Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
HIT CHAPTER 12
| Question | Answer |
|---|---|
| ACCESS CONTROLS | COMPUTER SOFTWARE PROGRAM DESIGNED TO PREVENT UNAUTHORIZED USE OF AN INFO. RESOURCE(2)PROCESS OF DESIGNING, IMPLEMENTING & MONITORING A SYSTEM FOR GUARANTEEING THAT ONLY INDIVIDUALS WHO HAVE LEGITIMATE NEED ARE ALLOWED TO VIEW OR AMEND SPECIFIC DATA SETS |
| ADMINISTRATIVE SAFEGUARD | SET OF 9 STANDARDS DEFINED BY THE HIPAA SECURITY RULE INCLUDING SECURITY MANAGEMENT FUNCTIONS, ASSIGNED SECURITY RESPONS., WORKFORCE SEC., INFO. ACCESS MAMGT, SEC. AWARENESS&TRAINING, SEC. INCIDENT REPORTING, CONTINGENCY PLAN, EVALUATION& BUS ASSOC. CONTR |
| ADMINISTRATIVE SIMPLIFICATION | THE SECTION OF HIPAA THAT DEALS WITH PRIVACY AND SECURITY AS WELL AS STANDARDIZATION OF ELECTRONIC TRANSACTIONS AND CODE SETS |
| ASC X12 STANDARD | A COMMITTEE OF AMERICAN NATIONAL STANDARDS INSTITUTE (ANSI) RESPONSIBLE FOR THE DEVELOPMENT & MAINTENANCE OF ELECTRONIC DATA INTERCHANGE(EDI)STANDARDS FOR MANY INDUSTRIES.THE SUBCOMMITTEE OF ASC X12 RESPONSIBLE FOR THE EDI HEALTH INSURANCE ADMINISTRATIVE |
| AUDIT CONTROLS | A METHOD FOR MONITORING ATTEMPTS TO GAIN ACCESS TO A COMPUTER INFORMATION SYSTEM |
| AUDIT REDUCTION TOOL | REVIEW THE AUDIT TRAIL AND COMPARE IT TO FACILITY-SPECIFIC CRITERIA AND ELIMINATE ROUTINE ENTRIES SUCH AS THE PERIODIC BACKUPS |
| AUDIT TRAIL | A CHRONOLOGICAL RECORD OF ELECTRONIC SYSTEM ACTIVITIES THAT ENABLES THE RECONSTRUCTION, REVIEW & EXAMINATION OF THE SEQUENCE OF EVENTS SURROUNDING OR LEADING TO EACH EVENT &/OR TRANSACTION FROM BEGINNING TO END. INCLUDES WHO PERFORMED WHAT EVENT AND WHEN |
| BIOMETRICS | THE PHYSICAL CHARACTERISTICS OF USERS THAT SYSTEMS STORE & USE TO AUTHENTICATE IDENTITY BEFORE ALLOWING THE USER ACCESS TO A SYSTEM (FINGERPRINTS, VOICEPRINTS) |
| BUSINESS ASSOCIATE | AN INDIVIDUAL OR GROUP WHO IS NOT A MEMBER OF A COVERED ENTITY'S WORKFORCE BUT WHO HELPS THE COVERED ENTITY IN THE PERFORMANCE OF VARIOUS FUNCTIONS INVOLVING THE USE OR DISCLOSURE OF PATIENT IDENTIFIABLE HEALTH INFO. OR DISCLOSURE OF INDIVIDUALLY HEALTH I |
| CERTIFIED IN HEALTHCARE PRIVACY AND SECURITY (CPHS) | AHIMA CREDENTIAL THAT RECOGNIZES ADVANCED COMPETENCY IN DESIGNING, IMPLEMENTING, & ADMINISTERING COMPREHENSIVE PRIVACY & SECURITY PROTECTION PROGRAMS IN ALL TYPES OF HEALTHCARE ORGANIZATIONS |
| CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) | CERTIFICATION IS SPONSORED BU THE INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM (ISC).NOT HEALTHCARE SPECIFIC. 5 YRS FULL TIME EXPERIENCE |
| CODE SET | UNDER HIPAA, ANY SET OF CODES USED TO ENCODE DATA ELEMENTS, SUCH AS TABLES OF TERMS, MEDICAL CONCEPTS, MEDICAL DIAGNOSTIC CODES OR MEDICAL PROCEDURE CODES; INCLUDES BOTH THE CODES & THEIR DESCRIPTIONS |
| CONTINGENCY PLAN | DOCUMENTATION OF THE PROCESS FOR PROCESS FOR RESPONDING TO A SYSTEM EMERGENCY, INCLUDING THE PERFORMANCE OF BACKUPS, THE LINE UP OF CRITICAL ALTERNATIVE FACILITIES TO FACILITATE CONTINUITY OF OPERATIONS & THE PROCESS OF RECOVERING FROM A DIASTER |
