Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards
share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

HIT 112 Module 3

QuestionAnswer
Medical records are the property of the provider of care and are maintained for the benefit of the patient. True
Ownership resides with the organization or professional rendering treatment. True
enacted to safeguard individual privacy from the misuse of federal records and to give individuals access to records concerning themselves that are maintained by federal agencies. The Privacy Act of 1974
The patient owns the content of the medical record. True
Some categories of patients do not have rights to their information True
Patients have a legally enforceable interest in the information contained in their medical records and, therefore, have a right to access their records. True
Parties who can request medical information Insurance carriers processing claims Medical researchers Educators Government agencies
Privacy exceptions Criminal investigations Psychiatric records Medicaid fraud Substance abuse
When handling medical records, professionals must recognize that intentional alteration, falsification, or destruction to avoid liability for medical negligence is generally sufficient to show actual malice. True
Punitive damages may be awarded whether or not the act of altering, falsifying, or destroying records directly causes compensable harm. True
Altered records can create a presumption of negligence. True
Perhaps the simplest but one of the most potentially dangerous problems with medical records is illegible entries. True
a system whereby nurses did not record qualitative observations for each of the day's shifts, but made such notes only when necessary to chronicle important changes in a patient's condition charting by exception
Privileged communications statues do not protect from discovery the records maintained in the ordinary course of doing business and rendering inpatient care. True
The identity of peer-review committee members and individuals who may have given information to such committees is not always considered privileged. True
protects health insurance coverage for workers and their families when they change or lose their jobs Title I of HIPAA
requires the establishment of national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers Title II of HIPAA
3 segments of security safeguards for HIPAA compliance Administrative Physical Technical
the process of facilitating the flow of information within and among departments and caregivers information management
The medical record is the most important document in a malpractice action. True
Release of information without the patient's authorization is permissible in which of the following circumstances: Release to state worker's comp agencies
A signed consent for ROI dated 12/1/2011 is received with a request for the chart from the patient's admission 12/5/2011. Indicate the appropriate response from the options below: Request another authorization that is dated after the discharge date
The minimum record retention for patient's who are adults discharged from acute care facilities is: 11 years after discharge
Which of the following is a breach of confidentiality? Staff members discussing patients in the elevator
Which of the following is true of the notice of privacy practices? It must be provided to every individual at the first time of contact or service with the CE
Which of the following statements about the directory of patients maintained by a CE is true? Individuals must be given an opportunity to restrict or deny permission to place information about them in the directory.
What does the abbreviation PHI stand for? Protected Health Information
Under HIPAA rules, when an individual asks to see his or her own health information a CE... Can deny access to psychotherapy notes
Which of the following statements is true in regard to responding to requests from individuals for access to their PHI? A cost-based fee may be charged for making a copy of PHI
Privacy can be defined as the _____ Right of an individual to be left alone
Confidentiality can be defined as the _____ Limitation of the use and disclosure of private information
One HIM committee suggests using the copying fee established by the state. Another committee member feels that HIPAA will not allow for copying fees. What input should the HIM director provide? Base charges on the cost of labor and supplies for copying and postage if copies are mailed
She states that because the doctor documented her name as her brother’s caregiver that HIPAA regulations apply and that she may receive copies her brother’s medical record. In this case, how should the HIM department proceed? Refuse the request
When the RHIT goes to retrieve the patient’s medical records, it is discovered that the records being subpoenaed have been purged in accordance with state retention laws. In this situation, how should the HIM department respond to the subpoena? Submit a certification of destruction in response to the subpoena
The issue of “portability” deals with protecting healthcare coverage for employees who change jobs and allowing them to carry their existing plans with them to new jobs. True
The privacy and data security portions of the Health Insurance Portability and Accountability Act (HIPAA) go into effect ____________________. in April, 2003
The proliferation of computers in medicine has _______________________. created new dangers for breaches of confidentiality
The set of rules that provide administrative simplification by standardizing the codes and formats used for the exchange of medical data is referred to as _______________________. electronic transaction standard
