Black Friday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. HIPAA
  3. CHP
  4. HIO-201 - Certified HIPAA Professional

HIPAA HIO-201 Certified HIPAA Professional Exam Practice Test

Demo: 24 questions
Total 160 questions
Get HIO-201 Full Access Download HIO-201 PDF

Certified HIPAA Professional Questions and Answers

Question 1

This transaction supports multiple functions. These functions include: telling a bank to move money OR telling a bank to move money while sending remittance information:

Options:

A.

277.

B.

278.

C.

271.

D.

82.

E.

270.

Question 2

The transaction number assigned to the Health Care Eligibility Request transaction is:

Options:

A.

270

B.

276

C.

278

D.

271

E.

834

Question 3

The transaction number assigned to the Health Care Claim Payment/Advice transaction is:

Options:

A.

270

B.

276

C.

834

D.

835

E.

837

Question 4

Periodic testing and revision of contingency plans is addressed by:

Options:

A.

Testing and Revision Procedures

B.

Information System Activity Review

C.

Response and Reporting

D.

Data Backup Plan

E.

Emergency Access Procedure

Question 5

Select the correct statement regarding the 834 - Benefit Enrollment and Maintenance transaction.

Options:

A.

It cannot be used to transfer enrollment information from a plan sponsor to a hearth care insurance company or other benefit provider.

B.

It can be used by a health insurance company to notify a plan sponsor that it has dropped one of its members.

C.

It cannot be used to enroll, update, or dis-enroll employees and dependents in a health plan.

D.

A sponsor can be an employer, insurance agency, association or government agency but unions are excluded from being plan sponsors.

E.

It can be used in either update or full replacement mode.

Question 6

Workstation Use falls under which Security Rule area?

Options:

A.

Person or Entity Authentication

B.

Technical Safeguards

C.

Administrative Safeguards

D.

Physical Safeguards

E.

Transmission Security

Question 7

One implementation specification of a contingency plan is:

Options:

A.

Risk analysis

B.

Applications and Data Criticality Analysis

C.

Risk Management

D.

Integrity Controls

E.

Encryption

Question 8

Physical safeguards using media controls do not include procedures to:

Options:

A.

Control access to tapes, floppies, and re-writeable CDs.

B.

Track the access of record able media.

C.

Dispose of storage devices.

D.

Backup copies of health information.

E.

Prohibit alteration of health information.

Question 9

This requires records of the movement of hardware and electronic media that contain PHI.

Options:

A.

Business Associate Contract

B.

Data Backup Plan

C.

Media Re-use

D.

Disposal

E.

Accountability

Question 10

Conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic PHI is:

Options:

A.

Risk Analysis

B.

Risk Management

C.

Access Establishment and Modification

D.

Isolating Health care Clearinghouse Function

E.

Information System Activity Review

Question 11

Which of the following is a required implementation specification associated with the Contingency Plan Standard?

Options:

A.

Integrity Controls

B.

Access Control and Validation Procedures

C.

Emergency Mode Operation

D.

Plan Response and Reporting

E.

Risk Analysis

Question 12

The objective of this document is to safeguard the premises and building from unauthorized physical access and to safeguard the equipment therein from unauthorized physical access, tampering and theft

Options:

A.

Contingency Plan

B.

Facility Security Plan

C.

Emergency Mode Operation Plan

D.

Accountability

E.

Device and Media Controls

Question 13

A doctor sends patient records to another company for data entry services. A bonded delivery service is used for the transfer. The records are returned to the doctor after entry is complete, using the same delivery service. The entry facility and the network they use are secure. The doctor is named as his own Privacy Officer in written policies. The doctor has written procedures for this process and all involved parties are documented as having been trained in them. The doctor does not have written authorizations to disclose Protected Health Information (PHI). Is the doctor in violation of the Privacy Rule?

Options:

A.

No - This would be considered an allowed "routine disclosure" between the doctor and his business partner

B.

Yes - There is no exception to the requirement for an authorization prior to disclosure, no matter how well intentioned or documented.

C.

Yes - a delivery service is not considered a covered entity

D.

Yes - to be a “routine disclosure” all the parties must have their own Privacy Officer as mandated by HIPAA

E.

Yes - this is not considered a part of "treatment", which is one of the valid exceptions to the Privacy Rule

Question 14

Select the FALSE statement regarding health-related communications and marketing in the HIPAA regulations:

Options:

A.

A covered entity must obtain an authorization for any use or disclosure of protected health information for marketing, except if the communication is in the form allowed by the regulations.

B.

A face-to-face communication made by a covered entity to an individual is allowed by the regulations without an authorization

C.

