New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

HIO-201 Certified HIPAA Professional Questions and Answers

Questions 4

Signed authorization forms must be retained:

Options:

A.

Indefinitely, because the life of a signed authorization isindefinite.

B.

Six (6) years from the time it expires.

C.

For as long as the patient's records are kept.

D.

Until it is specifically revoked by the individual.

E.

Ten (10) years from the date it was signed.

Buy Now
Questions 5

The Stale of Nebraska's Medicaid Program has decided to implement an EDI solution to comply with the HIPAA transaction rule Select the transaction or code set that would not apply to them.

Options:

A.

270

B.

835

C.

837 - Professional

D.

CPT-4

E.

UB-92

Buy Now
Questions 6

The transaction number assigned to the Payment Order/Remittance Advice transaction is:

Options:

A.

270

B.

835

C.

278

D.

820

E.

834

Buy Now
Questions 7

As part of their HIPAA compliance process, a small doctor's office formally puts the office manager in charge of security related issues. This complies with which security rule standard?

Options:

A.

Security Awareness and Training

B.

Security Management Process

C.

Access Control

D.

Assigned Security Responsibility

E.

Security Incident Procedures

Buy Now
Questions 8

This code set describes drugs:

Options:

A.

ICD-9-CM. Volumes 1 and 2.

B.

CPT-4.

C.

CDT.

D.

ICD-9-CM. Volume 3.

E.

NDC.

Buy Now
Questions 9

Select the FALSE statement regarding health-related communications and marketing in the HIPAA regulations:

Options:

A.

A covered entity must obtain an authorization for any use or disclosure of protected health information for marketing, except if the communication is in the form allowed by the regulations.

B.

A face-to-face communication made by a covered entity to an individual is allowed by the regulations without an authorization

C.

A promotional gift of nominal value provided by the covered entity is NOT allowed by the regulations without an authorization.

D.

If the marketing is expected to result in direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is expected

E.

Disclosure of PHI for marketing purposes is limited to disclosure to business associates (which could be a telemarketer) that undertakes marketing activities on behalf of the covered entity

Buy Now
Questions 10

This code set is used to describe or identify radiological procedures and clinical laboratory tests:

Options:

A.

ICD-9-CM, Volumes 1 and 2.

B.

CPT-4.

C.

CDT.

D.

ICD-9-CM, Volume 3.

E.

HCPCS.

Buy Now
Questions 11

The objective of this HIPAA security standard is to implement policies and procedures to prevent, detect, contain, and correct security violations.

Options:

A.

Security Incident Procedures

B.

Assigned Security Responsibly

C.

Security Management Process

D.

Access Control

E.

Facility Access Control

Buy Now
Questions 12

To comply with the Final Privacy Rule, a valid Notice of Privacy Practices:

Options:

A.

Is required for all Business Associate Contracts.

B.

Must always be associated with a valid authorization.

C.

Must be signed before providing treatment to a patient.

D.

Must be associated with a valid Business Associate Contract.

E.

Must describe the individual's rights under the Privacy Rule.

Buy Now
Questions 13

This transaction is the response to a Health Care Claim (837):

Options:

A.

Eligibility (270/271)

B.

Premium Payment (820)

C.

Claim Status Notification (277)

D.

Remittance Advice (835)

E.

Functional Acknowledgment (997)

Buy Now
Questions 14

A doctor sends patient records to another company for data entry services. A bonded delivery service is used for the transfer. The records are returned to the doctor after entry is complete, using the same delivery service. The entry facility and the network they use are secure. The doctor is named as his own Privacy Officer in written policies. The doctor has written procedures for this process and all involved parties are documented as having been trained in them. The doctor does not have written authorizations to disclose Protected Health Information (PHI). Is the doctor in violation of the Privacy Rule?

Options:

A.

No - This would be considered an allowed "routine disclosure" between the doctor and his business partner

B.

Yes - There is no exception to the requirement for an authorization prior to disclosure, no matter how well intentioned or documented.

