HIO-201 Certified HIPAA Professional Questions and Answers

Effective date.

CPT-4.

CDT.

ICD-9-CM.

Enrollment date.

National Provider Identifier (NPI)

Social Security Number (SSN)

National Health Plan Identifier (PlanID)

National Employer Identifier for Health Care (EIN)

National Health Identifier for Individuals (NHII)

Requires PKI for the provider and the patient.

Is exempt from HIPAA regulations.

Is a not-for-profit operation.

Identifies all hospitals and health care organizations.

Performs the functions of format translation and data conversion.

Report to the covered entity any security incident of which it becomes aware

Ensure the complete safety of all electronic protected health information

Compensate the covered entity for penalties incurred because of the business associate's security incidents.

Register as a business associate with HHS

Submit to periodic audits by HHS of critical systems containing electronic protected health information

Is another name for the Security Ruling.

Requires the use of biometrics for access to records.

Is electronically stored information about an individual's health status and health care.

Identifies all hospitals and health care organizations.

Requires a PKI for the provider and the patient.

The authorization has been revoked by the physician.

The patient remains a citizen of the United States.

The information is under the control of HHS.

The information is in the possession of a covered entity.

The information is not also available on paper forms.

HHS.

A community health management information system.

Health statistics collection agency.

Government agency

Insurance Company.

Transmitted to a business associate for payment purposes only.

Stored on a smart card only by the patient.

Created or received by a credit company that provided a personal loan for surgical procedures.

Created or received by a health care clearinghouse for claim processing.

Requires the use of biometrics for access to records.

270

276

278

280

834

ICD-9-CM, Volumes land 2

CPT-4

CDT

ICD-9-CM, Volume 3

HCPCS

Transmission Security

Evaluation

Audit Control

Integrity

Security Management Process

The protected health information must be removed from the information. A substitute "key" may be supplied to allow re-identification, if needed.

Limit the information to coverage, dates of treatment, and payment amounts to avoid collecting any protected data.

Nothing. An oversight agency has the right to access this information without prior authorization.

Request that the insurance commissioner ask for an exception from HIPAA from the Department of Health and Human Services.

A written authorization is required from the patient.

Must store the information in an encrypted formal.

May refuse the request but still offer treatment.

Must comply within seventy-five (75) days.

Must only transfer the information using the ASC XI2 format specification.

Can request binding arbitration.

Their professional judgment and standards.

The policies set by the security rule for the protection of the information.

Specific guidelines set by WEDI.

Measures that are expedient and reduce costs.

The information for research and marketing purposes only.

A coveted entity must change its policies and procedures to complywith HIPPPregulations, standards, and implementation specifications.

A covered entity must reasonably safeguard PHI from any intentional or unintentional use or disclosure that is in violation of the regulations.

A covered entity must provide a process for individuals to make complaints concerning privacy issues.

A covered entity must document all complaints received regarding privacy issues.

The Privacy Rule requires that the covered entity has a documented security policy.

Security Management Process

Transmission Security

Person or Entity Authentication

Facility Access Controls

Information Access Management

Integrity Controls

Access Control and Validation Procedures

Emergency Mode Operation

Plan Response and Reporting

Risk Analysis

Annual Audits

Claims Management

Salary disbursement to the workforce having direct treatment relationships.

Life Insurance underwriting

Cash given to the pharmacist for the purchase of an over-the-counter drug medicine

"Use" refers to the release, transfer, or divulging of IIHI between various covered entities

"Use" refers to adding, modifying and deleting the PHI by other covered entities.

"Use" refers to utilizing, examining, or analyzing IIHI within the covered entity

"Use" refers to the movement of de-identified information within an organization.

"Use" refers to the movement of information outside the entity holding the information

Information Access Management

Workstation Security

Access Control

Facility Access Controls

Workstation Use

Security requirements.

Privacy requirements.

Is another name for the Security Rule.

Representation of all health care claims.

Encrypting all information for use over a PKI.