HIM 320 Practice Questions with Verified
Answers Graded A+ | Assured Success
defined by the Privacy Rule as nearly all functions needed to bill and obtain payment for
services rendered, and to determine eligibility or coverage by a health plan
payment
ex. billing, claims management, collection activites, review of medical necessity, etc.
think of payment as anything you have to do to get paid...before, during, and after treatment
what are the 9 things that the privacy rule deisgnates/defines as "healthcare operations?"
-quality improvement activities
-training
-case management
-sale or merger
-business and administrative functions
-hiring professional services such as legal, auditing, business, consulting, planning
,-insurance purposes (underwriting, premium rating, and activites for creation, renewal, and
replacement of health insurance)
-licensure, accreditation, and certification
-peer review (assessing competence of professionals)
what does it mean when we say HIPAA is permissible in nature?
HIPAA doesn't require that you disclose or use information, it only permits it
for example, states and accreditation agencies may require that a CE disclose confidential patient
information but HIPAA would only permit it (not a law that you have to disclose it according to
HIPAA)
in order to meet the requirements of the HIPAA Privacy Rule and disclose/use PHI for
TPO purposes (or just in general), what should CEs create?
they should create policies and procedures that must be followed by ALL members of the CE's
workforce
these policies and procedures should cover many things particullarly access controls and
identifying who has access to patient information based on their roles, need to know basis, etc
policies should also address the minimum necessary rule making sure each member of the
workforce knows what information should be disclosed
, policies should also be created for redisclosure
what are the 3 other entities are created by HIPAA to accomodate organizations?
-hybrid entities
-affiliated covered entities (ACEs)
-organized healthcare arrangments
buisnesses that are legally seperate organziations under common ownership or control and
designates themselves as a single entity for HIPAA compliance...can share policies and
procedures, forms, and NPP
Affiliated covered entities (ACEs)
ex. Lourde's hospital owns multiple places in lousiana
what are the 3 key privacy rule documents with the HIPAA privacy rule?
-Notice of Privacy Practices
-Consent forms
-Authorization forms
in addition to providing a NPP, providers should obtain what?
a general consent form from the patient to use of disclose PHI to carry out TPO
(note: HIPAA does not require this but it SHOULD be done...also different from consent to
specific treatment)
Answers Graded A+ | Assured Success
defined by the Privacy Rule as nearly all functions needed to bill and obtain payment for
services rendered, and to determine eligibility or coverage by a health plan
payment
ex. billing, claims management, collection activites, review of medical necessity, etc.
think of payment as anything you have to do to get paid...before, during, and after treatment
what are the 9 things that the privacy rule deisgnates/defines as "healthcare operations?"
-quality improvement activities
-training
-case management
-sale or merger
-business and administrative functions
-hiring professional services such as legal, auditing, business, consulting, planning
,-insurance purposes (underwriting, premium rating, and activites for creation, renewal, and
replacement of health insurance)
-licensure, accreditation, and certification
-peer review (assessing competence of professionals)
what does it mean when we say HIPAA is permissible in nature?
HIPAA doesn't require that you disclose or use information, it only permits it
for example, states and accreditation agencies may require that a CE disclose confidential patient
information but HIPAA would only permit it (not a law that you have to disclose it according to
HIPAA)
in order to meet the requirements of the HIPAA Privacy Rule and disclose/use PHI for
TPO purposes (or just in general), what should CEs create?
they should create policies and procedures that must be followed by ALL members of the CE's
workforce
these policies and procedures should cover many things particullarly access controls and
identifying who has access to patient information based on their roles, need to know basis, etc
policies should also address the minimum necessary rule making sure each member of the
workforce knows what information should be disclosed
, policies should also be created for redisclosure
what are the 3 other entities are created by HIPAA to accomodate organizations?
-hybrid entities
-affiliated covered entities (ACEs)
-organized healthcare arrangments
buisnesses that are legally seperate organziations under common ownership or control and
designates themselves as a single entity for HIPAA compliance...can share policies and
procedures, forms, and NPP
Affiliated covered entities (ACEs)
ex. Lourde's hospital owns multiple places in lousiana
what are the 3 key privacy rule documents with the HIPAA privacy rule?
-Notice of Privacy Practices
-Consent forms
-Authorization forms
in addition to providing a NPP, providers should obtain what?
a general consent form from the patient to use of disclose PHI to carry out TPO
(note: HIPAA does not require this but it SHOULD be done...also different from consent to
specific treatment)
