Health Information Privacy and Security Flashcards

1
Q

health insurance portability and accountability act (HIPAA)

A
  • 1996
  • privacy and security measure in healthcare
  • privacy rule mandates to de-identify data by removing 18 identifiers (name, DOB, address, phone number, ID, etc.) and getting consent
  • safeguards in place to ensure data is not compromised, and that it is only used for intended purpose
  • should not impede treatment of patients:
  • health plans (health insurers)
  • health care providers
  • health care clearinghouses- empires
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

american recovery and reinvestment act (ARRA)

A
  • 2209
  • after HIPAA
  • HITECH follows
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what image do we use in health care

A

DICOM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HIPAA is not required for

A
  • life insurers
  • employers
  • schools and school districts
  • many law enforcement agencies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

administrative requirements

A
  • written privacy policies and procedures
  • privacy official
  • workforce training and management
  • mitigation strategy for privacy breaches
  • data safeguards
  • designate a complaint official and procedure to file complaints
  • documentation and record retention- 6 years
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

data safeguard

A

-administrative, technical, and physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

document retention

A
  • must hold records for 21 years when you are born
  • mammography’s are kept forever
  • after the first 21st years your records are kept every 6 years
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

administrative safegaurds

A
  • security management processes to reduce and vulnerabilities
  • security personnel
  • information access management
  • workforce training and management
  • evaluation of security policies and procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

physical safeguards

A

facility access
-workstation and device security policies and procedures covering transfer, removal, disposal, and re-use of electronic media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

technical safeguards

A
  • access control that restricts access to authorized personnel
  • audit controls for hardware, software, and transactions
  • transmission security to protect against unauthorized access to data transmitted on networks and via email
  • ID, fingerprint, retinal scan, face scan, blood
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

confidentiality

A
  • prevention of data loss

- usernames, passwords, and encryption are common measures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

availability

A
  • system and network accessibility
  • power loss or network connectivity outages (Natural or accidental)
  • backup generators, peripheral network security equipment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

integrity

A
  • trustworthiness and permanence of data

- data backup and archival tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

tools

A
  • physical
  • networks and information resources
  • firewall, authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

authentication and identity management

A

-photo identification, biometrics, smart card technologies, tokens, and the old standard; user name and password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

basic authentication

A
  • vary depending on sensitivity of data
  • something one knows, something one has, or something that one is
  • username and password combination
  • grid card, smart card, USB token, one time password (OTP)
  • token, or OTP and PIN
17
Q

single sign on

A
  • one set of credentials (mechanism) to easily access many of the resources one uses every day securely
  • google
18
Q

smart cards

A
  • vital information with a self-contained processor and memory
  • low cost, ease of use, portability and durability, and ability to support multiple applications
  • encrypted patient information, biometric signatures and personal identification (PIN)
  • lack of standardization and positive identification
19
Q

digital signature

A
  • legal
  • copy pasting signature is not as good
  • writing your name with a pin and birthday is more securee
20
Q

certificate based encryption

A
  • obscure the content of a message

- recipients public key by sender encrypts message

21
Q

digital and information rights management (DRM and IRM)

A
  • users roles, permission, and access

- limit any unnecessary access

22
Q

biometric authentication

A
  • physical user identifier

- fingerprint, retinal scan, voice imprint

23
Q

standards, compliance and law

A
  • ignorance of the law is no excuse

- detailed list of standards and laws in textbook

24
Q

security breaches and attacks

A
  • identity theft on the rise

- physical theft- stolen laptop from VA (computers, storage devices, servers)

25
Q

theft countermeasures

A
  • render data unusable to thieves
  • encryption standards
  • hardware and software encryption techniques
26
Q

physical or logical access

A

-insider employees and staff

27
Q

accidental or negligent disclosure

A
  • inadequate control of paper records
  • inadvertent release of sensitive information to unauthorized parties
  • through overheard coversations
  • poor housekeeping practices around copiers, fax machines, and recycling bins
28
Q

intrusions and attack

A

-attack on physical and wireless networks attempting to compromise machines and user accounts through disguised email messages, corrupted PDF files and exploited webpages