Policy Management and Regulatory Compliance

Abstract

Policy management and regulatory compliance extend well beyond administrative management and touches all levels of an organization. The role of an imaging informatics professional is to be knowledgeable on organizational, local, state, and federal requirements and to assure that his area of responsibility is in compliance with these requirements. This chapter covers the most significant federal regulations that currently impact the imaging informatics professional. The chapter ends with a review of the requirements for professional certification in imaging informatics.

Self-Assessment Questions

1. 1.

   Protected Health Information (PHI) is defined as

   1. a.

      All information that is available at the patient or study demographics level.

   2. b.

      Any information that can be used to identify an individual at the patient demographics level.

   3. c.

      Any information that can be used to identify an individual at the study demographics level.

   4. d.

      Any information that can be used to identify an individual at the patient or study demographics level.

2. 2.

   The Privacy Rule pertains to protected health information in any format, and specifies that “covered entities” are defined exclusively as

   1. a.

      Business associates of healthcare entities.

   2. b.

      Healthcare entities.

   3. c.

      Healthcare entities and business associates.

   4. d.

      Healthcare payors.

3. 3.

   The primary officer responsible for ensuring that an organization meets HIPAA requirements

   1. a.

      HIPAA compliance officer

   2. b.

      HIPAA privacy officer

   3. c.

      HIPAA regulatory officer

   4. d.

      HIPAA security officer

4. 4.

   According to HIPAA, transmission security requires

   1. a.

      Integrity controls and the encryption of data that are exchanged between applications.

   2. b.

      Integrity controls and the encryption of data that are exchanged between local servers.

   3. c.

      Integrity controls and the encryption of data that are exchanged between remote locations.

   4. d.

      Integrity controls and the encryption of data are not required by HIPAA transmission security.

5. 5.

   The Security Rule identifies three categories of safeguards for HIPAA compliance:

   1. a.

      Administrative, legal, and technical.

   2. b.

      Administrative, physical, and technical.

   3. c.

      Legal, physical, and technical.

   4. d.

      Authentication, encryption, and automatic logoffs.

6. 6.

   The Mammography Quality Standards Act (MQSA) establishes national standards for mammography and is regulated by the

   1. a.

      American College of Radiology.

   2. b.

      Centers for Medicare and Medicaid Services.

   3. c.

      Department of Health and Human Services.

   4. d.

      Food and Drug Administration.

7. 7.

   MQSA certification must be renewed

   1. a.

      Every year.

   2. b.

      Every 2 years.

   3. c.

      Every 3 years.

   4. d.

      Every 5 years.

8. 8.

   The minimum native resolution for full-field digital mammography must be at least

   1. a.

      1 line pair per millimeter.

   2. b.

      2 line pairs per millimeter.

   3. c.

      5 line pairs per millimeter.

   4. d.

      10 line pairs per millimeter.

9. 9.

   Which of the following is true regarding mammography films that have been digitized?

   1. a.

      Can be used for primary diagnosis and comparison studies and can be used as a substitute for film for long-term archiving.

   2. b.

      Can be used for primary diagnosis and comparison studies and cannot be used as a substitute for film for long-term archiving.

   3. c.

      Can be used for comparison only and not for primary diagnosis and can be used as a substitute for long-term archiving.

   4. d.

      Can be used for comparison only and not for primary diagnosis and cannot be used as a substitute for long-term archiving.

10. 10.

    According to MQSA, it is permissible to electronically transfer mammography images specifically if

    1. a.

       The data are transferred in lossless compression format and are acceptable to the sending party.

    2. b.

       The data are transferred in lossless compression format and are acceptable to the receiving party.

    3. c.

       The data are transferred in lossy or lossless compression format and are acceptable to the sending party.

    4. d.

       The data are transferred in lossy or lossless compression format and are acceptable to the receiving party.