CMOM-Practice Management Institute
EXAM LATEST UPDATE 2025 Verified
Questions and Answers | With 100%
Correct Answers graded A+ Guaranteed
Success!!
HIPPA REGULATION: Privacy Overview -CORRECTANSWER There are three major
areas addressed in the Privacy Regulation: 1. Use and disclosure of PHI, 2. Patient
rights 3. Security administrative and physical
Business Associates -CORRECTANSWER can be held directly accountable by federal
or state authority for failure to comply with HIPAA statutory or regulations. ex. IT techs,
Janitors, Cleaning Services, Vendors, Collection agencies, Consultants and Billing
Services.
Entities -CORRECTANSWER ex. doctors, hospitals, pharmacy
Breach -CORRECTANSWER unauthorized acquisition access, use or disclosure of
protected health information, ex. ALGH issue on breach where health info was spread
with no consents from patients.
What is NOT considered a breach? -CORRECTANSWER 1. Where an authorized
person who received the health info. cannot reasonably have been able to retain it.
,2. If an unintentional acquisition, access, or use occurs within the scope of employ. and
info doesn't go any further.
3. If it is an inadvertent disclosure that occurs within a facility, and the information does
not go any further.
Tiered Increase in Civil Monetary Penalties -CORRECTANSWER HIPPA violation at
$50,000 per violation and an annual maximum of $1.5million.
What are examples that could not result in HIPPA violation by DHHS? -
CORRECTANSWER -Overheard phone or nursing station conversation
-Joint treatment areas
-Sign-in sheets
-Calling names in reception areas
-Hospital rounds
Solutions would be to speak quietly, cubicles, curtains, dividers, asking patients to step
back, or closing doors.
Health Information (PHI) -CORRECTANSWER Any info. whether oral or recorded in
any form or medium that is created or received by a health care provider, health, plan
public health authority, employer, life insurer, school or university, or health care
clearinghouse, and related to the past, present or future physical or mental health or
condition.
, Individual Identifiable Health Information (IIHI) -CORRECTANSWER Information that is
a subset of health information, including demographic, information collected from an
individual.
Identifiers -CORRECTANSWER -Email address
-Social Security number
-Medical record number
-Vehicle identifier
-Full face photograph
The Notice of Privacy Practices should be... -CORRECTANSWER In a written
language, tape, or video that the patient understands, be clearly posted in the practice
or facility, and if applicable, on the practice website.
Fraud -CORRECTANSWER the intentional deception or misrepresentation that an
individual knows to be false or does not believe to be true and makes, knowingly that
the deception could result in some unauthorized benefit to himself/herself or some other
person.
ex. Billing for services that were not furnished and or supplies that were not provided
-Billing for services as if performed by a particular entity when they were, in fact,
performed by another entity not eligible to be paid by Medicare
-Using in incorrect or inappropriate provider number ni order to be paid (using a
deceased provider number to defraud Medicare).
EXAM LATEST UPDATE 2025 Verified
Questions and Answers | With 100%
Correct Answers graded A+ Guaranteed
Success!!
HIPPA REGULATION: Privacy Overview -CORRECTANSWER There are three major
areas addressed in the Privacy Regulation: 1. Use and disclosure of PHI, 2. Patient
rights 3. Security administrative and physical
Business Associates -CORRECTANSWER can be held directly accountable by federal
or state authority for failure to comply with HIPAA statutory or regulations. ex. IT techs,
Janitors, Cleaning Services, Vendors, Collection agencies, Consultants and Billing
Services.
Entities -CORRECTANSWER ex. doctors, hospitals, pharmacy
Breach -CORRECTANSWER unauthorized acquisition access, use or disclosure of
protected health information, ex. ALGH issue on breach where health info was spread
with no consents from patients.
What is NOT considered a breach? -CORRECTANSWER 1. Where an authorized
person who received the health info. cannot reasonably have been able to retain it.
,2. If an unintentional acquisition, access, or use occurs within the scope of employ. and
info doesn't go any further.
3. If it is an inadvertent disclosure that occurs within a facility, and the information does
not go any further.
Tiered Increase in Civil Monetary Penalties -CORRECTANSWER HIPPA violation at
$50,000 per violation and an annual maximum of $1.5million.
What are examples that could not result in HIPPA violation by DHHS? -
CORRECTANSWER -Overheard phone or nursing station conversation
-Joint treatment areas
-Sign-in sheets
-Calling names in reception areas
-Hospital rounds
Solutions would be to speak quietly, cubicles, curtains, dividers, asking patients to step
back, or closing doors.
Health Information (PHI) -CORRECTANSWER Any info. whether oral or recorded in
any form or medium that is created or received by a health care provider, health, plan
public health authority, employer, life insurer, school or university, or health care
clearinghouse, and related to the past, present or future physical or mental health or
condition.
, Individual Identifiable Health Information (IIHI) -CORRECTANSWER Information that is
a subset of health information, including demographic, information collected from an
individual.
Identifiers -CORRECTANSWER -Email address
-Social Security number
-Medical record number
-Vehicle identifier
-Full face photograph
The Notice of Privacy Practices should be... -CORRECTANSWER In a written
language, tape, or video that the patient understands, be clearly posted in the practice
or facility, and if applicable, on the practice website.
Fraud -CORRECTANSWER the intentional deception or misrepresentation that an
individual knows to be false or does not believe to be true and makes, knowingly that
the deception could result in some unauthorized benefit to himself/herself or some other
person.
ex. Billing for services that were not furnished and or supplies that were not provided
-Billing for services as if performed by a particular entity when they were, in fact,
performed by another entity not eligible to be paid by Medicare
-Using in incorrect or inappropriate provider number ni order to be paid (using a
deceased provider number to defraud Medicare).
