aughh

qhy sosn't she el me this was what we were stdying arleir 1, 6, 11, 12, 13,

The term electronic health records means the following…

the medical information of a patient is stored in an electronic format, patient’s health information can be accessed electronically by the facility that generated it, patient’s health information can be shared among multiple healthcare providers.

The term electronic medical record means the following…

patient’s health information is available electronically, patient’s health information is recorded electronically by multiple members of the care team, patient’s information is found in a single electronic file that can be accessed within a healthcare facility.

Which of the following statements best distinguishes an EMR from an EHR?

An EMR belongs only to one healthcare facility, while an EHR may be accessed by multiple healthcare facilities.

Which of the following do an EMR and an EHR have in common?

Electronic data entry, storage, and access to patient’s health information.

Consider this scenario: Dr. Smith is visiting a patient in her office. Prior to the visit, Dr. Smith is able to access the patient’s prior history, notes, laboratory data, and allergies electronically. Then, she enters notes and a new medication prescription for the patient in the computer. Finally, Dr. Smith asks the patient to verify his preferred pharmacy and tells the patient that he does not need the prescription hard copy. The prescription is sent electronically to the pharmacy. What system is the physician practice using?

Electronic Health Record

The acronym HCD refers to

Healthcare Delivery System.

A longitudinal health record has the following characteristics…

contains documentation from multiple healthcare providers and encounters, stores patient information over a period of time, typically for as long as patient receives care, is not static, meaning that it changes over the course of patient care.

Which of the following types of information are not included in the EHR?

security information

Interoperability is…

the ability of a computer system to communicate with another computer system.

Interoperability can occur at all levels except

Level 0.

Which of the following is true about the levels of interoperability?

The higher the level, the greater the capability for interoperation.

Which of the following best describes the difference between Level 2 and Level 3 interoperability?

At Level 3, a pharmacy system receiving an eprescription would meaningfully convert the physician notation “q4h” next to a medication; at Level 2, the pharmacy system would not understand the meaning.

Sunrise Hospital has implemented a new EHR system and can now share patient information with several family practices. The family practitioner of a recently hospitalized patient can view the details of admission along with the list of discharge medications and doses. Based on this information, which level of interoperability has been implemented?

Level 2

A cancer hospital has partnered with a number of hospitals and clinics across the country, who are deploying proton therapy and other new cancer treatments with the goal of improving research capability and health outcomes for cancer patients. All partner clinics and hospitals are able to share data along with their meaning and are going through a process of unifying the various policies and procedures pertaining to data sharing. Based on this information, which level of interoperability will the hospital achieve?

Level 4

Organizational interoperability means all the following except…

Organizations are using the same healthcare applications.

Which of the following is not true about interoperability?

Interoperability is designed specifically for healthcare.

What is the difference between Level 3 and Level 4 interoperability?

At Level 4, organizations create and maintain policies for data sharing; at Level 3, they share data along with their meaning.

A computer protocol is a…

standardized method of communication between two computers.

The most common communication protocol used in healthcare today is…

Health Level Seven (HL7).

Which of the following occurs during the operational phase of the EHR rollout process?

A pilot is run to identify issues and problems.

A healthcare facility is in the process of implementing a new electronic health record system. One of the goals is to achieve exchange of clinical and administrative data with two other hospitals owned by the same organization. What standard(s) should the EHR comply with to achieve that goal?

HL7

The Office of the National Coordinator for Health Information Technology (ONC) was created as part of the Department of Health and Human Services (HHS) as a result of the American Recovery and Reinvestment Act of 2009 (ARRA). What is the role of ONC?

To improve health care in the United States through better use of information technology and information.

What was the purpose of creating the Shared Nationwide Interoperability Roadmap?

To share a common vision towards interoperability in health care

The HITECH Act of 2009 marked a significant achievement for health care because…

it allocated billions of dollars for health information technology, it provided incentives for physicians and hospitals to implement electronic health records, it established a National Health Information Technology Research Center.

How did a provider become eligible for financial incentives upon adopting a new EHR system?

By demonstrating “meaningful use” of a certified EHR

What is the interoperability standards advisory?

a public list of standards used to determine interoperability and address deficiencies of interoperability

Which of the following statements about meaningful use implementation is not true?

The meaningful use program ended before every provider reached Stage 3.

One way the government encouraged implementation of EHRs sooner rather than later was…

by reducing reimbursement rate gradually for physicians who had not adopted an EHR, starting in 2015.

