HCISPP ALL DOMAINS EXAM QUESTIONS AND ANSWERS
Administrative Safeguards - CORRECT ANSWER✅✅✅Administrative actions, policies, and
procedures to manage the selection, development, implementation, and maintenance of security
measures to safeguard electronic protected health information and manage the conduct of the covered
entity's workforce in relation to the protection of that information.
Affiliated Covered Entity (ACE) - CORRECT ANSWER✅✅✅Legally separate covered entities that are
affiliated may designate themselves as a single covered entity for purposes of the HIPAA privacy rule.
Under this affiliation, the organizations need only develop and disseminate one notice of privacy
practices, comply with one set of policies and procedures, appoint one privacy official, administer
common training programs, and use one business associate contract.
Ambulatory Patient Groups (APG) - CORRECT ANSWER✅✅✅Developed to encompass the full range
of ambulatory settings, including same-day surgery units, hospital emergency rooms, and outpatient
clinics. Patient classification system designed to explain the amount and type of resources used in an
ambulatory visit.
Patients have similar clinical characteristics and similar resource use and cost. Similar resource use
means that the resources used are relatively constant across the patients. - CORRECT ANSWER✅✅✅
American Reinvestment and Recovery Act (ARRA) - CORRECT ANSWER✅✅✅Enacted on February 17,
2009, includes many measures to modernize our nation's infrastructure, one of which is the "Health
Information Technology for Economic and Clinical Health (HITECH) Act." The HITECH Act supports the
concept of Meaningful Use (MU) of Health Information Technology (IT) and health care reform to help
the health care organizations to meet its clinical and business objectives via health information
exchange. MU requirements consist of payment approaches that stress care coordination, and federal
financial incentives are driving the interest and demand for health information exchange.
Analytics - CORRECT ANSWER✅✅✅The systematic use of data and related business insights
developed through applied disciplines (e.g., statistical, contextual, quantitative, predictive, cognitive,
other models) to drive fact-based decision making for planning, management, measurement, and
learning.May be descriptive, predictive, or prescriptive. Can provide the mechanism to sort through this
torrent of complexity and data, and help health care organizations deliver on these demands.
Authorization - CORRECT ANSWER✅✅✅An individual's permission for a covered entity to use or
disclose PHI for a certain purpose, such as a research study.
,Availability - CORRECT ANSWER✅✅✅means that the computing systems used to store and process
the information, the security controls used to protect it, and the communication channels used to access
it must be functioning correctly. Systems aim to remain available at all times, preventing service
disruptions due to power outages, hardware failures, and system upgrades.
Bandwidth - CORRECT ANSWER✅✅✅The amount of information that is transmitted over a period of
time.
Bundled Payment - CORRECT ANSWER✅✅✅Also known as episode-based payment, episode
payment, episode-of-care payment, case rate, evidence-based case rate, global bundled payment, global
payment, package pricing, or packaged pricing, is defined as the reimbursement of health care providers
(such as hospitals and physicians) "on the basis of expected costs for clinically defined episodes of care."
It has been described as "a middle ground" between fee-for-service reimbursement (in which providers
are paid for each service rendered to a patient) and capitation.
Business Associates (BA) - CORRECT ANSWER✅✅✅The HIPAA Privacy Rule, 45 CFR 164.502(e),
164.504(e), 164.532(d) and (e), allows covered providers and health plans to disclose protected health
information to services of a variety of other persons that have access to their patients' PHI, such as
billing services, attorneys, accountants, and consultants.
Business Associates Agreement (BAA) - CORRECT ANSWER✅✅✅A contract with a covered entity
that meets the HIPAA Privacy Rule's applicable contract requirements at Business Associates 45 CFR
164.502(e) and 164.504(e). A covered entity must otherwise comply with the Privacy Rule, such as
making only permissible disclosures to the business associate and permitting individuals to exercise their
rights under the Rule.
Business Partners - CORRECT ANSWER✅✅✅A vendor, as a recipient of PHI from health care
organizations.
