Domain 2 RHIA EXAM QUESTIONS WITH CORRECT
VERIFIED ANSWERS
QUESTION>Per the HIPAA Privacy Rule, which of the following requires authorization for research
purposes?
· Use of Mary's deidentified information about her myocardial infarction
· Use of Mary's information about her asthma in a limited data set
· Use of Mary's individually identifiable information related to her asthma treatments
· Use of medical information about Jim, Mary's deceased husband - CORRECT ANSWER~Use of Mary's
individually identifiable information related to her asthma treatments
QUESTION>An encrypted laptop was stolen from your organization. Based on the Breach Notification
Rule, how should you respond?
· Start an investigation
· Conduct a risk analysis
· Do nothing, as a breach did not occur
· Conduct a gap analysis - CORRECT ANSWER~Do nothing, as a breach did not occur
QUESTION>Who has the legal right to refuse treatment?
· 1 and 2
· 1 and 3
· 1 and 4
· 4 and 5 - CORRECT ANSWER~1 and 4
QUESTION>Addressable Security Rule implementation specifications:
· Should be implemented unless a healthcare entity determines that the specification is not reasonable
and appropriate and documents their reasoning
· Are not optional; the healthcare entity must implement them as stated in the regulation
· Are required if legal counsel determines this to be true and they do not conflict with state law
,· Are only required to be read by healthcare entities; they do not have to be implemented - CORRECT
ANSWER~Should be implemented unless a healthcare entity determines that the specification is not
reasonable and appropriate and documents their reasoning
QUESTION >The security devices situated between the routers of a private network and a public network
to protect the private network from unauthorized users are called:
· Audit trails
· Passwords
· Firewalls
· Encryptors - CORRECT ANSWER~Firewalls
QUESTION>On review of the audit log for an EHR system, the HIM director discovers that a
departmental employee with authorized access to patient records is printing far more records than the
average user. In this case, what should the supervisor do?
· Reprimand the employee
· Fire the employee
· Determine what information was printed and why
· Revoke the employee's access privileges - CORRECT ANSWER~Determine what information was printed
and why
QUESTION>When defining the legal health record in a healthcare entity, it is best practice to establish a
policy statement of the legal health record as well as a:
· Case-mix index
· Master patient index
· Health record matrix
· Retention schedule - CORRECT ANSWER~Health record matrix
QUESTION>An HIM professional designing a health record system for a healthcare entity should check
________ to find out how long health records should be retained by the entity.
· With the attending physician
· State and federal law
· County or city codes
, · Joint Commission Accreditation Standards - CORRECT ANSWER~State and federal law
QUESTION>George is going to Arizona for the winter. What will offer him secure, online, 24-hour access
to his personal health information from University Hospital System in the Midwest regardless of where
he is, as long as he has an internet connection?
· Personal health record
· Telecommuting
· Patient portal
· Telehealth - CORRECT ANSWER~Patient portal
QUESTION>The legal health record for disclosure consists of:
· Any and all protected health information data collected or used by a healthcare entity when delivering
care
· Only the protected health information requested by an attorney for a legal proceeding
· The data, documents, reports, and information that comprise the formal business records of any
healthcare entity that are to be utilized during legal proceedings
· All of the data and information included in the HIPAA Designated Record Set - CORRECT ANSWER~The
data, documents, reports, and information that comprise the formal business records of any healthcare
entity that are to be utilized during legal proceedings
QUESTION>Champion Hospital retains Hall and Hall, a law firm, to perform all of its legal work, including
representation during medical malpractice lawsuits. Which of the following statements is correct?
· The law firm is not a business associate because it is a legal, not a medical, organization.
· The law firm is a business associate because it performs activities on behalf of the hospital.
· The law firm is not a business associate because the privacy rule prohibits it from using individually
identifiable information.
· The law firm is not a business associate because it is a medical, not a legal, organization. - CORRECT
ANSWER~· The law firm is a business associate because it performs activities on behalf of the hospital.
QUESTION>Jack Mitchell, a patient in Ross Hospital, is being treated for gallstones. He has not opted out
of the facility directory. Callers who request information about him may be given:
· No information due to the highly sensitive nature of his illness
VERIFIED ANSWERS
QUESTION>Per the HIPAA Privacy Rule, which of the following requires authorization for research
purposes?
