RHIT ACTUAL DOMAIN 2 TEST QUESTIONS WITH WELL DETAILED SOLUTIONS
Who owns the health record?
a. Patient
b. Provider who generated the information
c. Insurance company who paid for the care recorded in the record
d. No one
B
The three elements of a security program are ensuring data availability, protection, and:
a. Suitability
b. Integrity
c. Flexibility
d. Robustness
B
A hospital HIM department receives a subpoena duces tecum for records of a former
patient. When the health record technician goes to retrieve the patient's health records, it
is discovered that the records being subpoenaed have been purged in accordance with the
state retention laws. In this situation, how should the HIM department respond to the
subpoena?
a. Inform defense and plaintiff lawyers that the records no longer exist
b. Submit a certification of destruction in response to the subpoena
c. Refuse the subpoena since no records exist
d. Contact the clerk of the court and explain the situation
B
,Which of the following statements about the directory of patients maintained by a covered
entity is true?
a. Individuals must be given an opportunity to restrict or deny permission to place
information about them in the directory.
b. Individuals must provide a written authorization before information about them can be
placed in the directory.
c. The directory may contain only identifying information such as the patient's name and
birth date.
d. The directory may contain private information as long as it is kept confidential.
A
The HIM supervisor suspects that a departmental employee is accessing the EHR for
personal reasons, but has no specific data to support this suspicion. In this case, what
should the supervisor do?
a. Confront the employee.
b. Send out a memorandum to all department employees reminding them of the hospital
policy on Internet use.
c. Ask the security officer for audit trail data to confirm or disprove the suspicion.
d. Transfer the employee to another job that does not require computer usage.
C
If a patient wants to amend his or her health record, the covered entity may require the
individual to:
a. Make an amendment request in writing and provide a rationale for the amendment.
,b. Ask the attending physician for his or her permission to amend their record.
c. Require the patient to wait 30 days before their request will be considered and
processed.
d. Provide a court order requesting the amendment.
A
The process of releasing health record documentation originally created by a different
provider is called:
a. Privileged communication
b. Subpoena
c. Jurisdiction
d. Redisclosure
A
Which of the following statements is not true about a business associate agreement?
a. It prohibits the business associate from using or disclosing PHI for any purpose other
than that described in the contract with the covered entity.
b. It allows the business associate to maintain PHI indefinitely.
c. It prohibits the business associate from using or disclosing PHI in any way that would
violate the HIPAA Privacy Rule.
d. It requires the business associate to make available all of its books and records relating
to PHI use and disclosure to the Department of Health and Human Services or its agents.
B
, Which of the following is not an identifier under the Privacy Rule?
a. Age 75
b. Vehicle license plate BZ LITYR
c. Street address 265 Cherry Valley Road
d. Visa account 2773 985 0468
A
Sally has requested an accounting of PHI disclosures from Community Hospital. Which of
the following must be included in an accounting of disclosures to comply with this
request?
a. PHI related to treatment, payment, and operations
b. PHI provided to meet national security or intelligence requirements
c. PHI sent to a physician who has not treated Sally
d. PHI released to Sally's attorney upon her request
C
The protection measures and tools for safeguarding information and information systems
is a definition of:
a. Confidentiality
b. Data security
c. Informational privacy
d. Informational access control
B
Who owns the health record?
a. Patient
b. Provider who generated the information
c. Insurance company who paid for the care recorded in the record
d. No one
B
The three elements of a security program are ensuring data availability, protection, and:
a. Suitability
b. Integrity
c. Flexibility
d. Robustness
B
A hospital HIM department receives a subpoena duces tecum for records of a former
patient. When the health record technician goes to retrieve the patient's health records, it
is discovered that the records being subpoenaed have been purged in accordance with the
state retention laws. In this situation, how should the HIM department respond to the
subpoena?
a. Inform defense and plaintiff lawyers that the records no longer exist
b. Submit a certification of destruction in response to the subpoena
c. Refuse the subpoena since no records exist
d. Contact the clerk of the court and explain the situation
B
,Which of the following statements about the directory of patients maintained by a covered
entity is true?
a. Individuals must be given an opportunity to restrict or deny permission to place
information about them in the directory.
b. Individuals must provide a written authorization before information about them can be
placed in the directory.
c. The directory may contain only identifying information such as the patient's name and
birth date.
d. The directory may contain private information as long as it is kept confidential.
A
The HIM supervisor suspects that a departmental employee is accessing the EHR for
personal reasons, but has no specific data to support this suspicion. In this case, what
should the supervisor do?
a. Confront the employee.
b. Send out a memorandum to all department employees reminding them of the hospital
policy on Internet use.
c. Ask the security officer for audit trail data to confirm or disprove the suspicion.
d. Transfer the employee to another job that does not require computer usage.
C
If a patient wants to amend his or her health record, the covered entity may require the
individual to:
a. Make an amendment request in writing and provide a rationale for the amendment.
,b. Ask the attending physician for his or her permission to amend their record.
c. Require the patient to wait 30 days before their request will be considered and
processed.
d. Provide a court order requesting the amendment.
A
The process of releasing health record documentation originally created by a different
provider is called:
a. Privileged communication
b. Subpoena
c. Jurisdiction
d. Redisclosure
A
Which of the following statements is not true about a business associate agreement?
a. It prohibits the business associate from using or disclosing PHI for any purpose other
than that described in the contract with the covered entity.
b. It allows the business associate to maintain PHI indefinitely.
c. It prohibits the business associate from using or disclosing PHI in any way that would
violate the HIPAA Privacy Rule.
d. It requires the business associate to make available all of its books and records relating
to PHI use and disclosure to the Department of Health and Human Services or its agents.
B
, Which of the following is not an identifier under the Privacy Rule?
a. Age 75
b. Vehicle license plate BZ LITYR
c. Street address 265 Cherry Valley Road
d. Visa account 2773 985 0468
A
Sally has requested an accounting of PHI disclosures from Community Hospital. Which of
the following must be included in an accounting of disclosures to comply with this
request?
a. PHI related to treatment, payment, and operations
b. PHI provided to meet national security or intelligence requirements
c. PHI sent to a physician who has not treated Sally
d. PHI released to Sally's attorney upon her request
C
The protection measures and tools for safeguarding information and information systems
is a definition of:
a. Confidentiality
b. Data security
c. Informational privacy
d. Informational access control
B
