A visitor walks through the work area and picks up a flash drive from an employee's desk. What security
controls should have been implemented to prevent this security breach?
a. Device and media controls
b. Facility access controls
c. Workstation use controls
d. Workstation security controls - ✔✔Correct Answer: B
Facility access controls include establishing safeguards to prohibit the physical hardware and computer
system itself from unauthorized access while ensuring that proper authorized access is allowed
(Reynolds and Brodnik 2017a, 275-276).
Which of the following is true regarding the development of health record destruction policies?
a. All applicable laws must be considered.
b. The organization must find a way not to destroy any health records.
c. Health records involved in pending or ongoing litigation may be destroyed.
d. Only state laws must be considered. - ✔✔Correct Answer: A
Not all information must be kept forever. Just as the HIM professional must consider multiple factors
when determining retention, many factors must also be taken into consideration with regard to health
record destruction. These include applicable federal and state statutes and regulations; accreditation
standards; pending or ongoing litigation; storage capabilities; and cost (Reynolds and Morey 2020, 135-
136).
Which of the following allows a patient to access all or part of the health record that is maintained by
the provider?
a. Clinical decision support
b. Digital dictation
c. Patient portal
d. WebMD - ✔✔Correct Answer: C
The patient portal allows a patient to access all or part of the health record that is maintained by the
patient's provider (Amatayakul 2017, 15).
Burning, shredding, pulping, and pulverizing are all acceptable methods in which process?
a. Deidentification of electronic documents
b. Destruction of paper-based health records
c. Deidentification of records stored on microfilm
d. Destruction of computer-based health records - ✔✔Correct Answer: B
The destruction of patient-identifiable clinical documentation should be carried in accordance with
relevant federal and state regulations as well as organizational policy. Health records related to open
investigations, audits, or court cases should not be destroyed for any reason. Paper-based health
records can be destroyed using any of the following methods: burning, shredding, pulping, or pulverizing
(Fahrenholz 2017b, 107).
Today, Janet Kim had her first appointment with a new dentist. She was not presented with a Notice of
Privacy Practices. Is this acceptable?
a. No, a dentist is a healthcare clearinghouse, which is a covered entity under HIPAA.
b. Yes, a dentist is not a covered entity per the HIPAA Privacy Rule.
c. No, it is a violation of the HIPAA Privacy Rule.
d. Yes, the Notice of Privacy Practices is not required. - ✔✔Correct Answer: C
The Privacy Rule introduced the standard that individuals should be informed of how covered entities
use or disclose protected health information (PHI). This notice must be provided to an individual at his
or her first contact with the covered entity (Rinehart-Thompson 2017d, 219).
Champion Hospital retains Hall and Hall, a law firm, to perform all of its legal work, including
representation during medical malpractice lawsuits. Which of the following statements is correct?
a. The law firm is not a business associate because it is a legal, not a medical, organization.
b. The law firm is a business associate because it performs activities on behalf of the hospital.
c. The law firm is not a business associate because the privacy rule prohibits it from using individually
identifiable information.
d. The law firm is not a business associate because it is a medical, not a legal, organization. - ✔✔Correct
Answer: B
Category | exam bundles |
Comments | 0 |
Rating | |
Sales | 0 |