Recently, a healthcare organization has noticed an increase in the number of whooping
cough cases in children under 5 years old. The healthcare organization reports the
information to the state department of health. Which of the following statements is
most applicable to the disclosure of this i...
RHIA Domain 2 Exam Study Questions with
Answers
Recently, a healthcare organization has noticed an increase in the number of whooping
cough cases in children under 5 years old. The healthcare organization reports the
information to the state department of health. Which of the following statements is
most applicable to the disclosure of this information?
a. The healthcare organization violated HIPAA because it didn't get authorization prior
to the disclosure.
b. The healthcare organization did not violate HIPAA because it can disclose information
to anyone as it sees fit.
c. The healthcare organization did not violate HIPAA because the disclosure impacted
the public health of everyone.
d. The healthcare organization violated HIPAA because it did not get authorization from
the state department of health prior to the disclosure. - Answer Correct Answer: C
Covered entities (healthcare organizations) are allowed to disclose protected health
information for public health reporting purposes without an authorization or consent
from the patient or family members. Since the whooping cough outbreak is a public
health issue, it can be reported without authorization (Brinda and Watters 2020, 325).
The _____ requires organizations to implement policies and procedures to safeguard
the facility and equipment from unauthorized access, tampering, and theft.
a. Contingency plan
b. Security Rule
c. Media and device controls
d. Emergency mode operations plan - Answer Correct Answer: B
The Security Rule operationalizes the Privacy Rule and requires administrative
safeguards such as policies and procedures to protect physical entities like information
systems, buildings, and equipment (Brinda and Watters 2020, 319).
,Jill has been asked to revise the health record retention policy for her organization. In
particular, administration believes the current policy does not properly reflect the
length of time that the records of minors should be retained. In conducting her
research, Jill refers to the AHIMA best practices for record retention. Based on her
research, which of the following should she recommend regarding retention of the
health records of minors?
a. 10 years plus statute of limitations
b. 20 years plus statute of limitations
c. Age of majority plus statute of limitations
d. Do not address them separately; they should conform to the same retention period
as all other records in the organization - Answer Correct Answer: C
The statute of limitations for minors, which is generally those who are younger than 18
years of age, may exceed the time for when health records are ordinarily retained.
Whereas a minor may file a lawsuit on his or her own behalf upon reaching the age of
majority, the statute of limitations does not being to run until the minor reaches the age
of majority (Rinehart-Thompson 2017c, 195).
Following a data breach with less than 500 impacted, how long does a covered entity
have to provide notification of the breach to the secretary of the Department of Health
and Human Services?
a. Immediately after determination of the data breach
b. Within 30 days
c. Within 60 days
d. 60 days after the end of the calendar year in which the breach occurred - Answer
Correct Answer: D
If the data breach impacts less than 500 individuals, the covered entity or business
associate must notify the secretary of the HHS annually; however, the notification must
occur no later than 60 days after end of the calendar year in which the data breach
occurred (Brinda and Watters 2020, 320).
,Barbara requested a copy of her PHI from her physician office on August 31. It is now
October 10 and she has not heard anything from the physician office. Which of the
following statements is correct?
a. This is not a HIPAA violation because the physician's office has 60 days to respond.
b. This is not a HIPAA violation because Barbara does not have a right to her
information.
c. This is a HIPAA violation because the physician's office did not respond within 30 days.
d. This is a HIPAA violation because the physician's office did not respond within 15
days. - Answer Correct Answer: C
Timely response is an important part of the Privacy Rule. A covered entity must act on
an individual's request for review of PHI no later than 30 days after the request is made,
extending the response by no more than 30 days if within the 30 day time period it gives
the reasons for the delay and the date by which it would respond (Rinehart-Thompson
2017, 245).
Retention of medical records is mandated by:
a. HIPAA
b. Joint Commission standards
c. State and federal law
d. Professional association guidelines - Answer Correct Answer: C
HIPAA does not address record retention. Joint Commission refers to applicable law.
Professional guidelines (for example, AHIMA) may address record retention, but they do
not have the force of law and are therefore not mandates (Rinehart-Thompson 2020,
60).
Emma is getting ready to begin kindergarten. Her school is requesting her immunization
records as required by state law. Per HIPAA, Emma's pediatrician may:
a. Not disclose this PHI without the authorization of Emma's parent
b. Disclose this information because it is not PHI
, c. Disclose this PHI with verbal permission from Emma's parent
d. Not disclose this PHI because it is an exception to the public health activity
authorization exception - Answer Correct Answer: C
HITECH makes it easier for schools to receive student immunization records where state
or other law requires it prior to student admission. HITECH permits CEs to disclose a
child's immunization records (considered a public health activity) to a school with the
oral consent of the parent or guardian. This contrasts with the previous written
authorization requirement (Rinehart-Thompson 2017e, 246).
When ownership of a physician practice changes:
a. Patients must pick up their health records and take them to another provider
b. The health records of the practice may be transferred as assets
c. Patients have no right to their health records
d. The health records of the original physician must be destroyed - Answer Correct
Answer: B
An ownership change may occur when a healthcare organization is sold. In physician or
other provider practices where the providers have a shared ownership, an ownership
change can also occur when one of the providers retires, dies, or otherwise relinquishes
his or her interest in a practice. In these cases, health records are considered assets and
are most likely to be transferred to successors who purchased or assumed responsibility
for the organization (Rinehart- Thompson 2017c, 200).
Sara Anderson presented to the HIM department upset that her health information was
sent to the state department of health. The HIM director explained to Sara that this
information is part of their mandatory legal reporting requirements even though the
information in her health record is owned by:
a. The healthcare facility
b. Sara's physician
c. Sara, the patient
d. The state - Answer Correct Answer: C
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Examsplug. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
