A.  

Limited 1o the minimum necessary to accomplish the intended purpose.

B.  

Left to the professional judgment and discretion of the requestor.

C.  

Controlled totally by the requestor's pre-existing authorization document.

D.  

Governed by industry "best practices" regarding use

E.  

Left in force for eighteen (18) years.

A.  

PHI includes all individually identifiable health information (IIHI).

B.  

PHI does not include physician's hand written notes about the patient's treatment.

C.  

PHI does not include PHI stored on paper.

D.  

PHI does not include PHI in transit.

E.  

PHI includes de-identified health information

A.  

Indefinitely, because the life of a signed authorization isindefinite.

B.  

Six (6) years from the time it expires.

C.  

For as long as the patient's records are kept.

D.  

Until it is specifically revoked by the individual.

E.  

Ten (10) years from the date it was signed.

A.  

Information Access Management

B.  

Security Management Process

C.  

Evaluation

D.  

Transmission Security

E.  

Device and Media Controls

A.  

Risk Analysis

B.  

Risk Management

C.  

Access Establishment and Modification

D.  

Isolating Health care Clearinghouse Function

E.  

Information System Activity Review

A.  

Access Control

B.  

Audit Controls

C.  

Authorization Controls

D.  

Data Authentication

E.  

Person or Entity Authentication

A.  

A person who acts on behalf of a non-covered entity.

B.  

A person who's function may involve claims processing, administration, data analysis or practice management with access to PHI.

C.  

A person who is a member of the covered entity's workforce.

D.  

A clearinghouse.

E.  

A person that performs or assists in the performance of a function or activity that involves the use or disclosure of de-identified health information.

A.  

837.

B.  

820.

C.  

277.

D.  

835.

E.  

278.

A.  

Employee drug tests.

B.  

Health component of auto insurance.

C.  

Stored health information data.

D.  

Eligibility inquiries.

E.  

Non-reimbursed employee medical expenses.

A.  

A list of authorized entities, together with their access rights.

B.  

Corroborating your identity.

C.  

The prevention of an unauthorized use of a resource.

D.  

Proving that nothing regarding your identity has been altered

E.  

Being unable to deny you took pan in a transaction.

A.  

270

B.  

276

C.  

278

D.  

280

E.  

834

A.  

A covered entity must use the applicable code set that is valid at the time the transaction is initiated.

B.  

April 14, 2003 is the compliance date for implementation of the National Provider Identifier.

C.  

CMS is responsible for updating the CPT-4 code set.

D.  

An organization that assigns NPIs is referred to as National Provider for Identifiers.

E.  

HHS assigns the Employer Identification Number (EIN), which has been selected as the National Provider Identifier for Health Care.

A.  

Risk Analysis

B.  

Contingency Operations

C.  

Emergency Mode Operation Plan

D.  

Data Backup Plan

E.  

Disaster Recover Plan

A.  

ICD-9-CM, Volumes 1 and 2

B.  

CPT-4

C.  

CDT

D.  

ICD-9-CM, Volume 3

E.  

HCPCS

A.  

Risk Analysis

B.  

Access Control and Validation Procedures

C.  

Integrity Controls

D.  

Access Authorization

E.  

Termination Procedures

A.  

Eligibility (270/271)

B.  

Premium Payment (820)

C.  

Unsolicited Claim Status (277)

D.  

Remittance Advice (835)

E.  

Functional Acknowledgment (997)

A.  

As a response to a health care claim status request

B.  

As a health care claim payment advice

C.  

Electronic funds transfer

D.  

As a request for health care claims status

E.  

Request for the psychotherapy notes of a patient

A.  

Control access to tapes, floppies, and re-writeable CDs.

B.  

Track the access of record able media.

C.  

Dispose of storage devices.

D.  

Backup copies of health information.

E.  

Prohibit alteration of health information.

A.  

Verbally request 3 consent and offer a copy of the Notice of Privacy Practices.

B.  

Verbally request specific authorization for the PHI.

C.  

Do nothing more.

D.  

Obtain the signature of the patient on their Notice of Privacy Practices.

E.  

Not respond to the request without an authorization from the primary physician.

A.  

Simple flat file structure for transactions.

B.  

Envelope structure for transactions.

C.  

Employer identifier.

D.  

Health plan identifier

E.  

Provider identifier.

A.  

An organized health care arrangement is a clinically integrated setting in which patients receive care from multiple providers.

B.  

Independent providers participating in an organized health care arrangement are business associates of each other.

C.  

An example of an OHCA is a nurse employed in a physician's office.

D.  

An example of an OHCA is a laboratory attached to a physician's office.

E.  

An example of an OHCA is a health insurance company and its affiliated life insurancecompany.

A.  

National PKI Identifier.

B.  

National Standard Health Care Provider Identifier.

C.  

National Standard Employer Identifier.

D.  

Standards for Electronic Transactions and Code Sets.

E.  

Security Rule.

A.  

Their professional judgment and standards.

B.  

The policies set by the security rule for the protection of the information.

C.  

Specific guidelines set by WEDI.

D.  

Measures that are expedient and reduce costs.

E.  

The information for research and marketing purposes only.

A.  

Business Associate Contract

B.  

Data Backup Plan

C.  

Media Re-use

D.  

Disposal

E.  

Accountability