Puzzles and worksheets similar to CH 2 Healthcare Regulations Worksheet

Patient ________________ is your right to decide when, how, and to what extent others may access your health information
The privacy rule all healthcare workers must abide by
PHI stands for__________________ ________________ Information
A provider must post the notice of privacy practices in a clear and ______________-to-find location where patients are able to see it
The state of keeping or being kept secret or private
This must be signed by the patient in order to receive a copy of their medical records
Must be included when sending PHI via fax
An act of breaking or failing to observe a law, agreement, or code of conduct
The action or act of complying with rules and standards
This is a digital version of medical records

Something that shows up in a email
Hard to detect both by Users
Identity and Privacy Protection
Someone attempting to create Identity fraud
A security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software
The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment. Generally, a data breach results in internal data being made accessible to external entities without authorization.
A security tool, which may be a hardware or software solution that is used to filter network traffic.
A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual. The fraud is due to the attacker impersonating someone else.
he likelihood or potential that an employee or another form of internal personnel may pose a risk to the stability or security of an organization
Any code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware and spyware/adware.
The likelihood or potential that an outside entity, such as an ex-employee, competitor or even an unhappy customer, may pose a risk to the stability or security of an organization. An outsider must often gain logical or physical access to the target before launching malicious attacks.
A form of unwanted or unsolicited messages or communications typically received via e-mail but also occurring through text messaging, social networks or VoIP. Most SPAM is advertising, but some may include malicious code, malicious hyperlinks or malicious attachments.
A form of malware that often attaches itself to a host file or the MBR (Master Boot Record) as a parasite. When the host file or MBR is accessed, it activates the virus enabling it to infect other objects. Most viruses spread through human activity within and between computers
a dishonest scheme; a fraud.
The act of falsifying the identity of the source of a communication or interaction. It is possible to spoof IP address, MAC address and email address.
A form of malware that monitors user activities and reports them to an external their party. Spyware can be legitimate in that it is operated by an advertising and marketing agency for the purpose of gathering customer demographics. However, spyware can also be operated by attackers using the data gathering tool to steal an identity or learn enough about a victim to harm them in other ways.
An attack focusing on people rather than technology
Alerts used as a warning of danger.
an attempt by hackers to damage or destroy a computer network or system.
a specific aspect of broader concepts such as cybersecurity and computer security, being focused on the specific threats and .
the ultimate call control center that gives customers full control of all T-Mobile's scam protection options.
Malware is defined as any device software that aims to cause damage and steal data. Malware is an abbreviation for malicious software. Ransomware and trojan, for example, are types of malware widely used in email attacks

1) A patient's consent to the disclosure of protected health information (PHI); the form by which a patient gives consent to release of information.
2) An unauthorized disclosure of confidential information.
3) The release of confidential health information about an identifiable person to another person or entity.
4) The means to control access and protect information from accidental or intentional disclosure to unauthorized persons and from unauthorized alteration, destruction, or loss.
5) The right of a patient to control disclosure of protected health information.
6) Healthcare provider, healthcare clearinghouse or payer is Covered _______.
7) HIPAA act of 199__.
8) Information required to be protected under HIPAA compliance.
9) The codification of the general and permanent rules and regulations.
10) The government office that protects a patient’s information.

Common workplace ethic of respecting others and working well together.
Federal laws that provide protection from retribution against someone for reporting a suspected violation.
The capacity to do what is right even in the face of temptation to do otherwise.
Taking another’s property or money by a person to whom it has been entrusted.
When one obtains money or property by lying about a past or existing fact. False
Offering or giving anything of value to get or keep business or to influence performance of an official.
Obtaining money or other property by wrongful use of force or the power of office.
The duty of a business to contribute to the wellbeing of society. Social
An employee who speaks out about misconduct, malpractice, or corruption.
Set of standards or rules that guide business behavior in a positive direction. Code of
A person’s personal philosophies about what is right or wrong.
Use of confidential corporate information to buy or sell stocks. Insider
Deliberate deception to gain an unlawful advantage.
Crime against the environment. Green
Economic crimes committed by professionals in the course of their work. White Collar
Hiding money obtained illegally by putting it in legal businesses. Money
Negative or unfair treatment based on personal characteristics rather than job performance, skills, or merit.
Unwelcome conduct from another whose actions, communication, or behavior mocks, demeans, disparages, or ridicules an employee.
Sentenced to 150 years in prison for largest Ponzi scheme in history.
Its use poses a potential conflict between employees' rights to express themselves and an organization's need to preserve its reputation, intellectual property, and information its legally obligated to protect. Social
Responsible for making ethical choices to maintain our company's reputation for fair, honest business practices.
The set of measures taken to ensure that networks, systems, & data breaches are avoided.
A lifestyle influencer who served 5 months in federal prison and paid fines of treble damages in connection to allegations of insider trading. Martha
An unauthorized person viewing confidential data is an example of a reportable _______ incident.