In general, information about a patient can be shared _________________________. only when it is not related to treatment
Data security issues that must be addressed by HIPAA implementation teams include: all of the above
The single most important key to administrative simplification is standardizing throughout the healthcare system a set of transaction standards and code sets. True
HIPAA-defined code sets that serve as the standards for all electronic data interchange include all but which of the following: ID ANSI
One good rule to prevent unauthorized access to computer data is to ________________. black the screen or turn off the computer when you leave it
You can reveal information needed for medical research if _____________________. the patient authorizes it
The general privacy rule now is that patients must be notified of the institution’s privacy policies, and healthcare workers must always obtain a written acknowledgment of this. false
In a hospital, the obligation to maintain confidentiality applies to ________________. all medical and personal information
If you are sending patient information via e-mail, security is best maintained with __________________. all of the above
One exception to confidentiality is _______________________. a gunshot wound
HIPAA overrides all state laws that define and regulate patient privacy. false
Anyone caught selling private health care information can be fined up to _____________ and sentenced to up to ________________ in prison. $250,000; 10 years
HIPAA mandates the creation of a unique identifier code for every patient. false
Facilities will no longer be able to post ____________ anyplace where visitors might see them. This includes door tags and whiteboards at the nurses’ station that are in public view. patient's full name
There must now be a system in place to records the name of every person who views a patient’s record. True
There must now be a system in place to records the name of every person who views a patient’s record. using a number tag system
Covered entity CE
You must have all elements in the ROI to be HIPAA compliant. True
Expiration date of the authorization A statement of the individual's right to revoke the authorization A specific description of the information to be used or disclosed The name or other specific identification of the person making the request Core elements of an authorization
Checks anything; covered entity clearinghouse
What does TPO stand for? Treatment, payment and health care operations
written permission to use and disclose PHI for treatment, payment, and health care operations. patient consent
a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than TPO, or to disclose PHI to a 3rd party specified by the individual. patient authorization
a health care provider that is trained and licensed to provide health care services, and that transmits the identified standard transactions electronically. legal entity
The HIPAA privacy rule protect health information that is _____ _____ to an individual. individually identifiable
Covered entities may use PHI for the purposes of treatment, payment, and health care operations without obtaining an individual's authorization. True
This HIPAA privacy rule requires covered entities to limit disclosures of PHI to the _____ _____ to carry out the intended purpose. minimum necessary
The "minimum necessary" requirements do not apply to disclosures that are required by law. True
In what instances may a covered entity use and disclose PHI without obtaining a written authorization or allowing an individual to object? Disclosures for law enforcement purposes Disclosures about victims of abuse, neglect, or domestic violence Treatment, payment, and operations Uses and disclosures required by law Uses and disclosures about decedents Uses and disclosures for research
a document that must contain a description of the types of uses and disclosures that are permitted for the purposes of treatment, payment, and health care operations; defines policy and procedures for HIPAA Notice of Privacy Practices
Information regarding uses and disclosures of PHI Clarification of an individual's privacy rights The covered entity's responsibilities under HIPAA The effective date of the notice The Notice of Privacy Practices must be written in plain language and include the following:
If a health care provider, who is a covered entity, maintains a physical service delivery site, it is required to post a complete copy of the Notice of Privacy Practices in a clear and prominent location. True
Covered entities must retain copies of past Notices of Privacy Practices for 6 years. True
How quickly must covered entities respond to an individual's request for access to their PHI? Within 30 days of receiving the request if the information is maintained and accessible on-site, or within 60 days otherwise.
How quickly must covered entities respond to an individual's request to amend their PHI? The covered entity must act within 60 days of the request, with a possible 30-day extension similar to that described for access to PHI.
How much time does the covered entity have to provide the accounting of disclosures? The covered entity must act on the request for an account of disclosure within 60 days with a possible 30-day extension
What information must be included in the accounting of disclosures of PHI? The CE must provide a written account of each specific disclosure that includes the date of the disclosure, the person to whom the information was disclosed, and a brief description of the disclosed information.
