Question 1

The role of an Institutional Review Board involves:

Accepted Answer

The role of an Institutional Review Board (IRB) is to ensure that all research involving human subjects is conducted in an ethical and responsible manner. This includes approving an informed consent form that accurately describes the risks and benefits to the subject associated with any research to be conducted. The other options listed are not accurate descriptions of the role of an IRB.

Question 2

Which is a direct identifier that must be removed from research subjects' records in order to comply with the use of a limited data set?

Accepted Answer

Account number is a direct identifier that must be removed from research subjects' records in order to comply with the use of a limited data set. This is because it can be used to directly identify an individual and link their data to other sources. Age, gender, and race are considered indirect identifiers and can still be included in a limited data set as long as other measures are taken to protect the individual's privacy.

Question 3

In the modern view of ownership of health information, the health care provider owns the medium in which the patient health information is created and stored, and the patient possesses right of access.

Accepted Answer

The modern view of ownership of health information posits that while the healthcare provider owns the physical or digital medium (such as paper records or electronic databases) where patient information is stored, the patient has the right to access their personal health information. This reflects a balance between the provider's responsibility to maintain and protect health records and the patient's rights to their personal health data.

Question 4

A reasonable fee for the copying of health information is established by the state.

Accepted Answer

Each state has established their own reasonable fee for the copying of health information as per their regulations.

Question 5

HIPAA provides for two exceptions in which approval for research does not require full IRB review. They include _____.

Accepted Answer

HIPAA provides exceptions for research that involves limited data sets and de-identified information, which do not require full IRB review. These exceptions allow for researchers to access data that still protects patient privacy.

Question 6

A personal health record is a collection of the patient's important health information " that can be drawn from multiple sources and that is managed, shared, and controlled by or primarily for the individual."

Accepted Answer

A personal health record is defined as a patient-controlled electronic record of their health information from multiple sources.

Question 7

An authorization for use or disclosure of patient-specific health information that has been combined with any other document is called a(n) _____ authorization.

Accepted Answer

A compound authorization is an authorization that has been combined with any other document, such as a consent form or a financial agreement. This can create confusion for patients who may not realize they are authorizing the use or disclosure of their health information. Separate authorizations for different purposes are recommended to ensure clear and informed consent.

Question 8

Adoption records are considered confidential and can only be released _____.

Accepted Answer

Adoption records are considered confidential and can only be released pursuant to legal procedures of the state in which the records are maintained. This is typically done through a court order, and the release of information is often restricted to identifying information only. Some states have also begun to implement procedures for obtaining non-identifying information about birth parents and/or adoptees without a court order, but this varies by state. In general, confidentiality of adoption records is prioritized in order to protect the privacy of the individuals involved.

Question 9

The Belmont Report established guidelines for research projects, which promotes _____.

Accepted Answer

The Belmont Report established guidelines for research projects, which promotes choosing subjects equitably to avoid exploitation of vulnerable populations. The report states that subjects should be selected fairly and should not be chosen just because they are easily available or vulnerable. The report emphasizes the importance of informed consent, respect for persons, and beneficence. It also establishes guidelines for risks and benefits to ensure that research is conducted ethically. The report does not support selecting subjects from just one ethnic group or conducting research that doesn't benefit subjects if it benefits society as a whole.

Question 10

Which is a method used by the health information manager to protect patient information from identity theft?

Accepted Answer

Redacting portions of credit card and social security numbers is a common method used by health information managers to protect patient information from identity theft. This involves removing or covering up certain digits, such as all but the last four of a social security number, to prevent unauthorized access to sensitive information.

Question 11

Lacking a core element and an authorization not being filled out completely are both common defects of an invalid release of information form.

Accepted Answer

Lacking a core element and an authorization not being filled out completely are both common reasons why a release of information form may be considered invalid.

Question 12

Reporting of public health threats include _____.

Accepted Answer

Child abuse is a reportable public health threat because it involves the safety and welfare of minors, which is of paramount concern to public health authorities. Reporting child abuse can help protect children from further harm and ensure they receive the necessary care and support.

Question 13

Which is an agreement constructed to authorize a business associate's access to protected health information (PHI) under the HIPAA Privacy Rule?

Accepted Answer

A description of the permitted uses of released patient information is included in a HIPAA Privacy Rule agreement to authorize a business associate's access to protected health information (PHI). This agreement is known as a Business Associate Agreement (BAA). The BAA outlines the permitted uses and disclosures of PHI, as well as the safeguards that must be in place to protect this information. It also sets out the procedures that must be followed if there is a breach of PHI.

Question 14

A business associate agreement is defined as one who performs or assists in performing a function or activity involving the use or disclosure of individually identifiable health information on behalf of a covered entity.

Accepted Answer

This is the correct definition of a business associate according to HIPAA regulations.

Question 15

The HIPAA Privacy Rule _____.

Accepted Answer

The HIPAA Privacy Rule requires that an IRB review to determine whether PHI can be used as the researcher suggests in his protocol or whether a waiver of authorization is warranted. This is to ensure that individuals' PHI is protected and used appropriately during research activities. Option A is incorrect because the Privacy Rule requires a valid authorization or waiver for the use or disclosure of PHI for research purposes. Option B is incorrect because HIPAA regulations only apply to the use and disclosure of PHI by covered entities and their business associates, not the publication of research results. Option D is incorrect because the HIPAA Privacy Rule recognizes the importance of maintaining the confidentiality of PHI during research activities, and researchers are required to take appropriate measures to safeguard the privacy of individuals' PHI.

Question 16

Which is categorized as a business associate, as defined by HIPAA regulations?

Accepted Answer

Third-party payers, such as insurance companies or billing companies, are categorized as business associates under HIPAA regulations because they receive, store, or transmit protected health information on behalf of a covered entity, such as a health care provider.

Question 17

Identity theft is guaranteed at all large health care facilities.

Accepted Answer

Identity theft cannot be guaranteed at all large health care facilities. However, the potential for identity theft may exist due to the collection and storage of sensitive personal information by these facilities. It is important for individuals to be vigilant and monitor their personal information to prevent identity theft.

Question 18

Which is a government agency that is responsible for assuring compliance with ethical conduct of research in humans?

Accepted Answer

The answer of Which is a government agency that is...

Question 19

A healthcare provider's obligation regarding a business associate's compliance with the HIPAA Privacy Rule includes _____.

Accepted Answer

The answer of A healthcare provider's obligation regarding a business...

Question 20

Which is a HIPAA Privacy Rule exceptions to the requirement that consent to release protected health information (PHI) be obtained prior to disclosure?

Accepted Answer

The HIPAA Privacy Rule includes an exception to the requirement for prior consent in cases involving victims of abuse or neglect. This is because timely disclosure of PHI may be necessary to protect the health or safety of the individual or others involved. Adverse events involving provider negligence, contained accidental chemical exposure, and non-violent trauma that result in emergency care are not exceptions to the prior consent requirement.

Quiz 10: Access to Health Information