Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
MED112 CODE/BILL
MED112 CH 02 ELECTRONIC HEALTH RECORDS, HIPAA, & HITECH
| Term | Definition |
|---|---|
| MED112 CH 2 ELECTRONIC HEALTH RECORDS, HIPAA, AND HITECH | |
| State-specified [performance measures for the delivery of healthcare are called A. quality improvement standards B. medical standards of care C. dashboards D. mandated standards | medical standards of care |
| Private, secure electronic files that are created, maintained, and controlled by patients are called ____ health records. A. personal B. protected C. electronic D. private | private |
| A patient encounter is also called the ____ with the provider. | meeting /or/ interaction |
| The revenue cycle merges the patient's ____ documentation and financial/billing information in the chart. | medical /or/ clinical /or/ health /or/ history /or/ visit |
| The main federal government agency responsible for healthcare is abbreviated as ____. | CMS (Centers for Medicare and Medicaid Services) |
| A(n) ____ is a file containing the documentation of a patient's medical history and related information. A. medical record B. encounter form C. superbill D. flow sheet | medical record |
| When states ensure the solvency of insurance companies, it means the companies will ____ A. not deny coverage to patients based on preexisting conditions B. be able to pay the enrollees' claims C. be supportive of necessary lab testing D. allow major healthcare organizations to participate | be able to pay the enrollees' claims |
| It is considered ____ when an EHR system can provide access to the latest medical research on approved medical websites to assist with medical decision making. A. documentation support B. administration and reporting C. clinical decision support D. electronic communication | clinical decision support |
| The law promoting the adoption and use of health information technology is called the A. Health Insurance Portability and Accountability Act B. Fair Deby Collection Practices Act C. Health information Technology Interchange Act D. Health Information Technology for Economic and Clinical Health Act | Health Information Technology for Economic and Clinical Health Act (HITECH) |
| The health system reform legislation that offers improved insurance coverage and other benefits is abbreviated as A. HIE B. ACA C. ACO D. HIPPA | ACA (Affordable Care Act) |
| Which of the following are true of state regulations in healthcare? □ It is legal to operate an insurance company without a license in all states. □ States can restrict price increases on premiums. □ States have very little ability to regulate the healthcare industry. □ State laws ensure the solvency of insurance companies and managed care organizations. □ State commissioners of insurance investigate consumer complaints. | States can restrict price increases on premiums; State laws ensure the solvency of insurance companies and managed care organizations; State commissioners of insurance investigate consumer complaints. |
| Who has ownership of the actual progress notes, reports, and other clinical materials in a medical record? A. the patient B. the medical assistant C. the provider who created them D. the insurance company | the provider who created them |
| Computerized records of one physician's encounters with a patient over time; they are the physician's legal record of patient care. | EMR (Electronic Medical Records) |
| Private, secure electronic files that are created, maintained, and controlled by patients. | PHR (Personal Health Records) |
| Computerized lifelong healthcare records. | EHR (Electronic Health Record) |
| Select the 3 parts of the Administrative Simplification: □ Privacy Rule □ Electronic Transaction and Code Set □ Medical Insurance Rule □ Security Rule | Privacy Rule; Electronic Transaction and Code Set; Security Rule |
| There are 5 ____ in HIPAA that focus on various aspects of healthcare. A. arguments B. titles C. rules D. standards | titles |
| Which of the following are covered entities that must follow HIPAA rules? □ Clearinghouses □ Hospital valet parking staff □ Health plans □ Patients □ Healthcare providers | Clearinghouses; Health plans; Healthcare providers |
| The law promoting the adoption and use of health information technology is abbreviated as A. OSHA B. HIPAA C. FDCPA D. HITECH | HITECH |
| The law regulating the use and disclosure of patients' protected health information is called the A. HIPAA Financial Rule B. HIPAA Privacy Rule C. Notice of Privacy Practices Act D. HIPAA Security Rule | HIPAA Privacy Rule |
| A network that shares responsibility for managing the quality of and cost of care provided to a group of patients is called a(n) A. health cost plan B. managed care organization C. account care plan D. accountable care organization | accountable care organization |
