RHIA Domain 2 Latest Version Guaranteed Best Questions And
Answer
When a healthcare entity destroys health records after the acceptable retention period has been
met, a certificate of destruction is created. How long must the healthcare entity maintain the
certificate of destruction?
a. 2 years
b. 5 years
c. 10 years
d. Permanently
Correct Answer: D
Appropriate documentation of health record destruction must be maintained permanently no matter
how the process is carried out. This documentation usually takes the form of a certificate of
destruction (Fahrenholz 2017b, 108).
Of the following, what is the most likely to happen to a patient's health record when his or her
physician leaves an office practice?
a. It will be sent to the state department of health.
b. It will be sent to outside storage.
1
,c. It will be destroyed.
d. It will be retained by the practice.
Correct Answer: D
In physician practices, patients are informed of their option to transfer their records to another
provider. The majority of complete contracts specify that health records are owned by the provider
group (Rinehart-Thompson 2017c, 199-200).
.
The legal health record for disclosure consists of:
a. Any and all protected health information collected or used by a healthcare entity when delivering
care
b. Only the protected health information requested by an attorney for a legal proceeding
c. The data, documents, reports, and information that comprise the formal business records of any
healthcare entity that are to be utilized during legal proceedings
d. All of the data and information included in the HIPAA designated record set
Correct Answer: C
The concept of legal health records (LHRs) was created to describe the data, documents, reports, and
information that comprise the formal business records of any healthcare organization that are to be
utilized during legal proceedings (Biedermann and Dolezel 2017, 424).
According to the Medicare Conditions of Participation, how long must health records be retained?
a. 2 years
b. 5 years
c. 10 years
d. Permanently
Correct Answer: B
A health record must be maintained for every individual evaluated or treated in the hospital. Health
records must be retained in their original or legally reproduced form for a period of at least 5 years
(Fahrenholz 2017b, 106).
A secure method of communication between the healthcare provider and the patient is:
2
,a. Personal health record
b. E-mail
c. Patient portal
d. Online health information
Correct Answer: C
A secure patient portal does allow for the communication between the provider and the patient and
is not just a site for patients to access information. This is part of the effort to engage patients in their
care (Biedermann and Dolezel 2017, 458).
Jan Carlson is the HIM manager at Community Hospital, and she is designing a health record
retention policy for the facility. Which legal source should she use to determine how long medical
records should be retained by the facility?
a. AHIMA record retention guidelines
b. State law
c. County or city codes
d. Joint Commission accreditation standards
Correct Answer: B
AHIMA provides professional guidelines, but it is not a legal source (option a). Option c does not
dictate health record retention. Option d (Joint Commission) defers to state law (option b). Note that
state law may or may not dictate retention periods, but it is the best option among those presented
(Rinehart-Thompson 2020, 60).
Based on which of the following concepts can a clinic requesting health records for one of its patients
be reasonably assured that the correct patient information will be sent?
a. Verification
b. Confirmation
c. Authentication
d. Certification
Correct Answer: A
Policies and procedures created by the covered entity or business associate to manage the use and
disclosures of PHI should address the process for patient identification, including verification of the
individual or personal representatives (Brinda and Watters 2020, 327).
3
, In the state of California, healthcare organizations must provide patients a copy of their medical
record within 15 days of the request, whereas HIPAA requires organizations to provide records within
30 days of the request. This is example of state law being ________ in relation to federal law.
a. Stringent
b. Contrary
c. Standardized
d. Conflicting
Correct Answer: A
Under HIPAA, state law is considered more stringent if the law prohibits or restricts use or disclosure
in circumstances under which such use or disclosure would be permitted under federal law (Brinda
and Watters 2020, 330).
Recently, a healthcare organization has noticed an increase in the number of whooping cough cases
in children under 5 years old. The healthcare organization reports the information to the state
department of health. Which of the following statements is most applicable to the disclosure of this
information?
a. The healthcare organization violated HIPAA because it didn't get authorization prior to the
disclosure.
b. The healthcare organization did not violate HIPAA because it can disclose information to anyone as
it sees fit.
c. The healthcare organization did not violate HIPAA because the disclosure impacted the public
health of everyone.
d. The healthcare organization violated HIPAA because it did not get authorization from the state
department of health prior to the disclosure.
Correct Answer: C
Covered entities (healthcare organizations) are allowed to disclose protected health information for
public health reporting purposes without an authorization or consent from the patient or family
members. Since the whooping cough outbreak is a public health issue, it can be reported without
authorization (Brinda and Watters 2020, 325).
The _____ requires organizations to implement policies and procedures to safeguard the facility and
equipment from unauthorized access, tampering, and theft.
