WGU D033 Health Information Systems Management OA ACTUAL EXAM 2025/2026 COMPLETE QUESTIONS WITH CORRECT DETAILED ANSWERS || 100% GUARANTEED PASS <RECENT VERSION>

WGU D033 Health Information Systems Management OA ACTUAL EXAM 2025/2026 COMPLETE QUESTIONS WITH CORRECT DETAILED ANSWERS || 100% GUARANTEED PASS &lt;RECENT VERSION&gt; 1. Information System - ANSWER an automated system that uses computer hardware and software to record, manipulate, store, recover, and disseminate data (that is, a system that receives and processes input and provides output) 2. Financial applications - ANSWER software applications that handle patient accounts, budgets, and other financial activities 3. Mainframe computers - ANSWER large computers that are used by the government and other organizations that require speed and the ability to process large amounts of data. 4. Dumb Terminals - ANSWER all of the processing is performed at the server or mainframe 5. Cloud Computing - ANSWER a system that operates on a computer that is owned and maintained by a vendor. 6. Core data set - ANSWER A data set that contains the most relevant administrative, demographic, and clinical information about a patient's healthcare 7. Continuity of Care Record (CCR) - ANSWER A core data set, covering one or more healthcare encounters 8. Source systems - ANSWER information systems that capture and feed data into the EHR. Includes the electronic medication administration record (EMAR), laboratory information system, radiology information system, etc. 9. Four types of interoperability - ANSWER technical, syntactic, semantic, process 10. Technical interoperability - ANSWER Based on the hardware and equipment connectivity used in the exchange, this type of interoperability allows any computer or device to exchange data with another computer or device without corrupting the data or creating errors 11. Syntactic interoperability - ANSWER Message format standards identify how the data should be formatted or structured to allow the exchange. Interface software must be employed for compatibility to enable the exchange. 12. Semantic interoperability - ANSWER use of standardized terminologies (such as SNOMED-CT) to provide clarity, consistency, and appropriate meaning in HIE 13. Process interoperability - ANSWER degree to which the integrity of workflow can be maintained between systems and includes maintaining and conveying information such as user roles, data protection, and system service quality between systems 14. Office of the National Coordinator for Health Information Technology (ONC) - ANSWER federal entity charged with the coordination of nationwide efforts to implement and use the most advanced HIT and the electronic exchange of health information and, in so doing, establishing interoperability among all health information systems 15. Database - ANSWER organized collection of data, text, references, or pictures in a standardized format 16. Agile development - ANSWER group of practices that, when used together, are intended to shorten and improve the SDLC. The method emphasizes short, simple, and iterative development cycles 17. Requirements Analysis - ANSWER processes used for identifying what function(s) an information system must perform and how it is to provide them 18. Data silo - ANSWER separate database or system within a department that does not integrate into the main organizational system nor can others outside of that specific department access it 19. Charter - ANSWER document that identifies the purpose, scope, and functions of a program 20. SBAR - ANSWER (situation, background, assessment, recommendation) is a process for facilitating communication and resolving problems that has been used by many healthcare facilities in their quest to implement IG 21. Information asset inventory - ANSWER list of information resources throughout the healthcare facility 22. Information technology governance (ITG) - ANSWER management of all information technology investments, including the selection, implementation, maintenance, evaluation and its coordination 23. Triple aim - ANSWER to improve population health, enhance the patient's experience within the healthcare field, and to reduce the per capita cost of healthcare services 24. Administrative simplification - ANSWER improve the efficiency and effectiveness of the business processes of healthcare by standardizing the EDI of administrative and financial transactions 25. Privacy Rule - ANSWER defines how covered entities may use PHI 26. Security Rule - ANSWER defines the minimum a covered entity must do to protect ePHI 27. Risk management - ANSWER comprehensive program of activities intended to minimize the potential for injuries to occur in a CE and to anticipate and respond to ensuring liabilities for those injuries that do occur 28. Security management plan - ANSWER policies required to prevent, identify, control, and resolve security incidents 29. Workforce clearance procedure - ANSWER ensures that each member of the workforce's level of access is appropriate 30. Contingency plan - ANSWER policies and procedures that identify how a CE will react in the event of an information system emergency, such as power failure, natural disaster, a hacker, malware, or a system failure. 