| COVERED ENTITY | UNDER HHS HIPAA REGULATIONS, ANY HEALTH PLAN, HEALTHCARE CLEARINGHOUSE, OR HEALTHCARE PROVIDER THAT TRANSMITS SPECIFIC HEALTHCARE TRANSACTIONS IN ELECTRONIC FORM |
| DATA RECOVERY | THE RESTORATION OF LOST DATA OR THE RECONCILIATION OF CONFLICTION OF ERRONEOUS DATA AFTER A SYSTEM FAILURE. RECOVERY IS OFTEN ACHIEVED USING A DISK OR TAPE BACKUP & SYSTEM LOGS |
| DEGAUSSING | THE PROCESS OF REMOVING OR REARRANGING THE MAGNETIC FIELD OF A DISK IN ORDER TO RENDER THE DATA UNRECOVERABLE |
| DENIAL OF SERVICE | DENIAL OF SERVICE ATTACK IS A TYPE OF MALWARE THAT IS DESIGNED TO OVERLOAD A WEB SITE OR OTHER INFORMATION SYSTEM SO THAT THE SYSTEM CANNOT HANDLE THE LOAD AND EVENTUALLY SHUTS DOWN |
| DESIGNATED STANDARD MAINTENANCE | ORGANIZATIONS DESIGNATED BY HIPAA TO CONTROL STANDARDS USED IN THE ELECTRONIC TRANSMISSION USED IN HEALTHCARE |
| ELECTRONIC DATA INTERCHANGE | A STANDARD TRANSMISSION FORMAT USING STRINGS OF DATA FOR BUSINESS INFORMATION COMMUNICATED AMONG THE COMPUTER SYSTEMS OF INDEPENDENT ORGANIZATIONS |
| ELECTRONIC PROTECTED HEALTH INFORMATION (ePHI) | UNDER HIPAA, ALL INDIVIDUALLY IDENTIFIABLE INFORMATION THAT IS CREATED OR RECEIVED ELECTRONICALLY BY A HEALTHCARE PROVIDER OR ANY OTHER ENTITY SUBJECT TO HIPAA REQUIREMENTS |
| ENCRYPTION | THE PROCESS OF TRANSFORMING TEXT INTO AN UNINTELLIGIBLE STRING OF CHARACTERS THAT CAN BE TRANSMITTED VIA COMMUNICATIONS MEDIA WITH A HIGH DEGREE OF SECURITY AND THEN DECRYPTED WHEN IT REACHES A SECURE DESTINATION |
| FACILITY ACCESS CONTROLS | LIMIT PHYSICAL ACCESS TO AUTHORIZED INFORMATION SYSTEM STAFF TO THE DATA CENTERS WHERE THE HARDWARE AND SOFTWARE FOR THE ELECTRONIC INFORMATION SYSTEMS ARE HELD |
| FIREWALL | A COMPUTER SYSTEM OR A COMBINATION OF SYSTEMS THAT PROVIDES A SECURITY BARRIER OR SUPPORTS AN ACCESS CONTROL POLICY BETWEEN TWO NETWORKS OR BETWEEN A NETWORK AND ANY OTHER TRAFFIC OUTSIDE THE NETWORK |
| FORENSICS | THE PROCESS USED TO GATHER INTACT AND VALIDATED EVIDENCE AND IS THE PROCESS THAT SHOULD BE USED TO GATHER EVIDENCE OF THE SECURITY INCIDENT |
| HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) | IMPACTS MANY AREAS OF HEALTHCARE SUCH AS INSURANCE PORTABILITY, CODE SETS, PRIVACY, SECURITY, AND NATIONAL IDENTIFIER STANDARDS |
| INFORMATION SYSTEM ACTIVITY REVIEW | THE PERIODIC REVIEW OF THE SECURITY CONTROLS |
| INTEGRITY | THE STATE OF BEING WHOLE OR UNIMPAIRED (2)IN THE CONTEXT OF DATA SECURITY, DATA INTEGRITY MEANS THE PROTECTION OF DATA FROM ACCIDENTAL OR UNAUTHORIZED INTENTIONAL CHANGE |
| INTRUSION DETECTION AND RESPONSE | THE ACT OF MONITORING SYSTEMS OR NETWORKS FOR UNAUTHORIZED USERS OR UNAUTHORIZED ACTIVITIES AND THE ACTIONS TAKEN FOR CORRECTION TO THESE ACTS |