The term “meaningful use” refers to…

a set of standards for using EHRs, defined by CMS.

There are three stages of meaningful use. Stage 1 has already been implemented in many facilities and includes all except…

use of certified EHR for improving health outcomes.

Which of the following statements regarding meaningful use is not true?

Meaningful use criteria were to be implemented in all facilities at the same time.

Which of the following are benefits of EHRs?

improved access to patient information, faster communication among providers, improved documentation of care.

After the implementation of the EHR at Sunrise Hospital, Ms. Jones, RN, is able to view physicians orders instantly and proceed with the patient care as ordered. This is an example of an EHR benefit, specifically _________.

improved speed of communication

After the implementation of the EHR, on-call doctors at Grace Hospital were able to access patient information from home and provide the necessary instructions faster. This benefit illustrates…

improved communication and accessibility.

Mike, a patient suffering from a blood coagulation disorder is on coumadin. In order to keep the condition under control, Mike has to do blood tests on a weekly basis. The doctor receives the results two-three days after the test, sorts out the abnormal results, and then calls patients, such as Mike to adjust the dose of the medication accordingly. Upon the implementation of the EHR, lab results are incorporated in the patients’ electronic records right away. The physicians’ office receives an alert about the abnormal findings thus creating an opportunity for better monitoring of patient status and care. This is an illustration of:

improved documentation, streamlined communication, immediate access to patient information.

Which of the following is not a provider benefit of the EHR?

Patients can monitor their own health goals.

EHRs have multiple benefits but they also have challenges associated with them. Which of the following is not a challenge for implementing an EHR?

limited availability of EHR software options

Within a few years of the passing the American Recovery and Reinvestment Act, there was mass implementation of electronic health records by hospitals and physician’s offices. Which of the following was the most significant for enabling patient access to their electronic health records as well as the exchange and use of health information?

the 21st Century Cures Act

Healthcare delivery systems implementing an EHR need to address privacy and security concerns by…

installing secure firewalls and implementing policies that establish access controls.

The ARRA and HITECH Act encouraged many IT vendors to start designing EHRs for various types of facilities, such as hospitals, physician’s office, and dentists. While this was a positive trend, new issues were created relating to…

great variability of EHRs but limited knowledge in selecting the right one, minimal availability of competent staff to lead the transition from paper files, lack of support in implementation.

Growth of EHRs has created new opportunities for…

health information management professionals, certified healthcare technology specialists, IT professionals.

Which of the following is a certification that demonstrates expertise in the analysis of health data?

CHDA

What is the difference between an RHIT and an RHIA?

An RHIT works on the technical aspects of the system and an RHIA is a liaison and specialist in managing health information.

The challenges of EHRs present opportunities for health information professionals in many areas, especially…

privacy, security, and training.

The overall purpose of electronic health records is to…

improve patient outcomes, improve quality of healthcare delivery, improve access to health information across the world.

When members of the U.S. Congress enacted the HITECH Act, they set specific goals the act would accomplish. List and briefly explain these goals.

The HITECH Act was enacted to promote EHR by financially supporting health care providers who established an EHR system. It assisted with implementation in smaller practices through the Health Information Technology Research Extension Program. The Health and Information Technology Research Center (HITRC) and Regional Extension Centers (RECs) were created by the HITECH Act to clarify standards, collaborate, and aid providers further.

List four of the eight topic areas of the objectives of Stage 3 Meaningful Use.

Four objective topic areas of Stage 3 meaningful use were prescribing medications electronically (also known as e-Prescribing or eRx), directly ordering medications and treatments (also known as computerized provider order entry or CPOE), exchanging health information, and reporting the health information for the good of public health.

List the five levels of interoperability.

At Level 0, called no interoperability, devices have no ability to exchange information. At Level 1, called foundational interoperability, devices can share data, but they cannot interpret it. At Level 2, called structural interoperability, devices can interpret data, but they cannot understand it. At this level, there are data formatting standards. At Level 3, called semantic interoperability, devices have reached a point where they can convey the meaning as well as the interpretation of the data. At Level 4, called organization interoperability, devices have the capability to share information across people and organizations.

Name two credentials offered by AHIMA for health information professionals.

AHIMA offers the RHIT and RHIA certifications for those who have an associate and a bachelor’s degree respectively. The RHIT (registered health information technician) is qualified in the technical aspects of handling health information and can be a medical biller or coder. The RHIA (registered health information administrator) is qualified in the management of health information and communication with relevant individuals.

