1
MHA 705 Module 7 Exam Questions and Answers
Louisiana State University Shreveport 2026/2027
Health Administration Review.
Instructions: This practice exam contains exactly 40 questions. Select the best
answer for each multiple-choice question. For Select-All-That-Apply (SATA)
questions, choose all options that apply. For calculation-based questions, show your
work in the space provided. For True/False questions, mark the statement as true or
false.
DOMAIN 1: Electronic Health Records, HITECH & CMS Interoperability .
Sub-Topic: Promoting Interoperability & Public Health Reporting (3 Questions)
Question 1 (Multiple-Choice)
Under the 2026 CMS Promoting Interoperability Program, an eligible hospital must
use 2015 Edition Certified Electronic Health Record Technology (CEHRT) to report
which of the following public health measures as required (not optional) for the
Medicare Promoting Interoperability Program?
A) Syndromic Surveillance Reporting and Public Health Registry Reporting
B) Immunization Registry Reporting and Electronic Case Reporting
C) Clinical Data Registry Reporting and Syndromic Surveillance Reporting
D) Electronic Case Reporting and Public Health Reporting Using TEFCA
Question 2 (Multiple-Choice)
A 320-bed acute care hospital in Louisiana is attesting to the CMS Promoting
Interoperability Program for calendar year 2026. The hospital's CIO confirms that
the EHR reporting period must be a minimum of any continuous:
A) 90-day period
B) 180-day period
,2
C) 270-day period
D) 365-day period
Question 3 (SATA)
Which of the following statements accurately describe the CMS Promoting
Interoperability Program requirements for eligible hospitals and critical access
hospitals (CAHs) in 2026? (Select all that apply.)
A) Eligible hospitals may use existing 2015 Edition certification criteria, the 2015
Edition Cures Update criteria, or a combination of both to meet the CEHRT
definition.
B) The Security Risk Analysis measure is now a scored measure worth 10 points
beginning in 2026.
C) Hospitals must attest to conducting both a security risk analysis and ongoing
security risk management activities.
D) The SAFER Guides requirement now includes annual self-assessments using all
eight 2025 SAFER Guides.
Sub-Topic: HIPAA Minimum Necessary Standard (3 Questions)
Question 4 (Multiple-Choice)
A utilization review nurse at Shreveport Medical Center is conducting a
retrospective quality audit on a specific patient's 30-day readmission. Under the
HIPAA Minimum Necessary Standard (45 CFR § 164.502(b)), which of the following
is the correct administrative action?
A) The nurse may access the full medical record of the specific patient being audited
because the review is classified as a healthcare operation.
B) The nurse may only access the discharge summary and billing records, as those
are the minimum necessary for a quality audit.
, 3
C) The nurse may browse the records of other patients on the same unit for
benchmarking purposes without additional authorization.
D) The Minimum Necessary Standard does not apply because quality improvement
activities are exempt from all HIPAA Privacy Rule restrictions.
Question 5 (Multiple-Choice)
A curious employee in the Health Information Management department accesses
the electronic health record of a neighbor who is not under their care. Under 45 CFR
§ 164.502(b) and § 164.514(d), this action constitutes:
A) A permitted disclosure for healthcare operations, provided the employee
documents the access.
B) A violation of the Minimum Necessary Standard because the access is not for the
intended purpose of treatment, payment, or healthcare operations related to that
specific patient.
C) A permissible activity under the "incidental disclosure" exception.
D) A permitted access because all workforce members have a legitimate need to
access records for quality assurance.
Question 6 (SATA)
Which of the following uses or disclosures are exempt from the HIPAA Minimum
Necessary Standard under 45 CFR § 164.502(b)(2)? (Select all that apply.)
A) Disclosures to or requests by a healthcare provider for treatment purposes.
B) Uses or disclosures made to the individual who is the subject of the PHI.
C) Uses or disclosures made pursuant to an individual's authorization under §
164.508.
D) Disclosures for healthcare operations when conducting a retrospective quality
audit.
