Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Examstrust Logo
examstrust mcafee
  1. Home
  2. HIPAA
  3. CHP
  4. HIO-201 - Certified HIPAA Professional

HIPAA HIO-201 Certified HIPAA Professional Exam Practice Test

Page: 1 / 16
Total 160 questions
Get HIO-201 Full Access Download HIO-201 PDF

Certified HIPAA Professional Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$43.75  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$61.25  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$38.5  $109.99
Add to Cart
Question 1

This transaction supports multiple functions. These functions include: telling a bank to move money OR telling a bank to move money while sending remittance information:

Options:

A.

277.

B.

278.

C.

271.

D.

82.

E.

270.

Question 2

This Security Standard addresses the proper functions to be performed on a specific workstation as well as the physical attributes of its surroundings.

Options:

A.

Information Access Management

B.

Workstation Security

C.

Access Control

D.

Facility Access Controls

E.

Workstation Use

Question 3

A business associate must agree to:

Options:

A.

Report to the covered entity any security incident of which it becomes aware

B.

Ensure the complete safety of all electronic protected health information

C.

Compensate the covered entity for penalties incurred because of the business associate's security incidents.

D.

Register as a business associate with HHS

E.

Submit to periodic audits by HHS of critical systems containing electronic protected health information

Question 4

This rule covers the policies and procedures that must be in place to ensure that the patients' health information is respected and their rights upheld:

Options:

A.

Security rule.

B.

Privacy rule.

C.

Covered entity rule.

D.

Electronic Transactions and Code Sets rule.

E.

Electronic Signature Rule.

Question 5

As defined in the HIPAA regulations, a group of logically related data in units is called a:

Options:

A.

Data group

B.

Segment

C.

Transaction set

D.

Functional group

E.

Interchange envelope

Question 6

Formal, documented instructions for reporting security breaches are referred to as:

Options:

A.

Business Associate Contract

B.

Response and Reporting

C.

Emergency Access Procedure

D.

Sanction policy

E.

Risk Management

Question 7

Select the correct statement regarding the administrative requirements of the HIPAA privacy rule.

Options:

A.

A covered entity must designate, and document, a privacy official, security officer and a HIPAAcompliance officer

B.

A covered entity must designate, and document, the same person to be both privacyofficial and as the contact person responsible for receiving complaints and providing further information about the notice required by the regulations.

C.

A covered entity must implement and maintain written or electronic policies and procedures with respect to PHI that are designed to comply with HIPM standards, implementation specifications and other requirements.

D.

A covered entity must train, and document the training of, at least one member of its workforce on the policies and procedures with regard to PHI as necessary and appropriate for them to carry out their function within the covered entity no later than the privacy rule compliance date

E.

A covered entity must retain the document required by the regulations for a period often years from the time of it's creation or the time it was last in effect, which ever is later.

Question 8

Select the correct statement regarding code sets and identifiers.

Options:

A.

The social security number has been selected as the National Health Identifier for individuals.

B.

The COT code set is maintained by the American Medical Association.

C.

Preferred Provider Organizations (PPO) are not covered by the definition of "health plan" for purposes of the National Health Plan Identifier

D.

HIPAA requires health plans to accept every valid code contained in the approved code sets

E.

An important objective of the Transaction Rule is to reduce the risk of security breaches through identifiers.

Question 9

Select the correct statement regarding the 834 - Benefit Enrollment and Maintenance transaction.

Options:

A.

It cannot be used to transfer enrollment information from a plan sponsor to a hearth care insurance company or other benefit provider.

B.

It can be used by a health insurance company to notify a plan sponsor that it has dropped one of its members.

C.

It cannot be used to enroll, update, or dis-enroll employees and dependents in a health plan.

D.

A sponsor can be an employer, insurance agency, association or government agency but unions are excluded from being plan sponsors.

E.

It can be used in either update or full replacement mode.

Question 10

This transaction type may be used in three ways:

1) Reply to a Health Care Claim Status Request.

2) Unsolicited notification of a health care claim status.

3) Request for additional information about a health care claim.

Options:

A.

837.

B.

820.

C.

277.

D.

835.

E.

278.

Question 11

This is a documented and routinely updated plan to create and maintain, for a specific period of time, retrievable copies of information:

Options:

A.

Disaster Recovery Plan

B.

Data Backup Plan

C.

Facility Access Controls

D.

Security Incident Procedures

E.

Emergency Mode Operations Plan

Question 12

A hospital is preparing a file of treatment information for the state of California. This file is to be sent to external medical researchers. The hospital has removed SSN, name, phone and other information that specifically identifies an individual. However, there may still be data in the file that potentially could identify the individual. Can the hospital claim "safe harbor" and release the file to the researchers?