| MALICIOUS SOFTWARE | (MALWARE)DESIGNED TO HARM A COMPUTER.THE SPECIFIC DAMAGE VARIES BY VIRUS OR OTHER MALWARE.SOME OF THESE VIRUSES ARE MORE A NUISANCE, WHEREAS OTHER DESTROY DATA OR OTHER FILES THAT MAY PREVENT THE COMPUTER FROM OPERATING.HIPAA MANDATES COVERED ENTITY TO PR |
| MITIGATION | |
| NETWORK SECURITY | USING TECHNOLOGY TO PROTECT THE DATA TRANSMITTED ACROSS THE NETWORK & INCLUDES FIRE WALLS, ENCRYPTION & DATA INTEGRITY |
| ONE-FACTOR AUTHENTICATION | PASSWORDS ARE COMMONLY USED IN CONJUNCTION WITH A USER NAME OR IDENTIFIER. ONE-FACTOR AUTHENTICATION AS IT ONLY UTILIZES SOMETHING YOU KNOW |
| PASSWORDS | A SERIES OF CHARACTERS THAT MUST BE ENTERED TO AUTHENTICATE USER IDENTITY AND GAIN ACCESS TO A COMPUTER OR SPECIFIED PORTIONS OF A DATABASE |
| PERSON OR ENTITY AUTHENTICATION | THE CORROBORATION THAT AN ENTITY IS WHO IT CLAIMS TO BE |
| PHISHING | AN EMAIL THAT APPEARS FROM A LEGITIMATE BUSINESS THAT ASKS FOR ACCOUNT NUMBER OR OTHER PERSONAL INFORMATION. THE EMAIL IS ACTUALLY FROM A PHISHER WHO USES THE ACCOUNT NUMBER OR OTHER INFORMATION MALICIOUSLY |
| PHYSICAL SAFEGUARDS | MEASURES SUCK AS LOCKING DOORS TO SAFEGUARD DATA AND COMPUTER PROGRAMS FROM UNDESIRED OCCURRENCES AND EXPOSURES; A SET OF FOUR STANDARDS DEFINED BY THE HIPAA SECURITY RULE INCLUDING FACILITY ACCESS CONTROLS, WORKSTATION USE, WORKSTATION SECURITY & DEVICE |
| PRIVACY | THE QUALITY OR STATE OF BEING HIDDEN FROM,OR UNDISTURBED BY, THE OBSERVATION OR ACTIVITIES OF OTHER PERSONS, OR FREEDOM FROM UNAUTHORIZED INTRUSION,THE RIGHTS OF PATIENT CONTROL DISCLOSURE OR PERSONAL INFO |
| PRIVACY RULE | THE FEDERAL REGULATIONS CREATED TO IMPLEMENT THE PRIVACY REQUIREMENTS OF THE SIMPLIFICATION SUBTITLE OF THE HIPPA ACT 1996 |
| PROTECTED HEALTH INFORMATION (PHI) | INDIVIDUALLY IDENTIFIABLE HEALTH INFO., TRANSMITTED ELECTRONICALLY OR MAINTAINED IN ANY OTHER FORM, THAT IS CREATED OR RECEIVED BY A HEALTHCARE PROVIDER OR ANY OTHER ENTITY SUBJECT TO HIPAA REQUIREMENTS |
| REDUNDANCY | THE CONCEPT OF BUILDING A BACKUP COMPUTER SYSTEM THAT IS AN EXACT VERSION OF THE PRIMARY SYSTEM AND THAT CAN REPLACE IT IN THE EVENT OF A PRIMARY SYSTEM FAILURE |
| RISK ANALYSIS | THE PROCESS OF IDENTIFYING POSSIBLE SECURITY THREAT TO THE ORGANIZATIONS DATA AND IDENTIFYING WHICH RISKS SHOULD BE PROACTIVELY ADDRESSED & WHICH RISKS ARE LOWER IN PRIORITY |
| RISK ASSESSMENT | THE PROCESS OF IDENTIFYING POSSIBLE SECURITY THREAT TO THE ORGANIZATIONS DATA AND IDENTIFYING WHICH RISKS SHOULD BE PROACTIVELY ADDRESSED & WHICH RISKS ARE LOWER IN PRIORITY |
| SECURITY | THE MEANS TO CONTROL ACCESS & PROTECT INFO.FROM ACCIDENTAL OR INTENTIONAL DISCLOSURE TO UNAUTHORIZED PERSONS & FROM UNAUTHORIZED ALTERATION, DESTRUCTION OR LOSS |
| SECURITY AWARENESS TRAINING | PROVIDES EMPLOYEES OF THE COVERED ENTITIES WITH INFORMATION WITH AND A BASIC KNOWLEDGE OF THE SECURITY POLICIES AND PROCEDURES OF THE ORGANIZATION |
| SECURITY EVENT | POOR SECURITY PRACTIVES THAT HAVE NOT LED TO HARM |