Sub-Topic: SNOMED CT Terminology (2 Questions)
MHA 705 Module 7 Exam Questions and Answers
Louisiana State University Shreveport 2026/2027
Health Administration Review.
Instructions: This practice exam contains exactly 40 questions. Select the best
answer for each multiple-choice question. For Select-All-That-Apply (SATA)
questions, choose all options that apply. For calculation-based questions, show your
work in the space provided. For True/False questions, mark the statement as true or
false.
DOMAIN 1: Electronic Health Records, HITECH & CMS Interoperability .
Sub-Topic: Promoting Interoperability & Public Health Reporting (3 Questions)
Question 1 (Multiple-Choice)
Under the 2026 CMS Promoting Interoperability Program, an eligible hospital must
use 2015 Edition Certified Electronic Health Record Technology (CEHRT) to report
which of the following public health measures as required (not optional) for the
Medicare Promoting Interoperability Program?
A) Syndromic Surveillance Reporting and Public Health Registry Reporting
B) Immunization Registry Reporting and Electronic Case Reporting
C) Clinical Data Registry Reporting and Syndromic Surveillance Reporting
D) Electronic Case Reporting and Public Health Reporting Using TEFCA
Question 2 (Multiple-Choice)
A 320-bed acute care hospital in Louisiana is attesting to the CMS Promoting
Interoperability Program for calendar year 2026. The hospital's CIO confirms that
the EHR reporting period must be a minimum of any continuous:
A) 90-day period
B) 180-day period
,2
C) 270-day period
D) 365-day period
Question 3 (SATA)
Which of the following statements accurately describe the CMS Promoting
Interoperability Program requirements for eligible hospitals and critical access
hospitals (CAHs) in 2026? (Select all that apply.)
A) Eligible hospitals may use existing 2015 Edition certification criteria, the 2015
Edition Cures Update criteria, or a combination of both to meet the CEHRT
definition.
B) The Security Risk Analysis measure is now a scored measure worth 10 points
beginning in 2026.
C) Hospitals must attest to conducting both a security risk analysis and ongoing
security risk management activities.
D) The SAFER Guides requirement now includes annual self-assessments using all
eight 2025 SAFER Guides.
Sub-Topic: HIPAA Minimum Necessary Standard (3 Questions)
Question 4 (Multiple-Choice)
A utilization review nurse at Shreveport Medical Center is conducting a
retrospective quality audit on a specific patient's 30-day readmission. Under the
HIPAA Minimum Necessary Standard (45 CFR § 164.502(b)), which of the following
is the correct administrative action?
A) The nurse may access the full medical record of the specific patient being audited
because the review is classified as a healthcare operation.
B) The nurse may only access the discharge summary and billing records, as those
are the minimum necessary for a quality audit.
, 3
C) The nurse may browse the records of other patients on the same unit for
benchmarking purposes without additional authorization.
D) The Minimum Necessary Standard does not apply because quality improvement
activities are exempt from all HIPAA Privacy Rule restrictions.
Question 5 (Multiple-Choice)
A curious employee in the Health Information Management department accesses
the electronic health record of a neighbor who is not under their care. Under 45 CFR
§ 164.502(b) and § 164.514(d), this action constitutes:
A) A permitted disclosure for healthcare operations, provided the employee
documents the access.
B) A violation of the Minimum Necessary Standard because the access is not for the
intended purpose of treatment, payment, or healthcare operations related to that
specific patient.
C) A permissible activity under the "incidental disclosure" exception.
D) A permitted access because all workforce members have a legitimate need to
access records for quality assurance.
Question 6 (SATA)
Which of the following uses or disclosures are exempt from the HIPAA Minimum
Necessary Standard under 45 CFR § 164.502(b)(2)? (Select all that apply.)
A) Disclosures to or requests by a healthcare provider for treatment purposes.
B) Uses or disclosures made to the individual who is the subject of the PHI.
C) Uses or disclosures made pursuant to an individual's authorization under §
164.508.
D) Disclosures for healthcare operations when conducting a retrospective quality
audit.
Sub-Topic: SNOMED CT Terminology (2 Questions)
