Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
56 Cards in this Set
- Front
- Back
|
A computer software program designed to prevent unauthorized use of an information resource
|
Access controls
|
|
|
Amended by HITECH, The implementation specifications of the HIPAA security rule that are designated addressable rather than required to be in compliance with the role the covered entity must implement the specification as written implement an alternative or document that the risk for which the addressable implementation specification was provided either does not exist in the organization or exist with a negligible
|
Addressable standards
|
|
|
Administrative actions and policies and procedures to manage the selection development implementation and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity's workforce
|
Administrative safeguard
|
|
|
As amended by HITECH, Authorizes to adopt standards for transactions and code sets that are used to exchange health data adopt standard identifiers for health plans healthcare providers employers and individuals for use on standard transactions
|
Administration simplification
|
|
|
Accredited standards committee electronic data interchange
|
ASC X12 standards
|
|
|
The mechanisms that record and examine activity in information systems
|
Audit controls
|
|
|
Review the audit trail and compare it to criteria are specified by the organization which illuminates routine injuries such as the periodic back ups
|
Audit reduction tool
|
|
|
A chronological set of computerized records that provides evidence of information system activity used to determine security violations a record that shows who has access a computer system
|
Audit trail
|
|
|
The physical characteristics of users such as fingerprints voice print retinal scan Iris traits that system store and use to authenticate Identity before allowing the user access to a system
|
Biometrics
|
|
|
A person or organization other than a member of a covered entities workforce that performs functions or activities on behalf of or fit in a covered entity that involves the use or disclosure of individually identifiable health information
|
Business associate
|
|
|
AHIMA credential that recognizes advanced competency in designing implementing and administering comprehensive privacy and security protection program in all types of healthcare organizations
|
CHPS
|
|
|
Certification sponsored by the international information system security certification consider Tory him it is a generic security certification and therefore is not healthcare specific
|
CISSP
|
|
|
Under HIPAA means any set of codes used to encoded data elements such as tables of terms medical concepts medical diagnostic codes or medical procedure codes a code set includes the codes in the descriptions of the codes
|
Code set
|
|
|
Recovery plan in the event of a power failure disaster or other emergency that limits or eliminate axis to Basilica ease and electronic protected personal health information
|
Contingency Plan
|
|
|
A health plan healthcare clearinghouse or a healthcare provider who transmits any health information in electronic form in connection with a transaction covered by the sub-chapter
|
Covered Entity
|
|
|
The process of recouping any data that has been lost from the system crashed as well as the data that were obtained during the downtime
|
Data Recovery
|
|
|
The process of removing or rearranging the magnetic field of a disc in order to render the data recoverable
|
Degaussing
|
|
|
A category of organization established under HIPAA to maintain the electronic transaction standards
|
DSMO
|
|
|
To be subject to HIPAA and organization must meet the definition of a
|
Covered Entity
|
|
|
One of the purposes of the administrative simplification title is to
|
Improve efficiency and effectiveness of healthcare business processes
|
|
|
Is an example of the designated standard maintenance organization
|
HL7
|
|
|
What would make patient information PHI
|
Account Number
|
|
|
Which encodes data
|
Code Set
|
|
|
Allow inequivalent method to be used
|
Addressable Standards
|
|
|
A healthcare organization can consider size and complexity of the organization when developing the security plan this flexibility is called
|
Scalability
|
|
|
What type of safeguard is more people focused in nature
|
Administrative
|
|
|
Ensuring that data are not altered either during transmission across a network or during storage is called
|
Integrity
|
|
|
Construction workers accidentally cut the power to the data center this is an example of what type of threat
|
Human Error
|
|
|
We found a weakness in our security through which a hacker can't access the system this weakness is known as
|
Vulnerability
|
|
|
Security control should be monitored periodically for inappropriate disclosure or use this review is called
|
Information System Activity Review
|
|
|
The standard that determines whether or not an employees access to the ePHI Is appropriate is called
|
Workforce Security
|
|
|
The individual assigned the responsibility of managing the security process is called
|
Security Official
|
|
|
We have spent a lot of money purchasing duplicate hardware cables and such this duplication is known as
|
Redundancy
|
|
|
Periodically the files containing the documentation of security awareness training are cleaning out how many years back must records be kept
|
6 years
|
|
|
If the EHR crushes what plants should be implemented
|
Contingency
|
|
|
Security awareness training must be provided to
|
All members of the workforce
|
|
|
Which is a business associate
|
Company that bills for a physicians office
|
|
|
An example of a technical safeguard is
|
Audit Control
|
|
|
Is used to indicate that data I sent is the same as data received
|
Integrity
|
|
|
An example of a person or entity authentication
|
Password
|
|
|
Where should the audit trail be stored
|
On a different computer from the database
|
|
|
Our computer system just notified us that Mary has just looked up another patient with the same last name this notification is called a
|
Trigger
|
|
|
What type of malware can capture keystrokes
|
Spyware
|
|
|
The term used to describe viruses and spyware is called
|
Malicious Software
|
|
|
An example of two factor authentication
|
Retinal Scan and Password
|
|
|
A labor and delivery nurse has the same access to the information system as the perinatal nurse even though the job varies this is what type of access
|
Role-Based
|
|
|
Data lost due to Malware being downloaded onto a computer may be caused by which of the following
|
Virus
|
|
|
Using a magnet to destroy data on a magnetic disk is called
|
Degaussing
|
|
|
An example of a facility access control is
|
Escorting visitors in the data center
|
|
|
Where should backup disk be stored?
|
In an area that would not be subjected to the same natural disasters as the original data
|
|
|
Physical safeguards include
|
Hardware and Software
|
|
|
Poor security practices that do not lead to disclosure of the ePHI are called
|
Security Events
|
|
|
It security breach has been reported what concept describes the process used to gather evidence
|
Forensics
|
|
|
The inadvertent deletion of data needed for a court case is known as
|
Spoiliation
|
|
|
Our hardware repair service needs access to the data center he signed in and is escorted this is an example of what
|
Facility Access Controls
|
|
|
An example of a security incident
|
Virus Attack
|