Define workflow analysis.

Workflow analysis is an assessment which identifies the state of organizational procedures and how paper records fit into patient care. The information gathered from workflow analysis is used to determine what type of EHR system would be best for the office, providers, and management.

The Health Insurance Portability and Accountability Act of 1996 was the first federal law that addressed.

privacy and security of health records

The HIPAA Privacy Rule, published in 2000, was modified by the HIPAA Privacy, Security, and Enforcement Rule of 2013. What was mainly addressed in these modifications?

electronic health records

Which of the following is not a covered entity?

a life insurance company

Which of the following must comply with HIPAA’s requirements to protect the privacy and security of health information?

a business associate working with Medicaid

Which of the following is a non-covered entity under HIPAA?

a casualty insurance carrier

Which of the following is the correct definition of protected health information (PHI)?

individually identifiable health information held or transmitted by a covered entity or its business associate orally, or in electronic or paper format

Which of the following is not considered PHI?

last year’s number of patients with congestive heart failure

Which of the following is not true about the de-identified health information?

It can be shared with medical device companies.

Which of the following is not a permitted disclosure?

use of health information in litigation

Protected health information (PHI) is generally disclosed with patient’s authorization. Which of the following situations allow a covered entity to disclose the information without patient authorization?

releasing patient’s information to the patient’s legal representative upon request

Estephania works in a hospital and receives a request for copies of 50 records that will be reviewed by an audit company working for Medicare. What should she do?

She should comply with the request.

Which of the following would not be a permitted disclosure without patient authorization?

disclosure to the worker’s compensation upon their request

According to HIPAA, permitted disclosures include all of the following except releasing information for ______ purposes.

litigation

Using patient information for healthcare operations is allowed under HIPAA’s TPO Clause, thus a hospital could use patient information without their authorization in a case such as…

an example in discussing a unique cancer case.

Which of the following may not be considered incidental to a permitted use or disclosure?

An attorney receives the wrong patient’s information via fax.

Federal and state laws do not always match when it comes to regulations pertaining to privacy, security, and overall record maintenance and retention. As the HIM director of a new healthcare facility, you are creating new privacy and security policies. Which of the following approaches will you follow?

Look at both state and federal laws and use the more stringent one in terms of privacy protection.

In which of the following cases was the minimum necessary rule violated?

A patient’s attorney asked for a copy of the last operative report and received it along with the pathology report.

A patient was transferred from a mental health facility to an acute care hospital for a suspected heart attack. Which of the following would constitute a violation of the minimum necessary rule?

sending a complete copy of the record from the first facility

Which of the following entities is responsible for enforcing HIPAA Privacy and Security Rules?

Office of Civil Rights

The HIPAA Privacy and Security Rule complaint process includes all of the following except…

case transfer.

While releasing information with the patient’s authorization, a HIM professional released a copy of another patient’s report that was filed by mistake in the record being processed. What does this case constitute?

a civil violation

Which of the following scenarios is true about civil violations?

A person charged with a civil violation does not usually face imprisonment.

Which of the following is considered the most frequently investigated compliance issue?

impermissible use and disclosure of PHI

Considering historical complaints along with several cases discussing breaches of privacy and confidentiality, what could be considered the greatest threat to privacy and confidentiality?

people

When a facility signs a resolution agreement with the federal government, it means all but which of the following?

The federal government mandates audits of all releases of information.

One of the requirements of a resolution agreement is to…

send reports to the federal government.

Which of the following cases is considered a breach?

releasing information to the ex-husband of a patient who in turn uses it for his divorce benefits

HIPAA requires covered entities to notify individuals of a breach…

within 60 days after discovering the breach.

A hospital experienced a breach that affected 120 patients who had been discharged on the same day. In response, the hospital sent a breach notification to all the patients that included a description of the breach, the information involved, steps the individuals could take to protect themselves from harm, and the hospital’s contact information. What was the notification missing?

what the facility was doing to investigate breach

In which of the following cases is a notice to the media required?

breaches involving more than 500 residents of a state or jurisdiction

Which of the following is not an objective of HIPAA Security Rule?

protecting against flood damage to paper records

What do Security Rule provisions address?

electronic health information

A physician’s office has implemented a new electronic health record system that enables it to send patient information electronically to the hospital it is affiliated with and to most of the insurance companies it works with. What steps should the office take to comply with the HIPAA Security Rule?

