PMI CMOM Module 4 2025/2026 Exam
Questions Marking Scheme New Update
| A+ Rated
HIPPA Privacy Regulation - 🧠ANSWER ✔✔1. Use and disclosure of
protected health information/individual identifiable health information
(PHI/IIHI)
2. Patient rights in regard to their PHI and IIHI
4. Security, both administrative and physical, of PHI and IIHI
American Recovery and Reinvestment Act (ARRA) - 🧠ANSWER ✔✔"The
stimulus." Significant improvement in the privacy and security standards for
health info
1. Changes in HIPPA statute and privacy and security regulations
2.Changes in HIPPA enforcement
3.Provisions address health info held by entities not covered by HIPPA
1
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
,4.Micellaneous: Admin, studies, report, and education initiatives
Business Associates - 🧠ANSWER ✔✔BA's bound by contract to use
appropriate security safeguards to protect health info they receive from
covered entities
Any organization or entity that provides a service that will invoice disclosure
of PHI. Any third party you are associated with and share PHI with
Required to enter a chain of trust, agree to protect PHI
Breach Notification - 🧠ANSWER ✔✔Must provide notification to individuals
if their health info has been breached. Unauthorized acquisition, access,
use or disclosure of PHI
No later than 60 days after discovery
Notice is required to be provided to media outlets if more that 500
individuals involved
2
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
, Right to Restrict - 🧠ANSWER ✔✔ARRA require covered entities and BA's
honor an individuals request to restrict disclosure of PHI to a health plan for
purpose of payment or health care operations if the info pertains solely to a
health care item or service that the individual has pain in full out-of-pocket
Accounting for Disclosures - 🧠ANSWER ✔✔ARRA states covered entities
using EHR may not exempt disclosures for treatment, payment and
healthcare operations, although the accounting need only cover the
previous three years
Prohibition on "Sale" of PHI - 🧠ANSWER ✔✔ARRA prohibits the direct or
indirect receipt of remuneration in exchange for an individuals PHI without
an authorization from that individual
Right of Electronic Access - 🧠ANSWER ✔✔ARRA states covered entities
using EHR must provide individual with an electronic copy of PHI in the
record, which must be transmitted directly to an entity or person specified
by the individual. Any fee charges cannot be greater than entity's labor cost
in responding to the request
Marketing Communications - 🧠ANSWER ✔✔ARRA states covered entity is
paid by and outside entity to send a communicating to a pt, the
3
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
Questions Marking Scheme New Update
| A+ Rated
HIPPA Privacy Regulation - 🧠ANSWER ✔✔1. Use and disclosure of
protected health information/individual identifiable health information
(PHI/IIHI)
2. Patient rights in regard to their PHI and IIHI
4. Security, both administrative and physical, of PHI and IIHI
American Recovery and Reinvestment Act (ARRA) - 🧠ANSWER ✔✔"The
stimulus." Significant improvement in the privacy and security standards for
health info
1. Changes in HIPPA statute and privacy and security regulations
2.Changes in HIPPA enforcement
3.Provisions address health info held by entities not covered by HIPPA
1
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
,4.Micellaneous: Admin, studies, report, and education initiatives
Business Associates - 🧠ANSWER ✔✔BA's bound by contract to use
appropriate security safeguards to protect health info they receive from
covered entities
Any organization or entity that provides a service that will invoice disclosure
of PHI. Any third party you are associated with and share PHI with
Required to enter a chain of trust, agree to protect PHI
Breach Notification - 🧠ANSWER ✔✔Must provide notification to individuals
if their health info has been breached. Unauthorized acquisition, access,
use or disclosure of PHI
No later than 60 days after discovery
Notice is required to be provided to media outlets if more that 500
individuals involved
2
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
, Right to Restrict - 🧠ANSWER ✔✔ARRA require covered entities and BA's
honor an individuals request to restrict disclosure of PHI to a health plan for
purpose of payment or health care operations if the info pertains solely to a
health care item or service that the individual has pain in full out-of-pocket
Accounting for Disclosures - 🧠ANSWER ✔✔ARRA states covered entities
using EHR may not exempt disclosures for treatment, payment and
healthcare operations, although the accounting need only cover the
previous three years
Prohibition on "Sale" of PHI - 🧠ANSWER ✔✔ARRA prohibits the direct or
indirect receipt of remuneration in exchange for an individuals PHI without
an authorization from that individual
Right of Electronic Access - 🧠ANSWER ✔✔ARRA states covered entities
using EHR must provide individual with an electronic copy of PHI in the
record, which must be transmitted directly to an entity or person specified
by the individual. Any fee charges cannot be greater than entity's labor cost
in responding to the request
Marketing Communications - 🧠ANSWER ✔✔ARRA states covered entity is
paid by and outside entity to send a communicating to a pt, the
3
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
STATEMENT. ALL RIGHTS RESERVED
