3 Months Free Update
3 Months Free Update
3 Months Free Update
When limiting protected health information (PHI) to the minimum necessary for a use or disclosure, a covered entity can use:
This transaction, which is not a HIPAA standard, may be used as the first response when receiving a Health Care Claim (837):
Select the FALSE statement regarding the administrative requirements of the HIPAA privacy rule.
The transaction pair used for requesting and responding to a health claim status inquiry is:
Which of the following is NOT a correct statement regarding HIPAA requirements?
This transaction type is a "response" transaction that may include information such as accepted/rejected claim, approved claim(s) pre-payment, or approved claim(s) post-payment:
A State insurance commissioner is requesting specific, individually identifiable information from an insurer as a part of a routine review of the insurer's practices. What must the insurer do to deidentify the information?
Implementing policies and procedures to prevent, detect, contain, and correct security violations is required by which security standard1?
When submitting a Health Care Claim Status Request, it is important to provide the proper tracking information to exactly identify the previously submitted claim. Select the information that would be most important to the claim inquiry process.
The transaction number assigned to the Health Care Eligibility Request transaction is:
Which of the following was not established under the Administrative Simplification title?
The Security Incident Procedures standard requires just one implementation specification. That implementation specification is:
Ensuring that physical access to electronic information systems and the facilities in which they are housed is limited, is addressed under which security rule standard?
Which one of the following implementation specifications is associated with the Facility Access Control standard?
The Health Care Claim Status Response (277) can be used in a number of ways. Select the correct usage.
Select the correct statement about the 820-Payment Order/Remittance advice transaction.
Which one of the following is a required implementation specification of the Security Management Process?
A covered entity that fails to implement the HIPAA Privacy Rule would risk:
As defined in the HIPAA regulations, a group of logically related data in units is called a:
A pharmacist is approached by an individual and asked a question about an over-the-counter medication. The pharmacist needs some protected health information (PHI) from the individual to answer the question. The pharmacist will not be creating a record of this interaction. The Privacy Rule requires the pharmacist to:
The Integrity security standard has one addressable implementation standard which is:
The purpose of this security rule standard is to implement technical policies and procedures for electronic information systems that maintain electronic PHI, and to allow access only to those persons or software programs that have been granted access rights:
This Administrative Safeguard standard implements policies and procedures to ensure that all members of its workforce have appropriate access to electronic information.
The code set that must be used to describe or identify inpatient hospital services and surgical procedures is:
The Final Privacy Rule requires a covered entity to obtain an individual's prior written authorization to use his or her PHI for marketing purposes except for:
A hospital is preparing a file of treatment information for the state of California. This file is to be sent to external medical researchers. The hospital has removed SSN, name, phone and other information that specifically identifies an individual. However, there may still be data in the file that potentially could identify the individual. Can the hospital claim "safe harbor" and release the file to the researchers?
Conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI is:
Select the phrase that makes the following statement FALSE. The 270 Health Care Eligibility Request can be used to inquire about:
Which of the following is primarily concerned with implementing security measures that are sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.
This rule covers the policies and procedures that must be in place to ensure that the patients' health information is respected and their rights upheld:
Performing a periodic review in response to environmental or operational changes affecting the security of electronic protected health information is called:
This security rule standard requires policies and procedures for authorizing access to electronic protected health information that are consistent with its required implementation specifications- which are Isolating Health Care Clearinghouse Function, Access Authorization, and Access Establishment and Modification: