HIM 230 test 4 Part 1

rad2329's version from 2018-04-18 03:01

Section 1

Question Answer
*PrivacyRight of individuals to limit access to information about their person
*ConfidentialityInformation shared by individual with a healthcare providers during the course of care will be used only for its intended purpose (in the course of healthcare treatment)
*SecurityProtection measures and tools for safeguarding information and information systems
***** In the security area there are 3 general measures that need to be practiced:1. Management Practices 2. Physical Safeguards 3. Technical Measures
***What is a business associate?Not a covered entity and needs a business agreement to handle PHI. Must have the same security just as HIPAA covered entities.
***What do General Rules provide?Scope for the HIPAA Security. Must have security safeguards protecting individually identifiable health information maintained or transmitted in electronic form.
Give two examples of General Rules:1. Ensure confidentiality, integrity & availability of all e-PHI by the covered entity. 2. Ensure compliance with HIPAA security by workforce members
***List the elements / concepts of a security program?1. Protecting the privacy of data 2 .Ensuring the integrity of data 3. Ensuring the availability of data
* What is Protecting the privacy of dataSafeguarding access
***Define Data Integrity.Data should be complete, accurate, consistent and up-to-date (i.e. the right patient gets the right meds at the right time)
* What is Ensuring the availability of dataCan depend on system to perform as expected, without error, and to provide information when and where needed (IT is up and running, Data is available 24/7)

Section 2

Question Answer
***** Know what elements make a security program ?1. Protect informational privacy 2. Build in safeguards to ensure that data altered or disposed of by only authorized means 3. Employ Mechanisms to ensure that computer systems operate effectively and can provide information when and where it is needed
Security breaches caused by ?1. caused by people 2. caused by environmental and hardware or software factors
***What are Administrative Safeguards?Security measures put into place. (i.e. Policies & Procedures / Security Awareness Trainings)
****Potential threats that are caused by two main sources:1. Threats caused by people 2. Threats caused by environmental and hardware or software factors
***Examples of Security Threats1. Insiders who make unintentional mistakes (ie. TCC employee) 2. Insiders who abuse their access privileges to information (i.e. access family records) 3. Vengeful employees or outsiders who mount attacks on the organization’s information system
**Threats caused by environmental and hardware or software factors? Know a couple of these: 1. Natural disasters 2. Electrical outages and power surges 3. Malicious software applications (malware) 4. Hardware or software malfunction
***What is MalwareMalicious software applications, that causes havoc on an IT system.
Know of couple of these: What are some types of malwareTrojan horse, spyware, backdoor programs, rootkit, computer worms
*** What does a CSO do (Chief Security Officer)Coordinate the development of security policies and to ensure that they are followed.
***What did ARRA (American Recovery and Reinvestment Act) do in general?Actions related to Health Information Technology in law - Bulk of items are in Title XIII - Health Information Technology; also called HITECH (Health Information Technology for Economic and Clinical Health ACT)

Section 3

Question Answer
***What is a risk analysisA gap analysis to find out where the company vulnabilities may be. (i.e. estimate how likely it is a risk may occur)
****List 3 examples or components/meansures of a Security Program.1. Physical & administrative saveguards 2. Access safeguards 3. Employee awareness including ongoing education and training
***What does Office of Civil Rights (OCR) do?Oversee breaches & HIPAA Privacy & Security.
Define role-based access - A way to control who has access to what.
***Access Control Mechanism Foundations/building blocks (It is a Technical Measure)1. Identification (i.e. user ID or number) 2. Authentication 3. Authorization
***Define Business Continuity Plan. (BCP)A plan that ensures continued business operations in case of an unexpected computer shut down. (i.e. Natural disaster, electrical outages/power surges).
How can the employee authentication be verified? *Know an example:Password/Pin - Smart care of toden - Biometrics
***What is Authorization?The right or the permission that is granted to an individual to use the computer, computer resource, software
***What is Identification?Basic building block of access control, usually performed through the username or user number

Section 4

Question Answer
***What does a physical safeguard do?Protects information resources (computer systems) from loss, theft, physical damage, and natural or other disasters (exp. Doors locked/secured that house major computer systems)
**What do Administrative safeguards include?Policies & procedures that address management of computer resources, log off computer system, inappropriate password sharing, where you can log in, what sites can be visited
**What is an application safeguard?Built into the software or computer programs. (i.e. passwords, ask for a code or something to continue on)
***What is a Audit TrailA software program that tracks every single access to data in the computer system. (It logs the name of the individual who accessed the data, the date and time, and the action taken) (i.e. modify, reading, deleting data).
***What is a network safeguard?Used to guard against security breaches, implement network safeguards (i.e. program or firewall)
*What is a firewall (sometimes called a secured gateway)?Block unauthorized access while permitting authorized communications
***What is a Technical Measure?Access control - Who has access to what part (specific parts) of the computer system. (i.e. 1. User Identification / number, 2. Authentication, 3. Authorization)
***List the HIPPAA Security ProvisionsTechnical Safeguards - Administrative Safeguards - Physical Safeguards - Organizational Requirments - Policies and Procedures and Documentation Requirements
*What is a breach?A violation of the law.
What are some of the dimensions of data quality control processes? (know at least 3)Accuarcy, Accessibility, Consistency, Comprehensiveness, Currency, Definition, Granularity, Precision, Relevancy, and Timeliness
**Give an example of a Management Practice.Employees are prohibited from sharing their passwords.
What is Protecting the privacy of data?Safeguarding access

Section 5