governs health care organizations operated by the federal government; grants citizens the right to find out what information was collected, see and have a copy of that information, correct or amend that information, exercise limited control The Privacy Act of 1974
protects the confidentiality of all information related to diagnosis, treatment or eduction related to alcohol or drug abuse 42 C.F.R. 482.24 (b) (3)
The regulations concerning confidentiality vary depending on the type of health care facility. True
protects the confidentiality of records concerning AIDS and other communicable diseases GS 130A-143
Providers shall predominantly display the rights patients have regarding confidentiality of their health care information. Right to be informed of their rights
Relevant patient information may only be disclosed to or used in the patient care situations, paying physicians, hospitals, and others who provide health care services to the patient, conducting quality assurance activities or outcome assessments Right to privacy
patients are entitled to know what information the organization has about them and are entitled to review that information. Right to review information
The patient can limit disclosure of identifiable health information by deciding not to utilize any health insurance or other third party payment plan for the service. Right to restrict disclosure
The individuals, organizations, and government agencies that have authority to access and have actually gained access to specific information identified with the patient should be accurately logged by the provider and kept for a minimum of 6 years. Right to notification of disclosure of information
Individuals, organizations, and government agencies that have authority to access PHI will be required to make that request in writing before actually gaining access to PHI. Right to protection of information released to 3rd parties
Patient records should be protected from unauthorized modification and destruction Right to integrity and availability
statements made to attorneys, priests, physicians, spouses, or others in a legally recognized position of trust privileged communications
1. Physician/patient 2. Nurse/patient 3. Therapist/Client 4. HMO enrollee privileged communications
should be governed by the applicable regulations for the specific type of health care provider General Release of Information
usually unauthorized; transferred from another institution; they are improper and a facility could be in trouble federally Redisclosure
Statement has to be released with Drug and Alcohol Abuse records. True
An individual's authorization is required for disclosures of PHI for purposes not otherwise permitted or required under state or federal law. True
Before disclosing a patient's record, a provider should determine whether disclosure is expressly allowed by state or federal law. True
1. The individual must have the authority and competence to give consent. 2. HIPAA generally articulates more specific requirements and controls what constitutes a valid authorization 3. Authorization should become a permanent part of the medical record Quick references to Consents and Authorizations
Authorization must be by the patient or, if the patient is deceased, by 1. the administrator of the patient's estate or 2. the patient's next of kin if the estate is not administered Physician-patient privilege statute
If no valid POA has been designated, the next of kin may authorize ROI in the following order: 1. Spouse 2. Adult children 3. Parents 4. Adult siblings
If a spouse is legally separated from the patient, he or she is no longer considered next of kin. True
Not all general POAs permit the attorney-in-fact to make health care decisions for the patient, so HIM professionals and clinical staff should carefully review the POA to determine the scope of authority granted to the attorney-of-fact. True
may access medical records of the parents of the minor children they represent unless the records they request to access contain information related to the treatment of drug or alcohol abuse Guardian ad Litem
1. The parent, guardian or loco parentis cannot be located or contacted 2. The identity of the minor is unkown 3. Where a delay would result in an effort to contact the parent 4. Parents refuse to give consent endangering the minor. Situations where a physician may treat a minor without consent
If a minor is adopted, the biological parents' right are terminated, and the biological parents may not access the minor child's medical records unless by court order or consent of the adoptive parents. True
No information that reasonably could be expected to lead directly to the identification of an adoptee, an adoptive parent, adoptee's birth parents, or an adoptee's birth siblings or grandparents may be released except under court order for cause. True
An individual may revoke an authorization at any time; must be in writing True
When revocation of an authorization has been obtained, the health care provider should place the revocation in a prominent place in the individual's medical record. True
Accrediting/Licensing Agencies Audit Purposes Birth Defects Monitoring Program Central Cancer Registry Criminal Defendants Commitment Proceedings Emergencies Funeral Homes Health Care Facility Staff Health Oversight activities Law Enforcement Situations in which authorizations are not required
patient information can only be disclosed to law enforcement without a court order or patient consent when a specific statute authorizes the disclosure, and then only to the extent permitted by the statute Law enforcement
Because NC law requires peer review in hospitals by physicians and federal law requires peer review in nursing homes by physicians, it is implied that disclosure can be made to the persons legitimately involved in such peer review process True
Whenever non-identifying information is used for aggregated statistical data, it is no longer considered to be privileged or confidential information True
Students may have access to confidential information whenever the student is involved in the care and treatment of a patient or for educations and research purposes True
Information may be released, consistent with applicable law and standards of ethical conduct, if the organization, in good faith, believes that the disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a per True
A health care provider may release any information that a competent, adult patient authorizes in writing to be disclosed. True
HIPAA requires that access can only be denied if release of the information at that time to the patient creates a risk of danger. True
A patient should be told the type of information to be included in a hospital directory and given the opportunity to object to all or part of the information. True
Executor of the estate trumps the next of kin. True
A patient's access to medical records may be restricted by the patient's attending physician. True
A patient's request for access to records should be in writing, such as a signed authorization for release of information form or other request form. True
1. Patient's name 2. Patient's residence and location in the hospital 3. A general statement of the patient's condition (fair, stable, critical) 4. The patient's religious affiliation Information that may be listed in the hospital directory with the patient's permission
A person authorized under State law to act on behalf of the individual in making health care decisions is the individual's _____ _____ personal representative
NC statutes are much more stringent than HIPAA regarding the persons to whom PHI may be released, and the situations in which such releases are appropriate. True
Spouse Any son, daughter or stepson or stepdaughter Any parent or stepparent Any brother, sister, or half-brother or half-sister The order for the next of kin
If a spouse is legally separated from the patient, he or she is no longer considered next of kin. True
Any confidential, PHI that the patient has not authorized to be disclosed PHI, if the law enforcement official only has an arrest warrant Any confidential PHI outside the specific scope of a court order or court-issued subpoena Details of the patient's Health care providers may not release the following information to law enforcement, absent a statute that permits or requires disclosure to law enforcement
If ROI is not covered under the TPO you must have a signed authorization. True
What is re-disclosure? When information from one facility is made available to another facility outside the health network without written authorization from the patient. i.e. A Novant Health facility to High Point Regional.
