Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

RAD 411 > Data security awareness > Flashcards

Data security awareness Flashcards

1
Q

Effective information management enables teams to use their time, resources and expertise effectively to make decisions and to fulfil their roles. what are the 5

A
  • collection
  • sharing
  • usage
  • archiving
  • disposal
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what sets regulations on the minimal time info must be kept before disposale

A

records management code of practice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what does ICO stand for and what is their duty

A
  • information commissioners office
  • regulate and enforce data protection law in UK
  • Offer advice and guidance, promote good practice, carry out audits, consider complaints, monitor compliance and take enforcement action, such as issuing fines, where appropriate.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 3 types of personal data

A
  • personal data
  • special category
  • confidential
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

define personal data

A
  • info relating to living individual who can be identified from that e.g name or number
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

define special category data

A
  • info that needs more protection because its more sensitive
  • e.g race, genetic data, biometric data, health data (sexual orientation)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

define confidential data

A
  • info collected for provision of health and social care services where people can be identified and would expect it to be kept private
  • e.g diagnosis, treatment, address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

confidential info is subject to legal and professional duty of confidentiality

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

general principle that confidential info shouldn’t be shared for purposes other than direct care of individual with exceptions of?..

A
  • individual has consented to sharing
  • required to share by law/ permitted by law
  • overriding public intrest
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

maintaining confidentiality is responsibility of all staff working in health and care

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is pseudonymisation/pseudonymised data

A
  • security technique used to protect personal data.
  • Pseudonymised data is information which has had identifiers replaced by one or more artificial identifiers, or pseudonyms, such as a hospital number.
  • Pseudonymised data is still considered personal data.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is anonymised data

A
  • Truly anonymised information or data cannot identify or re-identify an individual (directly or indirectly), either on its own or when combined with other information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In most cases, it may be acceptable and appropriate to publish or share truly anonymous information, but you should check with your information governance team to make sure

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

who has to follow data protection principles

A

Everyone responsible for using personal data has to follow strict rules specified under data protection law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what are the 7 data protection principles

A
  1. lawful, fair and transparent
  2. purpose limitation
  3. data minimisation
  4. accurate and kept up to date
  5. storage limitation
  6. security, integrity and confidentiality
  7. accounted for
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

whats meant by . lawful, fair and transparent

A
  • Ensure you have a valid legal reason to use people’s information
  • cant use if detrimental to individual
  • acted in accordance with other laws or as expected
  • be clear, open and honest
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is meant by purpose limitation

A
  • You must be clear from the outset about the purpose for using the information.

-only use the personal data for another purpose where this is compatible with your original purpose, or you get consent, or you have a clear obligation or function set out in law.

-You must inform people if you are going to use their information in a new way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

whats meant by data minimisation

A
  • You must ensure the personal data you are processing is:
  • adequate: sufficient to properly fulfil the stated purpose
  • relevant: has a rational link to that purpose
  • not excessive: you do not use more than you need for that purpose.
  • Only use or share the minimum amount of personal data necessary to achieve the intended purpose
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

whats meant by accurate and kept up to date

A
  • You should take all reasonable steps to ensure the personal data you hold is not incorrect or misleading
  • You may need to keep the personal data updated, although this will depend on what you are using it for
  • If you discover that personal data is incorrect or misleading, you must take reasonable steps to correct or erase it as soon as possible
  • You must carefully consider any challenges to the accuracy of personal data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

whats meant by storage limitation

A
  • You must not keep personal data for longer than you need it
  • You need to think about, and be able to justify, how long you keep personal data. This will depend on your purposes for holding the data
  • You should also periodically review the data you hold, and erase it when you no longer need it
  • You must carefully consider any challenges to your retention of data
  • You can keep personal data for longer if you are only keeping it for public interest archiving, scientific or historical research, or statistical purposes
  • You should manage personal data in line with your organisation’s records or information management procedures and guidance and the Records Management Code of Practice for Health and Social Care
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

whats meant by security, integrity and confidentiality

A
  • You and/or your organisation must ensure that appropriate security measures are in place to protect the personal data held by your organisation or any other third party working on behalf of your organisation.
  • Where your organisation is using or sharing personal data which may involve a high risk to individuals, including processing large volumes of health and care information, you will need to carry out a data protection impact assessment (DPIA) to identify and explain how you are managing those risks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

define DPIA and when is it used

A

data protection impact assessment
- if theres a high risk associated with using or sharing personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

whats meant by accountability principle

A
  • The accountability principle requires your organisation to take responsibility for what you do with personal data and how you comply with the other principles.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

what are the 9 rights of an individual associated with the data protection law

A
  • informed
  • access
  • rectification
  • erasure
  • restirction
  • data protability
  • object
  • automated decision making and profiling
  • raise a concern
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

what is a personal data breach

A
  • breaches of security which lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

what steps can be taken to avoid personal data preach

A
  • Read and comply with your organisation’s policies on:
    Data protection
    Records management
    Security management
  • Complete relevant training and put your learning into practice
  • Apply core data protection, security, records management and confidentiality principles in your day-to-day processing of data

-Use relevant best practice guidance

-Assess the risks of your data use by completing a data protection impact assessment (DPIA)

  • Use relevant best practice guidance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

what 3 main areas can data security be broken down into

A
  1. confidentiality
  2. integrity
  3. availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

what is confidentiality

A
  • privacy and ensuring that information is only accessible to those who have a legitimate reason to see it.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

what is integrity in terms of data

A
  • information being accurate, up-to-date and reliable.
27
Q

what is availability in terms of data

A
  • information being there when it is needed: to support care, to pay staff wages, or for any other legitimate purpose.
28
Q

what is SCR

A

summary care record
- electronic record of ppls info sourced from GP record
- can see medication and medical history etc

29
Q

what is social engineering

A
  • those who want to steal data, such as health and care records, either digital or physical, by using tricks or deception to manipulate people into giving access to that data and other valuable information.
30
Q

what are 4 ways people may gain ur trust to undergo social engineering

A
  • preparation (finding number or info through social networking sites)
  • in office (asking to hold door cuz they didnt bring key)
  • on phone ( can call and pretend to be fellow employee or police etc)
  • online ( fun quizzes to find out more about u, emails etc)
31
Q

what are 3 ways hackers can get ur info via email

A
  1. click on link ( and u enter ur information etc)
  2. open attachment (runs malicious code on ur computer giving them access)
  3. unknowingly install malware ( steal data thru this or lock it and ask for ransom)
32
Q

what is phishing

A

to force users to make a mistake for, example, by imitating a legitimate company’s emails or by creating a time-limited or pressurised situation

33
Q

Phishing email attachments or websites might ask you to enter personal information or a password, or they could start downloading and installing malware.

Do not install any new software unless you are advised to do so by your line manager, ICT department or provider.

A
34
Q

what should you do if u think you’ve received phishing emails etc

A

you must contact your manager and ICT department or provider for advice immediately

34
Q

what are some signs of a phishing email

A
  • incorrect sender name
  • multiple receivers of the same email
  • spelling gramma etc
  • asking for personal info
  • asking to download stuff (esp when they wouldn’t usually ask for that) suspicious attachments
  • links
35
Q

what is malware

A
  • can reside on computer without detection making it easier for someone to be active on ur system without u knowing
36
Q

what are macros

A
  • series of actions a program performs to work out some formulas
  • your computer will disable macros by default as they can be programmed to install malware
37
Q

how do u protect ur system from malware

A
  • up-todate antivirus software installed
38
Q

malware can make computers run slow or perform unusually

A
39
Q

what are 2 forms of good practice for data safety

A
  • vigilant on websites declared as untrusted
  • strong passwords and different passwords on different sites
40
Q

what are safety measures to take on ur wifi

A
  • Change default passwords
  • Use encryption - WPA2 is a type of encryption used to secure the vast majority of Wi-Fi networks
  • Use password managers
  • Disable auto connect to unknown Wi-Fi networks
  • Update phones and devices with latest patches
41
Q

Staying safe online:
- Passwords protect your device
- Use personal hotspot for internet access
- Keep belongings close by
- Do not assume Wi-Fi hotspots are secure
- Sit where you are not overlooked or use a privacy screen on your laptop - back against the wall is best
- Keep paperwork or documents to a minimum
- Do not discuss confidential data on the phone where you may be overheard

A
42
Q

Press the Windows key + L on your keyboard to quickly lock your laptop or PC.

A
43
Q

Do not use unauthorised USB drives and mobile devices and avoid plugging in any non-approved devices to charge via USB cable.

A
44
Q

Using untrusted USB drives on your work computer can introduce malicious software and allow an attacker access to your network.

