Chapter 12/13 - HIPAA Security Rule / Security Threats and Controls Flashcards
ePHI
acronym: electronic protected health information
PHI
acronym: protected health information
scalability
the property of a system to handle a growing amount of work by adding resources to the system
evanescent
lasting for only a short time, then disappearing quickly and being forgotten
vestige
(1) a trace, mark, or visible sign left by something (such as an ancient city or a condition or practice) vanished or lost
(2) the smallest quantity or trace
(3) a bodily part or organ that is small and degenerate or imperfectly developed in comparison to one more fully developed in an earlier stage of the individual, in a past generation, or in closely related forms
sanction policy
a document that details how a hospital will apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity
implementation specification
Specific requirements or instructions for implementing a standard.
workforce clearance procedures
procedures to determine that the access of a workforce member to PHI is appropriate
corroboration (verb: corroborate)
evidence which confirms or supports a statement, theory, or finding; confirmation
vector
(1) an organism (such as an insect) that transmits a pathogen from one organism or source to another
(2) an agent (such as a plasmid or virus) that contains or carries modified genetic material (such as recombinant DNA) and can be used to introduce exogenous (outside) genes into the genome of an organism
illicit
not permitted: UNLAWFUL
red flag
a pattern, practice, or specific activity that could indicate identity theft or some other danger
Red Flags Rule
an FTC rule that requires organizations to implement a written identity theft prevention program to help them identify any of the relevant “red flags” that indicate identity theft in daily operations. The Rule also offers steps to help prevent the crime and to mitigate its damage
Federal Trade Commission (FTC)
an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) U.S. antitrust law and the promotion of consumer protection
Explanation of Benefits (EOB)
A statement from your health insurance company providing details on payment for a medical service you received. It explains what portion of services were paid by your insurance plan and what part you’re responsible for paying.
entity authentication
the process by which one entity (the verifier) is assured of the identity of a second entity (the claimant) that is participating in a protocol
protocol
(1) an original draft, minute, or record of a document, transaction, or social gathering
(2) a code prescribing strict adherence to correct etiquette and precedence (as in diplomatic exchange and in the military services)
(3) a set of conventions governing the treatment and especially the formatting of data in an electronic communications system
(4) a detailed plan of a scientific or medical experiment, treatment, or procedure
segue (verb)
to make a transition without interruption from one activity, topic, scene, or part to another
bearing(s) (location)
comprehension of one’s position, environment, or situation
pretty good privacy (PGP)
An encryption program that provides cryptographic privacy and authentication for data communication. It was developed by Phil Zimmermann in 1991.
wired equivalent privacy
a security algorithm that protects information on wireless networks
plaintext
data before any encryption has taken place
encryption algorithm
a computer program that converts plaintext into an enciphered form
ciphertext
data after the encryption algorithm has been applied; the encryption conceals the data’s original meaning and keeps it from being known or used
token (computers)
devices, such as key cards, that are inserted into doors or computers
public key infrastructure (PKI)
a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption
digital certificate
A file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI). Digital certificate authentication helps organizations ensure that only trusted devices and users can connect to their networks.
facsimile
(1) an exact copy, especially of written or printed material
(2) a system of transmitting and reproducing graphic matter (such as printing or still pictures) by means of signals sent over telephone lines
blind carbon copy (BCC)
a method that allows a sender of an e-mail to send an e-mail to multiple people without those people knowing the other co-recipients of the e-mail
carbon copy
a method that allows a sender of an e-mail to send an e-mail to multiple people; however, all recipients of the e-mail will be able to see all the other recipients
