AHIMA ROI Microcredential Study Questions and Answers Updated 2026

AHIMA ROI Microcredential Study
Questions and Answers Updated
2026
SecurityBRuleB-
BAnswerestablishesBnationalBstandardsBtoBprotectBindividuals'BelectronicBpersonalBhealthBinfor
mationBthatBisBcreated,Breceived,Bused,BorBmaintainedBbyBaBcoveredBentity



WhatBisBanotherBnameBforBtheBSecurityBRule?B-
BAnswerTheBSecurityBStandardsBforBtheBProtectionBofBElectronicBProtectedBHealthBInformation



WhoBenforcesBtheBSecurityBRule?B-BAnswertheBOfficeBforBCivilBRightsB(OCR)



WhoBdoesBtheBSecurityBRuleBapplyBto?B-
BAnswerhealthBplans,BhealthBcareBclearinghouses,BandBtoBanyBhealthBcareBproviderBwhoBtran
smitsBHIBinBelectronicBformBinBconnectionBwithBaBtransactionBforBwhichBtheBSecretaryBofBHH
SBhasBadoptedBstandardsBunderBHIPAAB(theBCEs)BandBtoBtheirBBAs



AdministrativeBSafeguardsBprovisionBinBtheBSecurityBRuleB-
BAnswerrequiresBcoveredBentitiesBtoBperformBriskBanalysisBasBpartBofBtheirBsecurityBmanagem
entBprocesses



AdministrativeBsafeguardBexamplesB-
BAnswersecurityBmanagementBprocess,BsecurityBpersonnel,BinformationBaccessBmanagement,B
workforceBtrainingBandBmanagement,BandBevaluation



PhysicalBsafeguardBexamplesB-
BAnswerfacilityBaccessBandBcontrol,BandBworkstationBandBdeviceBsecurity



TechnicalBsafeguardBexamplesB-
BAnsweraccessBcontrol,BauditBcontrols,BintegrityBcontrols,BandBtransmissionBsecurity



MinimumBNecessaryBstandardB-
BAnswerpracticeBthatBprotectedBhealthBinformationBshouldBnotBbeBusedBorBdisclosedBwhenBit
BisBnotBnecessaryBtoBsatisfyBaBparticularBpurposeBorBcarryBoutBaBfunction

,CanBanBentireBmedicalBrecordBbeBdisclosed?B-
BAnswerABCEBmayBnotBuse,Bdisclose,BorBrequestBtheBentireBmedicalBrecordBforBaBparticularB
purpose,BunlessBitBcanBspecificallyBjustifyBtheBwholeBrecordBasBtheBamountBreasonablyBneede
dBforBtheBpurpose



FinalBOmnibusBRuleB-
BAnswerimplementsBaBnumberBofBprovisionsBofBtheBHITECHBAct,BenactedBasBpartBofBtheBAm
ericanBRecoveryBandBReinvestmentBActBofB2009,BtoBstrengthenBtheBprivacyBandBsecurityBprot
ectionsBforBhealthBinformationBestablishedBunderBHIPAA



TheBfourBfinalBrulesBofBtheBOmnibusBRuleB-
BAnswermodificationsBtoBtheBHIPAABPrivacy,BSecurity,BandBEnforcementBRulesBmandatedBbyBt
heBHITECHBAct,BandBcertainBotherBmodificationsBtoBimproveBtheBRules



adoptingBchangesBtoBtheBHIPAABEnforcementBRuleBtoBincorporateBtheBincreasedBandBtieredBc
ivilBpenaltyBstructureBprovidedBbyBtheBHITECHBAct



BreachBNotificationBforBUnsecuredBPHIBunderBtheBHITECHBAct,BwhichBreplacesBtheBbreachBno
tificationBrule'sB''harm''BthresholdBwithBaBmoreBobjectiveBstandard



modifyingBtheBHIPAABPrivacyBRuleBasBrequiredBbyBtheBGeneticBInformationBNondiscrimination
BActB(GINA)BtoBprohibitBmostBhealthBplansBfromBusingBorBdisclosingBgeneticBinformationBforB
underwritingBpurposes



WhatBmustBhappenBbeforeBaBproviderBcanBrespondBtoBaBsubpoena?B-
BAnswertheBproviderBmustBreceiveBsatisfactoryBassuranceBfromBtheBrequestingBpartyBthatBrea
sonableBeffortsBhaveBbeenBmadeBbyBtheBrequestingBpartyBtoBensureBthatBtheBpatientBwhoBis
BtheBsubjectBofBtheBPHIBhasBbeenBgivenBnoticeBofBtheBrequest