A promotional gift of nominal value provided by the covered entity is NOT allowed by the regulations without an authorization.

D.

If the marketing is expected to result in direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is expected

E.

Disclosure of PHI for marketing purposes is limited to disclosure to business associates (which could be a telemarketer) that undertakes marketing activities on behalf of the covered entity

Question 15

One implementation specification of the Security Management Process is:

Options:

A.

Risk Analysis

B.

Authorization and/or Supervision

C.

Termination Procedures

D.

Contingency Operations

E.

Encryption and Decryption

Question 16

Which of the following is NOT a correct statement regarding HIPAA requirements?

Options:

A.

A coveted entity must change its policies and procedures to complywith HIPPPregulations, standards, and implementation specifications.

B.

A covered entity must reasonably safeguard PHI from any intentional or unintentional use or disclosure that is in violation of the regulations.

C.

A covered entity must provide a process for individuals to make complaints concerning privacy issues.

D.

A covered entity must document all complaints received regarding privacy issues.

E.

The Privacy Rule requires that the covered entity has a documented security policy.

Question 17

The Privacy Rule interacts with Federal and State laws by:

Options:

A.

Establishing an orderly hierarchy where HIPAA applies, then other Federal law, then State law.

B.

Defining privacy to be a national interest that is best protected by Federal law

C.

Allowing State privacy laws to provide a cumulative effect lower than HIPAA.

D.

Mandating that Federal laws preempt State laws regarding privacy.

E.

Establishing a "floor" for privacy protection.

Question 18

Select the FALSE statement regarding the transaction rule.

Options:

A.

The Secretary is required by statue to Impose penalties of at least $100 per violation on any person or entity that fails to comply with a standard except that the total amount imposed on any one person in each calendar year may not exceed $1,000.000 for violations of one requirement

B.

Health plans are required to accept all standard transactions.

C.

Health plans may not require providers to make changes or additions to standard transactions

D.

Health plans may not refuse or delay payment of standard transactions.

E.

If additional information is added to a standard transaction it must not modify the definition, condition, intent, or use of a data element

Question 19

A business associate:

Options:

A.

Requires PKJ for the provider and the patient.

B.

Is electronically stored information about an individual's lifetime health status and healthcare.

C.

Is another name for an HMO.

D.

Identities all non-profit organizations.

E.

Is a person or an entity that on behalf of the covered entity performs or assists in the performance of a function or activity invoking the use or disclosure of health-relatedinformation.

Question 20

HIPAA defines transaction standards for:

Options:

A.

Encrypted communication between patient and provider.

B.

All patient events.

C.

Security.

D.

Benefits inquiry.

E.

Emergency treatment.

Question 21

Select the correct statement regarding code sets and identifiers.

Options:

A.

A covered entity must use the applicable code set that is valid at the time the transaction is initiated.

B.

April 14, 2003 is the compliance date for implementation of the National Provider Identifier.

C.

CMS is responsible for updating the CPT-4 code set.

D.

An organization that assigns NPIs is referred to as National Provider for Identifiers.

E.

HHS assigns the Employer Identification Number (EIN), which has been selected as the National Provider Identifier for Health Care.

Question 22

The version of the ANSI ASC X12N standard required by HIPAA regulations is:

Options:

A.

3070

B.

3050

C.

3045

D.

4010

E.

4020

Question 23

HIPAA establishes a civil monetary penalty for violation of the Administrative Simplification provisions. The penalty may not be more than:

Options:

A.

$1,000,000 per person per violation of a single standard for a calendar year.

B.

$10 per person per violation of a single standard for a calendar year.

C.

$25,000 per person per violation of a single standard for a calendar year.

D.

$2,500 per person per violation of a single standard for a calendar year.

E.

$1000 per person per violation of a single standard for a calendar year.

Question 24

A hospital is preparing a file of treatment information for the state of California. This file is to be sent to external medical researchers. The hospital has removed SSN, name, phone and other information that specifically identifies an individual. However, there may still be data in the file that potentially could identify the individual. Can the hospital claim "safe harbor" and release the file to the researchers?

Options:

A.

Yes - the hospital's actions satisfy the "safe harbor" method of de-identification.

B.

No - a person with appropriate knowledge and experience must determine that the information that remains can’t identify an individual.

C.

No - authorization to release the information is still required by HIPAA

D.

No - to satisfy "safe harbor" the hospital must also have no knowledge of a way to use the remaining data to identify an individual.

E.

Yes - medical researchers are covered entities and "research" is considered a part of "treatment" by HIPAA.

Load More HIO-201 Questions
Demo: 24 questions
Total 160 questions
Get HIO-201 Full Access Download HIO-201 PDF