RHIT Domain 2 2022 practice exam
QUESTIONS AND ANSWERS ALL CORRECT
A tool that identifies when a user logs in and out, what actions he or she takes, and more is called
a(n): Correct Answer: Audit trail
Which of the following statements is true regarding HIPAA security? Correct Answer:
Institutions are allowed flexibility in the way they implement HIPAA standards
Access to health records based on protected health information within a healthcare facility
should be limited to employees who have a: Correct Answer: Legitimate need for access
The release of information function requires the HIM professional to have knowledge of: Correct
Answer: Federal and state confidentiality laws
When data has been lost in an EHR, which action is taken to remedy this problem? Correct
Answer: Data recovery
A health information technician receives a subpoena ad testificandum. To respond to the
subpoena, which of the following should the technician do? Correct Answer: Review the
subpoena and appear at the time and place supplied to give testimony
The admission director maintains that a notice of privacy practices must be provided to the
patient on each admission. How should the HIM director respond? Correct Answer: Notice of
privacy practices is required on the first provision of services.
A patient requests copies of her medical records in an electronic format. The hospital does not
maintain all of the designated records in an electronic format. How should the hospital respond?
Correct Answer: Provide the records in the paper format only
On review of the audit trail for an EHR system, the HIM director discovers that a department
employee who has authorized access to patient records is printing far more records than the
average user. In this case, what should the supervisor do? Correct Answer: Determine what
information was printed and why
Which of the following definitions best describes the concept of confidentiality? Correct
Answer: The expectation that personal information shared by an individual with a healthcare
provider during the course of care will be used only for its intended purpose
Ted and Mary are the adoptive parents of Susan, a minor. What is the best way for them to
obtain a copy of Susan's operative report? Correct Answer: Present an authorization that at least
one of them has signed
Which of the following individuals may authorize release of information? Correct Answer: A
married 15 year old father
, A patient request a copy of his health records. When the request is received, the HIM clerk finds
that the records are stored off site. Which is the longest timeframe the hospital can take to remain
in compliance with HIPAA regulations? Correct Answer: Provide copies of the records within
60 days
The right of an individual to keep personal health information form being disclosed to anyone is
a definition of: Correct Answer: Privacy
What types of covered entity health records are subject to the HIPAA privacy regulations?
Correct Answer: Health records in any format
The record custodian typically can testify about which of the following when a party in a legal
proceeding is attempting to admit a health record as evidence? Correct Answer: Identification of
the record as the one subpoenaed
The Medical Records Committee is reviewing the privacy policies for a large outpatient clinic.
One of the members of the committee remarks that he feels that the clinic's practices of calling
out a patient's full name in the waiting room is not in compliance with HIPAA regulations and
that only the patient's first name should be used. Other committee members disagree with this
assessment. What should the HIM director advise the committee? Correct Answer: There is no
violation of HIPAA in announcing a patients' name but the committee may want to consider
implementing a change that might reduce this practice.
An employee accesses PHI on a computer system that does not relate to her job functions. What
security mechanism should have been implemented to minimize this security breach? Correct
Answer: Access controls
Which of the following of the following is true about health information retention? Correct
Answer: Retention periods differ among healthcare facilities
Sally has requested an accounting of PHI disclosures from Community Hospital. Which of the
following must be included in an accounting of disclosures to comply with this request? Correct
Answer: PHI sent to a physician who has not treated Sally
Which of the following is an example of a physical safeguard that should be provided for in a
data security program? Correct Answer: Locking computer rooms
External security threats can be caused by which of the following? Correct Answer: Tornados
Which of the following is true regarding the development of health record destruction policies?
Correct Answer: All applicable laws must be considered
A hospital HIM department wants to move five years of health records to a remote storage
location. The records will be stored in boxes and will be filed on open shelves at the remote
location. Which of the following should be done so that record location can be easily identified
QUESTIONS AND ANSWERS ALL CORRECT
A tool that identifies when a user logs in and out, what actions he or she takes, and more is called
a(n): Correct Answer: Audit trail
Which of the following statements is true regarding HIPAA security? Correct Answer:
Institutions are allowed flexibility in the way they implement HIPAA standards
Access to health records based on protected health information within a healthcare facility
should be limited to employees who have a: Correct Answer: Legitimate need for access
The release of information function requires the HIM professional to have knowledge of: Correct
Answer: Federal and state confidentiality laws
When data has been lost in an EHR, which action is taken to remedy this problem? Correct
Answer: Data recovery
A health information technician receives a subpoena ad testificandum. To respond to the
subpoena, which of the following should the technician do? Correct Answer: Review the
subpoena and appear at the time and place supplied to give testimony
The admission director maintains that a notice of privacy practices must be provided to the
patient on each admission. How should the HIM director respond? Correct Answer: Notice of
privacy practices is required on the first provision of services.
A patient requests copies of her medical records in an electronic format. The hospital does not
maintain all of the designated records in an electronic format. How should the hospital respond?
Correct Answer: Provide the records in the paper format only
On review of the audit trail for an EHR system, the HIM director discovers that a department
employee who has authorized access to patient records is printing far more records than the
average user. In this case, what should the supervisor do? Correct Answer: Determine what
information was printed and why
Which of the following definitions best describes the concept of confidentiality? Correct
Answer: The expectation that personal information shared by an individual with a healthcare
provider during the course of care will be used only for its intended purpose
Ted and Mary are the adoptive parents of Susan, a minor. What is the best way for them to
obtain a copy of Susan's operative report? Correct Answer: Present an authorization that at least
one of them has signed
Which of the following individuals may authorize release of information? Correct Answer: A
married 15 year old father
, A patient request a copy of his health records. When the request is received, the HIM clerk finds
that the records are stored off site. Which is the longest timeframe the hospital can take to remain
in compliance with HIPAA regulations? Correct Answer: Provide copies of the records within
60 days
The right of an individual to keep personal health information form being disclosed to anyone is
a definition of: Correct Answer: Privacy
What types of covered entity health records are subject to the HIPAA privacy regulations?
Correct Answer: Health records in any format
The record custodian typically can testify about which of the following when a party in a legal
proceeding is attempting to admit a health record as evidence? Correct Answer: Identification of
the record as the one subpoenaed
The Medical Records Committee is reviewing the privacy policies for a large outpatient clinic.
One of the members of the committee remarks that he feels that the clinic's practices of calling
out a patient's full name in the waiting room is not in compliance with HIPAA regulations and
that only the patient's first name should be used. Other committee members disagree with this
assessment. What should the HIM director advise the committee? Correct Answer: There is no
violation of HIPAA in announcing a patients' name but the committee may want to consider
implementing a change that might reduce this practice.
An employee accesses PHI on a computer system that does not relate to her job functions. What
security mechanism should have been implemented to minimize this security breach? Correct
Answer: Access controls
Which of the following of the following is true about health information retention? Correct
Answer: Retention periods differ among healthcare facilities
Sally has requested an accounting of PHI disclosures from Community Hospital. Which of the
following must be included in an accounting of disclosures to comply with this request? Correct
Answer: PHI sent to a physician who has not treated Sally
Which of the following is an example of a physical safeguard that should be provided for in a
data security program? Correct Answer: Locking computer rooms
External security threats can be caused by which of the following? Correct Answer: Tornados
Which of the following is true regarding the development of health record destruction policies?
Correct Answer: All applicable laws must be considered
A hospital HIM department wants to move five years of health records to a remote storage
location. The records will be stored in boxes and will be filed on open shelves at the remote
location. Which of the following should be done so that record location can be easily identified
