M4: Flashcards
Information that is a subset of health information, including demographic information collected from an individual and:
1) is created or received by a health care provider, health plan, employer, or health care clearinghouse
2) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; that
(i) identifies the individual or
(ii) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
Protected Health Information (PHI)
Defined by HIPAA
Using the same password for multiple clients
Data breach of a retirement plan
- Data management.
- Technology management.
- Service provider management.
- People issues/training period
4 major areas for effective practices and policies identified by the 2011 Council
The Advisory Council on Employee Welfare and Pension Benefit Plans
The ERISA Advisory Council
Cybercriminals encrypt/seize entire hard drives & hold for high ransom
Ransomware
Removing or retaining a service provider
A fiduciary act
Information that can be used to distinguish/trace an individual’s identity, such as their name, SSN, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.
PII
Defined by Office of Management and Budget (OMB)
A service provider involved with plan administration
Third-Party Administrator (TPA)
Where cyber criminals pretend to be senior executives asking employees to transfer funds.
Wire transfer e-mail fraud
This office has set definitions for PII
Office of Management and Budget (OMB)
Prescription disposals in a trash can
Data breach of a medical plan
4 common cyber threats
Ransomware
phishing
wire transfer e-mail fraud
malware via external devices
Where intrusive and harmful software is stored on an external drive that is inserted into and executed on a network computer.
Malware via external devices
2015 Council focus
cyber security issues
Law that controls the way private information of individuals is treated
Gramm-Leach-Bliley Act