CMOM-PRACTICE MANAGEMENT INSTITUTE EXAM LATEST
2025 WITH CORRECT QUESTIONS AND DETAILED
ANSWERS/ALREADY GRADED A+
HIPPA REGULATION: Privacy Overview - CORRECT ANSWER-There are three
major areas addressed in the Privacy Regulation: 1. Use and disclosure of PHI, 2.
Patient rights 3. Security administrative and physical
Business Associates - CORRECT ANSWER-can be held directly accountable by
federal or state authority for failure to comply with HIPAA statutory or
regulations. ex. IT techs, Janitors, Cleaning Services, Vendors, Collection agencies,
Consultants and Billing Services.
Entities - CORRECT ANSWER-ex. doctors, hospitals, pharmacy
Breach - CORRECT ANSWER-unauthorized acquisition access, use or disclosure
of protected health information, ex. ALGH issue on breach where health info was
spread with no consents from patients.
What is NOT considered a breach? - CORRECT ANSWER-1. Where an authorized
person who received the health info. cannot reasonably have been able to retain
it.
,2. If an unintentional acquisition, access, or use occurs within the scope of
employ. and info doesn't go any further.
3. If it is an inadvertent disclosure that occurs within a facility, and the
information does not go any further.
Tiered Increase in Civil Monetary Penalties - CORRECT ANSWER-HIPPA violation
at $50,000 per violation and an annual maximum of $1.5million.
What are examples that could not result in HIPPA violation by DHHS? - CORRECT
ANSWER--Overheard phone or nursing station conversation
-Joint treatment areas
-Sign-in sheets
-Calling names in reception areas
-Hospital rounds
Solutions would be to speak quietly, cubicles, curtains, dividers, asking patients to
step back, or closing doors.
Health Information (PHI) - CORRECT ANSWER-Any info. whether oral or
recorded in any form or medium that is created or received by a health care
provider, health, plan public health authority, employer, life insurer, school or
university, or health care clearinghouse, and related to the past, present or future
physical or mental health or condition.
, Individual Identifiable Health Information (IIHI) - CORRECT ANSWER-
Information that is a subset of health information, including demographic,
information collected from an individual.
Identifiers - CORRECT ANSWER--Email address
-Social Security number
-Medical record number
-Vehicle identifier
-Full face photograph
The Notice of Privacy Practices should be... - CORRECT ANSWER-In a written
language, tape, or video that the patient understands, be clearly posted in the
practice or facility, and if applicable, on the practice website.
Fraud - CORRECT ANSWER-the intentional deception or misrepresentation that
an individual knows to be false or does not believe to be true and makes,
knowingly that the deception could result in some unauthorized benefit to
himself/herself or some other person.
ex. Billing for services that were not furnished and or supplies that were not
provided
-Billing for services as if performed by a particular entity when they were, in fact,
performed by another entity not eligible to be paid by Medicare
-Using in incorrect or inappropriate provider number ni order to be paid (using a
deceased provider number to defraud Medicare).
2025 WITH CORRECT QUESTIONS AND DETAILED
ANSWERS/ALREADY GRADED A+
HIPPA REGULATION: Privacy Overview - CORRECT ANSWER-There are three
major areas addressed in the Privacy Regulation: 1. Use and disclosure of PHI, 2.
Patient rights 3. Security administrative and physical
Business Associates - CORRECT ANSWER-can be held directly accountable by
federal or state authority for failure to comply with HIPAA statutory or
regulations. ex. IT techs, Janitors, Cleaning Services, Vendors, Collection agencies,
Consultants and Billing Services.
Entities - CORRECT ANSWER-ex. doctors, hospitals, pharmacy
Breach - CORRECT ANSWER-unauthorized acquisition access, use or disclosure
of protected health information, ex. ALGH issue on breach where health info was
spread with no consents from patients.
What is NOT considered a breach? - CORRECT ANSWER-1. Where an authorized
person who received the health info. cannot reasonably have been able to retain
it.
,2. If an unintentional acquisition, access, or use occurs within the scope of
employ. and info doesn't go any further.
3. If it is an inadvertent disclosure that occurs within a facility, and the
information does not go any further.
Tiered Increase in Civil Monetary Penalties - CORRECT ANSWER-HIPPA violation
at $50,000 per violation and an annual maximum of $1.5million.
What are examples that could not result in HIPPA violation by DHHS? - CORRECT
ANSWER--Overheard phone or nursing station conversation
-Joint treatment areas
-Sign-in sheets
-Calling names in reception areas
-Hospital rounds
Solutions would be to speak quietly, cubicles, curtains, dividers, asking patients to
step back, or closing doors.
Health Information (PHI) - CORRECT ANSWER-Any info. whether oral or
recorded in any form or medium that is created or received by a health care
provider, health, plan public health authority, employer, life insurer, school or
university, or health care clearinghouse, and related to the past, present or future
physical or mental health or condition.
, Individual Identifiable Health Information (IIHI) - CORRECT ANSWER-
Information that is a subset of health information, including demographic,
information collected from an individual.
Identifiers - CORRECT ANSWER--Email address
-Social Security number
-Medical record number
-Vehicle identifier
-Full face photograph
The Notice of Privacy Practices should be... - CORRECT ANSWER-In a written
language, tape, or video that the patient understands, be clearly posted in the
practice or facility, and if applicable, on the practice website.
Fraud - CORRECT ANSWER-the intentional deception or misrepresentation that
an individual knows to be false or does not believe to be true and makes,
knowingly that the deception could result in some unauthorized benefit to
himself/herself or some other person.
ex. Billing for services that were not furnished and or supplies that were not
provided
-Billing for services as if performed by a particular entity when they were, in fact,
performed by another entity not eligible to be paid by Medicare
-Using in incorrect or inappropriate provider number ni order to be paid (using a
deceased provider number to defraud Medicare).
