One of the core values Integrity
Amount of information needed to accomplish a task (2 wrds) Minimum Necessary
Person with access to the system User
Privacy Officer Emily Calvillo
Person or organization that maintains, creates, transfers, or receives PHI to perform a function on behalf of HRHS (2 wrds) Business Associate
When PHI is exposed we have committed a ___ of the patient's privacy Violation
Reportable event Breach
Document describes a patients rights to their health information NPP
One of the core values Compassion
The release, transfer, access to or divulging of patient information Disclosure
Immediate areas consisting of a desktop, laptop and other items to complete work Workstation
Method used to protect electronic data Encryption
One of the core values Accountability
Employees, volunteers, students/observers who represent the facility are members of the __ Workforce
A state of NOT protecting PHI Unsecured
HRHS strives to protect the ____ of its patients Privacy
Confidential measure used to protect systems made up of a string of characters Password
A state of protected PHI from unauthorized users Secured
Protected Health Information PHI
Person who is the subject of PHI Individual
One of the core values Respect
Management of healthcare services to an individual Treatment
Committee responsible for reviewing internal HIPAA concerns, policies and procedures HOC
One of the core values Excellence

HIPAA Crossword


What act was passed in congress to protect individual's medical records and other personal health information HIPAA
Who is one person you can report a suspected breach to? SUPERVISOR
Is it ok, to discuss health information with an individual in an open area? NO
How should you send an email to outside recipients that contain protected health information? ENCRYPT
What HIPAA rule protects individual rights? PRIVACY
What is the acronym that identifies individual's information (ie: name, birthdate, address, etc.)? PHI
What is HIPAA's minimum training requirement for employees? ANNUALLY
Acronym for a document you receive from the physician office, which explains how they may use and share your health information NPP
What should you never share with another individual that is used to access systems? PASSWORD
How many days do you have to send a breach notification letter to individual(s), whose information was compromised? SIXTY



I can not take _______________ inside the Hospital. Selfies
What do the initials ePHI stand for electronically Protected Health _________ ? Information
Abbreviation for the Health Insurance Portability and Accountability Act of 1996? HIPAA
Every patient has the right to ___________ with their medical treatment and conditions. Privacy
By law hospitals must train annually on HIPAA ____________. Compliance
Hospitals have ___________ and procedures to meet Federal HIPAA rules and regulations. policies
If you suspect someone is violating the facility's privacy policy , you should? report
HIPAA security and privacy applies to everyone ______ in the facility. working
HIPAA is governed by _____ and Human Services? Health
HIPAA was created with _____ standards for all patients. Security
Accessible __________ Health Information (PHI) is limited to only that information needed for performance of services. Protected
Personally identifiable health information is protected by HIPAA includes photographic, electronic, spoken word and ______? Paper
I may not post any identifiable information on______? Social media
All information regarding patients must stay confidential. I can not even tell my friends or ____. Family
I may not share my computer log-in _____ with anyone. Password

corporate compliance Crossword


conforming to a rule i.e. policy, standard or law compliance
moral principles and values that guide a person Ethics
guideline of ethical practices that Catholic Charities expects of its employees code of conduct
unacceptable or improper behavior by an employee misconduct
Law/Regulations to protect the privacy of health information HIPAA
Misconduct must be immediately..... reported
sitauation in which a person is in a position to derive personal benefit from decisions made in their official capcity conflict of interest
all potential conflicts of interest need to be.... disclosed
the policy that protects an employee who makes a "good faith" report of misconduct Non-Retaliation
Catholic Charities Human Resource Director Barb Poling
any information about an individual kept by an organization, including data that can be used to trace the person's identity PHI

HIPAA Training Crossword


PCS staff may discuss a person being served over the phone with another ________ but it must be done in a private area. provider
____________ with others about persons served in public areas is prohibited Gossiping
An annual _________ is an example of PHI physical
One of the five HIPAA principles Standardization
Staff may converse about persons being served as needed to _________ programs and health plans implement
You will receive ________ upon hire and annually thereafter. training
The "I" in HIPAA stands for __________ insurance
The ____________ policy is signed upon hire and pertains to privacy and communication safeguards confidentiality
The second "A" in HIPAA stands for __________ Act
When _____ are about persons being served, they are not to be left in plain sight for others that have no "need to know". notes
Staff will have ______ access to health information of a person being served limited
HIPAA reduces the occurance of __________. fraud
The first "A" in HIPAA stands for _________ Accountability
The Privacy Officer is located in __________ Morris
HIPAA defines and protects _________ privacy
The "P" in PHI stands for ________ Protected
The medical ______ of a person being served is an example of a designated record set. chart
The "H" in HIPAA stands for _________ Health
Any requests for disclosures of PHI must be forwarded to your ___________ supervisor
The "I" in PHI stands for ________- Information
A _________ _______ includes any item, collection, or grouping of information that includes PHI and is collected or used by a provider record set
Staff that violate HIPAA policies will be __________ disciplined
Anytime a person feels a violation of their privacy rights has occurred, they have the right to file a grievance with the ________ ________ privacy officer
The "P" in HIPAA stands for _________ Portability
It is staff's responsibility to keep information __________ confidential
When discussing a person being served, you should move to a ________ area private
We should avoid discussing persons served in ________ public
We use ______ in order to keep charts inaccessible to people who do not have "need to know" about PHI locks

