AHIMA RHIA FINAL EXAM QUESTIONS
AND ANSWERS GRADED A+ ASSURED
SUCCESS NEW UPDATE 2025/2026, Exams
of Nursing
A ________ helps a healthcare entity proactively ensure that the information they store and
maintain is only being accessed in the normal course of business.
a. Contingency plan
b. Workflow analysis
c. Documentation audit
d. Security audit Correct Answer: D
Security audits can help a healthcare organization proactively ensure that the information it
stores and maintains is only being accessed for the normal course of business (Brinda and
Watters 2016, 322).
2. What does an audit trail check for?
a. Loss of data
b. Presence of a virus
c. Successful completion of a backup
d. Unauthorized access to a system Correct Answer: D
An audit trail is a chronological set of computerized records that provides evidence of a
computer system utilization (log-ins and log-outs, file accesses) used to determine security
violations (Sandefer 2016a, 366).
Outpatient programs designed to provide employees immediate access to psychological
counseling on a limited basis that may be provided on-site or through local providers are called:
a. Health benefits fair
b. Employee assistance programs
c. Outpatient employee care
d. Employee crisis lines Correct Answer: B
1|Page
,Employers acknowledge the need for mental health services for their employees by providing
access to employee assistance programs (EAPs). These outpatient programs are designed to
provide employees with immediate access to psychological counseling on a limited basis and
may be provided on-site or through local providers (Munn 2013, 609).
While the focus of inpatient data collection is on the principal diagnosis, the focus of outpatient
data collection is on the:
a. Reason for admission
b. Activities of daily living
c. Discharge diagnosis
d. Reason for encounter Correct Answer: D
The Uniform Ambulatory Care Data Set (UACDS) includes data elements specific to ambulatory
care such as the reason for the encounter with the healthcare provider (Johns 2015, 280).
30
15
Correct30
Wrong15
The term "hard coding" refers to:
a. ICD-10-CM codes that are coded by the coders
b. CPT codes that appear in the hospital's chargemaster
c. CPT codes that are coded by the coders
d. ICD-10-CM codes that appear in the hospital's chargemaster Correct Answer: B
During order-entry a unique identifier for each service is entered. This unique identifier triggers
a charge from the chargemaster to be posted on the patient's account. This process is known as
hard coding (Casto and Forrestal 2015, 253).
Which of the following accreditation categories would the Joint Commission assign to a hospital
that did not meet all of the standards at the time of the initial on-site survey, had a level of
standards in noncompliance, had Requirements for Improvements (RFIs) in excess of the
published level for the year, and subsequently underwent an additional on-site, follow-up
survey?
2|Page
,a. Accreditation with follow-up survey
b. Preliminary accreditation
c. Accredited
d. Contingent accreditation Correct Answer: D
The Joint Commission has five accreditation decision categories. One of these categories is
Contingent Accreditation. Contingent Accreditation is when the organization fails to resolve the
requirements of an Accreditation with a follow-up survey. Although organizations that receive
contingent accreditation may appeal, they must also remedy the noncompliance to the
satisfaction of the Commission and, in most cases, are subject to a follow-up survey in 30 days
(Shaw and Carter 2015, 418).
Borrowing record entries from another source as well as representing or displaying past
documentation as current are examples of a potential breach of:
a. Identification and demographic integrity
b. Authorship integrity
c. Statistical integrity
d. Auditing integrity Correct Answer: B
Authorship is the origin of recorded information that is attributed to a specific individual or
entity. Electronic tools make it easier to copy and paste documentation from one record to
another or to pull information forward from a previous visit, someone else's records, or other
sources either intentionally or inadvertently. The ability to copy and paste entries leads to a
record where a clinician may, upon signing the documentation, unwittingly swear to the
accuracy and comprehensiveness of substantial amounts of duplicated, inapplicable,
misleading, or erroneous information (Russo 2013b, 339).
In healthcare, a data warehouse may be use for:
a. Accounts receivable management
b. Materials or inventory management
c. Best practice guideline development
d. Utilization review Correct Answer: C
Data warehouses are often hierarchical or multidimensional and are designed to receive very
large volumes of data (often as an extraction of data from a repository) and perform complex,
3|Page
, analytical processes on the data. Data can be mined and processed in many ways. For example,
a data warehouse may be used for clinical quality improvement and best practice guideline
development (Sandefer 2016, 376).
The security devices situated between the routers of a private network and a public network to
protect the private network from unauthorized users are called:
a. Audit trails
b. Passwords
c. Firewalls
d. Encryptors Correct Answer: C
Firewalls are hardware and software security devices situated between the routers of a private
and public network. They are designed to protect computer networks from unauthorized
outsiders. However, they also can be used to protect entities within a single network, for
example, to block laboratory technicians from getting into payroll records. Without firewalls, IT
departments would have to deploy multiple-enterprise security programs that would soon
become difficult to manage and maintain (Sandefer 2016a, 366).
The privacy officer was conducting training for new employees and posed the following
question to the trainees to help them understand the rule regarding protected health
information (PHI): "Which of the following is an element that makes information 'PHI' under the
HIPAA Privacy Rule?"
a. Identifies an attending physician
b. Specifies the insurance provider for the patient
c. Contained within a personnel file
d. Relates to one's health condition Correct Answer: D
The key to defining PHI is that it requires the information to either identify an individual or
provide a reasonable basis to believe the person could be identified from the information given.
In this situation, the information relates to a patient's health condition and could identify the
patient (Rinehart-Thompson 2017d, 214).
Which of the following statements about new technology items included on the charge
description master (CDM) is false?
a. The CDM maintenance committee should review new technology items for FDA approval.
