AHIMA RHIT FINAL PAPER 2025/2026 QUESTIONS AND
SOLUTION RATED A+
✔✔Risk Analysis - ✔✔Under the HIPAA security rule an organization must identify
potential risks and vulnerabilities to the confidentiality, integrity and availability of
electronic protected health information. This process is referred as a
✔✔privacy screen - ✔✔What is a safeguard that is used to prevent incidental
disclosures of PHI when an employee is working on a computer in a public area?
✔✔Protected Health Information - ✔✔Individually identifiable health information that is
transmitted by electronic media, maintained in any electronic medium, or in any other
form or medium is defined as
✔✔Designated record set - ✔✔The HIPAA Privacy Rule requires which of the following
to describe what is maintained as part of the health record
✔✔Audit Trails and Audit Logs - ✔✔Covered entities must perform security audits using
which of the following tools?
✔✔Flashing pagers (such as ones which are used in restaurants) - ✔✔Which of the
following is an example of a way to decrease the risk of violating HIPAA Privacy Rules
in a patient waiting area?
✔✔privacy - ✔✔The right of an individual to have freedom from observation or intrusion
into their private affairs and rights to maintain control over certain personal health
information is defined as
✔✔healthcare operations - ✔✔When in-house counsel is conducting the defense of a
malpractice claim, an authorization is not required because review of the record would
be covered under
✔✔Right to Request Confidential Communication - ✔✔What is it called under HIPAA
when a patient requests medical and/or billing information be mailed to an alternate
address?
✔✔ethical - ✔✔Violations of the need-to-know principle, misuse of blanket
authorizations, and violations of privacy that occur because of secondary release of
information are what type of issue?
✔✔Firewalls - ✔✔Proxy servers, packet filters, and application gateways are examples
of
, ✔✔Need to know - ✔✔What type of control is used to determine access granted to a
user?
✔✔release is for the purses of treatment, payment and operations - ✔✔A healthcare
provider releases portions of the health record to a third party without consent when the
✔✔Data Modeling - ✔✔What is the process of determining a user's information needs
and identifying relationships among the data?
✔✔Statistical process control chart - ✔✔Which of the following includes horizontal lines
to represent control limits?
✔✔Run chart - ✔✔Which of the following graphs is used to display data points over a
period of time to provide information on system performance?
✔✔Determine the completeness of patient health records - ✔✔The purpose of
quantitative analysis is to
✔✔outcomes - ✔✔Ability to function, quality of life, satisfaction, and mortality are
examples of patient
✔✔effectiveness of care - ✔✔Which of the following is an example of a HEDIS measure
designed to provide both purchasers and consumers of healthcare with information to
compare performance of managed care plans?
✔✔Null and Alternative - ✔✔What are the two forms of hypothesis testing?
✔✔The median - ✔✔You receive length of stay (LOS) data from several care units.
Each is in the form of a normal distribution, but each data set has outliers and the
ranges of each data set are not the same. If you need to compare these distributions,
which of the following is the best measure of central tendency?
✔✔Unified Modeling - ✔✔What is an object-oriented modeling language that assists in
the documentation of a software project?
✔✔Dashboard - ✔✔A senior manager at your hospital requests a visual tool to
summarize the status of all quality improvement projects organization wide. She
requires that this tool provides metrics for infection rate, patient satisfaction, cost
control, and risk management. The BEST tool for this purpose would be a
✔✔Universal Resource Locator - ✔✔In order for a patient's health record to be
considered de-identified, which element would have to be removed?
SOLUTION RATED A+
✔✔Risk Analysis - ✔✔Under the HIPAA security rule an organization must identify
potential risks and vulnerabilities to the confidentiality, integrity and availability of
electronic protected health information. This process is referred as a
✔✔privacy screen - ✔✔What is a safeguard that is used to prevent incidental
disclosures of PHI when an employee is working on a computer in a public area?
✔✔Protected Health Information - ✔✔Individually identifiable health information that is
transmitted by electronic media, maintained in any electronic medium, or in any other
form or medium is defined as
✔✔Designated record set - ✔✔The HIPAA Privacy Rule requires which of the following
to describe what is maintained as part of the health record
✔✔Audit Trails and Audit Logs - ✔✔Covered entities must perform security audits using
which of the following tools?
✔✔Flashing pagers (such as ones which are used in restaurants) - ✔✔Which of the
following is an example of a way to decrease the risk of violating HIPAA Privacy Rules
in a patient waiting area?
✔✔privacy - ✔✔The right of an individual to have freedom from observation or intrusion
into their private affairs and rights to maintain control over certain personal health
information is defined as
✔✔healthcare operations - ✔✔When in-house counsel is conducting the defense of a
malpractice claim, an authorization is not required because review of the record would
be covered under
✔✔Right to Request Confidential Communication - ✔✔What is it called under HIPAA
when a patient requests medical and/or billing information be mailed to an alternate
address?
✔✔ethical - ✔✔Violations of the need-to-know principle, misuse of blanket
authorizations, and violations of privacy that occur because of secondary release of
information are what type of issue?
✔✔Firewalls - ✔✔Proxy servers, packet filters, and application gateways are examples
of
, ✔✔Need to know - ✔✔What type of control is used to determine access granted to a
user?
✔✔release is for the purses of treatment, payment and operations - ✔✔A healthcare
provider releases portions of the health record to a third party without consent when the
✔✔Data Modeling - ✔✔What is the process of determining a user's information needs
and identifying relationships among the data?
✔✔Statistical process control chart - ✔✔Which of the following includes horizontal lines
to represent control limits?
✔✔Run chart - ✔✔Which of the following graphs is used to display data points over a
period of time to provide information on system performance?
✔✔Determine the completeness of patient health records - ✔✔The purpose of
quantitative analysis is to
✔✔outcomes - ✔✔Ability to function, quality of life, satisfaction, and mortality are
examples of patient
✔✔effectiveness of care - ✔✔Which of the following is an example of a HEDIS measure
designed to provide both purchasers and consumers of healthcare with information to
compare performance of managed care plans?
✔✔Null and Alternative - ✔✔What are the two forms of hypothesis testing?
✔✔The median - ✔✔You receive length of stay (LOS) data from several care units.
Each is in the form of a normal distribution, but each data set has outliers and the
ranges of each data set are not the same. If you need to compare these distributions,
which of the following is the best measure of central tendency?
✔✔Unified Modeling - ✔✔What is an object-oriented modeling language that assists in
the documentation of a software project?
✔✔Dashboard - ✔✔A senior manager at your hospital requests a visual tool to
summarize the status of all quality improvement projects organization wide. She
requires that this tool provides metrics for infection rate, patient satisfaction, cost
control, and risk management. The BEST tool for this purpose would be a
✔✔Universal Resource Locator - ✔✔In order for a patient's health record to be
considered de-identified, which element would have to be removed?
