his unit 7 3rd shift Flashcards
The right to be left alone
The right to keep personal information secret
Privacy
Mechanisms to ensure the safety of data and systems in which the data reside
Security
Sharing or disseminating data only to those with a “need to know”
Confidentiality
Confidentiality is the status accorded to data or information indicating that it is sensitive for some reason and therefore it needs to be protected against?
theft,
disclosure or
improper use, or both, and must be disseminated only to authorized individuals or organizations with a need to
know
Security is the means to control access and protect information from _________ disclosure to unauthorized persons and from ____________
accidental or intentional ; alteration, destruction or loss
Privacy is the right to ______ personal
information and __________ into one’s private affairs
control; freedom from intrusion or
invasion
What are the challenges from proliferation of technologies and applications?
Increased technology use by all care providers
Health information exchange and data-sharing activities across multiple networks
Cloud computing and third-party outsourcing
Increased use by patients, families, and consumers of their devices (tablets, smartphones, etc.)
New models of care require more care providers to access data across the patient care continuum
Clinicians using their own devices like personal laptops, tablet devices, smartphones, and so on
Connected medical devices and implantable devices
What are characteristics of connected medical devices and implantable devices?
Computer profiling and mistakes in the computer
matching of personal data are other controversial threats to privacy.
Spamming is the favorite tactic of mass mailers of unsolicited advertisements, or junk e-mail. Spamming has also been used by cyber- criminals to spread computer viruses or infiltrate many computer systems.
Flaming is the practice of sending extremely critical, derogatory, and often vulgar e-mail messages ( flame mail) or newsgroup postings to other users on the Internet or online services.
Some lacks privacy law
Examples of privacy law?
HIPAA- The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.
What is HIPAA?
A broad piece of legislation intended to address a wide variety of issues related to individual health insurance. Two important sections of HIPAA include the privacy rules and the security rules.
What is the result of effective protection measures?
Data security
Data security is the sum of measures that safeguard data and computer programs from undesired occurrences and exposure to?
- accidental or intentional disclosure to unauthorized persons
- accidental or malicious alteration,
- unauthorized copying,
- loss by theft or destruction by hardware failures, software
What is the data privacy act of 2012?
A comprehensive and strict privacy legislation “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.”
What is a subset of a security breach that
actually leads to “accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Personal Data Breach
What are the requirements of a breach notification?
- The breached information must be sensitive personal
information, or information that could be used for identity fraud - There is a reasonable belief that unauthorized acquisition has occurred
- The risk to the data subject is real
- The potential harm is serious.
What is the flow of information in healthcare?
Direct Patient Care to Support Activity and “Social” uses
Support activity to Commercial uses
What are the definitions of a computer crime?
the unauthorized use, access, modification, and destruction of hardware, software, data, or network resources;
the unauthorized release of information ;
the unauthorized copying of software;
denying an end user access to his or her own hardware, software, data, or network resources ; and
using or conspiring to use computer or network resources to obtain information or tangible property illegally
Who gave this definitions of computer crime?
Association of Information Technology Professionals (AITP)
What are the key features o a secure system and network?
- Authentication
- Authorization and access control
- Data integrity
- Accountability
- Availability
- Data storage
- Data transmission
Ensures that the actions of any entity can be traced during the movement of data from its source to the patient
Accountability
Access control lists for predefined users
Authorization and Access Control
Access control includes?
- Reading
- Writing
- Modifications
- Deletion of data
- Deletion of programs
Protecting and maintaining the physical location of the
data and the data itself
Data Storage
Error detection and error correction protocols
Data Integrity
Means of verifying the correct identity and/or group membership of individual or other entities
Authentication
What are some methods of authentication?
- User name
- Known only by the user (e.g., password)
- Held only by the user (e.g., digital signature, secure ID)
- Attributable only to the user (e.g., finger print, retinal scan)
Used to support information accuracy to ensure that data have not been altered or destroyed in an unauthorized manner
Dats Integrity
Methods of availability?