4|Page
AND ANSWERS GRADED A+ ASSURED
SUCCESS NEW UPDATE 2025/2026, Exams
of Nursing
A ________ helps a healthcare entity proactively ensure that the information they store and
maintain is only being accessed in the normal course of business.
a. Contingency plan
b. Workflow analysis
c. Documentation audit
d. Security audit Correct Answer: D
Security audits can help a healthcare organization proactively ensure that the information it
stores and maintains is only being accessed for the normal course of business (Brinda and
Watters 2016, 322).
2. What does an audit trail check for?
a. Loss of data
b. Presence of a virus
c. Successful completion of a backup
d. Unauthorized access to a system Correct Answer: D
An audit trail is a chronological set of computerized records that provides evidence of a
computer system utilization (log-ins and log-outs, file accesses) used to determine security
violations (Sandefer 2016a, 366).
Outpatient programs designed to provide employees immediate access to psychological
counseling on a limited basis that may be provided on-site or through local providers are called:
a. Health benefits fair
b. Employee assistance programs
c. Outpatient employee care
d. Employee crisis lines Correct Answer: B
1|Page
,Employers acknowledge the need for mental health services for their employees by providing
access to employee assistance programs (EAPs). These outpatient programs are designed to
provide employees with immediate access to psychological counseling on a limited basis and
may be provided on-site or through local providers (Munn 2013, 609).
While the focus of inpatient data collection is on the principal diagnosis, the focus of outpatient
data collection is on the:
a. Reason for admission
b. Activities of daily living
c. Discharge diagnosis
d. Reason for encounter Correct Answer: D
The Uniform Ambulatory Care Data Set (UACDS) includes data elements specific to ambulatory
care such as the reason for the encounter with the healthcare provider (Johns 2015, 280).
30
15
Correct30
Wrong15
The term "hard coding" refers to:
a. ICD-10-CM codes that are coded by the coders
b. CPT codes that appear in the hospital's chargemaster
c. CPT codes that are coded by the coders
d. ICD-10-CM codes that appear in the hospital's chargemaster Correct Answer: B
During order-entry a unique identifier for each service is entered. This unique identifier triggers
a charge from the chargemaster to be posted on the patient's account. This process is known as
hard coding (Casto and Forrestal 2015, 253).
Which of the following accreditation categories would the Joint Commission assign to a hospital
that did not meet all of the standards at the time of the initial on-site survey, had a level of
standards in noncompliance, had Requirements for Improvements (RFIs) in excess of the
published level for the year, and subsequently underwent an additional on-site, follow-up
survey?
2|Page
,a. Accreditation with follow-up survey
b. Preliminary accreditation
c. Accredited
d. Contingent accreditation Correct Answer: D
The Joint Commission has five accreditation decision categories. One of these categories is
Contingent Accreditation. Contingent Accreditation is when the organization fails to resolve the
requirements of an Accreditation with a follow-up survey. Although organizations that receive
contingent accreditation may appeal, they must also remedy the noncompliance to the
satisfaction of the Commission and, in most cases, are subject to a follow-up survey in 30 days
(Shaw and Carter 2015, 418).
Borrowing record entries from another source as well as representing or displaying past
documentation as current are examples of a potential breach of:
a. Identification and demographic integrity
b. Authorship integrity
c. Statistical integrity
d. Auditing integrity Correct Answer: B
Authorship is the origin of recorded information that is attributed to a specific individual or
entity. Electronic tools make it easier to copy and paste documentation from one record to
another or to pull information forward from a previous visit, someone else's records, or other
sources either intentionally or inadvertently. The ability to copy and paste entries leads to a
record where a clinician may, upon signing the documentation, unwittingly swear to the
accuracy and comprehensiveness of substantial amounts of duplicated, inapplicable,
misleading, or erroneous information (Russo 2013b, 339).
In healthcare, a data warehouse may be use for:
a. Accounts receivable management
b. Materials or inventory management
c. Best practice guideline development
d. Utilization review Correct Answer: C
Data warehouses are often hierarchical or multidimensional and are designed to receive very
large volumes of data (often as an extraction of data from a repository) and perform complex,
3|Page
, analytical processes on the data. Data can be mined and processed in many ways. For example,
a data warehouse may be used for clinical quality improvement and best practice guideline
development (Sandefer 2016, 376).
The security devices situated between the routers of a private network and a public network to
protect the private network from unauthorized users are called:
a. Audit trails
b. Passwords
c. Firewalls
d. Encryptors Correct Answer: C
Firewalls are hardware and software security devices situated between the routers of a private
and public network. They are designed to protect computer networks from unauthorized
outsiders. However, they also can be used to protect entities within a single network, for
example, to block laboratory technicians from getting into payroll records. Without firewalls, IT
departments would have to deploy multiple-enterprise security programs that would soon
become difficult to manage and maintain (Sandefer 2016a, 366).
The privacy officer was conducting training for new employees and posed the following
question to the trainees to help them understand the rule regarding protected health
information (PHI): "Which of the following is an element that makes information 'PHI' under the
HIPAA Privacy Rule?"
a. Identifies an attending physician
b. Specifies the insurance provider for the patient
c. Contained within a personnel file
d. Relates to one's health condition Correct Answer: D
The key to defining PHI is that it requires the information to either identify an individual or
provide a reasonable basis to believe the person could be identified from the information given.
In this situation, the information relates to a patient's health condition and could identify the
patient (Rinehart-Thompson 2017d, 214).
Which of the following statements about new technology items included on the charge
description master (CDM) is false?
a. The CDM maintenance committee should review new technology items for FDA approval.
4|Page
