HCBDD HIPAA Jeopardy

Privacy

Security

Technology

HIPAA Potpourri

100

Individually identifiable health information that is or has been electronically maintained or electronically transmitted by a covered entity.

What is Protected Health Information (PHI)?

100

The individual appointed by the Superintendent responsible for assuring the Board's compliance with HIPAA Security Standards.

What is the Security Officer?

100

A device not owned by HCBDD and able to store, communicate, record, or transport ePHI or confidential data is known as this.

What is a Personal Mobile Device?

100

This should be entered in the subject line of an email containing PHI in order to make it encrypted.

What is "Secure Email - "?

200

Name, Address, Birthdate, SSN, and Medicaid Number are all examples of this.

What are examples of PHI?

200

Discussing PHI in a public area is an example of this type of breach.

What is an Oral breach?

200

A method to enhance the security of a message or file by scrambling the contents so that it can be read only by someone who has the right key to unscramble it.

What is encryption?

200

This document needs to be signed on initial enrollment and documented and noted if client refuses to sign. It also needs to be made available in hard copy or posted on the Board's Website.

What is the Notice of Privacy Practices (NPP)?

300

Patient, Parent/Guardian, or valid personal representative of a deceased individual are examples of this.

Who are people that can approve the release of PHI?

300

Making sure that your files and folders are put away before leaving for the day.

What is the clean desk "policy"?

300

Logging off of the computer before leaving for the day is an example of this.

What is an example of best practices for protecting PHI?

300

This rule ensures medical information is protected, restricts the use/disclosure of PHI, and gives increased access and control of PHI by the individual.

What is the Privacy Rule?

400

Emergency situation, report of child abuse, report of abuse, neglect, domestic violence, and law enforcement investigation are all examples of this.

What are reasons to disclose without written authorization? Followed by an immediate written report (email) to your supervisor and privacy officer.

400

This type of breach is defined as an impermissable use or disclosure under the Privacy Rule that compromises the security or privacy of protected health information

What is a Data Breach?

400

Not entering PHI in the subject line of an email and using encrypted email to send email that contains PHI are both examples of this.

What are examples of email best practices?

400

• Unintentional acquisition, access or use of PHI by an employee (acting under authority), • Accidental disclosure between authorized employees, • When there is a good faith belief that information could not have been retained by unauthorized individual, to whom impermissable disclosure was made are all examples of this.

What are examples of exceptions to a breach?

500

This is private or otherwise sensitive information that must be restricted to those with a legitimate business need. Examples include key financial information, system access passwords, and personnel information.

What is Confidential Information?

500

Printed documents that contain PHI should be disposed of here.

What is the shred bin?

500

Passwords that contain both upper and lowercase characters, numbers, and non-alphanumeric characters are known as this.

What are complex passwords?

500

The acronym HIPAA stands for this.

What is Health Insurance Portability and Accountability Act?