CMOM PRACTICE MANAGEMENT
INSTITUTE PRACTICE EVALUATION SCRIPT
2026 DETAILED QUESTIONS WITH
ACCURATE CORRECT ANSWERS ALREADY
PASSED GRADED A+
⩥ Business Associates. Answer: can be held directly accountable by
federal or state authority for failure to comply with HIPAA statutory or
regulations. ex. IT techs, Janitors, Cleaning Services, Vendors,
Collection agencies, Consultants and Billing Services.
⩥ Entities. Answer: ex. doctors, hospitals, pharmacy
⩥ Breach. Answer: unauthorized acquisition access, use or disclosure of
protected health information, ex. ALGH issue on breach where health
info was spread with no consents from patients.
⩥ What is NOT considered a breach?. Answer: 1. Where an authorized
person who received the health info. cannot reasonably have been able
to retain it.
2. If an unintentional acquisition, access, or use occurs within the scope
of employ. and info doesn't go any further.
3. If it is an inadvertent disclosure that occurs within a facility, and the
information does not go any further.
,⩥ Tiered Increase in Civil Monetary Penalties. Answer: HIPPA violation
at $50,000 per violation and an annual maximum of $1.5million.
⩥ What are examples that could not result in HIPPA violation by
DHHS?. Answer: -Overheard phone or nursing station conversation
-Joint treatment areas
-Sign-in sheets
-Calling names in reception areas
-Hospital rounds
Solutions would be to speak quietly, cubicles, curtains, dividers, asking
patients to step back, or closing doors.
⩥ Health Information (PHI). Answer: Any info. whether oral or recorded
in any form or medium that is created or received by a health care
provider, health, plan public health authority, employer, life insurer,
school or university, or health care clearinghouse, and related to the past,
present or future physical or mental health or condition.
⩥ Individual Identifiable Health Information (IIHI). Answer:
Information that is a subset of health information, including
demographic, information collected from an individual.
⩥ Identifiers. Answer: -Email address
, -Social Security number
-Medical record number
-Vehicle identifier
-Full face photograph
⩥ The Notice of Privacy Practices should be.... Answer: In a written
language, tape, or video that the patient understands, be clearly posted in
the practice or facility, and if applicable, on the practice website.
⩥ Fraud. Answer: the intentional deception or misrepresentation that an
individual knows to be false or does not believe to be true and makes,
knowingly that the deception could result in some unauthorized benefit
to himself/herself or some other person.
ex. Billing for services that were not furnished and or supplies that were
not provided
-Billing for services as if performed by a particular entity when they
were, in fact, performed by another entity not eligible to be paid by
Medicare
-Using in incorrect or inappropriate provider number ni order to be paid
(using a deceased provider number to defraud Medicare).
⩥ Abuse. Answer: describes practices that either directly or indirectly
result in unnecessary costs to the Medicare Program. Acts committed
knowingly, willfully and intentionally.
ex. Charging in excess for services or supplies
INSTITUTE PRACTICE EVALUATION SCRIPT
2026 DETAILED QUESTIONS WITH
ACCURATE CORRECT ANSWERS ALREADY
PASSED GRADED A+
⩥ Business Associates. Answer: can be held directly accountable by
federal or state authority for failure to comply with HIPAA statutory or
regulations. ex. IT techs, Janitors, Cleaning Services, Vendors,
Collection agencies, Consultants and Billing Services.
⩥ Entities. Answer: ex. doctors, hospitals, pharmacy
⩥ Breach. Answer: unauthorized acquisition access, use or disclosure of
protected health information, ex. ALGH issue on breach where health
info was spread with no consents from patients.
⩥ What is NOT considered a breach?. Answer: 1. Where an authorized
person who received the health info. cannot reasonably have been able
to retain it.
2. If an unintentional acquisition, access, or use occurs within the scope
of employ. and info doesn't go any further.
3. If it is an inadvertent disclosure that occurs within a facility, and the
information does not go any further.
,⩥ Tiered Increase in Civil Monetary Penalties. Answer: HIPPA violation
at $50,000 per violation and an annual maximum of $1.5million.
⩥ What are examples that could not result in HIPPA violation by
DHHS?. Answer: -Overheard phone or nursing station conversation
-Joint treatment areas
-Sign-in sheets
-Calling names in reception areas
-Hospital rounds
Solutions would be to speak quietly, cubicles, curtains, dividers, asking
patients to step back, or closing doors.
⩥ Health Information (PHI). Answer: Any info. whether oral or recorded
in any form or medium that is created or received by a health care
provider, health, plan public health authority, employer, life insurer,
school or university, or health care clearinghouse, and related to the past,
present or future physical or mental health or condition.
⩥ Individual Identifiable Health Information (IIHI). Answer:
Information that is a subset of health information, including
demographic, information collected from an individual.
⩥ Identifiers. Answer: -Email address
, -Social Security number
-Medical record number
-Vehicle identifier
-Full face photograph
⩥ The Notice of Privacy Practices should be.... Answer: In a written
language, tape, or video that the patient understands, be clearly posted in
the practice or facility, and if applicable, on the practice website.
⩥ Fraud. Answer: the intentional deception or misrepresentation that an
individual knows to be false or does not believe to be true and makes,
knowingly that the deception could result in some unauthorized benefit
to himself/herself or some other person.
ex. Billing for services that were not furnished and or supplies that were
not provided
-Billing for services as if performed by a particular entity when they
were, in fact, performed by another entity not eligible to be paid by
Medicare
-Using in incorrect or inappropriate provider number ni order to be paid
(using a deceased provider number to defraud Medicare).
⩥ Abuse. Answer: describes practices that either directly or indirectly
result in unnecessary costs to the Medicare Program. Acts committed
knowingly, willfully and intentionally.
ex. Charging in excess for services or supplies
