I can not take _______________ inside the Hospital. Selfies
What do the initials ePHI stand for electronically Protected Health _________ ? Information
Abbreviation for the Health Insurance Portability and Accountability Act of 1996? HIPAA
Every patient has the right to ___________ with their medical treatment and conditions. Privacy
By law hospitals must train annually on HIPAA ____________. Compliance
Hospitals have ___________ and procedures to meet Federal HIPAA rules and regulations. policies
If you suspect someone is violating the facility's privacy policy , you should? report
HIPAA security and privacy applies to everyone ______ in the facility. working
HIPAA is governed by _____ and Human Services? Health
HIPAA was created with _____ standards for all patients. Security
Accessible __________ Health Information (PHI) is limited to only that information needed for performance of services. Protected
Personally identifiable health information is protected by HIPAA includes photographic, electronic, spoken word and ______? Paper
I may not post any identifiable information on______? Social media
All information regarding patients must stay confidential. I can not even tell my friends or ____. Family
I may not share my computer log-in _____ with anyone. Password

Compliance Crossword Puzzle


Occupational Safety and _________ Administration Health
FERC Order 706 governs these Standards CIP
Generally ________________ Accounting Principles Accounting
ATC’s FERC formula rates are housed within this MISO
An ATC ___________ has a $50,000 expenditure authorization limit Manager
Escheatment is the process of turning over ___________ property to a state authority Unclaimed
The frequency of completing ATC’s Business Ethics Questionnaire Annual
Regulation (acronym) enacted in 1996 aimed at ensuring medical records, medical billing, and patient accounts meet certain consistent standards with regard to documentation, handling, and privacy HIPAA
An employee may take maternity leave under the ________ and Medical Leave Act Family
The heading on Page 3 of ATC’s Code of Conduct: Doing What’s _________ Right
Tax (acronym) imposed on both employees and employers to fund Social Security and Medicare FICA
The Federal _____________ Guidelines outline the seven elements of an effective compliance program Sentencing
Tone at the ________ Top
An anonymous way to report an ethics or compliance concern Helpline
The number of members on ATC’s Policy & Ethics Committee Four
________________ Reliability Organization Midwest
Juanita Banks is ATC’s Designated ___________ Officer Compliance
Substantiated ethics and/or compliance violations are reported to ATC’s ____________ Committee Audit
Enterprise ____________ Management Information
Regulatory entity (acronym) that assists in the protection of employment discrimination on the basis of race, sex, religion, national origin, and a variety of other characteristics EEOC
Information should be classified as ATC __________ Information when the unauthorized disclosure, alteration, or destruction of that information could expose the Company to a significant level of risk Confidential
Controls for providing Users the means to verify or validate a claimed identity through the presentation of something they know (e.g., passwords), something they own (e.g., hardware token), or something they are (e.g., fingerprint, biometrics, etc.). Authentication
Per the Acceptable Use of Electronic Resources Policy, data moved to removable media sources (e.g. USB, CD, etc.) must be ___________. Encrypted
Ways to report potential issues or concerns are outlined in ATC’s Open ______ Policy Door
Employment ______________ and Professional References Policy Verification
Accepting a gift card from a supplier vying for business at ATC represents a Conflict of ________ Interest
Per the External Communications & Social Media Policy, do not represent yourself as a ____________ for ATC Spokesperson
Per the Gifts & Entertianment Policy, all tangible gifts given to an ATC employee, regardless of dollar amount, must be reported to _________ Payroll
Environmental ____________ Agency Protection
A competitive _________ is required to procure services over $100,000 Bid
___________ Oxley Act was instituted in 2002, as a result of a series of high-profile financial scandals Sarbanes
Per NERC, Critical __________ are facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the bulk electric system Assets
Personnel Risk ____________ Policy Assessment
The Travel & Expense Policy governs transactions inputted into this system Concur
___________ employees who do not charge time to project work orders only need to report their exception time (e.g. vacation, sick, personal, or floating holiday hours) each pay period Exempt
Per ATC’s Code of Conduct, each ATC employee has a responsibility to promptly _________ any known violation or dishonest, unethical, or illegal conduct Report
_______ % of ATC’s corporate goal attainment ties to Reliability Compliance Fifteen
Behavior Based _________ Observations Safety

