.

C.

Non-Covered entities need to redesign their facility to meet the requirement for minimum necessary uses.

D.

The minimum necessary standard requires covered entities to prohibit maintenance of medical charts at bedside and to require that X-ray light boards be totally isolated.

E.

If there is a request for more than the minimum necessary PHI, the privacy rule requires a covered entity to deny the disclosure of information after recording the event in the individual's case file.

Buy Now
Questions 30

Within the context of a transaction set, the fields that comprise a hierarchical level are referred to as a(n):

Options:

A.

Loop.

B.

Enumerator.

C.

Identifier

D.

Data segment.

E.

Code set.

Buy Now
Questions 31

ABC Hospital implements policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information. These policies and procedures satisfy which HIPAA security standard?

Options:

A.

Security Management Process

B.

Facility Access Control

C.

Security Awareness and Training

D.

Workforce Security

E.

Security Management Process

Buy Now
Questions 32

One characteristic of the Notice of Privacy Practices is:

Options:

A.

H must be written in plain, simple language

B.

It must explicitly describe all uses of PHI

C.

A description about the usage of hidden security cameras for tracking patient movements for implementing privacy.

D.

A description of the duties of the individual

E.

A statement that the individual must abide by the terms of the Notice.

Buy Now
Questions 33

Select the correct statement regarding code sets and identifiers.

Options:

A.

The social security number has been selected as the National Health Identifier for individuals.

B.

The COT code set is maintained by the American Medical Association.

C.

Preferred Provider Organizations (PPO) are not covered by the definition of "health plan" for purposes of the National Health Plan Identifier

D.

HIPAA requires health plans to accept every valid code contained in the approved code sets

E.

An important objective of the Transaction Rule is to reduce the risk of security breaches through identifiers.

Buy Now
Questions 34

This Administrative Safeguard standard implements policies and procedures to ensure that all members of its workforce have appropriate access to electronic information.

Options:

A.

Security Awareness Training

B.

Workforce Security

C.

Facility Access Controls

D.

Workstation Use

E.

Workstation Security

Buy Now
Questions 35

Periodic testing and revision of contingency plans is addressed by:

Options:

A.

Testing and Revision Procedures

B.

Information System Activity Review

C.

Response and Reporting

D.

Data Backup Plan

E.

Emergency Access Procedure

Buy Now
Questions 36

The Privacy Rule gives patients the following right:

Options:

A.

Access to the psychotherapy notes.

B.

Request an amendment to their medical record.

C.

Receive a digital certificate.

D.

See an accounting of disclosures for which authorization was given.

E.

The use of a smart card for accessing their records.

Buy Now
Questions 37

The transaction pair used for requesting and responding to a health claim status inquiry is:

Options:

A.

270/271

B.

276/277

C.

278/278

D.

834/834

E.

837/835

Buy Now
Questions 38

Which of the following is primarily concerned with implementing security measures that are sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.

Options:

A.

Access Establishment and Modification

B.

Isolating Health care Clearinghouse Functions

C.

Information System Activity Review

D.

Risk Management

E.

Risk Analysis

Buy Now
Questions 39

Select the FALSE statement regarding violations of the HIPAA Privacy rule.

Options:

A.

Covered entities that violate the standards or implementation specifications will be subjected to civil penalties of up to $100 per violation except that the total amount imposed on any one person in each calendar year may not exceed $25,000 for violations of one requirement

B.

Criminal penalties for non-compliance are fines up to $65,000 and one year in prison for each requirement or prohibition violated

C.

Criminal penalties for willful violation are fines up to $50,000 and one year in prison for each requirement or prohibition violated.

D.

Criminal penalties for violations committed under “false pretenses” are fines up to $100,000 and five years in prison for each requirement or prohibition violated

E.

Criminal penalties for violations committed with the intent to sell, transfer, or use PHI for commercial advantage, personal gain or malicious harm are fines up to $250,000 and ten years in prison for each requirement or prohibition violated

Buy Now
Questions 40

In terms of Security, the best definition of "Access Control" is:

Options:

A.