| Who controls the amount and type of information that is released to an entity not directly involved in the patient's care? A. the party that is requesting the records B. the patient C. the provider D. the insurance company | the patient |
| PHI is abbreviated for which of the following? A. Protected health information B. Private health information C. Personal health insurance D. Personal health information | Protected health information |
| A covered entity is an organization that electronically transmits any information that is protected under A. HIPAA B. The Joint Commission C. OSHA D. CMS | HIPAA |
| What must a patient sign for use and disclosure of PHI for any reason other than TPO? A. a consent order B. an accounting of disclosure form C. a PHI use contract D. an authorization | an authorization |
| ____ are companies that convert nonstandard transactions into standard transactions and transmit the data to health plans. | Healthcare clearinghouses /or/ clearinghouses |
| In which circumstances might CEs disclose PHI without the patient's consent? □ To grant public health authorities access to PHI necessary to carry out their public health mission. □ To treat the patient or another patient. □ If requested by a close family member or the next of kin. □ For form completion □ To prevent or lessen a serious threat to the health and safety of the public. | To grant public health authorities access to PHI necessary to carry out their public health mission; To treat the patient or another patient; To prevent or lessen a serious threat to the health and safety of the public. |
| The HIPAA Standards for Privacy of Individually Identifiable Health Information Rule is also known as HIPAA ___ Rule. | Privacy |
| What does the HIPAA Security Rule establish safeguards to protect? A. releases of information B. designated record sets C. insurance rights D. PHI | PHI |
| An ____ is responsible for managing the quality and cost of care provided to a group of patients. | ACO (accountable care organization) |
| ____ is a method of converting a message into encoded text A. Decryption B. Encryption C. Data wiping D. Conversion | Encryption |
| Individually identifiable health information transmitted or maintained by electronic media is called A. EHR B. PHR C. PHI D. HIPAA | PHI |
| Which of the following statements define authorization? A. a document signed by a patient to permit release of medical information. B. medical insurance recertification C. a patient's request for an accounting of disclosure D. additional disclosure of PHI | a document signed by a patient to permit release of medical information. |
| New emergency guidance from HHS stating that CEs may disclose PHI without the patient's consent was applicable to a recent outbreak of Ebola virus because ____. A. the public was unaware of the danger of the virus. B. the information was needed to treat the patients successfully C. the affected individuals were under the age of consent D. it was needed to lessen a serious and imminent threat to the health of the public | it was needed to lessen a serious and imminent threat to the health of the public |
| Which are true of breaches of information? □ Covered entities are required to notify affected individuals after the discovery of a breach. □ The HITECH Act states that providers are able to disclose all PHI without an authorization. □ A breach compromises the security or privacy of PHI. □ Patients do not have the right to know if their PHI has been breached. □ A breach is an impermissible use of disclosure under the Privacy Rule. | Covered entities are required to notify affected individuals after the discovery of a breach; A breach compromises the security or privacy of PHI; A breach is an impermissible use of disclosure under the Privacy Rule. |
| The ____ is a law that requires covered entities to establish safeguards to protect health information. A. CMS Encryption Rule B. HIPAA Security Rule C. Standard of Care Rule D. HIPAA Privacy Rule | HIPAA Security Rule |
| Rules governing the electronic exchange of health information are called A. HIPAA Transactions and Core Standard Sets B. HIPAA Electronic Code Law C. HIPAA Health Care Standard Sets D. HIPAA Electronic Health Care Transaction and Code Sets | HIPAA Electronic Health Care Transaction and Code Sets (TCS) |
| ____ management programs encrypt data between the office and the Internet. | Practice |
| How are HIPAA transactions standards labeled? A. With a series of random characters B. With a number and a name C. With a number only D. With a name only | With a number and a name |
| Role-based access into computer records means that A. patients can alter their own records B. only physicians can access records C. only those who need the information can see it D. all staff members in the practice can view information | only those who need the information can see it |
| Under ____, a code set is any group of codes used for encoding data elements. | HIPAA |