U.S. Department of Health and Human Services (DHHS) to implement certain provisions of HIPAA. All
Business Partners of health care organization must agree in writing to certain mandatory provisions
regarding, among other things, the use and disclosure of Protected Health Information (PHI). The HIPAA
transaction rule describes the use of a Trading Partner Agreement, which is a contract between two
parties, generally each covered entities, that exchange the financial and administrative transactions. -
CORRECT ANSWER✅✅✅
,Capitation - CORRECT ANSWER✅✅✅Sometimes doctors reach an agreement with a managed care
organization called capitation, wherein the doctor is paid per person. Under this agreement, doctors
accept members of the plan for a certain set price per member, no matter how often the member sees
the doctor.
Catastrophic Health Insurance Plan - CORRECT ANSWER✅✅✅A Catastrophic Health Insurance plan
covers essential health benefits but has a very high deductible. This means it provides a kind of "safety
net" coverage in case the patient has an accident or serious illness. Catastrophic plans usually do not
provide coverage for services such as prescription drugs or shots. Premiums for catastrophic plans may
be lower than traditional health insurance plans, but deductibles are usually much higher.
Chain of Trust Agreement - CORRECT ANSWER✅✅✅The Chain of Trust Agreement is described as a
contract in which the parties agree to
electronically exchange data and to protect the transmitted data. The sender and receiver are required
to and depend on each other to maintain the integrity and confidentiality of the transmitted
information. Multiple two-party contracts may be involved in moving information from the originating
party to the ultimate receiving party. - CORRECT ANSWER✅✅✅
Server: Client-Server - CORRECT ANSWER✅✅✅The client-server model is an architecture (i.e., a
system design) that divides processing between clients and servers that can run on the same machine or
on different machines on the same network.
It is a major element of modern operating system and network design. End users access workstation
computers and other physical automated equipment directly while performing health care functions. -
CORRECT ANSWER✅✅✅
Cloud Computing - CORRECT ANSWER✅✅✅Cloud computing is the practice of using a network of
remote servers hosted on the Internet to store, manage, and process data, rather than a local server or
a personal computer. Cloud computing is offered in different forms: public clouds, private clouds, and
hybrid clouds, which combine both public and private.
, Confidentiality - CORRECT ANSWER✅✅✅Confidentiality refers to preventing the disclosure of
information to unauthorized individuals or systems. Confidentiality is necessary for maintaining the
privacy of the people whose personal information is held in the system.
Covered Entity - CORRECT ANSWER✅✅✅A HIPAA Covered Entity is any organization or corporation
that directly handles Personal Health Information (PHI) or Personal Health Records (PHR). They include
public clinics, nursing homes, pharmacies, specialty hospitals, home care programs, home meal
programs, hospice, and durable medical equipment suppliers.
Current Procedural Terminology (CPT) - CORRECT ANSWER✅✅✅Current Procedural Terminology
(CPT) codes are published by the American Medical Association (AMA). A CPT code is a five-digit numeric
code that is used to describe medical, surgical, radiology, laboratory, anesthesiology, and
evaluation/management services of physicians, hospitals, and other health care providers. There are
approximately 7,800 CPT codes ranging from 00100 through 99499. Two-digit modifiers may be
appended when appropriate to clarify or
modify the description of the procedure. CPTs are published in two versions — the first is the most
common, CPT Physician's Current Procedural Terminology. A second publication is also available — the
CPT Physician's Current Procedural Terminology Specially Annotated for Hospitals. - CORRECT
ANSWER✅✅✅
Data Augmentation - CORRECT ANSWER✅✅✅Common data augmentation includes demographic,
geographic, and credit information. Data augmentation can also encompass data management
algorithms and methodologies that combat unique clinical data problems.
Data Classification - CORRECT ANSWER✅✅✅A data classification program looks at the different
types of data an organization handles, classifies those pieces of data based on sensitivity, and
establishes procedures to make sure each of these pieces of information is treated properly. The big
picture rationale
of a data classification program is to reduce risk and bring enterprise-wide consistency - CORRECT
ANSWER✅✅✅
to data handling. In addition, it is important to understand that data classification is a non- technical,
common-sense approach to risk management. - CORRECT ANSWER✅✅✅
Administrative Safeguards - CORRECT ANSWER✅✅✅Administrative actions, policies, and
procedures to manage the selection, development, implementation, and maintenance of security
measures to safeguard electronic protected health information and manage the conduct of the covered
entity's workforce in relation to the protection of that information.
