HCCA - CHPC Exam Prep TEST
ALREADY GRADED PASS GRADE A+
What date did HIPAA became law - CORRECT ANSWER-1996
What is the purpose of HIPAA? - CORRECT ANSWER-1. Protect individuals' PHI
2. Promote high quality healthcare
3. Protect the public's health and well being
HIPAA resides in what CFR section - CORRECT ANSWER-45 CFR sections 164.102
through 164.534
Identify the four sections in the CFR by location and topic - CORRECT ANSWER-
Section One: 164.102 - 164.318 and 164.530 - 164-534 Organizational Requirements
Section Two: 164.500 - 164.514 Use and Disclosure of Information
Section Three: 164.520 - 164.528 Individual's Rights and Penalties
Section Four: Interaction with the HIPAA Security Rule
How do you determine if organization is a CE - CORRECT ANSWER-compare the
functions of the entity to the three principal types of "covered entities" (CE)
What are the different types of CEs - CORRECT ANSWER-- Provider
- Health Plan
- Clearing House
- Other Types
How is a Provider defined - CORRECT ANSWER-Supports medical or health services
such as SNFs, home health, hospitals, physician clinics, etc that transmit in electronic
form
Does a provider need a standing facility to be considered a CE - CORRECT ANSWER-
No, a provider does not need a standing facility to be considered a CE
What is a Health Plan - CORRECT ANSWER-(1) A healthcare organization that
provides or pays the cost of medical care
(2) Includes Medicaid, Medicare, and self funded plans
,What is a Clearinghouse - CORRECT ANSWER-(1) processes health information from
a nonstandard data elements of health information into standard data
elements
(2) includes billing services, health information systems, etc
(3) does NOT include Third Party Administrations ( TPAs)
What are the three Organizational Arrangements - CORRECT ANSWER-Organized
Health Care Arrangement (OHCA)
Affiliated Covered Entities (ACE)
Hybrid Covered Entity (HCE)
What is a Hybrid Covered Entity (HCE) - CORRECT ANSWER-single covered entity
with non-health care components
What is an Organized Health Care Arrangement (OHCA)? - CORRECT ANSWER-
clinically integrated care setting where individuals receive health care from more than
one covered entity
What is an Affiliated Covered Entity (ACE)? - CORRECT ANSWER-(1) legally separate
covered entities that share common control or common ownership
(2) choose to designate themselves as one affiliated CE for the purposes of complying
with the HIPAA Privacy standard
What must a Affiliated Entity agree to? - CORRECT ANSWER-Be treated as a single
CE. Must agree to follow a standard policy and procedure
What is a Business Associate? - CORRECT ANSWER-(1) Separate entity working on
behalf of the CE providing Treatment, Payment, and Healthcare Operations (TPO)
and/or associated activities requiring access and/or will create, receive, maintain, and/or
transmit PHI
(2) Must have a business associate agreement
Who is allowed to access PHI? - CORRECT ANSWER-(1) Workforce: employees,
volunteers, trainees, and others under control of the CE
(2) Business Associates: Separate entity working on behalf of the CE providing
Treatment, Payment, and Healthcare Operations (TPO) and/or associated activities
requiring access and/or use of PHI
What is an example of a BA? - CORRECT ANSWER-claims processing
data analysis
billing
benefit management
quality assurance
quality improvement
practice management
, legal
actuarial
accounting
accreditation
other administrative services
What has been the main complaint with holding a BA accountable under the 2000
Privacy Rule? - CORRECT ANSWER-- lack of penalties for non-compliance
- federal penalties could only be levied against the CE
Which new regulation corrected shortcomings of the HIPAA 2000 regulation concerning
BAs? - CORRECT ANSWER-Health Information Technology
for Economic and Clinical Health (HITECH)
Who is responsible for privacy and security of BAs? - CORRECT ANSWER-The CE has
legal liability for violations, and possible penalties for the BA.
What is Health Information? - CORRECT ANSWER-any information, whether oral or
recorded in any form or medium, that is created or received by a health care provider,
health plan, public health authority, employer, life insurer, school or university, or health
care clearinghouse, and relates to the past, present, or future physical or mental health
or condition of an individual. This includes the provision of health care to an individual,
or the past, present, or future payment for the provision of health care to an individual.
What is Individually Identifiable Health Information
(IIHI)? - CORRECT ANSWER-information that is a subset
of health information, including demographic
information collected from an individual
that is created or received by a health care
provider, health plan, employer, or health care
clearinghouse, and relates to the past, present,
or future physical or mental health condition of
an individual, the provision of health care to an
individual, or the past, present, or future payment
or the provision of payment of health care to anindividual, and identifies the individual,
or has a reasonable basis that can be used to identify the individual
What is CSP? - CORRECT ANSWER-Cloud Service Provider
What is Protected Health Information (PHI)? - CORRECT ANSWER-(1) Health
information collected from an individual that is created or received by a covered entity
that is
(2) transmitted by electronic media, maintained in electronic media, or transmitted or
maintained in any other form or medium.