A list of authorized entities, together with their access rights.

B.

Corroborating your identity.

C.

The prevention of an unauthorized use of a resource.

D.

Proving that nothing regarding your identity has been altered

E.

Being unable to deny you took pan in a transaction.

Buy Now
Questions 41

Use or disclosure of Protected Health Information (PHI) for Treatment, Payment, and Health care Operations (TPO) is:

Options:

A.

Limited 1o the minimum necessary to accomplish the intended purpose.

B.

Left to the professional judgment and discretion of the requestor.

C.

Controlled totally by the requestor's pre-existing authorization document.

D.

Governed by industry "best practices" regarding use

E.

Left in force for eighteen (18) years.

Buy Now
Questions 42

One implementation specification of the Security Management Process is:

Options:

A.

Risk Analysis

B.

Authorization and/or Supervision

C.

Termination Procedures

D.

Contingency Operations

E.

Encryption and Decryption

Buy Now
Questions 43

Select the correct statement regarding code sets and identifiers.

Options:

A.

A covered entity must use the applicable code set that is valid at the time the transaction is initiated.

B.

April 14, 2003 is the compliance date for implementation of the National Provider Identifier.

C.

CMS is responsible for updating the CPT-4 code set.

D.

An organization that assigns NPIs is referred to as National Provider for Identifiers.

E.

HHS assigns the Employer Identification Number (EIN), which has been selected as the National Provider Identifier for Health Care.

Buy Now
Questions 44

Select the best statement regarding the definition of the term "use" as used by the HIPAA regulations.

Options:

A.

"Use" refers to the release, transfer, or divulging of IIHI between various covered entities

B.

"Use" refers to adding, modifying and deleting the PHI by other covered entities.

C.

"Use" refers to utilizing, examining, or analyzing IIHI within the covered entity

D.

"Use" refers to the movement of de-identified information within an organization.

E.

"Use" refers to the movement of information outside the entity holding the information

Buy Now
Questions 45

To comply with the Privacy Rule, a valid Notice of Privacy Practices:

Options:

A.

Is required for all Chain of Trust Agreements.

B.

Must allow for the patient's written acknowledgement of receipt.

C.

Must always be signed by the patient.

D.

Must be signed in order for the patient's name to be sold to a mailing list organization

E.

Is not required if an authorization is being developed

Buy Now
Questions 46

Select the FALSE statement regarding the transaction rule.

Options:

A.

The Secretary is required by statue to Impose penalties of at least $100 per violation on any person or entity that fails to comply with a standard except that the total amount imposed on any one person in each calendar year may not exceed $1,000.000 for violations of one requirement

B.

Health plans are required to accept all standard transactions.

C.

Health plans may not require providers to make changes or additions to standard transactions

D.

Health plans may not refuse or delay payment of standard transactions.

E.

If additional information is added to a standard transaction it must not modify the definition, condition, intent, or use of a data element

Buy Now
Questions 47

Encryption is included as an addressable implementation specification under which security rule standard?

Options:

A.

Information Access Management

B.

Security Management Process

C.

Evaluation

D.

Transmission Security

E.

Device and Media Controls

Buy Now
Questions 48

A provider is in compliance with the Privacy Rule. She has a signed Notice of Privacy Practices from her patient. To provide treatment, the doctor needs to consult with an independent provider who has no relationship with the patient. To comply with the Privacy Rule the doctor MUST:

Options:

A.

Establish a business partner relationship with the other provider.

B.

Obtain a signed authorization from the patient to cover the disclosure.

C.

Make a copy of the signed Notice available to the other provider.

D.

Obtain the patients signature on the second provider's Notice of Privacy Practices.

E.

Do nothing more -the Notice of Privacy Practices covers treatment activities.

Buy Now
Exam Code: HIO-201
Exam Name: Certified HIPAA Professional
Last Update: Oct 7, 2024
Questions: 160
$56  $159.99
$42  $119.99
$35  $99.99
buy now HIO-201