Ensure integrity of the information during transmission.

One of the reasons that prompted HIPAA security standards was…

increased use and promotion of electronic health records.

What is one of the differences between the Privacy Rule and the Security Rule?

Privacy Rule applies to all forms of PHI; Security Rule applies to electronic PHI

Which of the following is not considered an administrative safeguard?

user authentication process

Which of the following is not considered a physical safeguard under HIPAA Security Rule?

encrypting data

A healthcare facility has implemented a new dictation and transcription system that requires physicians to review their own reports and sign them electronically. Some of the physicians do not support this process and continue to ask their assistants to print the dictated reports. Upon review, it was discovered that they are allowing their assistants to use their username and password to sign reports electronically. What HIPAA Security safeguard is this practice violating?

technical safeguards

Which part of the HIPAA Security Rule addresses the contracting standards for business associates?

organizational requirements

A new HIM director is reviewing policies and procedures and organizing the prior security implementation and assessment documentation. Before destroying any documentation in the process of updating, he should review…

the Security Rule section on policies and procedures and documentation requirements.

What is the difference between required standards and addressable standards?

A facility must comply with required standards and address the addressable ones as needed.

A chiropractor is looking at the Security Standards Matrix and believes that it is unnecessary to address the encryption and decryption procedures. What should the chiropractor’s office document as a reason for not implementing this standard?

The system used does not enable transmission of information; therefore, the standard is not applicable.

In the wake of multiple Security Rule breaches, it would be advisable to do which of the following in order to reduce risk of breaches?

implement an enterprise data storage to manage and protect data

An important aspect of data stewardship is improving security of health information. As an HIM director, which of the following is an activity you need to focus on in order to boost security of health information in your facility?

Update encryption software when needed for PHI protection.

A researcher is studying treatment effectiveness of a new medication. You are asked to provide health information that will assist in this research. What is the best course of action?

Provide a limited data set.

What is the major purpose of the Privacy Rule?

The major purpose of Privacy Rule is to introduce the concept of protected health information (PHI, health information that can be associated with an individual's identity, which can be transmitted in any manner), identify who can use or disclose it, and clarify in which situations use or disclosure is acceptable. It has been edited to align with policies for EHR. The Privacy Rule applies to covered entities such as healthcare providers, heath plans, and healthcare clearinghouses. It also applied to the covered entities’ business associates. It differentiates between required and permitted disclosures, gives patients the right to receive accounting of disclosures, and establishes the minimum necessary rule.

What are the two situations in which disclosure of protected health information is required?

Covered entities must disclose PHI when an individual or their designated representative requests their health information. The only other time when disclosure is required is during a compliance investigation, review, or enforcement action made by the Department of Health and Human Services (HHS).

Describe a limited data set for purposes of research, public health, or healthcare operations.

Limited data sets include deidentified protected health information (PHI), stripped of details such as names of individuals, relatives, household members, or employees. To receive a limited data set, it is required for the recipient to follow a data use agreement with PHI safeguards. Patient authorization should have certain content such as an expiration date and a note that it is revocable, no matter whether the authorization is required or optional. Having a standard format for patient authorization made by legal counsel is a must for covered entities.

Describe the differences between civil and criminal acts in violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

One notable difference between civil and criminal violations is intent. Civil violations occur when individuals mistakenly violate HIPAA with inappropriate use or disclosure of protected health information (PHI). Criminal violations occur when individuals intentionally do the aforementioned. Another difference is the severity of the consequences. If a civil violation is rectified by a covered entity within 30 days of discovery of the violation, there are no penalties. A covered entity may face a fine of $100 to $50,00 per violation, but there is a limit of $1.5 million that can be fined annually. However, criminal violations can result in a $50,000 fine and prison for one year. It increases to $100,000 with prison for five years with false pretenses, and $250,000 with prison for ten years if there is intent to inflict harm or benefit from it commercially/personally. The federal government also issues a resolution agreement for criminal violations, in which covered entities agree to perform tasks such as training, audits, and sending reports while the government oversees their compliance.

List the top five compliance issues that have been investigated by the federal government since HIPAA went into effect.

Impermissible use and disclosure of PHI is the top compliance issue investigated by the government. Ordered from most to least common, the other four most frequently investigated issues are lack of PHI safeguards, lack of patient access to PHI, lack of ePHI administrative safeguards, and disclosure or use of PHI that is greater than the minimum necessary.