Options:

A.

Yes - the hospital's actions satisfy the "safe harbor" method of de-identification.

B.

No - a person with appropriate knowledge and experience must determine that the information that remains can’t identify an individual.

C.

No - authorization to release the information is still required by HIPAA

D.

No - to satisfy "safe harbor" the hospital must also have no knowledge of a way to use the remaining data to identify an individual.

E.

Yes - medical researchers are covered entities and "research" is considered a part of "treatment" by HIPAA.

Question 13

Select the FALSE statement regarding the responsibilities of providers with direct treatment relationships under HIPAA's privacy rule.

Options:

A.

Provide the individual with a Notice of Privacy Practices that describes the use of PHI.

B.

Obtain a written authorization for each and every TPO event.

C.

Obtain a written authorization for any disclosure or use of PHI other than for the purposes of TPO.

D.

Provide access to the PHI that it maintains to the individual and make reasonable efforts to correct possible errors when requested by the individual.

E.

Establish procedures to receive complaints relating to the handling of PHI.

Question 14

HIPAA establishes a civil monetary penalty for violation of the Administrative Simplification provisions. The penalty may not be more than:

Options:

A.

$1,000,000 per person per violation of a single standard for a calendar year.

B.

$10 per person per violation of a single standard for a calendar year.

C.

$25,000 per person per violation of a single standard for a calendar year.

D.

$2,500 per person per violation of a single standard for a calendar year.

E.

$1000 per person per violation of a single standard for a calendar year.

Question 15

The implementation specifications for this HIPAA security standard (within Technical Safeguards) must support emergency access and unique user identification:

Options:

A.

Audit Control

B.

Integrity

C.

Access Control

D.

Person or Entity Authentication

E.

Transmission Security

Question 16

Select the correct statement regarding the requirements for oral communication in the HIPAA regulations.

Options:

A.

Covered entities must reasonably safeguard PHI, including oral communications, from any intentional or unintentional use or disclosure that is in violation of the Privacy Rule.

B.

Covered entities must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of de-Identified data.

C.

Covered entities are prohibited from marketing through oral communications

D.

The Privacy Rule requires covered entities to document any information, including oral communications, which is used or disclosed for TPO purposes.

E.

The Privacy Rule will often require major structural changes, such as soundproof rooms and encryption of telephone systems, to provide the "reasonable safeguards" of oral communications required by the regulations

Question 17

This HIPAA security area addresses the use of locks, keys and procedures used to control access to computer systems:

Options:

A.

Administrative Safeguards

B.

Physical Safeguards

C.

Technical Safeguards

D.

Audit Controls

E.

Information Access Management

Question 18

This transaction is the response to a Health Care Claim (837):

Options:

A.

Eligibility (270/271)

B.

Premium Payment (820)

C.

Claim Status Notification (277)

D.

Remittance Advice (835)

E.

Functional Acknowledgment (997)

Question 19

The Privacy Rule gives patients the following right:

Options:

A.

Access to the psychotherapy notes.

B.

Request an amendment to their medical record.

C.

Receive a digital certificate.

D.

See an accounting of disclosures for which authorization was given.

E.

The use of a smart card for accessing their records.

Question 20

Which of the following is NOT a HIPAA national health care identifier?

Options:

A.

National Provider Identifier (NPI)

B.

Social Security Number (SSN)

C.

National Health Plan Identifier (PlanID)

D.

National Employer Identifier for Health Care (EIN)

E.

National Health Identifier for Individuals (NHII)

Question 21

Which one of the following implementation specifications is associated with the Facility Access Control standard?

Options:

A.

Integrity Controls

B.

Emergency Access Procedure

C.

Access Control and Validation Procedures

D.

Security Reminders

E.

Security Policy

Question 22

In addition to code sets, HIPAA transactions also contain:

Options:

A.

Security information such as a fingerprint.

B.

Privacy information.

C.

Information on all business associates.

D.

Information on all health care clearinghouses.

E.

Identifiers.

Question 23

In terms of Security, the best definition of "Access Control" is:

Options:

A.

A list of authorized entities, together with their access rights.

B.

Corroborating your identity.

C.

The prevention of an unauthorized use of a resource.

D.

Proving that nothing regarding your identity has been altered

E.

Being unable to deny you took pan in a transaction.

Question 24

As part of their HIPAA compliance process, a small doctor's office formally puts the office manager in charge of security related issues. This complies with which security rule standard?

Options:

A.

Security Awareness and Training

B.

Security Management Process

C.

Access Control

D.

Assigned Security Responsibility

E.

Security Incident Procedures

Load More HIO-201 Questions
Page: 1 / 16
Total 160 questions
Get HIO-201 Full Access Download HIO-201 PDF