Data Privacy Word Search

Word Search

customer data
health information
patient data

Chapter 5 Legal & Ethical Responsibilities Crossword


Wrongs against person, property, society Criminal law
Relationships between people, protection of person's rights Civil Law
Wrongful act that do not involve a contract torts
Slander, libel Defamation
First component of a contract offer
Third component of a contract Consideration
Contracted parties must be free of _______________ disability. Legal
________________ and Agent Principal
The type of consent needed to release medical information Written
Health Care Records are ________________________. Privileged
Health Insurance Portability and Accountability Act HIPAA
Health care workers must protect privacy and _________________ of patients health care records confidentiality
Assisted suiside Euthanasia
Principles dealing with what is morally right or wrong Ethics
Standards for _______________ of Individually Identifiable Health Information Privacy

HIPAA Vocabulary Worksheet

Matching Worksheet

Health Information Portability Protection Act HIPAA
Year HIPAA was established 1996
Responsible for creating policies and procedures showing how an entity will comply with HIPAA Administrative
Responsible for controling accessing areas of data storage to protect against inappropriate access Physical
Responsible for protecting communications containing protected health information when transmitted electronically over an open network Technical
Protected Health Information PHI
One of three reasons a doctor may transfer a patients medical records to another doctor's office Treatment
Written complaints concerning HIPAA violations are filed with this individual Secretary of HHS
Department of Health and Human Services HHS
Range of possible fines for HIPAA violations $100 - $250,000
Number of segments to the HIPAA regulation Five
Refers specifically to access to a patient's health information Privacy Rule
Limited to persons authorized to use information; restricted Confidential
Treatment, Payment and Operations TPO
Electronically protected health information ePHI

HIPAA Privacy/Compliance & Security Crossword


What act was passed in congress to protect individual's medical records and other personal health information HIPAA
What is the acronym that identifies individual's information (ie: name, birthdate, address, etc.? PHI
What HIPAA rule protects individual rights? Privacy
The attempt to prevent criminal or unauthorized access and use of electronic data CyberSecurity
An entity that performs certain functions involving PHI on behalf of a covered entity BusinessAssociate
The copying and archiving of computer data so it may be used to restore the original after a data loss event Backups
What should you never share with another individual that is used to access systems? Password
What is HIPAA's minumum training requirements for employees? Annually
How many days do you have to send a breach notification letter to individual(s), whose information was compromised? Sixty
How should you send an email to outside rcipients tht contain protected health information? Encrypt
Acronym for a document you receive from the physician office, which explains how they may use and share your health information NPP
An offical inspection of an organization's accounts, typically by an independent body Audit
When somebody sends an e-mail with a link to a bogus website it is called? Phishing
This can slow down your computer AND watch everywhere you go on the internet? Spyware

FCHC Compliance & Ethics Crossword


Compliance is the responsibility of the Compliance Officer, Compliance Committee, and Upper Management only, true or false? false
These are examples of issues that can be reported to a Compliance Department: suspected Fraud, Waste, and Abuse (FWA); potential health privacy violation, and unethical behavior/employee misconduct, true or false? True
At a minimum, an effective compliance program includes how many core requirements? seven
The________________allows you to report anonymous/confidential non-compliance. Compliance Hotline
The _________ law Prohibits a physician from making referrals for certain designated health services (DHS) payable by Medicare to an entity with which he or she (or an immediate family member) has a financial relationship (ownership, investment, or compensation) Stark
The ____________ is a criminal law that prohibits the knowing and willful payment of "remuneration" to induce or reward patient referrals or the generation of business involving any item or service payable by the Federal health care programs (e.g., drugs, supplies, or health care services for Medicare or Medicaid patients). antikickback statute
____________is individually identifiable information. protected health information
______________sets boundaries on the use and release of health records. HIPAA
You should always _______________your computer when walk away. lock
Conducting routine audits reduces_____and increases compliance. risk
FCHC does not__________________against you for making a good faith effort in reporting. retaliate
Conduct yourself in an _____________manner. ethical
____________is intentionally submitting false information to the Government or a Government contractor to get money or a benefit. Fraud
Honesty is an example of ______________in the workplace integrity
The ________________act prohibits the selling of PHI without patient authorization and created a new notification when a breach of "unsecured PHI" occurs. HITECH

Ethical & Legal Responsibilities of Healthcare Workers Crossword


To forget or not providing care for a pt's needs Neglect
Your beliefs Morals
Standards that reflect moral values Ethics
Granted without being spoken from the patient Implied Consent
Informed Consent Permission given by the patient, after full disclosure of facts about a procedure or test from the healthcare professional Informed Consent
Written permission from the patient to provide care or services Expressed Consent
Invasion of privacy Accessing a pt.'s health information without their permission or without reason Invasion of privacy
Federal law that requires healthcare organizations /facilities to keep the pt.'s info private HIPAA
Physically harming someone Battery
Threatening to harm someone Assault
Being held responsible for your actions or behavior Liable
Locking a pt. in their room or to their bed/chair without reason False Imprisonment
Speaking untruths about someone that tarnishes their reputation Slander
Saying or doing something that hurts someone's reputation Defamation