CPSS Test- Ophthalmology Practice Questions and Correct Answers

HIPAA stands for a. Health Information Portability and Accountability Act b. Health Insurance Portability and Accountability Act c. Health Insurance Protection and Activity Act d. Home Information Protection and Accountability Act. b. Health Insurance Portability and Accountability Act One primary change included in the HIPAA Omnibus Final Rule of 2013 requires a business associate of the covered entity (physician practice) to sign a Business Associate Agreement with: a. Subcontractors of professional associations b. Subcontractors of business associates c. Subcontractors of optometrists d. Subcontractors of affiliated hospitals b. Subcontractors of business associates T/F. According to the regulations contained in the Omnibus Final Rule of 2013, a patient has the right to receive a copy of his or her medical record in an electronic format if the associated provider utilizes electronic health records. True Covered entities under HIPAA include: a. Lawyers b. Health care providers c. Health care facilities d. Librarians e. a and d. f. b and c. b and c. Health care providers and Health care facilities Protected Health Information (PHI) includes: a. Demographic information on individuals b. Insurance eligibility and coverage information c. Billing records, claims data, referral authorizations d. Medical records, diagnosis, genetic information, and testing e. c and d f. All of the above. f. All of the above. T/F. Entities covered under HIPAA are required to develop a Notice of Privacy Practices (NPP) and must make these available to individuals accessing services through the entity. True Which of the following disclosures require signed permission from the individual whose PHI is being requested? a. Referrals to physicians b. Consultations between physicians treating individuals c. Information requested by an attorney without a subpoena d. Information requested by insurance companies for payment purposes. c. Information requested by an attorney without a subpoena T/F. Patient names on a sign-in form are considered an intentional breach of PHI. False; incidental breach T/F. Under the HITECH Act, the Breach Notification Act does NOT require notification to HHS of the intentional or unintentional disclosure of PHI to unapproved entities on an annual basis unless the breach has affected more than 500 individuals. False Notice of Privacy Practices (NPP) must be updated in 2013 to include which of the following? a. Names of the owners of the covered entity b. Names of companies that have access to PHI c. Patient's right to restrict disclosures of PHI to a health plan when the patient pays out of pocket and in full for the health care item or service. d. Profitability of the covered entity. c. Patient's right to restrict disclosures of PHI to a health plan when the patient pays out of pocket and in full for the health care item or service. If an individual or staff member has a complaint regarding the use of PHI, the individual must speak with the facility's: a. Manager b. Owner c. Maintenance coordinator d. Privacy Officer e. Chief Physician d. Privacy officer. Which of the following is NOT an administrative safeguard requirement? a. Designating a privacy officer b. Developing a cost analysis of HIPAA requirements. c. Obtaining HIPAA-compliant business associate agreements for subcontractors d. Establishing procedures to prevent terminated employees from obtaining access to confidential information after termination b. Developing a cost analysis of HIPAA requirements.