(3) PHI excludes IIHI in education records covered by the Family Educational Rights
and Privacy Act (FERPA)
ALREADY GRADED PASS GRADE A+
What date did HIPAA became law - CORRECT ANSWER-1996
What is the purpose of HIPAA? - CORRECT ANSWER-1. Protect individuals' PHI
2. Promote high quality healthcare
3. Protect the public's health and well being
HIPAA resides in what CFR section - CORRECT ANSWER-45 CFR sections 164.102
through 164.534
Identify the four sections in the CFR by location and topic - CORRECT ANSWER-
Section One: 164.102 - 164.318 and 164.530 - 164-534 Organizational Requirements
Section Two: 164.500 - 164.514 Use and Disclosure of Information
Section Three: 164.520 - 164.528 Individual's Rights and Penalties
Section Four: Interaction with the HIPAA Security Rule
How do you determine if organization is a CE - CORRECT ANSWER-compare the
functions of the entity to the three principal types of "covered entities" (CE)
What are the different types of CEs - CORRECT ANSWER-- Provider
- Health Plan
- Clearing House
- Other Types
How is a Provider defined - CORRECT ANSWER-Supports medical or health services
such as SNFs, home health, hospitals, physician clinics, etc that transmit in electronic
form
Does a provider need a standing facility to be considered a CE - CORRECT ANSWER-
No, a provider does not need a standing facility to be considered a CE
What is a Health Plan - CORRECT ANSWER-(1) A healthcare organization that
provides or pays the cost of medical care
(2) Includes Medicaid, Medicare, and self funded plans
,What is a Clearinghouse - CORRECT ANSWER-(1) processes health information from
a nonstandard data elements of health information into standard data
elements
(2) includes billing services, health information systems, etc
(3) does NOT include Third Party Administrations ( TPAs)
What are the three Organizational Arrangements - CORRECT ANSWER-Organized
Health Care Arrangement (OHCA)
Affiliated Covered Entities (ACE)
Hybrid Covered Entity (HCE)
What is a Hybrid Covered Entity (HCE) - CORRECT ANSWER-single covered entity
with non-health care components
What is an Organized Health Care Arrangement (OHCA)? - CORRECT ANSWER-
clinically integrated care setting where individuals receive health care from more than
one covered entity
What is an Affiliated Covered Entity (ACE)? - CORRECT ANSWER-(1) legally separate
covered entities that share common control or common ownership
(2) choose to designate themselves as one affiliated CE for the purposes of complying
with the HIPAA Privacy standard
What must a Affiliated Entity agree to? - CORRECT ANSWER-Be treated as a single
CE. Must agree to follow a standard policy and procedure
What is a Business Associate? - CORRECT ANSWER-(1) Separate entity working on
behalf of the CE providing Treatment, Payment, and Healthcare Operations (TPO)
and/or associated activities requiring access and/or will create, receive, maintain, and/or
transmit PHI
(2) Must have a business associate agreement
Who is allowed to access PHI? - CORRECT ANSWER-(1) Workforce: employees,
volunteers, trainees, and others under control of the CE
(2) Business Associates: Separate entity working on behalf of the CE providing
Treatment, Payment, and Healthcare Operations (TPO) and/or associated activities
requiring access and/or use of PHI
What is an example of a BA? - CORRECT ANSWER-claims processing
data analysis
billing
benefit management
quality assurance
quality improvement
practice management
, legal
actuarial
accounting
accreditation
other administrative services
What has been the main complaint with holding a BA accountable under the 2000
Privacy Rule? - CORRECT ANSWER-- lack of penalties for non-compliance
- federal penalties could only be levied against the CE
Which new regulation corrected shortcomings of the HIPAA 2000 regulation concerning
BAs? - CORRECT ANSWER-Health Information Technology
for Economic and Clinical Health (HITECH)
Who is responsible for privacy and security of BAs? - CORRECT ANSWER-The CE has
legal liability for violations, and possible penalties for the BA.
What is Health Information? - CORRECT ANSWER-any information, whether oral or
recorded in any form or medium, that is created or received by a health care provider,
health plan, public health authority, employer, life insurer, school or university, or health
care clearinghouse, and relates to the past, present, or future physical or mental health
or condition of an individual. This includes the provision of health care to an individual,
or the past, present, or future payment for the provision of health care to an individual.
What is Individually Identifiable Health Information
(IIHI)? - CORRECT ANSWER-information that is a subset
of health information, including demographic
information collected from an individual
that is created or received by a health care
provider, health plan, employer, or health care
clearinghouse, and relates to the past, present,
or future physical or mental health condition of
an individual, the provision of health care to an
individual, or the past, present, or future payment
or the provision of payment of health care to anindividual, and identifies the individual,
or has a reasonable basis that can be used to identify the individual
What is CSP? - CORRECT ANSWER-Cloud Service Provider
What is Protected Health Information (PHI)? - CORRECT ANSWER-(1) Health
information collected from an individual that is created or received by a covered entity
that is
(2) transmitted by electronic media, maintained in electronic media, or transmitted or
maintained in any other form or medium.
(3) PHI excludes IIHI in education records covered by the Family Educational Rights
and Privacy Act (FERPA)