C.

Yes - a delivery service is not considered a covered entity

D.

Yes - to be a “routine disclosure” all the parties must have their own Privacy Officer as mandated by HIPAA

E.

Yes - this is not considered a part of "treatment", which is one of the valid exceptions to the Privacy Rule

Buy Now
Questions 15

As defined in the HIPAA regulations, a group of logically related data in units is called a:

Options:

A.

Data group

B.

Segment

C.

Transaction set

D.

Functional group

E.

Interchange envelope

Buy Now
Questions 16

This is a documented and routinely updated plan to create and maintain, for a specific period of time, retrievable copies of information:

Options:

A.

Disaster Recovery Plan

B.

Data Backup Plan

C.

Facility Access Controls

D.

Security Incident Procedures

E.

Emergency Mode Operations Plan

Buy Now
Questions 17

Physical access to workstations such as, whether or not patients can easily see a screen with PHI on it, is addressed by:

Options:

A.

Workstation Use

B.

Workstation Security

C.

Sanction Policy

D.

Termination Procedures

E.

Facility Security Plan

Buy Now
Questions 18

A provider is in compliance with the Privacy Rule. She has a signed Notice of Privacy Practices from her patient. To provide treatment, the doctor needs to consult with an independent provider who has no relationship with the patient. To comply with the Privacy Rule the doctor MUST:

Options:

A.

Establish a business partner relationship with the other provider.

B.

Obtain a signed authorization from the patient to cover the disclosure.

C.

Make a copy of the signed Notice available to the other provider.

D.

Obtain the patients signature on the second provider's Notice of Privacy Practices.

E.

Do nothing more -the Notice of Privacy Practices covers treatment activities.

Buy Now
Questions 19

One mandatory requirement for the Notice of Privacy Practices set by HIPAA regulations is:

Options:

A.

If the notice must state that the covered entity reserves the right to disclose PHI without obtaining the individuals authorization.

B.

The notice must prominently include an expiration date.

C.

The notice must describe every potential use of PHI

D.

The notice must describe an individual's rights under the rule such as to inspect, copy and amend PHI and to obtain an accounting of disclosures of PHI

E.

The notice must clearly identify that the covered entity is in compliance with HIPAA regulations as of April 16,2003

Buy Now
Questions 20

HPAA establishes a civil monetary penalty for violation of the Administrative Simplification provisions. The penalty may not be more than:

Options:

A.

$1,000,000 per person pet violation

B.

$10 per person pet violation

C.

$10,000 per person per violation

D.

$100 per person per violation

E.

$1000 per person per violation

Buy Now
Questions 21

One implementation specification of a contingency plan is:

Options:

A.

Risk analysis

B.

Applications and Data Criticality Analysis

C.

Risk Management

D.

Integrity Controls

E.

Encryption

Buy Now
Questions 22

A health care clearinghouse is an entity that:

Options:

A.

Requires PKI for the provider and the patient.

B.

Is exempt from HIPAA regulations.

C.

Is a not-for-profit operation.

D.

Identifies all hospitals and health care organizations.

E.

Performs the functions of format translation and data conversion.

Buy Now
Questions 23

The code set that must be used to describe or identify dentists services and procedures is:

Options:

A.

ICD-9-CM, Volumes 1 and 2

B.

CPT-4

C.

CDT

D.

ICD-9-CM, Volume 3

E.

HCPCS

Buy Now
Questions 24

The transaction number assigned to the Health Care Claim Payment/Advice transaction is:

Options:

A.

270

B.

276

C.

834

D.

835

E.

837

Buy Now
Exam Code: HIO-201
Exam Name: Certified HIPAA Professional
Last Update: Dec 25, 2024
Questions: 160
HIO-201 pdf

HIO-201 PDF

$25.5  $84.99
HIO-201 Engine

HIO-201 Testing Engine

$30  $99.99
HIO-201 PDF + Engine

HIO-201 PDF + Testing Engine

$40.5  $134.99