HIPAA and FERPA InfoSec Crossword

Edit Answers
12345678910111213141516171819202122232425
Across
  1. 3. Students are given the right to file a ___________ with the department regarding a failure to comply with FERPA.
  2. 5. In the HIPAA Security Rule, CEs must obtain assurances via written __________ from Business Associates that they will safeguard ePHI.
  3. 8. Educational institutions must give students the opportunity to restrict __________ of directory information.
  4. 9. Health records maintained by a university clinic on behalf of its students are considered educational or treatment records under FERPA, and are ___________ by HIPAA.
  5. 10. The HIPAA Security Rule consists of five safeguard and requirement categories: Administrative, Physical, Technical, _______________, and Documentation.
  6. 12. Risk _____________ in HIPAA consists of two phases, analysis and management.
  7. 13. HIPAA stands for Health ____________ Portability and Accountability Act.
  8. 16. HIPAA requires that CEs to implement device and _________ controls for devices and ________ containing ePHI.
  9. 17. All documentation related to the HIPAA Security Rule must be maintained for _____ years beyond the date of creation, or the date of last effect, whichever is later.
  10. 21. FERPA does not require educational institutions to provide _____________ of unauthorized disclosure of educational records.
  11. 22. Directory information, disclosure of which is allowed by FERPA without consent, includes: name, __________, phone number, date and place of birth, honors and awards, and dates of attendance.
  12. 23. _______ Controls are mechanisms that record and examine activity in information systems containing ePHI, and are required by the HIPAA Security Rule.
  13. 24. FERPA stands for ________ Educational Rights and Privacy Act.
  14. 25. FERPA requires educational institutions to notify parents or eligible students of their rights at least __________.
Down
  1. 1. The HIPAA _________ Rule sets limits and conditions on the use and disclosure of PHI.
  2. 2. Under FERPA, students have the right to seek ____________ of educational records they believe to be inaccurate.
  3. 4. Parental rights under FERPA stop once the student enters post-secondary education OR turns _________ years old.
  4. 5. Patient __________ must be obtained before the disclosure of PHI.
  5. 6. The HIPAA Security Rule requires _________ user identification, and establishing emergency access procedures.
  6. 7. All policies, procedures, actions, activities, and assessments related to the HIPAA Security Rule must be maintained in written or electronic _______________.
  7. 11. ____________ is the process of positively-identifying a user, usually through a username and password.
  8. 14. The HIPAA _________ Rule requires appropriate administrative, physical, and technical safeguards to ensure the CIA of ePHI.
  9. 15. The HIPAA Security Rule Administrative Standard includes training requirements on __________ management, login procedures, and malware.
  10. 18. Covered Entities are required by HIPAA to implement ____________ and appropriate policies and procedures to comply with the standards.
  11. 19. The primary method to ensure the confidentiality of ePHI both in motion and at rest is by using ____________.
  12. 20. A _________ Entity is an organization to which HIPAA applies.