Question 1

In terms of Security, the best definition of "Access Control" is:

Accepted Answer

Access control refers to the mechanisms that prevent unauthorized use of resources by ensuring only authorized entities can access them.

Question 2

A provider is in compliance with the Privacy Rule. She has a signed Notice of Privacy Practices from her patient. To provide treatment, the doctor needs to consult with an independent provider who has no relationship with the patient to comp with the Privacy Rule the doctor MUST:

Accepted Answer

The Notice of Privacy Practices allows for the use and disclosure of protected health information for treatment, payment, and healthcare operations without needing additional patient authorization.

Question 3

This transaction, which is not a HIPAA standard, may be used as the first response when receiving a Health Care Claim (837):

Accepted Answer

The answer of This transaction, which is not a HIPAA...

Question 4

As part of their HIPAA compliance process, a small doctor's office formally puts the office manager in charge of security related issues. This complies with which security rule standard?

Accepted Answer

The Assigned Security Responsibility standard requires a covered entity to designate a security official responsible for developing and implementing its security policies and procedures.

Question 5

The National Provider Identifier (NPI) will eventually replace the:

Accepted Answer

The National Provider Identifier (NPI) will replace the UPIN (Unique Physician Identification Number) as the standard identifier for healthcare providers.

Question 6

Some of the information that an authorization must include is:

Accepted Answer

An authorization must include the date it was signed to be valid.

Question 7

A pharmacist is approached by an individual and asked a question about an over-the-counter medication. The pharmacist needs some protected health information (PHI) from the individual to response the question. The pharmacist will not be creating a record of this interaction. The Privacy Rule requires the pharmacist to:

Accepted Answer

The Privacy Rule allows pharmacists to use PHI for treatment purposes without obtaining consent or authorization, especially when no record is being created.

Question 8

This transaction supports multiple functions. These functions include: telling a bank to move money OR telling a bank to move money while sending remittance information.

Accepted Answer

The 820 transaction set is used for payment order/remittance advice, which can instruct a bank to move money and include remittance information.

Question 9

This transaction is typically used in two modes: update and full replacement:

Accepted Answer

Health Plan Enrollment and Dis-enrollment transactions can be used in update mode to modify existing enrollments or in full replacement mode to completely replace existing enrollment data.

Question 10

The objective of this document is to safeguard the premises and building from unauthorized physical access and to safeguard the equipment therein from unauthorized physical access, tampering and theft:

Accepted Answer

The Facility Security Plan is designed to protect a building and its contents from unauthorized access, tampering, and theft.

Question 11

Title 1 of the HIPAA legislation in the United States is about:

Accepted Answer

Title 1 of HIPAA focuses on protecting health insurance coverage for workers and their families when they change or lose their jobs.

Question 12

This transaction is the response to a Health Care Claim (837):

Accepted Answer

The 277 transaction is used for Claim Status Notification, which is a response to a Health Care Claim (837).

Question 13

To comply with the Final Privacy Rule, a valid Notice of Privacy Practices:

Accepted Answer

The Notice of Privacy Practices must inform individuals of their rights under the Privacy Rule, including how their information can be used and disclosed.

Question 14

An Electronic Medical Record (EMR):

Accepted Answer

An Electronic Medical Record (EMR) is a digital version of a patient's paper chart and contains the medical and treatment history of the patients in one practice.

Question 15

A doctor is sending a patient's lab work to a lab That is an external business partner. The lab and the doctor's staff are all trained on the doctor's Privacy Practices. The doctor has a signed Notice from the patient. In order to use or disclose PHI, the lab MUST:

Accepted Answer

The lab is covered under the doctor's Notice of Privacy Practices, so no additional action is needed.

Question 16

The Final Privacy Rule requires a covered entity to obtain an individual's prior written authorization to use his or her PHI for marketing purposes except for:

Accepted Answer

A communication involving a promotional gift of nominal value is an exception to the requirement for prior written authorization for marketing purposes.

Question 17

Security reminders, using an anti-virus program on workstations, keeping track of when users log-in and out, and password management are all part of:

Accepted Answer

These activities are part of Security Awareness and Training, which involves educating and informing users about security policies and procedures to ensure they understand and adhere to them.

Question 18

When PHI is sent or received over an electronic network there must be measures to guard against unauthorized access. This is covered under which security rule standard?

Accepted Answer

Transmission Security is the standard that addresses the protection of PHI when it is transmitted over an electronic network, ensuring it is not accessed by unauthorized individuals.

Question 19

Signed authorization forms must be retained:

Accepted Answer

Signed authorization forms must be retained for six years from the time they expire, as per HIPAA regulations.

Question 20

Use or disclosure of Protected Health Information (PHI) for Treatment, Payment, and Health care Operations (TPO) is:

Accepted Answer

The use or disclosure of PHI for TPO purposes is limited to the minimum necessary to accomplish the intended purpose, as per the HIPAA Privacy Rule.

Exam 1: Certified HIPAA Professional (CHP)