The code set that must be used to describe or identil' outpatient physician services and procedures is:

A. ICD-SCM, Volumes 1 and 2

B. CPT-4

C. CDT

D. ICD-SCM, Volume 3

E. NDC

Select the FALSE statement regarding code sets and identifiers.

A. The CPT-4 code set is maintained by the American Medical Association (AMA).

B. A covered entity must use the applicable medical code set that is valid at the time the health care is delivered.

C. The National Provider Identifier (NPI) will be assigned by the National Provider System (NPS).

D. The Centers for Medicare and Medicaid Services is responsible for updating the HCPCS code set.

E. The National Provider Identifier (NPI) will be assigned to health plans.

Health information is protected by the Privacy Rule as long as:

A. The authorization has been revoked by the physician

B. The patient remains a citizen of the United States.

C. The information is under the control of HHS.

D. The information is in the possession of a covered entity.

E. The information is not also available on paper forms.

A business associate:

A. Requires PKI for the provider and the patient.

B. Is electronically stored information about an individual's lifetime health status and health care.

C. Is another name for an HMO.

D. Identifies all non-profit organizations.

E. Is a person or an entity that on behalf of the covered entity performs or assists in the performance of a function or activity involving the use or disclosure of health-related information.

The purpose of this security rule standard is to implement technical policies and procedures for electronic information systems that maintain electronic PHI, and to allow access only to those persons or software programs that have been granted access rights

A. Person or Entity Authentication

B. Audit Controls

C. Facility Access Controls

D. Transmission Security

E. Access Controls

Select the best statement regarding the definition of a business associate of a covered entity. A business associate is:

A. A person who acts on behalf of a non-covered entity.

B. A person who's function may involve claims processing, administration, data analysis or practice management with access to PHI.

C. A person who is a member of the covered entity's workforce.

D. A clearinghouse.

E. A person that performs or assists in the performance of a function or activity that involves the use or disclosure of de-identified health information

Which HIPAA Title is fueling initiatives within organizations to address health care priorities in the areas of transactions, privacy, and security'?

A. Title I.

B. Title II

C. Title Ill.

D. Title W.

E. Title V.

Select the best statement regarding the definition of protected health information (PHI).

A. PHI includes all individually identifiable health information (IIHI).

B. PHI does not include physician's hand written notes about the patient's treatment.

C. PHI does not include PHI stored on paper.

D. PHI does not include PHI in transit.

E. PHI includes de-identified health information

Processes enabling an enterprise to restore any lost data in the event of fire, vandalism, natural disaster, or system failure are defined under:

A. Risk Analysis

B. Contingency Operations

C. Emergency Mode Operation Plan

D. Data Backup Plan

E. Disaster Recover Plan

The security standard that has the objective of implementing mechanisms to record and examine system activity is:

A. Access Control

B. Audit Controls

C. Authorization Controls

D. Data Authentication

E. Person or Entity Authentication