FERPA and HIPAA Crossword

123456789101112131415161718192021222324252627282930313233
Across
  1. 2. Unless there is an outstanding request by an eligible student to inspect and review education records, FERPA ______ the school to destroy such records without notice to the student.
  2. 4. HIPAA allows the release of _______ data sets for public health, research, and other purposes after specific identifiers about the patient or household have been removed.
  3. 6. PII, which stands for ______ Identifiable Information is data that can identify a specific person/student.
  4. 9. In case of health and safety _______, schools are permitted to disclose PII from education records.
  5. 10. In FERPA, prior to education record information disclosure, educational institutions must obtain written ______.
  6. 12. Although FERPA prohibit nonconsensual disclosure of education records, it lists several condition under which the written permission are not required; this is called _______.
  7. 20. Social Security Number and ______ are categorized as non-directory information.
  8. 21. Private and religious elementary and _______ schools are generally not subject to FERPA.
  9. 24. The _______ Rule of HIPPA requires technical and non-technical safeguards to keep Electronic Health Information safe.
  10. 25. The ______ Rule of HIPAA sets limit and conditions on the use and disclosure of health information without patient authorization
  11. 26. A detailed document that gives entities permission to use protected health information for specified purposes or to disclose protected health information to a third party specified by an individual.
  12. 28. The safeguards of electronic PHI might take form of administrative, technical and ________ countermeasures.
  13. 29. HIPAA is a _____ law that gives you the right to have your health information protected and limit who can have access to your health information.
  14. 31. A legal standing that permits education institution to release education record for a law enforcement purpose without prior consent.
  15. 32. FERPA applies to all educational agencies and institutions that receive ______ from the government which is administered by the Department of Education (DOE).
Down
  1. 1. Student’s _______ record maintained by a school nurse are considered part of student’s education records, thus protected from unauthorized disclosure.
  2. 3. In case of unauthorized disclosure, under FERPA, education institution does not require notification to parents or eligible students, unless the disclosure is related to identity _______
  3. 5. '______ entities’ is a terminology used in HIPAA to identify parties involved in the healthcare business, such as healthcare providers, insurance companies, health information clearinghouses, etc.
  4. 7. A student who has reached the age of 18 or who is attending a postsecondary institution at any age is called a ________ student; the rights afforded his or her parents under FERPA transfer to that student.
  5. 8. The term PHI in HIPAA refers to ________ health information
  6. 11. Under FERPA, personal data that can be found in publicly available sources (yearbook, phonebook), such as name, address, e-mail, telephone number are classified as ______ information.
  7. 13. Persons who believes that their right is violated under FERPA can file a _______ with Department of Education who will investigate the case.
  8. 14. In regards to data sharing, your health information data cannot be shared to other entities without your written ________
  9. 15. Access Control is one of _________ safeguards to regulate access to electronic PHI.
  10. 16. Business ______ are persons, businesses or vendors that perform certain functions on behalf of healthcare providers.
  11. 17. HIPAA stands for Health Insurance _____ and Accountability Act is established in 1996 to govern the health care marketplace.
  12. 18. Title _____ of HIPAA is relevant to information security in which it provides national standards on electronically transferred health information.
  13. 19. To raise awareness, healthcare entities should provide ______ to their employees who interacts with health information on a regular basis.
  14. 22. An entity must make reasonable effort to use, disclose and request only the minimum amount of PHI needed to accomplish the purpose is called minimum _______ principle.
  15. 23. In general, there are ______ titles within HIPAA to describe major domains regulated in the law.
  16. 27. Under FERPA, schools are prohibited to ______ PII which derives from the educational records.
  17. 30. A formal event/process to which education institution responds after receiving a request from the parent or eligible student challenging the student’s education records believed to be inaccurate, misleading, or in violation of the student’s privacy rights.
  18. 33. FERPA final rules of 2008 does not dictate the technical steps to protect electronic data system, but offers standards from _______ as a reference to safeguard electronic records.