Give an example of an improper re-disclosure of information. A patient goes to Lexington Memorial and then is transferred to Cone Health System. The paperwork generated at Lexington Memorial goes with the patient, but it is not actually authorized in writing by the patient for access from Lexington Memorial to Cone
Remembering your ROI handout, and the items listed as what is required for a valid authorization, list the items below that determine if an authorization is HIPAA compliant. Name of the patient requesting the information Date the information was requested Reason for the request and what information will be released Notice of Privacy Practices in regards to release of information
A minor who is legally free from parental control is: emancipated
Who may consent to release medical information for a deceased patient? either a or b
If Mrs. Gray is a legally competent adult, who may have access to her medical record without her express written permission? her attending physician
A written authorization from the patient releasing copies of their medical records is required by all of the following EXCEPT? The hospital attorney for the facility where the patient is treated
If Mrs. Gray is a competent, married 17-year old, who would sign a consent for her surgery? Mrs. Gray, the patient
In which of the following cases would the patient’s consent or a court order be required to release medical information? when the information is alcohol or drug related
HIPAA requires that certain CE’s provide every patient a Notice of Privacy Practices that set forth all of the following EXCEPT: CE’s provide every patient with its annual business report
When a person makes a request for his/her records in person, the ROI clerk should _______ in order to establish safeguards for the security and confidentiality of the patient’s information: ask the requestor for identification and the request in writing
Dr. Knowitall comes to your department to review his neighbors record. Sensing that you are about to refuse him, he interrupts and says, “I am a doctor on staff at this hospital and I have every right to review any record I see fit. Now hand it over!” You you may review the record if you are the attending physician or you have a valid request signed by the patient
As a general rule, a person making a mandatory report in good faith and under statutory command is: protected from liability claims
The wife of a deceased patient enters the medical record department to requests her husbands’ records. She brings with her a POA, which was signed two months prior to the patients’ death. The record reveals that the son is shown to be the executor of the Refuse to release records to her since the son is listed as executor of the estate on the chart.
The HIPAA privacy rule covers information in which of the following forms? all of the above
Nurse Leahy came to the medical record department requesting to see the medical record on Susie Sickly. You: none of the above
A valid authorization for the disclosure of PHI should not be: dated prior to discharge
The mother of a physician on your facility’s medical staff was recently admitted to your hospital under the care of another surgeon. The physician now wishes to review his mother’s record. You can let the physician review his mothers record only with a signed authorization from his mother.
A former patient requests by telephone that a copy of her health record be sent to her new physician in another city. You obtain an authorization from the patient and then send the information.
A former patient who was treated as an inpatient approximately 2 years ago has filed a lawsuit against your facility. Your facility’s legal counsel has asked to review the patients’ health record. You do not need an authorization to let him review the records.