Where are policies located
How many injections do you get in a Hep B series
Who provides cleaning chemicals for the departments to use
If you are out for three days or more what do you need to have to return to work
If we have a disaster and we lose natural gas supply what will we use
who approves personal appliance use in HMH
Do we allow service animals in HMH
How often does a head lice egg hatch
What do we do with a patients clothes that has head lice
What is the surgeon's last name that starts with F
What is the minimum amount of seconds to wash your hands
What is a common food borne illness
How many visitors can a PCU patient have s day
What does Code Gray mean
What protects patient information

PHI is _________ Health Information.
Medicare & Medicaid are _______ healthcare programs
Reports of non-compliance can be submitted via __________ Services
Patient rights are outlined in the Notice of _______ Practices
The impermissable disclosure of PHI is called a ______
The HIPAA rule for safeguarding electronic PHI
The Office of _____ ______ enforces HIPAA
Non-compliance may result in costly criminal _________.
_____ requires a person to have intent and knowledge that their actions are wrong
The _____ ______ Act protects the government from false or fraudulent claims.

What president signed the American Recovery and Reinvestment Act (ARRA) into law?
Persons or organizations that must comply with the HIPAA Privacy and Security Rules; include healthcare prviders, health plans, and healthcare clearinghouses
A law that requires federal agencies to safeguard personally identifable records and provides individuals with certain privacy rights
Under the HIPAA Privacy Rule, employees, volunteers, trainees, and other persons, whether paid or not, who work for and are under the direct control of the covered entity
A "need to know" filter that is applied to limit access to a patient's PHI and to limit the amount of PHI used, disclosed, and requested
The act of making information known; the release of confidential health information about an identifiable person to another person or entity; release, transfer, provison of access to, or divulging in any other manner of information outside the entity holding the information.
The federal government published the standards for privacy of individually identifiable health information commonly referred to as
These three actions are functions of a covered entity that are necessary for the covered entity to successfully conduct business
The HIPAAA definition with respect to individually identifiable health information
Ways in which access, use, and disclosure of patient information are made

A US law designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
Medical Providers, Health Plans, and Clearing Houses are the 3 types of (blank) Entities.
Integrity Marketing Group is regulated by HIPAA because we are considered a Business (blank).
A lawful or unlawful release of PHI/ePHI is called a (blank).
A set of national standards that protects ELECTRONIC forms of PHI is called the (blank) Rule.
The acronym used to describe what HIPAA is meant to protect.
One method for reporting compliance concerns within Integrity companies.
Penalties for HIPAA violations can range from one hundred to (blank) thousand dollars per violation per person.
The process of converting information or data into an unreadable format in order to prevent unauthorized access.
If an Integrity employee receives a request for access to PHI, the employee should ask the caller to confirm how many pieces of sensitive information about themselves for verification purposes?
When using or disclosing protected health information a covered entity must make reasonable efforts to limit protected health information to the Minimum (blank).
The government office that protects a patients information.
Information that can identify a person.
The acquisition, access, use, or disclosure of unsecured PHI, in a manner not permitted by HIPAA.
A good way to securely dispose of hard copy PHI.
Random monthly audits performed by Integrity's Compliance Teams.
Policy that protects employees from adverse action stemming from a compliance report made in good faith.
A (blank) associate is an entity that performs certain functions involving PHI on behalf of a covered entity.
True or False. Faxing or emailed unsecured PHI to an unintended party is considered a breach under HIPAA law.
Losing a cell phone that stores or permits access to client PHI is a (blank) and needs to be reported.

Any health plan, healthcare clearinghouse, or any healthcare provider who transmits PHI in electronic form
A group of records maintained by or for a covered entity that may include patient medical and billing records
Composed of a series of national standards outlining the privacy and security of protected health information
Establishes national standards to protect individuals' medical records and other personal health information; applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically
Requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information
Allows an individual to put an end to an authorization at any time
Establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies
Generally provides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions
Physical measures, policies, and procedures to protect a covered entity's electronic information systems, related buildings or equipment from natural and environmental hazards or unauthorized intrusion
The technology and the policy and procedures for its use that protect electronic PHI and control access to it
A public or private entity, including a billing service, repricing company, community health management information system or community health information system that either process or facilitate the processing of health information received from another entity

It protects patiets demographic information
there are this many provisions for hipaa
physicians,insurance carriers and clearinghouses are this
Someone who works for a covered entity is called this
PHI stands for
This must be signed before PHI is given to another doctor
This agency investigates fraud and abuse cases
when you intentionally submit false information
This person turn in someone whoi is commiting fraud
This rule provide regulation related to electronic transactions
This is a type of PHI
Information that does not need consent to be discolsed is call
Health Information portability and accountablility act
the privacy rule and the ________ rule