Affiliated Covered Entity (ACE) - CORRECT ANSWER✅✅✅Legally separate covered entities that are
affiliated may designate themselves as a single covered entity for purposes of the HIPAA privacy rule.
Under this affiliation, the organizations need only develop and disseminate one notice of privacy
practices, comply with one set of policies and procedures, appoint one privacy official, administer
common training programs, and use one business associate contract.
Ambulatory Patient Groups (APG) - CORRECT ANSWER✅✅✅Developed to encompass the full range
of ambulatory settings, including same-day surgery units, hospital emergency rooms, and outpatient
clinics. Patient classification system designed to explain the amount and type of resources used in an
ambulatory visit.
Patients have similar clinical characteristics and similar resource use and cost. Similar resource use
means that the resources used are relatively constant across the patients. - CORRECT ANSWER✅✅✅
American Reinvestment and Recovery Act (ARRA) - CORRECT ANSWER✅✅✅Enacted on February 17,
2009, includes many measures to modernize our nation's infrastructure, one of which is the "Health
Information Technology for Economic and Clinical Health (HITECH) Act." The HITECH Act supports the
concept of Meaningful Use (MU) of Health Information Technology (IT) and health care reform to help
the health care organizations to meet its clinical and business objectives via health information
exchange. MU requirements consist of payment approaches that stress care coordination, and federal
financial incentives are driving the interest and demand for health information exchange.
Analytics - CORRECT ANSWER✅✅✅The systematic use of data and related business insights
developed through applied disciplines (e.g., statistical, contextual, quantitative, predictive, cognitive,
other models) to drive fact-based decision making for planning, management, measurement, and
learning.May be descriptive, predictive, or prescriptive. Can provide the mechanism to sort through this
torrent of complexity and data, and help health care organizations deliver on these demands.
Authorization - CORRECT ANSWER✅✅✅An individual's permission for a covered entity to use or
disclose PHI for a certain purpose, such as a research study.
,Availability - CORRECT ANSWER✅✅✅means that the computing systems used to store and process
the information, the security controls used to protect it, and the communication channels used to access
it must be functioning correctly. Systems aim to remain available at all times, preventing service
disruptions due to power outages, hardware failures, and system upgrades.
Bandwidth - CORRECT ANSWER✅✅✅The amount of information that is transmitted over a period of
time.
Bundled Payment - CORRECT ANSWER✅✅✅Also known as episode-based payment, episode
payment, episode-of-care payment, case rate, evidence-based case rate, global bundled payment, global
payment, package pricing, or packaged pricing, is defined as the reimbursement of health care providers
(such as hospitals and physicians) "on the basis of expected costs for clinically defined episodes of care."
It has been described as "a middle ground" between fee-for-service reimbursement (in which providers
are paid for each service rendered to a patient) and capitation.
Business Associates (BA) - CORRECT ANSWER✅✅✅The HIPAA Privacy Rule, 45 CFR 164.502(e),
164.504(e), 164.532(d) and (e), allows covered providers and health plans to disclose protected health
information to services of a variety of other persons that have access to their patients' PHI, such as
billing services, attorneys, accountants, and consultants.
Business Associates Agreement (BAA) - CORRECT ANSWER✅✅✅A contract with a covered entity
that meets the HIPAA Privacy Rule's applicable contract requirements at Business Associates 45 CFR
164.502(e) and 164.504(e). A covered entity must otherwise comply with the Privacy Rule, such as
making only permissible disclosures to the business associate and permitting individuals to exercise their
rights under the Rule.
Business Partners - CORRECT ANSWER✅✅✅A vendor, as a recipient of PHI from health care
organizations.