Chapter 5 Legal & Ethical Responsibilities Crossword


Wrongs against person, property, society Criminal law
Relationships between people, protection of person's rights Civil Law
Wrongful act that do not involve a contract torts
Slander, libel Defamation
First component of a contract offer
Third component of a contract Consideration
Contracted parties must be free of _______________ disability. Legal
________________ and Agent Principal
The type of consent needed to release medical information Written
Health Care Records are ________________________. Privileged
Health Insurance Portability and Accountability Act HIPAA
Health care workers must protect privacy and _________________ of patients health care records confidentiality
Assisted suiside Euthanasia
Principles dealing with what is morally right or wrong Ethics
Standards for _______________ of Individually Identifiable Health Information Privacy

HIPAA Awareness Crossword


One of the core values Integrity
Amount of information needed to accomplish a task (2 wrds) Minimum Necessary
Person with access to the system User
Privacy Officer Emily Calvillo
Person or organization that maintains, creates, transfers, or receives PHI to perform a function on behalf of HRHS (2 wrds) Business Associate
When PHI is exposed we have committed a ___ of the patient's privacy Violation
Reportable event Breach
Document describes a patients rights to their health information NPP
One of the core values Compassion
The release, transfer, access to or divulging of patient information Disclosure
Immediate areas consisting of a desktop, laptop and other items to complete work Workstation
Method used to protect electronic data Encryption
One of the core values Accountability
Employees, volunteers, students/observers who represent the facility are members of the __ Workforce
A state of NOT protecting PHI Unsecured
HRHS strives to protect the ____ of its patients Privacy
Confidential measure used to protect systems made up of a string of characters Password
A state of protected PHI from unauthorized users Secured
Protected Health Information PHI
Person who is the subject of PHI Individual
One of the core values Respect
Management of healthcare services to an individual Treatment
Committee responsible for reviewing internal HIPAA concerns, policies and procedures HOC
One of the core values Excellence

HIPAA Training Crossword


PCS staff may discuss a person being served over the phone with another ________ but it must be done in a private area. provider
____________ with others about persons served in public areas is prohibited Gossiping
An annual _________ is an example of PHI physical
One of the five HIPAA principles Standardization
Staff may converse about persons being served as needed to _________ programs and health plans implement
You will receive ________ upon hire and annually thereafter. training
The "I" in HIPAA stands for __________ insurance
The ____________ policy is signed upon hire and pertains to privacy and communication safeguards confidentiality
The second "A" in HIPAA stands for __________ Act
When _____ are about persons being served, they are not to be left in plain sight for others that have no "need to know". notes
Staff will have ______ access to health information of a person being served limited
HIPAA reduces the occurance of __________. fraud
The first "A" in HIPAA stands for _________ Accountability
The Privacy Officer is located in __________ Morris
HIPAA defines and protects _________ privacy
The "P" in PHI stands for ________ Protected
The medical ______ of a person being served is an example of a designated record set. chart
The "H" in HIPAA stands for _________ Health
Any requests for disclosures of PHI must be forwarded to your ___________ supervisor
The "I" in PHI stands for ________- Information
A _________ _______ includes any item, collection, or grouping of information that includes PHI and is collected or used by a provider record set
Staff that violate HIPAA policies will be __________ disciplined
Anytime a person feels a violation of their privacy rights has occurred, they have the right to file a grievance with the ________ ________ privacy officer
The "P" in HIPAA stands for _________ Portability
It is staff's responsibility to keep information __________ confidential
When discussing a person being served, you should move to a ________ area private
We should avoid discussing persons served in ________ public
We use ______ in order to keep charts inaccessible to people who do not have "need to know" about PHI locks