4
Answer
When a healthcare entity destroys health records after the acceptable retention period has been
met, a certificate of destruction is created. How long must the healthcare entity maintain the
certificate of destruction?
a. 2 years
b. 5 years
c. 10 years
d. Permanently
Correct Answer: D
Appropriate documentation of health record destruction must be maintained permanently no matter
how the process is carried out. This documentation usually takes the form of a certificate of
destruction (Fahrenholz 2017b, 108).
Of the following, what is the most likely to happen to a patient's health record when his or her
physician leaves an office practice?
a. It will be sent to the state department of health.
b. It will be sent to outside storage.
1
,c. It will be destroyed.
d. It will be retained by the practice.
Correct Answer: D
In physician practices, patients are informed of their option to transfer their records to another
provider. The majority of complete contracts specify that health records are owned by the provider
group (Rinehart-Thompson 2017c, 199-200).
.
The legal health record for disclosure consists of:
a. Any and all protected health information collected or used by a healthcare entity when delivering
care
b. Only the protected health information requested by an attorney for a legal proceeding
c. The data, documents, reports, and information that comprise the formal business records of any
healthcare entity that are to be utilized during legal proceedings
d. All of the data and information included in the HIPAA designated record set
Correct Answer: C
The concept of legal health records (LHRs) was created to describe the data, documents, reports, and
information that comprise the formal business records of any healthcare organization that are to be
utilized during legal proceedings (Biedermann and Dolezel 2017, 424).
According to the Medicare Conditions of Participation, how long must health records be retained?
a. 2 years
b. 5 years
c. 10 years
d. Permanently
Correct Answer: B
A health record must be maintained for every individual evaluated or treated in the hospital. Health
records must be retained in their original or legally reproduced form for a period of at least 5 years
(Fahrenholz 2017b, 106).
A secure method of communication between the healthcare provider and the patient is:
2
,a. Personal health record
b. E-mail
c. Patient portal
d. Online health information
Correct Answer: C
A secure patient portal does allow for the communication between the provider and the patient and
is not just a site for patients to access information. This is part of the effort to engage patients in their
care (Biedermann and Dolezel 2017, 458).
Jan Carlson is the HIM manager at Community Hospital, and she is designing a health record
retention policy for the facility. Which legal source should she use to determine how long medical
records should be retained by the facility?
a. AHIMA record retention guidelines
b. State law
c. County or city codes
d. Joint Commission accreditation standards
Correct Answer: B
AHIMA provides professional guidelines, but it is not a legal source (option a). Option c does not
dictate health record retention. Option d (Joint Commission) defers to state law (option b). Note that
state law may or may not dictate retention periods, but it is the best option among those presented
(Rinehart-Thompson 2020, 60).
Based on which of the following concepts can a clinic requesting health records for one of its patients
be reasonably assured that the correct patient information will be sent?
a. Verification
b. Confirmation
c. Authentication
d. Certification
Correct Answer: A
Policies and procedures created by the covered entity or business associate to manage the use and
disclosures of PHI should address the process for patient identification, including verification of the
individual or personal representatives (Brinda and Watters 2020, 327).
3
, In the state of California, healthcare organizations must provide patients a copy of their medical
record within 15 days of the request, whereas HIPAA requires organizations to provide records within
30 days of the request. This is example of state law being ________ in relation to federal law.
a. Stringent
b. Contrary
c. Standardized
d. Conflicting
Correct Answer: A
Under HIPAA, state law is considered more stringent if the law prohibits or restricts use or disclosure
in circumstances under which such use or disclosure would be permitted under federal law (Brinda
and Watters 2020, 330).
Recently, a healthcare organization has noticed an increase in the number of whooping cough cases
in children under 5 years old. The healthcare organization reports the information to the state
department of health. Which of the following statements is most applicable to the disclosure of this
information?
a. The healthcare organization violated HIPAA because it didn't get authorization prior to the
disclosure.
b. The healthcare organization did not violate HIPAA because it can disclose information to anyone as
it sees fit.
c. The healthcare organization did not violate HIPAA because the disclosure impacted the public
health of everyone.
d. The healthcare organization violated HIPAA because it did not get authorization from the state
department of health prior to the disclosure.
Correct Answer: C
Covered entities (healthcare organizations) are allowed to disclose protected health information for
public health reporting purposes without an authorization or consent from the patient or family
members. Since the whooping cough outbreak is a public health issue, it can be reported without
authorization (Brinda and Watters 2020, 325).
The _____ requires organizations to implement policies and procedures to safeguard the facility and
equipment from unauthorized access, tampering, and theft.
4
