The Hipaa Omnibus Rule Enhanced
58 community-sourced questions and answers. Free — no login.
Meeting regulations, recommendations and expectations of federal and state agencies that pay for health care services and regulate the industry
compliance
What is the first step health insurance specialists should take toward achieving compliance so they do not violate laws, which may result in penalties or fines
identifying the laws that regulate the industry.
What is the primary purpose of HIPAA Title I: Insurance Reform
To provide continuous insurance coverage for workers and their insured dependents when they change or lose jobs
The focus on the health care practice setting and reduction of administrative costs and burdens are the goals of which part of HIPPA
HIPAA Title II: Administrative Simplification
An independent organization that receives insurance claims form the physicians office, performs edits and transmits claims to insurance carriers is known as
health care clearinghouse
Under HIPAA guidelines, a health care coverage carrier, such as BCBS that transmits health info in electronic form in connection with a transaction is called
covered entity
Dr John Doe contracts with an outside billing company to manage claims and a/r. Under HIPAA guidelines, the biling company is considered a _____of the providers
Business Associate
An individual designated to assist the provider by putting compliance policies and procedures in place and training office staff is knows as a/an_______under HIPAA guidelines
privacy officer or privacy official
If you give, release, or tranfer info to another entity, it is known as
disclosure
Protected Health Information PHI is
Any info that identifies an individual and describes his/her health status, age, sex, ethnicity, or other demographic characteristics, whether that info is or is not stored or transmitted electronically
Unauthorized release of a patient's health information is called
breach of contract
A confidential communication related to the patient's treatment and progress that may be disclosed only with the patient's permission is known as
privileged information or patient rights
Under HIPAA exceptions to the right of privacy are those records involving
a. When the patient is a member of a managed care organization and the physician has signed a contract with the MCO b.When patients have certain communicable diseases c.When a medical device malfunctions d.Criminal investigation/locating a missing person, material witness, suspect e.When records are subpoenaed or there's a search warrants f.Suspicious death or suspected crime victim-providers must report cases g.Workers Comp f.State Law (police), child or elder abuse, domestic violence, gunshot wounds
At a patient's first visit, under HIPAA guidelines, the document that must be given so the patient acknowledges the provider's confidentiality of his or her PHI is the
NPP Notice of privacy practices
If a breach of privacy is discovered, the healthcare provider is required to take affirmative action to respond to the breach and alleviate the severity of it. This is known as
mitigation
Name the three main sections of the HIPAA Security Rule for protecting electronic health information
Administrative safeguards Technical safeguards Physical safeguards
Name the three specific areas of significant change that resulted from the HITECH Health Information Technology for Economic and Clinical Health Act.
Business associates. Notification of breach. Civil penalties for non compliance with provisions
One of the agencies charged with enforcing laws that regulate the health care industry is the
OIG Office of Inspector General
HIPAA transaction standards apply to the following, which are called covered entities:
heath care third party payers health care providers health care clearinghouses
Enforcement of the privacy standards of HIPAA is the responsibility of the
HCFAP Health Care Fraud and Abuse Control Program
Verbal or written agreement that gives approval to some action, situation, or statement is called
consent
An individuals formal written permission to use or disclose his or her personally identifiable health information for purposes other than treatment, payment, or health care operations is called
authorization
The NPP Notice of Privacy Practices document is given to patients
at the first visit to the practice
Privacy regulations allow patients the right to obtain a copy of PHI
only if the health care provider has determined that it would be appropriate and would not endanger the patient or any other person
Under HIPAA, patient sign in sheets
are permissible but limit the information that is requested
Under HITECH, if a breach occurs, the covered entity
must notify the affected party no later than 60 calendar days after the discovery of the breach
The HIPAA Omnibus Rule enhanced
patients' privacy rights
Measurable solutions that have been taken, based on accepted standards, and are periodically monitored to demonstrate that an office is in compliance with HiPAA privacy rules are referred to
reasonable safeguards
Stealing money that has been entrusted in ones care
embezzlement
Under the Criminal False Claims Act, fines and imprisonment penalties for making a false claim in connection with payment for health care benefits can be imposed on
anyone who knowingly and willfully participated in the scheme
The FCA provision that allows a private citizen to bring civil action for a violation on behalf of the federal government and share in any money recovered is referred to as
qui tam
The initiative that established hotlines for the public to report issues that might indicate fraud, abuse or waste is
ORT Operation Restore Trust
Health care providers who determine that they have submitted false claims should resolve the issue by seeking the Dept of Health and Human Services (HHS) and OIG guidance established in 2006 and referred to as
Self-Disclosure Protocol
The OIG recommends that health care staff should attend trainings in "general " compliance
at least annually
When faced with discovery of an offense or an error, health insurance specialists should immediately report concerns
using the established chain of command outlined in their compliance plan
ePHI
ELECTRONIC PROTECTED HEALTH INFORMATION
FCA
FALSE CLAIMS ACT
FDIC
FEDERAL DEPOSIT INSURANCE CORP
FERA
FRAUD INFORCEMENT AND RECOVERY ACT
FTP
FILE TRANSFER PROTOCOL
HCFAC
HEALTH CARE FRAUD AND ABUSE CONTROL
HEAT
HEALTH CARE PREVENTION AND ENFORCEMENT ACTION TEAM
HIPAA
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
HITECH
HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH
IIHI
INDIVIDUALLY INDENTIFIABLE HEALTH INFORMATION
MIP
MEDICARE INTEGRITY PROGRAM
NPP
NONPHYSICIAN PRACTITIONERS/ALSO NOTICE OF PRIVACY PRACTICES
OCR
OFFICE FOR CIVIL RIGHTS
OIG
OFFICE OF THE INSPECTOR GENERAL
ORT
OPERATION RESTORE TRUST
OSHA
OCCUPATIONAL SAFETY AND HEALTH ADMINISTRATION
P&P
POLICES AND PROCEDURES
PHI
PROTECTED HEALTH INFORMATION
PO
PRIVACY OFFICER OR PRIVACY OFFICIAL
RAC
RECOVER AUDIT CONTRACTORS
SDP
SELF DISCLOSURE PROTOCOL
TPO
TREATMENT, PAYMENT OR HEALTH CARE OPERATIONS
ZPIC
ZONE PROGRAM INTEGRITY CONTRACTOR
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials