Chapter 12 Test 4 Flashcards
Protection of information from loss, unauthorized access, or misuse, along with protecting its confidentiality
Security
Protects PHI regardless of the medium on which it resides
Privacy rule
Protects electronic PHI (ePHI)
Security rule
Lack of alteration of destruction in an unauthorized manner
Integrity
Not made available or disclosed to unauthorized persons or processes
Confidentiality
HIPAA Security Rule Protects ePHI that is:
Created
Maintained
Transmitted
Received
HIPAA Security rule Required compliance date
April 2005
Small health plans date
April 2006
Changes included as part of HITECH (a portion of ARRA)
Passed by Congress in _______
February 2009
Enforcement of the Security Rule was assumed by the _________ in 2009 (taken over from Centers for Medicare and Medicaid Services)
Office for Civil Rights of HHS
PHI maintained or transmitted in electronic form
For example, tapes, disks, optical disks, hard drives, servers, Internet, private networks
Not included: Voice mail messages, paper-to-paper faxes; copy machines
ePHI
HIPAA Security Rule Must be implemented
Required (R)
HIPAA Security Rule Must be implemented as the rule states or in an alternate manner or documented that risk does not exist or is negligible
Addressable implementation specifications cannot be ignored
Addressable (A)
Covered entities and BAs must use a ________ to decide which security measures to implement.
Risk analysis
__________ should be conducted to determine the cost of compliance.
Financial analysis
Implement policies and procedures to prevent, detect, contain, and correct security violations
Security Management Process