WhenBcanBaBdisclosureBofBpHIBinBresponseBtoBaBsubpoenaBoccur?B-
BAnswerTheBinformationBmayBbeBdisclosedBifBtheBsubpoenaBisBaccompaniedBbyBaBproperBwri
ttenBauthorization.BTheBauthorizationBformBmustBincludeBallBofBtheBelementsBdescribedBinBHI
PAA'sBauthorizationBruleBandBmustBbeBsignedBbyBtheBappropriateBpersonB(theBpatientBhimself
,BorBtheBpatient'sBpersonalBrepresentative)



TheBinformationBmayBbeBdisclosedBwithoutBtheBindividual'sBauthorizationBifBitBisBaccompanied
BbyBaBcourtBorderBforBtheBinformation

, TheBinformationBmayBbeBdisclosedBwithoutBtheBindividual'sBauthorizationBorBaBcourtBorderBif
BwrittenBnoticeBthatBtheBinformationBhasBbeenBsubpoenaedBisBgivenBtoBtheBindividualBwhoBi
sBtheBsubjectBofBtheBPHI,BorBifBaBqualifiedBprotectiveBorderBisBobtainedBfromBaBcourt



WhatBareBtheBthreeBresponsesBaBhealthBdepartmentBcanBgiveBtoBaBsubpoena?B-
BAnswerAskBtheBdepartment'sBattorneyBtoBformallyBchallengeBtheBsubpoena.BTheBattorneyBm
ayBfileBaBmotionBtoBquashBtheBsubpoena,BorBtoBmodifyBtheBsubpoena



AskBtheBdepartment'sBattorneyBtoBinformallyBrequestBthatBtheBpartyBwhoBissuedBtheBsubpoe
naBexcuseBtheBdepartmentBfromBtheBsubpoena'sBrequirements



ComplyBwithBtheBsubpoenaBbyBappearingBatBtheBplaceBandBtimeBdesignatedBinBtheBsubpoen
aBalongBwithBanyBrecordsBrequestedBbyBtheBsubpoena.BTheBpersonBwhoBappearsBshouldBnot
BtestifyBaboutBconfidentialBhealthBinformationBorBreleaseBconfidentialBrecordsBuntilBtheBprovis
ionsBofBbothBHIPAABandBstateBlawBhaveBbeenBsatisfiedB(judgeBorderBorBwritten,BcompliantBa
uthorization)



QuashBperiodB-
BAnswertimeBframeBbetweenBtheBissueBdateBofBtheBsubpoenaBandBwhenBtheBrecordsBareBdu
eBtoBbeBproduced,BallowsBtheBopposingBcounselBtoBobjectBtoBtheBrecordsBbeingBfulfilled



RiskBmanagementB-
BAnswerincludesBtheBimplementationBofBsecurityBmeasuresBtoBreduceBriskBtoBreasonableBand
BappropriateBlevelsBto,BamongBotherBthings,BensureBtheBconfidentiality,BavailabilityBandBintegri
tyBofBePHI,BprotectBagainstBanyBreasonablyBanticipatedBthreatsBorBhazardsBtoBtheBsecurityBor
BintegrityBofBePHI,BandBprotectBagainstBanyBreasonablyBanticipatedBusesBorBdisclosuresBofBeP
HIBthatBareBnotBpermittedBorBrequiredBunderBtheBHIPAABPrivacyBRule



StateBversusBFederalBregulationsB-
BAnswerAlwaysBchooseBtheBmostBstringentBofBtheBtwoBbetweenBstateBandBfederalBregulations
BregardingBtoBreleasingBmedicalBrecords



21stBCenturyBCuresBActB(21CCA)B-
BAnsweradeBsharingBelectronicBhealthBinformationBtheBexpectedBnormBinBhealthBcareBbyBaut
horizingBtheBSecretaryBofBHHSBtoBidentifyBreasonableBandBnecessaryBactivitiesBthatBdoBnotBc
onstituteBinformationBblocking



ONCBCuresBActBProposedBRuleB-
BAnsweraBrequestBforBinformationBregardingBpotentialBdisincentivesBforBhealthBcareBproviders