Question 1

A hospital is preparing a file of treatment information for the state of California. This file is to be sent to external medical researchers. The hospital has removed SSN, name, phone and other information that specifically identifies an individual. However, there may still be data in the file that potentially could identify the individual. Can the hospital claim 'safe harbor" and release the file to the researchers?

Accepted Answer

The "safe harbor" method requires that the hospital has no actual knowledge that the remaining information could be used to identify an individual.

Question 2

The National Provider File (NPF) includes information such as:

Accepted Answer

A

Question 3

Select the correct statement regarding code sets and identifiers.

Accepted Answer

Covered entities are required to use the code set that is valid at the time the transaction is initiated to ensure compliance and accuracy in healthcare transactions.

Question 4

The Data Backup Plan is part of which Security Standard?

Accepted Answer

The Data Backup Plan is part of the Contingency Plan, which is designed to ensure that data can be restored in case of loss or damage.

Question 5

The objective of this HIPAA security standard is to implement policies and procedures to prevent, detect, contain, and correct security Violations.

Accepted Answer

The Security Management Process standard under HIPAA requires the implementation of policies and procedures to prevent, detect, contain, and correct security violations.

Question 6

Select the FALSE statement regarding the administrative requirements of the HIPAA privacy rule.

Accepted Answer

A covered entity must change its policies and procedures to comply with HIPAA regulations promptly, not wait up to three years.

Question 7

This code set is used to describe or identity radiological procedures and clinical laboratory tests:

Accepted Answer

The answer of This code set is used to describe...

Question 8

This security standard requires that the covered entity establishes agreements with each organization with which it exchanges data electronically, protecting the security of all such data:

Accepted Answer

Business Associate Contracts and other Arrangements require covered entities to have agreements with organizations they exchange data with, ensuring the protection of electronic data.

Question 9

This rule covers the policies and procedures that must be in place to ensure that the patients' health information is respected and their rights upheld:

Accepted Answer

The Privacy Rule is part of the Health Insurance Portability and Accountability Act (HIPAA) and sets standards for the protection of individuals' medical records and other personal health information.

Question 10

The implementation specifications for this HIPAA security standard (within Technical Safeguards) must support emergency access and unique user identification.

Accepted Answer

Access Control includes implementation specifications for emergency access and unique user identification as part of the HIPAA security standard's Technical Safeguards.

Question 11

The code set that must be used to describe or identify outpatient physician services and procedures is:

Accepted Answer

CPT-4 is the code set that must be used to describe or identify outpatient physician services and procedures.

Question 12

Select the FALSE statement regarding code sets and identifiers.

Accepted Answer

The National Provider Identifier (NPI) is assigned to healthcare providers, not health plans.

Question 13

This transaction type is a "response" transaction that may include information such as accepted/rejected claim, approved claim(s) pre-payment, or approved claim(s) post-payment:

Accepted Answer

The 277 transaction is used in healthcare to provide a response to a claim status inquiry, indicating whether a claim has been accepted, rejected, or approved either pre-payment or post-payment.

Question 14

This security rule standard requires policies and procedures for authorizing access to electronic protected health information that are consistent with its required implementation specifications- which are Isolating Health Care Clearinghouse Function, Access Authorization, and Access Establishment and Modification

Accepted Answer

Information Access Management involves policies and procedures for authorizing access to electronic protected health information, including the specified implementation specifications.

Question 15

Select the correct statement regarding the requirements for oral communication in the HIPAA regulations.

Accepted Answer

Covered entities must reasonably safeguard PHI, including oral communications, from any intentional or unintentional use or disclosure that is in violation of the Privacy Rule.

Question 16

In an emergency treatment situation, a health care provider:

Accepted Answer

In an emergency, healthcare providers are allowed to use their professional judgment to disclose PHI as necessary to provide appropriate treatment without prior consent.

Question 17

Which of the following is NOT a HIPAA national health care identifier?

Accepted Answer

The Social Security Number (SSN) is not a HIPAA national health care identifier. HIPAA identifiers include NPI, PlanID, and EIN, but not SSN.

Question 18

Patient identifiable information may include:

Accepted Answer

Telephone numbers are considered patient identifiable information as they can be used to directly contact or identify an individual.

Question 19

The Security Incident Procedures standard requires just one implementation specification. That implementation specification is:

Accepted Answer

The Security Incident Procedures standard requires the implementation of a Response and Reporting specification to address and manage security incidents.

Question 20

HIPAA Security standards are designed to be:

Accepted Answer

HIPAA Security standards are designed to be scalable to accommodate the varying sizes and capabilities of different healthcare organizations, allowing them to implement appropriate safeguards based on their specific needs and resources.

Exam 1: Certified HIPAA Professional (CHP)