· Use of Mary's deidentified information about her myocardial infarction
· Use of Mary's information about her asthma in a limited data set
· Use of Mary's individually identifiable information related to her asthma treatments
· Use of medical information about Jim, Mary's deceased husband - CORRECT ANSWER~Use of Mary's
individually identifiable information related to her asthma treatments
QUESTION>An encrypted laptop was stolen from your organization. Based on the Breach Notification
Rule, how should you respond?
· Start an investigation
· Conduct a risk analysis
· Do nothing, as a breach did not occur
· Conduct a gap analysis - CORRECT ANSWER~Do nothing, as a breach did not occur
QUESTION>Who has the legal right to refuse treatment?
· 1 and 2
· 1 and 3
· 1 and 4
· 4 and 5 - CORRECT ANSWER~1 and 4
QUESTION>Addressable Security Rule implementation specifications:
· Should be implemented unless a healthcare entity determines that the specification is not reasonable
and appropriate and documents their reasoning
· Are not optional; the healthcare entity must implement them as stated in the regulation
· Are required if legal counsel determines this to be true and they do not conflict with state law
,· Are only required to be read by healthcare entities; they do not have to be implemented - CORRECT
ANSWER~Should be implemented unless a healthcare entity determines that the specification is not
reasonable and appropriate and documents their reasoning
QUESTION >The security devices situated between the routers of a private network and a public network
to protect the private network from unauthorized users are called:
· Audit trails
· Passwords
· Firewalls
· Encryptors - CORRECT ANSWER~Firewalls
QUESTION>On review of the audit log for an EHR system, the HIM director discovers that a
departmental employee with authorized access to patient records is printing far more records than the
average user. In this case, what should the supervisor do?
· Reprimand the employee
· Fire the employee
· Determine what information was printed and why
· Revoke the employee's access privileges - CORRECT ANSWER~Determine what information was printed
and why
QUESTION>When defining the legal health record in a healthcare entity, it is best practice to establish a
policy statement of the legal health record as well as a:
· Case-mix index
· Master patient index
· Health record matrix
· Retention schedule - CORRECT ANSWER~Health record matrix
QUESTION>An HIM professional designing a health record system for a healthcare entity should check
________ to find out how long health records should be retained by the entity.
· With the attending physician
· State and federal law
· County or city codes
, · Joint Commission Accreditation Standards - CORRECT ANSWER~State and federal law
QUESTION>George is going to Arizona for the winter. What will offer him secure, online, 24-hour access
to his personal health information from University Hospital System in the Midwest regardless of where
he is, as long as he has an internet connection?
· Personal health record
· Telecommuting
· Patient portal
· Telehealth - CORRECT ANSWER~Patient portal
QUESTION>The legal health record for disclosure consists of:
· Any and all protected health information data collected or used by a healthcare entity when delivering
care
· Only the protected health information requested by an attorney for a legal proceeding
· The data, documents, reports, and information that comprise the formal business records of any
healthcare entity that are to be utilized during legal proceedings
· All of the data and information included in the HIPAA Designated Record Set - CORRECT ANSWER~The
data, documents, reports, and information that comprise the formal business records of any healthcare
entity that are to be utilized during legal proceedings
QUESTION>Champion Hospital retains Hall and Hall, a law firm, to perform all of its legal work, including
representation during medical malpractice lawsuits. Which of the following statements is correct?
· The law firm is not a business associate because it is a legal, not a medical, organization.
· The law firm is a business associate because it performs activities on behalf of the hospital.
· The law firm is not a business associate because the privacy rule prohibits it from using individually
identifiable information.
· The law firm is not a business associate because it is a medical, not a legal, organization. - CORRECT
ANSWER~· The law firm is a business associate because it performs activities on behalf of the hospital.
QUESTION>Jack Mitchell, a patient in Ross Hospital, is being treated for gallstones. He has not opted out
of the facility directory. Callers who request information about him may be given:
· No information due to the highly sensitive nature of his illness
