Health plan, clearinghouses, and any entity transmitting health information is considered by the

Privacy Rule to be a: - covered entity

Which of the following is not a covered entity in the Privacy Rule - healthcare consulting firm

A request for medical records is received for a specific date of service from patient's insurance

company with regards to a submitted claim. No authorization for release of information is provided.

What action should be taken? - release reqt to ins co

How many national priority purposes under the Privacy Rules for disclosure of specific PHI without

an individual's authorization or permission? - 12

A health plan sends a request for medical records in order to adjudicate a claim. Does the office

have to notify the patient or have them sign a release to send the information? - no

A practice sets up a payment plan with a patient. If more than four installments are extended to the

patient, what regulation is the practice subject to that makes the practice a creditor? - Truth in

Lending Act

Which of the following situations allows release of PHI without authorization from the patient? -

workers comp

misusing any information on the claim, charging excessively for services or supplies, billing for

services not medically necessary, failure to maintain adequate medical or financial records,

improper billing practices, or billing Medicare patients at a higher fee scale that non-Medicare

patients. - abuse