HIO-201 Exam Dumps - HIPAA CHP Questions and Answers

The date on which any automatic extension occurs.

Covered entity's signature.

A statement that federal privacy laws still protect the information after it is disclosed.

A statement that the individual has no right to revoke the authorization.

The date signed.

A covered entity must obtain an authorization for any use or disclosure of protected health information for marketing, except if the communication is in the form allowed by the regulations.

A face-to-face communication made by a covered entity to an individual is allowed by the regulations without an authorization

A promotional gift of nominal value provided by the covered entity is NOT allowed by the regulations without an authorization.

If the marketing is expected to result in direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is expected

Disclosure of PHI for marketing purposes is limited to disclosure to business associates (which could be a telemarketer) that undertakes marketing activities on behalf of the covered entity

A covered entity must designate, and document, a privacy official, security officer and a HIPAAcompliance officer

A covered entity must designate, and document, the same person to be both privacyofficial and as the contact person responsible for receiving complaints and providing further information about the notice required by the regulations.

A covered entity must implement and maintain written or electronic policies and procedures with respect to PHI that are designed to comply with HIPM standards, implementation specifications and other requirements.

A covered entity must train, and document the training of, at least one member of its workforce on the policies and procedures with regard to PHI as necessary and appropriate for them to carry out their function within the covered entity no later than the privacy rule compliance date

A covered entity must retain the document required by the regulations for a period often years from the time of it's creation or the time it was last in effect, which ever is later.

Imposes fines and imprisonment as civil penalties for violations.

Limits penalties to covered entities and their business associates.

Imposes criminal penalties for noncompliance with standards.

Limits imprisonment to a maximum often years.

Is $1000 per event of disclosure.

Security Incident Procedures

Assigned Security Responsibility

Access Control

Facility Access Controls

Security Management Process

Transmission Security

Evaluation

Audit Controls

Integrity

Security Management Process

Yes - the hospital's actions satisfy the "safe harbor" method of de-identification.

No - a person with appropriate knowledge and experience must determine that the information that remains can’t identify an individual.

No - authorization to release the information is still required by HIPAA

No - to satisfy "safe harbor" the hospital must also have no knowledge of a way to use the remaining data to identify an individual.

Yes - medical researchers are covered entities and "research" is considered a part of "treatment" by HIPAA.

A covered entity must use the applicable code set that is valid at the time the transaction is initiated.

April 14, 2003 is the compliance date for implementation of the National Provider Identifier.

CMS is responsible for updating the CPT-4 code set.

An organization that assigns NPIs is referred to as National Provider for Identifiers.

HHS assigns the Employer Identification Number (EIN), which has been selected as the National Provider Identifier for Health Care.

$1,000,000 per person per violation of a single standard for a calendar year.

$10 per person per violation of a single standard for a calendar year.

$25,000 per person per violation of a single standard for a calendar year.

$2,500 per person per violation of a single standard for a calendar year.

$1000 per person per violation of a single standard for a calendar year.

Technology specific

State of the art

Non-Comprehensive

Revolutionary

Scalable