31. Emergency mode operation plan - ANSWER encompasses procedures necessary to keep the critical business processes of the CE in place during information system downtime 32. Access controls - ANSWER computer software program designed to prevent unauthorized use of an information resource. 33. Audit-reduction tools - ANSWER review the audit trail and compare it to criteria specified by the CE, which eliminates routine entries such as the periodic backups 34. Virus - ANSWER propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another 35. Worm - ANSWER standalone software and does not require a host program or human help to propagate. Is programmed to install itself onto a computer attached to a computer network and then moves to all computers on the network 36. Phishing - ANSWER a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly 37. Ransomware - ANSWER type of malicious software that prohibits access to information systems in an organization 38. A healthcare facility believes it needs to strengthen its cyber security policies related to financial information. Patients are sending financial information online and need to have that information protected. Which technical safeguard should be in place to protect this information? -Data backup -Data encryption -Central repository data -Emergency plan - ANSWER Data encryption 39. A vendor requires a hospital to send patient demographic data such as name, patient registration time, and diagnosis to display emergency department (ED) wait times. The vendor provided an IP address the hospital can use to send the data via file transfer protocol (FTP). What should a hospital information technology (IT) department analyst consider as a first step to provide the data? -Give a copy of the request to risk management -Determine whether the data will be sent securely -Identify the required time of day to send the data -Ask the vendor to sign a business associate agreement (BAA) - ANSWER Determine whether the data will be sent securely 40. A healthcare facility has a comprehensive password security policy. All hospital employees are responsible for safeguarding their system access log ins and passwords. How does this policy add value to the healthcare organization? -Reduces patient complaints -Controls quality of care -Protects against data breaches -Increases access to information - ANSWER Protects against data breaches 41. A healthcare organization has security audits and related policies and procedures that provide evidence of who has accessed an electronic medical record system, when it was accessed, where it was accessed, and what was done to the record. Which information tracked in the information technology (IT) audit trail adds value to the organization? -System update requirements -Algorithm used to encrypt data -Revenue cycle rejection incidents -Attempts of unauthorized access beyond scope of role - ANSWER Attempts of unauthorized access beyond scope of role 42. A facility is developing a patient portal application. What must be included to obtain patient trust? -Ability for patients to change portal data -Secure log-in to safeguard patient information -Secure links from the portal to social media accounts -Ability for patients to post data from the portal to social media - ANSWER Secure log-in to safeguard patient information 43. Privacy awareness and security training must be provided to all employees to prevent privacy breaches. Which law is this requirement covered under? -Affordable Care Act (ACA) -Patient Self-Determination Act (PSDA) -Health Insurance Portability and Accountability Act (HIPAA) -Health Information Technology for Economic and Clinical Health Act (HITECH) - ANSWER Health Insurance Portability and Accountability Act (HIPAA) 44. A primary care provider has referred a patient to a hematologist who then accessed the patient's information through a directed exchange. After the hematologist diagnosed the patient, the nurse sent the notes back to the primary care provider through the exchange. What is a benefit of using this exchange? -The communication between caregivers is timely and secure. -The patient can view the physician's communication on the lab results. -The nurse can retrieve the patient's blood type from the medical record. -The physician can locate and track test results in the practice database. - ANSWER The communication between caregivers is timely and secure 45. Three nonaffiliated hospitals in a metropolitan area want to create a directed health information exchange to improve coordination of patient care. Which challenge must be overcome to create this exchange? -Absence of certificate of need from the state -Lack of interoperability between current systems -Need to gain approval from community service groups -Scarcity of decision support technologies for clinicians - ANSWER Lack of interoperability between current systems 46. Hackers accessed the health information system of a hospital, and this inappropriate access needs to be reported. Which step should be taken under the Health Insurance Portability and Accountability Act (HIPAA) regulations? -Degaussing the data -Remotely wiping the data -Paying civil and criminal penalties -Sending security breach notifications to affected patients - ANSWER Sending security breach notifications to affected patients 47. A