In general, information about a patient can be shared _________________________. only when it is not related to treatment
One good rule to prevent unauthorized access to computer data is to ________________. black the screen or turn off the computer when you leave it
If you are sending patient information via e-mail, security is best maintained with __________________. all of the above
One exception to confidentiality is _______________________. a gunshot wound
Facilities will no longer be able to post ____________ anyplace where visitors might see them. This includes door tags and whiteboards at the nurses’ station that are in public view. patient’s full names
An employee access PHI on a computer system that does not relate to her job functions. What security mechanism should have been implement to minimize the security breach? Access controls
Ultimate responsibly for the operation of the health care organization lies with the board of directors
On review of the audit trail from an EHR system, the HIM director discovers that a departmental employee who has authorized access to patient records is printing far more records than the average user. In this case what should the director do? Determine what information was printed and why
To date the HIM department has not charged for copies of records requested by the patient. However, the policy is under review for revision. One HIM committee suggest using the copying fee established by the state. Another committee member feels that HIPA Base charges on the cost of labor and supplies for copying and postage if copies are mailed.
Which of the following bears the ultimate responsibility for the quality of care in a hospital? Board of Directors
Which of the following dictates how the medical staff operates? Medical Staff Bylaws
An individual who brings a lawsuit is called the plaintiff
Which document directs an individual to bring originals or copies of records to court? subpoena duces tecum
If the patient record is involved in litigation and the physician requests to make a change to that record, what should the HIM professional do? Refer request to legal counsel.
According to AHIMA's Position on Transmission of Health Information, the health information manager should always engage in all of the following to ensure that information is properly sent via facsimile transmission EXCEPT to always follow up by sending the original record by mail.
All of the following are elements of a contract EXCEPT price/consideration.
In general, which of the following statements is correct? When federal and state laws conflict, valid federal laws supersede state laws.
All of the following have laws and regulations addressing medical records EXCEPT accrediting agencies.
Which of the following is an example of breach of confidentiality? staff members discussing patients in the elevator
One of the greatest threats to the confidentiality of health data is redisclosure of information for purposes not authorized in writing by the patient.
A signed consent for the release of information dated December 1, 2005, is received with a request from the chart from the patient's admission of 12/5/2005. Indicate the appropriate response from the options below. Request another authorization dated after the discharge date.
The Privacy Rule covers the information in which of the following forms? all the above
Law enacted by a legislative body is a statute
The sister of a patient requests the HIM department to release copies of her brother's medical record to her. she states that because the doctor documented her name as her brother's caregiver that HIPAA regulations apply and that she may receive copies of Refuse the request.
A HIT supervisor receives a subpoena duces tecum for the records of a discharged patient. To respond to the subpoena, which of the following should the supervisor do? Review the subpoena to determine what documents should be produced.
Which of the following statements is TRUE in regard to responding to requests from individuals for access to their PHI? A cost based fee may be charged for the copying of the PHI.
Which of the following provides a complete description to patients how PHI is used in a healthcare facility? Notice of Privacy Practices
Which document directs an individual to bring originals or copies of records to court? subpoena duces tecum
Which of the following is NOT true of notices of privacy practices they must contain content that cannot be changed
Margaret has signed an authorization to release information regarding her ER visit for a fractured finger to her attorney. Specifically, she says to release the ER history and physical, x-rays, and any procedure notes for finger fracture. Which of the fol x-ray of chest
Kyle, the HIM Director, has received a request to amend a patient's medical record. The appropriate action for him to take is route the request to the physician who wrote the note in question.
The local newspaper has notified the hospital that they have received a computer listing of the names of patients receiving HIV treatment in your facility. What method(s) could be used to identify the source of this breach of confidentiality? all of the above
Which of the following is subject to the security rule? PHI stored on a computer
You have been asked to define privacy. Which of the following definitions would you use? Patients have rights regarding their individually identifiable health information.
Rachel, a nurse, can write progress notes in the patient's electronic health record. Vera, a coder, can view the progress notes but is not authorized to write a progress note. What controls this? role-based access control (i.e: Scope)
Which of the following situations violate a patient's privacy? The hospital provides patient names and addresses to a pharmaceutical company to be used in a mass mailing of free drug samples.
The admistrator states that he should not have to participate in privacy and security training. How should you respond? All employees are required to participate in the training, including administration."
Which of the following federal laws passed in 1996 resulted in new privacy regulations for healthcare organizations? Health Insurance Portability and Accountability Act Correct
Which of the following statements about the directory of patients maintained by a CE is TRUE? Individuals must be given an opportunity to restrict or deny permission to place information about them in the directory.
Under HIPAA rules, when an individual asks to see his or her PHI a CE can deny access to psychotherapy notes
The health record is the property of the . covered entity
The information within the health record belongs to the . patient
HIPAA mandates the creation of a unique identifier code for every patient. False
There must be a system in place to record the name of every person who views a patient’s record. True
Created by: adale3171