| Unprotected health information that is not secured through the use of technologies or methods that HHS has specified is called ____ PHI. A. secured B. unsecured C. authorized D. disclosed | unsecured |
| In which of the following circumstances would it be appropriate to use an EIN? □ when making premium payments to plans on behalf of employees □ when reporting test results to patients □ when enrolling employees in a health plan □ when receiving payments from health plans □ when disenrolling employees from a health plan | when making premium payments to plans on behalf of employees; when enrolling employees in a health plan; when disenrolling employees from a health plan |
| The ____ Rule contains regulations that enhance patient's privacy protections, and improved rights for patients to their health information. | Omnibus |
| The HIPAA transactions standards apply to the electronic data that is regularly sent back and forth between which entities? □ health plans □ janitorial services □ providers □ employers | health plans; providers; employers |
| Which federal government department prosecutes criminal violations of HIPAA privacy standards? A. Office of Civil Rights B. Centers for Medicare and Medicaid Services C. Department of Justice D. Federal Bureau of Investigation | Department of Justice |
| Which of the following are examples of how code sets can be used? □ medical diagnosis codes □ tables of terms □ medical concepts □ medical procedure codes □ test results □ patient databases | medical diagnosis codes; tables of terms; medical concepts; medical procedure codes |
| In the United States, an estimated $300 billion are lost annually in healthcare as a result of: A. coding errors B. compliance C. fraud D. unemployment | fraud |
| A person's Social Security number is an example of a(n) ____. | identifier |
| The ____ is the abbreviation for the government agency that has the task of detecting healthcare fraud and abuse and enforcing all laws relating to them. | OIG (Office of the Inspector General) |
| The document notifying an individual of a breach is called a breach ____. | notification |
| Which of the following are parts of the Omnibus Rule? □ Imposing fines for using electronic health records □ Strengthening previous HIPAA/HITECH rules □ Preventing patients from accessing accountings of disclosures □ Increasing civil monetary penalties for violations | Strengthening previous HIPAA/HITECH rules; Increasing civil monetary penalties for violations |
| Statute that makes if illegal to knowingly offer incentives referring patients for services that are paid by government healthcare programs. | Antikickback statute |
| Statute that makes it illegal for physicians or their immediate family members to have financial relationships with clinics to which they refer their patients. | Self-referral prohibition |
| Statute that requires publicly traded corporations to attest that their financial management is sound, which applies to for-profit healthcare companies. | Sarbanes-Oxley Act of 2002 |
| Which of the following applies to the role of the Department of Justice with regards to HIPAA? A. Criminal violations of HIPAA privacy standards are prosecuted by the DOJ. B. Civil violations of HIPAA privacy standards are prosecuted through the DOJ. C. The DOJ has no jurisdiction with HIPAA privacy violations. | Criminal violations of HIPAA privacy standards are prosecuted by the DOJ **Office for Civil Rights (OCR) prosecutes CIVIL violations |
| The government program to uncover misuse of funds in federal healthcare programs is called the: A. Health Care Fraud and Abuse Control Program B. Health Care Efficiency and Misuse Prevention Program C. Health Care Monetary Surveillance Program D. Health Insurance Fraud Prevention Program | Health Care Fraud and Abuse Control Program |
| Reporting services at a higher level than performed is an example of ____. | fraud /or/ abuse |
| Which of the following is a term used to describe whistle-blower cases? A. Relator B. ACA C. Qui tam D. FERA | Qui tam |
| Which of the following are true of the OCR (Office of Civil Rights)? □ it takes action on behalf of individuals who have had PHI disclosed inappropriately □ it has the authority to investigate complaints □ it enforces criminal violations □ it is an agency of HHS □ it can issue subpoenas for evidence □ it enforces HIPAA privacy standards □ it cannot investigate complaints against covered entities | it takes action on behalf of individuals who have had PHI disclosed inappropriately; it has the authority to investigate complaints; it is an agency of HHS; it can issue subpoenas for evidence; it enforces HIPAA privacy standards |
| An action that improperly uses another's resources is called ____. A. fraud B. medical necessity C. accurate billing D. abuse | abuse *(fraud is an intentional act of deception) |
| The OIG compliance plan has ___ elements. | seven |