U.S. Department of Health and Human Services (DHHS) to implement certain provisions of HIPAA. All
Business Partners of health care organization must agree in writing to certain mandatory provisions
regarding, among other things, the use and disclosure of Protected Health Information (PHI). The HIPAA
transaction rule describes the use of a Trading Partner Agreement, which is a contract between two
parties, generally each covered entities, that exchange the financial and administrative transactions. -
CORRECT ANSWER✅✅✅
,Capitation - CORRECT ANSWER✅✅✅Sometimes doctors reach an agreement with a managed care
organization called capitation, wherein the doctor is paid per person. Under this agreement, doctors
accept members of the plan for a certain set price per member, no matter how often the member sees
the doctor.
Catastrophic Health Insurance Plan - CORRECT ANSWER✅✅✅A Catastrophic Health Insurance plan
covers essential health benefits but has a very high deductible. This means it provides a kind of "safety
net" coverage in case the patient has an accident or serious illness. Catastrophic plans usually do not
provide coverage for services such as prescription drugs or shots. Premiums for catastrophic plans may
be lower than traditional health insurance plans, but deductibles are usually much higher.
Chain of Trust Agreement - CORRECT ANSWER✅✅✅The Chain of Trust Agreement is described as a
contract in which the parties agree to
electronically exchange data and to protect the transmitted data. The sender and receiver are required
to and depend on each other to maintain the integrity and confidentiality of the transmitted
information. Multiple two-party contracts may be involved in moving information from the originating
party to the ultimate receiving party. - CORRECT ANSWER✅✅✅
Server: Client-Server - CORRECT ANSWER✅✅✅The client-server model is an architecture (i.e., a
system design) that divides processing between clients and servers that can run on the same machine or
on different machines on the same network.
It is a major element of modern operating system and network design. End users access workstation
computers and other physical automated equipment directly while performing health care functions. -
CORRECT ANSWER✅✅✅
Cloud Computing - CORRECT ANSWER✅✅✅Cloud computing is the practice of using a network of
remote servers hosted on the Internet to store, manage, and process data, rather than a local server or
a personal computer. Cloud computing is offered in different forms: public clouds, private clouds, and
hybrid clouds, which combine both public and private.
, Confidentiality - CORRECT ANSWER✅✅✅Confidentiality refers to preventing the disclosure of
information to unauthorized individuals or systems. Confidentiality is necessary for maintaining the
privacy of the people whose personal information is held in the system.
Covered Entity - CORRECT ANSWER✅✅✅A HIPAA Covered Entity is any organization or corporation
that directly handles Personal Health Information (PHI) or Personal Health Records (PHR). They include
public clinics, nursing homes, pharmacies, specialty hospitals, home care programs, home meal
programs, hospice, and durable medical equipment suppliers.
Current Procedural Terminology (CPT) - CORRECT ANSWER✅✅✅Current Procedural Terminology
(CPT) codes are published by the American Medical Association (AMA). A CPT code is a five-digit numeric
code that is used to describe medical, surgical, radiology, laboratory, anesthesiology, and
evaluation/management services of physicians, hospitals, and other health care providers. There are
approximately 7,800 CPT codes ranging from 00100 through 99499. Two-digit modifiers may be
appended when appropriate to clarify or
modify the description of the procedure. CPTs are published in two versions — the first is the most
common, CPT Physician's Current Procedural Terminology. A second publication is also available — the
CPT Physician's Current Procedural Terminology Specially Annotated for Hospitals. - CORRECT
ANSWER✅✅✅
Data Augmentation - CORRECT ANSWER✅✅✅Common data augmentation includes demographic,
geographic, and credit information. Data augmentation can also encompass data management
algorithms and methodologies that combat unique clinical data problems.
Data Classification - CORRECT ANSWER✅✅✅A data classification program looks at the different
types of data an organization handles, classifies those pieces of data based on sensitivity, and
establishes procedures to make sure each of these pieces of information is treated properly. The big
picture rationale
of a data classification program is to reduce risk and bring enterprise-wide consistency - CORRECT
ANSWER✅✅✅
to data handling. In addition, it is important to understand that data classification is a non- technical,
common-sense approach to risk management. - CORRECT ANSWER✅✅✅