disgruntled employee has accessed the data of more than 500 patients and posted it on the dark web. What should be done per Health Insurance Portability and Accountability Act (HIPAA) guidelines? -Consult legal counsel -Terminate the employee -Notify all affected patients -Contact the local health department - ANSWER Notify all affected patients 48. A member of the hospital's health information management (HIM) staff witnesses an orderly intentionally inserting a flash drive into a computer in the emergency department (ED), against information technology (IT) department policy. The HIM employee contacts the risk manager. Which regulatory rule addresses this problem? -Privacy rule -Security rule -Code set rule -Transaction rule - ANSWER Security rule 49. Human resources information system (HRIS) - ANSWER A system that tracks employees within the organization. This tracking includes promotions, transfers, terminations, performance appraisal due dates, and absenteeism 50. Hybrid model - ANSWER A combination of the advantages of centralized and decentralized models; has an RLS, and some data are stored in a central repository while the remainder stays with the other HCOs within the HIE 51. Hybrid record - ANSWER A combination of paper and electronic health records 52. Identity management - ANSWER Ensures that the individual who has been identified is who they say they are, that they have the authority to do what they want to do, and that their actions are tracked Glossary 321 53. Identity matching - ANSWER Also known as patient matching, the process in which the HIO identifies the right person within the database to exchange information between HCOs 54. Inferential statistics - ANSWER A set of statistical techniques that allows researchers to make generalizations about a population's characteristics on the basis of a sample's characteristics, such as HIM professionals' continuing education efforts 55. Information access management - ANSWER Involves implementing policies and procedures to determine which employees have access to what information 56. Information system activity review - ANSWER Monitors for the inappropriate use or disclosure of ePHI. HIPAA does not mandate the frequency of this review nor the way this review is to be conducted. These reviews should include logs, access, and incident reporting 57. Phishing - ANSWER is "a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly" 58. Remote wipe - ANSWER is used when data must be deleted from the mobile device remotely because it has been lost or stolen 59. Certified in Healthcare Privacy and Security (CHPS) - ANSWER credential demonstrates advanced privacy and security skills. These advanced privacy and security skills exceed those in the Registered Health Information Administrator or Registered Health Information Technician examinations. It is sponsored by the American Health Information Management Association (AHIMA). The CHPS examination includes both technical and managerial issues, including a number of topics related to privacy and security. 60. Certified Information Systems Security Professional (CISSP) - ANSWER certification is sponsored by the International Information Systems Security Certification Consortium [(ISC)2]. It is a generic security certification and therefore is not healthcare specific 61. Certified Information Security Manager (CISM) - ANSWER is sponsored by ISACA. It is an international examination that is designed for leaders in security who oversee the security programs of organizations 62. pilot method - ANSWER involves only one unit, department, or other entity starting to use the new system at a time.A new department starts to use the IS if it was successful for the previous department. 63. big bang - ANSWER the riskiest. The healthcare organization stops using the old system and starts using the new one. 64. parrallel processing - ANSWER both the old and new system is used at the same time 65. phased approach - ANSWER Introduces the new system in stages either by functions or by organizational units. 66. back-end speech recognition - ANSWER done by a transcriptionist 67. front end speech recognition - ANSWER done by the provider and it is time consuming 68. security event - ANSWER poor security practices that have not led to harm, whereas security incidents have resulted in harm or a significant risk of harm 69. CAHIM - ANSWER Commission on Accreditation for Health Informatics and Information Management Education 70. Commission on Certification for Health Information and Information Management (CCHIIM) - ANSWER the independent body within AHIMA that establishes and grants professional certifications in health informatics and HIM professions. 71. Systems analyst - ANSWER Identifies the stakeholders of an information system as well as the functionality required of a system. Tasks include data collection, data analysis, and developing data flow diagrams. The systems analyst would assist in the reengineering of business processes that would take advantage of the benefits of the system being implemented. 72. System implementation - ANSWER Assist in many aspects of the process, such as systems analysis, developing the request for proposal, selecting systems, setting configurations, training, reengineering, and other steps in the process.