A
45
Q

what are 3 principles part of the clear desk policy

A
  • Do not leave information such as documents that identify someone or financial details in unsecure locations
  • Having a clear desk ensures that you are not potentially leaving sensitive information lying around, raising the risk of a breach
  • A clear desk policy reduces the risk of data loss by ensuring no confidential or commercial information is left unattended throughout the workplace
46
Q

what are 3 things you must be wary of when working from home on video calls

A
  • blurring backgrounds incase of sensitive info on walls
  • mindful of conversations in shared house going on
  • mindful to treat home workspace as much as work as possible
47
Q

what is the purpose of Caldecott principles

A
  • intended to guide organisations on the use of confidential information within health and social care organisations and when such information is shared with other organisations or individuals
48
Q

what are caldicott guardians

A

senior people within an organisation who protect the confidentiality of people’s information by considering the ethical and legal aspects of data sharing

49
Q
  • justify purpose for use of confidential info
  • dont use confidential info unless necessary
  • use min necessary info
  • access to confidential info should be on strict need to know basis
  • everyone with access to confidential info should be aware of their responsibilities
  • comply with law
  • duty to share info can be as important as the duty to protect confidentiality
  • inform patients and service users about how their info is used
A
50
Q

what are the 3 techniques to follow when informing people their data is used

A
  • explain (how and point to add info)
  • choices (let them know their choices in how info is used+ how it affects them)
  • meet expectations (only use data in ways they’ll expect or in ways it’ll help)
51
Q

when do u have legal duty to share information

A
  • it it’ll assis in care of individual concerned and
  • if its reasonable to believe the concerned individual understand why its shared
52
Q

3 checkpoints when sharing patient info is?

A
  1. check patients ok and comfortable with info shared
  2. ensure data protection, record keeping and security best practice is met
  3. respect objections
53
Q

what is NDG

A

national data guardian

  • advises and challenges the health and care system to help ensure that people’s confidential information is safeguarded securely and used properly.
54
Q

what is the national data opt-out

A
  • allow people to choose whether their confidential information is used for research and planning purposes
55
Q

what are the 3 types of personal data breaches

A
  • confidentiality breach (unauthorised or accidental disclosure of, or access to, personal data)
  • integrity breach (unauthorised or accidental alteration of personal data.)
  • availability breach (accidental or unauthorised loss of access to, or destruction of, personal data.)
56
Q

make sure that all correspondence containing personal data is always addressed to a named person

A
57
Q

give some examples of cyber and non-cyber incidents

A

cyber = brute force, malware, phishing, ransomware etc

non-cyber = altering data, wrong recipient, loss and theft of info, insecure disposal of paperwork etc

58
Q

assess the risks of posting paper records which include personal data and use this method only where it is absolutely necessary, secure and appropriate to do so. Consider using tracked or recorded delivery

A
59
Q

Only send case notes and other bulky material in robust, approved packaging, never in dustbin sacks, carrier bags or other containers.

Don’t leave the packages unattended unless they are securely stored, when waiting for collection.

A
60
Q

what are 5 things to consider when sending an email to patients

A
  • if insecure check the service user understands risks
  • ensure everyone is content with sensitive and confidential info being kept secure
  • check everyone on copy list is a need to know on info being sent
  • check with line manager if u can send in that way
  • confirm accuracy of email addresses for all intended recipients
61
Q

If a request for information is made by phone you should, where possible, adhere to the following processes and procedures.

A

Confirm the name, job title, department and organisation of the person requesting the information
Confirm that the reason for the information request is appropriate
Find a contact telephone number that you know is correct for the organisation - such as the main switchboard number - so you can call back and ask for the named individual, to confirm that the caller is genuine
Check whether the information can be provided. If in doubt, tell the person you will call them back
Only provide the information to the person who requested it. Do not leave

62
Q

what are the 4 steps of the information management lifecycle

A
  1. creation
  2. use
  3. retention
  4. disposal decision (usually destruction)
63
Q

who is in charge of disposing devices

A

ICT department or provider

64
Q

When disposing of records, it is important to obtain a record of its disposal. This could be a certificate of destruction (so it is clear that the record has been destroyed, rather than misplaced), or an accession notice (when records are deposited with the local Place of Deposit or the National Archives, for long-term archival preservation).

A
65
Q

what is the freedom of information

A

Freedom of Information (FOI) Act 2000 [7] provides public access to information held by public authorities.

66
Q
A
66
Q

The Freedom of Information Act requires every public authority to have a publication scheme, approved by the Information Commissioner’s Office (ICO), and to publish information covered by the scheme.

The scheme must set out your organisation’s commitment to make certain classes of information routinely available, such as policies and procedures, minutes of meetings, annual reports and financial information.

A
67
Q

what are 2 duties of the organisation when asked for information under the freedom of information act

A

An organisation has 2 separate duties when responding to requests:

  • To tell the applicant whether they hold any information falling within the scope of their request
  • To provide that information, unless there is a legitimate reason not to disclose (where an exemption applies)

RAD 411 (28 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions