Chapter 12/13 - HIPAA Security Rule / Security Threats and Controls

Question 1

ePHI

Answer 1

acronym: electronic protected health information

Question 2

PHI

Answer 2

acronym: protected health information

Question 3

scalability

Answer 3

the property of a system to handle a growing amount of work by adding resources to the system

Question 4

evanescent

Answer 4

lasting for only a short time, then disappearing quickly and being forgotten

Question 5

vestige

Answer 5

(1) a trace, mark, or visible sign left by something (such as an ancient city or a condition or practice) vanished or lost
(2) the smallest quantity or trace
(3) a bodily part or organ that is small and degenerate or imperfectly developed in comparison to one more fully developed in an earlier stage of the individual, in a past generation, or in closely related forms

Question 6

sanction policy

Answer 6

a document that details how a hospital will apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity

Question 7

implementation specification

Answer 7

Specific requirements or instructions for implementing a standard.

Question 8

workforce clearance procedures

Answer 8

procedures to determine that the access of a workforce member to PHI is appropriate

Question 9

corroboration (verb: corroborate)

Answer 9

evidence which confirms or supports a statement, theory, or finding; confirmation

Question 10

vector

Answer 10

(1) an organism (such as an insect) that transmits a pathogen from one organism or source to another
(2) an agent (such as a plasmid or virus) that contains or carries modified genetic material (such as recombinant DNA) and can be used to introduce exogenous (outside) genes into the genome of an organism

Question 11

illicit

Answer 11

not permitted: UNLAWFUL

Question 12

red flag

Answer 12

a pattern, practice, or specific activity that could indicate identity theft or some other danger

Question 13

Red Flags Rule

Answer 13

an FTC rule that requires organizations to implement a written identity theft prevention program to help them identify any of the relevant “red flags” that indicate identity theft in daily operations. The Rule also offers steps to help prevent the crime and to mitigate its damage

Question 14

Federal Trade Commission (FTC)

Answer 14

an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) U.S. antitrust law and the promotion of consumer protection

Question 15

Explanation of Benefits (EOB)

Answer 15

A statement from your health insurance company providing details on payment for a medical service you received. It explains what portion of services were paid by your insurance plan and what part you’re responsible for paying.

Question 16

entity authentication

Answer 16

the process by which one entity (the verifier) is assured of the identity of a second entity (the claimant) that is participating in a protocol

Question 17

protocol

Answer 17

(1) an original draft, minute, or record of a document, transaction, or social gathering
(2) a code prescribing strict adherence to correct etiquette and precedence (as in diplomatic exchange and in the military services)
(3) a set of conventions governing the treatment and especially the formatting of data in an electronic communications system
(4) a detailed plan of a scientific or medical experiment, treatment, or procedure

Question 18

segue (verb)

Answer 18

to make a transition without interruption from one activity, topic, scene, or part to another

Question 19

bearing(s) (location)

Answer 19

comprehension of one’s position, environment, or situation

Question 20

pretty good privacy (PGP)

Answer 20

An encryption program that provides cryptographic privacy and authentication for data communication. It was developed by Phil Zimmermann in 1991.

Question 21

wired equivalent privacy

Answer 21

a security algorithm that protects information on wireless networks

Question 22

plaintext

Answer 22

data before any encryption has taken place

Question 23

encryption algorithm

Answer 23

a computer program that converts plaintext into an enciphered form

Question 24

ciphertext

Answer 24

data after the encryption algorithm has been applied; the encryption conceals the data’s original meaning and keeps it from being known or used

Question 25

token (computers)

Answer 25

devices, such as key cards, that are inserted into doors or computers

Question 26

public key infrastructure (PKI)

Answer 26

a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption

Question 27

digital certificate

Answer 27

A file or electronic password that proves the authenticity of a device, server, or user through the use of cryptography and the public key infrastructure (PKI). Digital certificate authentication helps organizations ensure that only trusted devices and users can connect to their networks.

Question 28

facsimile

Answer 28

(1) an exact copy, especially of written or printed material
(2) a system of transmitting and reproducing graphic matter (such as printing or still pictures) by means of signals sent over telephone lines

Question 29

blind carbon copy (BCC)

Answer 29

a method that allows a sender of an e-mail to send an e-mail to multiple people without those people knowing the other co-recipients of the e-mail

Question 30

carbon copy

Answer 30

a method that allows a sender of an e-mail to send an e-mail to multiple people; however, all recipients of the e-mail will be able to see all the other recipients