RHIA 2022 Domain 2, Practice Exam Questions – COMPLETE SOLUTION

Document Content and Description Below

A visitor walks through the work area and picks up a flash drive from an employee's desk. What security controls should have been implemented to prevent this security breach? a. Device and media con... trols b. Facility access controls c. Workstation use controls d. Workstation security controls - ✔✔Correct Answer: B Facility access controls include establishing safeguards to prohibit the physical hardware and computer system itself from unauthorized access while ensuring that proper authorized access is allowed (Reynolds and Brodnik 2017a, 275-276). Which of the following is true regarding the development of health record destruction policies? a. All applicable laws must be considered. b. The organization must find a way not to destroy any health records. c. Health records involved in pending or ongoing litigation may be destroyed. d. Only state laws must be considered. - ✔✔Correct Answer: A Not all information must be kept forever. Just as the HIM professional must consider multiple factors when determining retention, many factors must also be taken into consideration with regard to health record destruction. These include applicable federal and state statutes and regulations; accreditation standards; pending or ongoing litigation; storage capabilities; and cost (Reynolds and Morey 2020, 135- 136). Which of the following allows a patient to access all or part of the health record that is maintained by the provider? a. Clinical decision support b. Digital dictation c. Patient portal d. WebMD - ✔✔Correct Answer: CThe patient portal allows a patient to access all or part of the health record that is maintained by the patient's provider (Amatayakul 2017, 15). Burning, shredding, pulping, and pulverizing are all acceptable methods in which process? a. Deidentification of electronic documents b. Destruction of paper-based health records c. Deidentification of records stored on microfilm d. Destruction of computer-based health records - ✔✔Correct Answer: B The destruction of patient-identifiable clinical documentation should be carried in accordance with relevant federal and state regulations as well as organizational policy. Health records related to open investigations, audits, or court cases should not be destroyed for any reason. Paper-based health records can be destroyed using any of the following methods: burning, shredding, pulping, or pulverizing (Fahrenholz 2017b, 107). Today, Janet Kim had her first appointment with a new dentist. She was not presented with a Notice of Privacy Practices. Is this acceptable? a. No, a dentist is a healthcare clearinghouse, which is a covered entity under HIPAA. b. Yes, a dentist is not a covered entity per the HIPAA Privacy Rule. c. No, it is a violation of the HIPAA Privacy Rule. d. Yes, the Notice of Privacy Practices is not required. - ✔✔Correct Answer: C The Privacy Rule introduced the standard that individuals should be informed of how covered entities use or disclose protected health information (PHI). This notice must be provided to an individual at his or her first contact with the covered entity (Rinehart-Thompson 2017d, 219). Champion Hospital retains Hall and Hall, a law firm, to perform all of its legal work, including representation during medical malpractice lawsuits. Which of the following statements is correct? a. The law firm is not a business associate because it is a legal, not a medical, organization. b. The law firm is a business associate because it performs activities on behalf of the hospital. c. The law firm is not a business associate because the privacy rule prohibits it from using individually identifiable information. d. The law firm is not a business associate because it is a medical, not a legal, organization. - ✔✔Correct Answer: BThe law firm of Hall and Hall is a business associate of Champion Hospital because it performs activities on behalf of the hospital and uses and discloses individually identifiable information. A business associate is a person or organization other than a member of a covered entity's workforce that performs functions or activities on behalf of or affecting a covered entity that involve the use or disclosure of individually identifiable health information (45 CFR 160.103(1); Rinehart-Thompson 2017d, 211). Copies of personal health records (PHRs) are considered part of the legal health record when: a. Consulted by the provider to gain information on a consumer's health history b. Used by the healthcare entity to provide treatment c. Used by the provider to obtain information on a consumer's prescription history d. Used by the healthcare entity to determine a consumer's DNR status - ✔✔Correct Answer: B Only when copies of the personal health record (PHR) are used for treatment can they be considered part of the facilities' legal health record; however, the PHR does not replace the legal health record (Fahrenholz 2017d, 32-34). Which of the following is the systematic process of identifying security measures to afford protections based on a healthcare entity's specific environment? a. Gap analysis b. Operations review c. Readiness assessment d. Risk analysis [Show More]

Last updated: 1 year ago

Preview 1 out of 18 pages