Certified HIPAA Professional v5.0

Page:    1 / 11   
Exam contains 160 questions

This code set is used to describe or identify radiological procedures and clinical laboratory tests:

  • A. ICD-9-CM, Volumes 1 and 2.
  • B. CPT-4.
  • C. CDT.
  • D. ICD-9-CM, Volume 3.
  • E. HCPCS.


Answer : E

HIPAA Security standards are designed to be:

  • A. Technology specific
  • B. State of the art
  • C. Non-Comprehensive
  • D. Revolutionary
  • E. Scalable


Answer : E

This security rule standard requires policies and procedures for authorizing access to electronic protected health information that are consistent with its required implementation specifications- which are Isolating Health Care Clearinghouse Function, Access
Authorization, and Access Establishment and Modification:

  • A. Access Control
  • B. Security Incident Procedures
  • C. Information Access Management
  • D. Workforce Security
  • E. Security Management Process


Answer : C

This rule covers the policies and procedures that must be in place to ensure that the patients' health information is respected and their rights upheld:

  • A. Security rule.
  • B. Privacy rule.
  • C. Covered entity rule.
  • D. Electronic Transactions and Code Sets rule.
  • E. Electronic Signature Rule.


Answer : B

The objective of this HIPAA security standard is to implement policies and procedures to prevent, detect, contain, and correct security violations.

  • A. Security Incident Procedures
  • B. Assigned Security Responsibly
  • C. Security Management Process
  • D. Access Control
  • E. Facility Access Control


Answer : C

The implementation specifications for this HIPAA security standard (within Technical
Safeguards) must support emergency access and unique user identification:

  • A. Audit Control
  • B. Integrity
  • C. Access Control
  • D. Person or Entity Authentication
  • E. Transmission Security


Answer : C

In an emergency treatment situation, a health care provider:

  • A. Must obtain the signature of the patient before disclosing PHI to another provider.
  • B. Must contact a relative of the patient before disclosing PHI to another provider.
  • C. May use their best judgment in order to provide appropriate treatment.
  • D. May use PHI but may not disclose it to another provider.
  • E. Must inform the patient about the Notice of Privacy Practices before delivering treatment.


Answer : C

Patient identifiable information may include:

  • A. Country of birth.
  • B. Telephone number.
  • C. Information on past 3 employers.
  • D. Patient credit reports.
  • E. Smart card-based digital signatures.


Answer : B

Select the FALSE statement regarding the administrative requirements of the HIPAA privacy rule.

  • A. A coveted entity must mitigate, to the extent practicable, any harmful effect that it becomes aware of from the use or disclosure of PHI in violation of its policies and procedures or HIPAA regulations.
  • B. A covered must not in any way intimidate, retaliate, or discriminate against any individual or other entity, which files a compliant.
  • C. A covered entity may not require individuals to waive their rights as a condition for treatment, payment, enrollment in a health plan, or eligibility for benefits
  • D. A covered entity must retain the documents required by the regulations for a period of six years.
  • E. A covered entity must change its policies andprocedures to comply with HIPAAregulations no later than three years after the change in law.


Answer : E

Select the correct statement regarding the requirements for oral communication in the
HIPAA regulations.

  • A. Covered entities must reasonably safeguard PHI, including oral communications, from any intentional or unintentional use or disclosure that is in violation of the Privacy Rule.
  • B. Covered entities must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of de-Identified data.
  • C. Covered entities are prohibited from marketing through oral communications
  • D. The Privacy Rule requires covered entities to document any information, including oral communications, which is used or disclosed for TPO purposes.
  • E. The Privacy Rule will often require major structural changes, such as soundproof rooms and encryption of telephone systems, to provide the "reasonable safeguards" of oral communications required by the regulations


Answer : A

A doctor sends patient records to another company for data entry services. A bonded delivery service is used for the transfer. The records are returned to the doctor after entry is complete, using the same delivery service. The entry facility and the network they use are secure. The doctor is named as his own Privacy Officer in written policies. The doctor has written procedures for this process and all involved parties are documented as having been trained in them. The doctor does not have written authorizations to disclose Protected
Health Information (PHI). Is the doctor in violation of the Privacy Rule?

  • A. No - This would be considered an allowed "routine disclosure" between the doctor and his business partner
  • B. Yes - There is no exception to the requirement for an authorization prior to disclosure, no matter how well intentioned or documented.
  • C. Yes - a delivery service is not considered a covered entity
  • D. Yes - to be a routine disclosure all the parties must have their own Privacy Officer as mandated by HIPAA
  • E. Yes - this is not considered a part of "treatment", which is one of the valid exceptions to the Privacy Rule


Answer : A

Which of the following is example of "Payment" as defined in the HIPAA regulations?

  • A. Annual Audits
  • B. Claims Management
  • C. Salary disbursement to the workforce having direct treatment relationships.
  • D. Life Insurance underwriting
  • E. Cash given to the pharmacist for the purchase of an over-the-counter drug medicine


Answer : B

Select the correct statement regarding the responsibilities of providers and payers under
HIPAA's privacy rule.

  • A. Optionally, they might develop a mechanism of accounting for all disclosures of PHI for purposes other than TPO.
  • B. They must redesign their offices, workspaces, and storage systems to afford maximum protection to PHI from intentional and unintentional use and disclosure.
  • C. They must develop methods for disclosing only the minimum amount of protected information necessary to accomplish any intended purpose
  • D. They must obtain a "top secret" security clearance for all member of their workforce
  • E. They must identify business associates that need to use PHI to accomplish their function and develop authorization forms to allow PHI to be shared with these business associates


Answer : C

The code set that must be used to describe or identify dentists services and procedures is:

  • A. ICD-9-CM, Volumes 1 and 2
  • B. CPT-4
  • C. CDT
  • D. ICD-9-CM, Volume 3
  • E. HCPCS


Answer : C

The Security Rule requires that the covered entity identifies a security official who is responsible for the development and implementation of the policies and procedures. This is addressed under which security standard?:

  • A. Security Incident Procedures
  • B. Response and Reporting
  • C. Assigned Security Responsibility
  • D. Termination Procedures
  • E. Facility Access Controls


Answer : C

Page:    1 / 11   
Exam contains 160 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us