Acronyms
Examples Include...
HIPAA Privacy
HIPAA Security
True or False
100

HIPAA is a federal law enacted in the Unites States in 1996 as an attempt at incremental healthcare reform.  What does HIPAA stand for?

What is: Health Insurance Portability & Accountability Act

100

Example include:

Social Security Number

Name

Email

What is: PHI

100

The individual that an organization must designate to take responsibility for implementing and overseeing HIPAA Privacy compliance at the organization.  

What is: Compliance Officer or Privacy Officer

100

The HIPA _____  _____ is a technology neutral, federally mandated "minimum floor" of protection whose primary objective is to protect the confidentiality, integrity and availability when it is stored, maintained or transmitted.

What is: Security Rule

100

The HIPAA regulations are structured as five major provisions or titles whose purpose logically fall into two major categories: Administrative Simplification and Insurance Reform.

What is: True

200

PHI is any individually identifiable health information relating to the past, present or future health condition of the individual regardless of the form in which it is maintained (electronic, paper, oral format, etc.)  What does PHI stand for?

What is: Protected Health Information

200

Examples Include:

Healthcare Providers

Health Plans

Healthcare Clearinghouses

What is: Covered Entities

200

Clients (whether they are covered entities or business associates) cannot share PHI with your organization unless they ensure that your organization is also HIPPA compliant.  That assurance is handled under HIPAA by requiring the client to have a singed _____ in place?

What is: Business Associate Contract

200

The Security Rule's requirements are organized into three categories.  Name one of the three categories.

What is:

Administrative Safeguards: Policies & Procedures

Physical Safeguards: Controlling physical access to protect against inappropriate access to protected data

Technical Safeguards: The controlling of access to computer systems and the protection of communications containing HPI transmitted electronically over open networks

200

Employees of physician's practices and healthcare systems are the only ones who much comply with HIPAA.

What is: False

300

Civil penalties are enforced by the OCR within the Department of Health and Human Services.  

What does OCR stand for?

What is: Office of Civil Rights

300

Examples Include:

Medical Answering Services

Medical Software Companies

Accountants

What is: Business Associates

300

The term used for the acquisition, access, use or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.

What is: Breach

300

Physical Safeguards are physical measures, policies and procedures to protect the organization's' electronic information systems and related buildings and equipment from natural and environmental hazards and unauthorized intrusion.  Give one example of a physical safeguard.

What is:

Computer servers in loced rooms

Data backup stored offsite

Employee badges

Door locks

Locked cabinets for records with PHI

Screen savers / screen locks

Fireproof storage for records with PHI
300

Business associates must perform all reasonable efforts not to disclose more than the minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure.

What is: True

400

Civil penalties are enforced by the Office of Civil Rights with the HHS.  What does HHS stand for?

What is: Department of Health and Human Services

400

Examples Include:

Assigned HIPAA Compliance Officer

HIPAA awareness training for staff

Policies, procedures and systems in place to protect PHI

What is: Administrative Safeguards

400

Who should you notify if you believe a HIPAA breach may have occurred?

What is: Compliance Officer

400

Technical Safeguards are the technology and the policy and procedures for its use that protect ePHI and control access to it.  Name one example of a Technical Safeguard.

What is: 

Username and passwords

Security logs

Access controls

Firewalls

Data encrtption


400

An organization must train all of its workforce that have access to PHI on a HIPAA awareness training at the time of hire.  Any additional training beyond that is at the discretion of the Compliance Officer.

What is: False

500

The HITECH Act - This legislation's purpose is to promote the adoption and meaningful use of health information. What does HITECH stand for?

What is: The Health Information Technology for Economic & Clinical Health Act

500

Examples Include:

Stolen or improperly accessed PHI

PHI Inadvertently sent to the wrong provider

Unauthorized viewing of PHI by an employee in your practice

What is: Breach

500

Who is the HIPAA Compliance Officer at WCMSCHF?

Who is: Jennifer Brighton

500

The individual that an organization must designate to take responsibility for implementing and overseeing HIPAA Security compliance at the organization.

What is: Compliance or Security Officer

500

ePHI is a subset of PHI and is protected under the Security Rule

What is: True

M
e
n
u