HIPAA Crossword


What act was passed in congress to protect individual's medical records and other personal health information HIPAA
Who is one person you can report a suspected breach to? SUPERVISOR
Is it ok, to discuss health information with an individual in an open area? NO
How should you send an email to outside recipients that contain protected health information? ENCRYPT
What HIPAA rule protects individual rights? PRIVACY
What is the acronym that identifies individual's information (ie: name, birthdate, address, etc.)? PHI
What is HIPAA's minimum training requirement for employees? ANNUALLY
Acronym for a document you receive from the physician office, which explains how they may use and share your health information NPP
What should you never share with another individual that is used to access systems? PASSWORD
How many days do you have to send a breach notification letter to individual(s), whose information was compromised? SIXTY

corporate compliance Crossword


conforming to a rule i.e. policy, standard or law compliance
moral principles and values that guide a person Ethics
guideline of ethical practices that Catholic Charities expects of its employees code of conduct
unacceptable or improper behavior by an employee misconduct
Law/Regulations to protect the privacy of health information HIPAA
Misconduct must be immediately..... reported
sitauation in which a person is in a position to derive personal benefit from decisions made in their official capcity conflict of interest
all potential conflicts of interest need to be.... disclosed
the policy that protects an employee who makes a "good faith" report of misconduct Non-Retaliation
Catholic Charities Human Resource Director Barb Poling
any information about an individual kept by an organization, including data that can be used to trace the person's identity PHI

HIPAA Vocabulary Worksheet

Matching Worksheet

Health Information Portability Protection Act HIPAA
Year HIPAA was established 1996
Responsible for creating policies and procedures showing how an entity will comply with HIPAA Administrative
Responsible for controling accessing areas of data storage to protect against inappropriate access Physical
Responsible for protecting communications containing protected health information when transmitted electronically over an open network Technical
Protected Health Information PHI
One of three reasons a doctor may transfer a patients medical records to another doctor's office Treatment
Written complaints concerning HIPAA violations are filed with this individual Secretary of HHS
Department of Health and Human Services HHS
Range of possible fines for HIPAA violations $100 - $250,000
Number of segments to the HIPAA regulation Five
Refers specifically to access to a patient's health information Privacy Rule
Limited to persons authorized to use information; restricted Confidential
Treatment, Payment and Operations TPO
Electronically protected health information ePHI

Confidentiality and HIPPA Test Crossword


Covered Transactions (eligibility, enrollment, health care claims, payment, etc.) performed electronically. Protected Health Information
Provides for electronic and physical security of a resident's health information. HIPAA
Upon discovering a breach, Business Associates are required to notify the HIPAA Officer or Executive Director of the nature of the potential breach and whose PHI may have been improperly __________, ____________, used or disclosed. acquired, accessed
Who has to follow HIPAA Law? Everyone
A ______________________ is sufficient when emailing and faxing PHI under HIPAA Security standards. Cover page
All client records should be destroyed by ______________. Shredding them
The Provider's Right to Notice of Privacy Practices teaches clients and their families about ________ under HIPAA. Privacy
Can I be in social media (Facebook, Twitter, Snapchat, etc.) contact with my clients. False
HIPAA states I can disclose PHI for ________________ or _______________ for services with an authorization to release. treatment, payment
Under HIPAA, the __________ rule only covers electronic PHI, while the Privacy Rule covers electronic, oral, and paper forms of PHI. Security

Information Security and Privacy Crossword Puzzle


These need to be strong enough that others won't guess them Passwords
Keep it _________ and Secure Safe
When clicking on a suspicious link in an email you could be caught ____________ phishing
If you suspect a privacy or security breach, you must report it ______________ Immediately
This type of agreement is needed when a vendor needs to access PHI to do work on our behalf Business Associate
This is used to access Partners information remotely VPN
Privacy and Security Regulations HIPAA
Before stepping away from your computer, always click on the yellow ___________ so no one else can access your information Lock
Report a lost device immediately by contacting the Service Desk
When this is installed on your computer, it can lead to spreading a virus across the network Malware
When travelling with a laptop in your vehicle, always keep it in the ___________ Trunk
Where not to keep your laptop or other work information when travelling in a car seat
Name of the repository for Partners Policies Archer
What is the name of the Partners Chief Information Security and Privacy Officer? Jigar Kadakia
Even accessing patient _________ in Epic, without a business need to know is a violation of policy demographic information

Data Privacy Word Search

Word Search

customer data
health information
patient data