| The practice's code of ____ covers compliance in referral arrangements, and employee performance compliance. | conduct |
| A compliance plan seeks to ensure compliance with which of the following laws? □ employment laws □ business law □ federal laws □ economic laws | employment laws; federal laws |
| The Office of Civil Rights enforces which standards? A. patient quality of care B. patient rights C. Medicare standards D. privacy and security | privacy and security |
| According to the OIG, voluntary compliance plans should contain which of the following? □ consistent written policies and procedures □ training □ appointment of a compliance committee □ appointment of a compliance officer □ verbal policies and procedures | consistent written policies and procedures; training; appointment of a compliance committee; appointment of a compliance officer |
| A requirement of any compliance plan includes ongoing ____. | training |
| A(n) ____ plan is a medical practice's written plan for complying with regulations. | compliance |
| Law under the Administrative Simplification provisions of HIPAA regulating the use and disclosure of patients’ protected health information—individually identifiable health information that is transmitted or maintained by electronic media. | HIPAA Privacy Rule |
| Impermissible use or disclosure of PHI that could pose significant risk to the affected person. | breach |
| The principle that individually identifiable health information should be disclosed only to the extent needed to support the purpose of the disclosure. | minimum necessary standard |
| A person or organization that performs a function or activity for a covered entity but is not part of its workforce. | business associate |
| A company that offers providers, for a fee, the service of receiving electronic or paper claims, checking and preparing them for processing, and transmitting them in proper data format to the correct carriers. | clearinghouse |
| A HIPAA-mandated document that presents a covered entity’s principles and procedures related to the protection of patients’ protected health information | Notice of Privacy Practices |
| A coding system used to encode elements of data | Code set |
| Law under the Administrative Simplification provisions of HIPAA requiring covered entities to establish administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of health information | HIPAA Security Rule |
| The systematic, logical, and consistent recording of a patient’s health status—history, examinations, tests, results of treatments, and observations—in chronological order in a patient’s medical record | Documentation |
| Under HIPAA, a health plan, health care clearinghouse, or health care provider who transmits any health information in electronic form in connection with a HIPAA transaction | Covered entity |
| Agency that runs Medicare, Medicaid, clinical laboratories, and other government health programs | CMS |
| Regulations that enhance privacy protections, rights to information, and the government’s ability to enforce HIPAA | Omnibus Rule |
| A practice’s written plan for complying with regulations | Compliance plan |
| Agency that investigates and prosecutes fraud | OIG |
| Which of the following laws is designed to uncover fraud and abuse? A. ARRA B. HIPAA C. HITECH Act D. False Claims Act | HIPAA |
| A Notice of Privacy Practices is given to A. all physicians who refer patients to the practice. B. the health plans with which a practice contracts. C. a practice’s business associates. D. a practice’s patients. | a practice’s patients. |
| Patients’ PHI may be released without authorization to A. family and friends. B. employers in workers’ compensation cases. C. local newspapers. D. social workers. | employers in workers’ compensation cases. |
| Which government group has the authority to enforce the HIPAA Privacy Rule? A. Medicaid B. OIG C. OCR | OCR |
| Patients always have the right to A. withdraw their authorization to release information. B. block release of information about their communicable diseases to the state health department. C. restrict the release of all de-identified health information associated with them. D. alter the information in their medical records. | withdraw their authorization to release information. |
| The authorization to release information must specify A. the Social Security number of the patient. B. the entity to whom the information is to be released. C, the name of the treating physician. D. the number of pages to be released. | the entity to whom the information is to be released. |
| The main purpose of the HIPAA Security Rule is to A. protect research data. B. control the confidentiality and integrity of and access to protected health information. C. regulate electronic transactions. D. protect medical facilities from criminal acts such as robbery. | control the confidentiality and integrity of and access to protected health information. |
Created by:
C to the C
Popular Medical sets