HIPPA Happens
What does PHI stand for?
Private Health Information
What does OIG stand for?
The Office of the Inspector General
What is the purpose of an organization’s Code of Conduct?
To outline ethical and professional standards of behavior.
What does “Just Culture” promote?
Learning and accountability without unnecessary blame.
What does CMS stand for?
Centers for Medicare and Medicaid Services.
It’s okay to discuss patient information in the elevator if no one else is around. True or False and why?
False because an elevator is a public place; therefore, it is not permissible to discuss patient information on the elevator.
What law prohibits offering or receiving anything of value for patient referrals?
Anti-Kickback Statute
It’s okay to ignore a potential violation if you’re not 100% sure it happened. True or False, and why?
False, because all concerns should be reported in good faith.
In a Just Culture, are honest mistakes treated the same as reckless behavior (please explain your answer)?
No – the response depends on intent and risk awareness.
What’s the difference between auditing and monitoring?
Auditing is periodic and formal; monitoring is ongoing and routine.
What’s the “minimum necessary” rule under HIPAA?
Use or share only the information needed to perform your job duties.
The Stark Law focuses on what type of violation?
Physician self-referrals for designated health services.
What’s the first step you should take if you suspect noncompliance?
Report it to your supervisor, Community Compliance Liaison, Chief Compliance Officer, or hotline.
Give an example of a system improvement from reporting an error.
Updating a policy, improving workflow, or retraining staff
What’s the term for evaluating a process after a regulatory survey?
Plan of Correction (POC)
Who enforces HIPAA compliance?
The Office for Civil Rights
What’s the maximum fine per year, per HIPAA violation category (willful neglect not corrected)?
$1.5 million
What’s the term for retaliation against someone who reports a compliance concern?
Whistleblower retaliation (and it’s prohibited!)
What’s the goal of Just Culture?
To balance learning, accountability, and safety.
What’s the best definition of compliance in one word?
Integrity
Name one example of a HIPAA breach.
Could be any correct answer (i.e., emailing resident information to a personal email address, lost or stolen laptop issued for work).
The False Claims Act includes what kind of whistleblower provision?
Qui Tam – allows individuals to report fraud on behalf of the government.
Why is consistent enforcement of the Code of Conduct essential for compliance program effectiveness under federal guidance?
Because, regulators expect uniform accountability — selective enforcement undermines credibility and violates the Federal Sentencing Guidelines for Organizations.
A Just Culture eliminates all discipline. True or False?
False – It encourages fair accountability, not the absence of consequences.
What are the seven elements of an effective compliance program, as outlined by the OIG?
Written policies and procedures
Compliance officer and committee
Training and education
Effective communication
Monitoring and auditing
Enforcement and discipline
Corrective action and response