- Back ups
- Protecting and restricting access
- Protecting against viruses
Physical protection of processors, storage media,
cables, terminals, and workstations
Retention of data for mandated period of time
Data Storage
Exchange of data between person and program or program and program when the sender and receiver are remote from one another
Data Transmission
What is Firewall and Encryption?
Encryption
* Scrambles readable information
* De-encrypt with proper key by recipient
Firewall
* Filtering mechanism so that only authorized traffic is allowed to pass
Audit trails include?
- Identification of the user
- Data source
- Whose information
- Date and time
- Nature of the activity
Protecting and maintaining the physical location of the
data and the data itself
Data Storage
Ethical principles in health informatics?
A program should undergo appropriate evaluation prior to use in clinical practice. It should perform efficiently at an acceptable financial and timeframe cost.
Adequate training and instruction should be completed before proceeding to the implementation
A qualified health professional should be assigned to handle concerns regarding uses, licenses, and other concerns. The software system’s applications should not replace functions as decision-making.
What are the principles of technology ethics?
Proportionality
Informed Consent
Justice
Minimized Risk
The good achieved outweigh the harm or risk
There should be no alternative that achieves the same/comparable benefits with less harm/risk
Proportionality
Technology must be implemented so as to avoid all unnecessary risk
Minimized Risk
Benefits and burdens must be distributed fairly
Justice
Those affected must understand and accept the risks
Informed Consent
Disruptive innovations are a double-edged sword, bringing both opportunity and risk
Issues
What are the issues regarding EHR?
EHRs and computer use should facilitate patient care, support physician ethical duties, and support the patient– physician relationship
EHR use should assist and enhance clinical reasoning, development of cognitive and diagnostic skills. Features such as copy-and-paste should be employed judiciously, reflect thought processes about the current patient encounter and meet the ethical requirements for an accurate and complete medical record
Privacy and confidentiality must be maintained in EHR use
_____ may “inadvertently narrow the scope of inquiry prematurely, a common cause of diagnostic error,” and impede the development of skills and reasoning.
Diagnosis-specific prompts
Some features of electronic documentation may encourage _________
superficial clinical thinking and interaction.
Physicians and students may focus on _______ but not assessing the patient’s current needs.
“screen-driven” information-gathering, scrolling and asking questions as they appear on the computer”
EHR information retrieval, exchange, and remote access can improve care, but also ________
create the risk of unauthorized disclosure and use of protected health information
Respect for patient autonomy requires that patient
encounters and information are kept confidential and
private, fostering trust and improving communication
Patient Privacy/Confidentiality Issues
EHRs are tools that should facilitate high-value patient
centered care, strong patient–physician relationships, and effective training of future physicians. Anything less… does not compute
Ethics on EHR
Ethics on EHR includes policy bodies who have recognized the potential for ______ to improve care, they have also cautioned that it does not effectively support the diagnostic process and may contribute to errors
health information technology (HIT)
T or F: Breaches may occur accidentally
T
EHRs can increase participation and engagement in
health care through patient access, empowerment, and
improved communication.
Access to Information
T or F: Patients are always aware that they can access
their records.
F; may not be aware
What is PCASSO?
Patient-Centered Access to Secure Systems Online
What are the design goals of PCASSO?
To enable secure use of the Internet to access sensitive
patient information
To enable providers and patients to view medical data online
To develop a published, verifiable high-assurance architecture
Not proprietary
No “black box” or trade secret security
Functions of PCASSO?
- Protect healthcare information at multiple levels of sensitivity
- Authorize user actions based on familiar healthcare roles
- End-to-end user accountability
- Empower consumers to access their own medical records
- Patient viewable audit trails
- Automated e-mail notification of records changes
- Security protection extended to user PC
T or F: It is possible for EHR to simultaneously facilitate and complicate the delivery of health care
T
T or F: EHRs should have the power to enhance or impede communication and relationship-building.
T
T or F: In the hospital setting, reliance on computers is decreasing.
F; increasing, leading to a focus on the “iPatient”