| SECURITY INCIDENT | POOR SECURITY PRACTICES THAT HAVE RESULTED IN HARM OR A SIGNIFICANT RISK OF HARM |
| SECURITY MANAGEMENT PLAN | MUST INCLUDE THE POLICIES REQUIRED TO PREVENT, IDENTIFY, CONTROL AND RESOLVE SECURITY INCIDENTS |
| SECURITY OFFICIAL | SECURITY RULE MANDATES AN INDIVIDUAL TO BE IN CHARGE OF THE SECURITY PROGRAM FOR THE COVERED ENTITY. HIPAA CALLS THIS INDIVIDUAL A SECURITY OFFICIAL; HOWEVER THIS POSITION IS FREQUENTLY CALLED CHIEF SECURITY OFFICER BY THE COVERED ENTITIES |
| SECURITY RULE | THE FEDERAL REGULATIONS CREATED TO IMPLEMENT THE SECURITY REQUIREMENTS OF THE HIPAA 1996 |
| SPOLIATION | UNINTENTIONAL DESTRUCTION OR ALTERATION OF EVIDENCE |
| SPYWARE | USED TO TRACK KEYSTROKES & PASSWORDS, MONITOR WEBSITES VISITED, OR OTHER ACTIONS & REPORT THESE ACTIONS BACK TO THE CREATOR OF THE SPYWARE.THE SPYWARE MAY SLOW DOWN THE COMPUTER SYSTEM & CONTRIBUTE TO IDENTIFY IDENTITY THEFT OR OTHER BREACHES OF PRIVACY |
| TECHNICAL SAFEGUARD | THE TECHNOLOGY & THE POLICY & PROCEDURES FOR ITS USE THAT PROTECT ELECTRONIC PROTECTED HEALTH INFORMATION AND CONTROL ACCESS TO IT |
| TELEPHONE CALLBACK PROCEDURES | PROCEDURES USED PRIMARILY WHEN EMPLOYEES HAVE ACCESS TO AN ORGANIZATIONS HEALTH INFORMATION SYSTEMS FROM A REMOTE LOCATION THAT VERIFY WHETHER THE CALLERS NUMBER IS AUTHORIZED & PREVENT ACCESS WHEN IT IS NOT |
| TERMINATION PROCESS | A HIPAA MANDATED PROCESS THAT TERMINATES AN EMPLOYEES ACCESS IMMEDIATELY UPON SEPARATION FROM THE FACILITY |
| TOKEN | A PHYSICAL DEVICE SUCH AS A KEY CARD, INSERTED INTO A DOOR TO ADMIT AN AUTHORIZED PERSON OR INTO A COMPUTER TO AUTHENTICATE A COMPUTER USER |
| TRANSACTIONS AND CODE SETS RULE | DESIGNED TO STANDARDIZE TRANSACTIONS PERFORMED BY HEALTHCARE ORGANIZATIONS. THESE STANDARDS APPLY TO ELECTRONIC TRANSACTIONS ONLY, HOWEVER PAPER SUBMISSIONS ARE SIMILAR |
| TRANSMISSION SECURITY | MECHANISMS DESIGNED TO PROTECT ePHI WHILE THE DATA ARE BEING TRANSMITTED BETWEEN TWO POINTS |
| TRIGGER | A DOCUMENTED RESPONSE THAT ALERTS A SKILLED NURSING FACILITY RESIDENT ASSESSMENT INSTRUMENT ASSESSOR TO THE FACT THAT FURTHER RESEARCH IS NEEDED TO CLARIFY AN ASSESSMENT |
| TWO-FACTOR AUTHENTICATION | TOKENS ARE USED IN CONJUNCTION WITH A PASSWORD TO PROVIDE 2 FACTOR AUTHENTICATION BECAUSE A TOKEN & PASSWORD ARE 2 DIFFERENT TYPES OF AUTHENTICATIONS - SOMETHING YOU KNOW AND SOMETHING YOU HAVE |
| USERNAME | A UNIQUE IDENTIFIER ASSIGNED TO EACH USER |
| VIRUS | A COMPUTER PROGRAM, TYPICALLY HIDDEN, THAT ATTACHES ITSELF TO OTHER PROGRAMS AND HAS THE ABILITY TO REPLICATE AND CAUSE VARIOUS FORMS OF HARM TO DATA |
| WORKFORCE CLEARANCE PROCEDURE | ENSURES THAT EACH MEMBER OF THE WORKFORCES LEVEL OF ACCESS IS APPROPRIATE |
| WORM | A SPECIAL TYPES OF COMPUTER VIRUS, USUALLY TRANSFERRED FROM COMPUTER TO COMPUTER VIA EMAIL, THAT CAN REPLICATE ITSELF AND USE MEMORY BUT CANNOT ATTACH ITSELF TO OTHER PROGRAMS |
Created by:
caustinsmom1125
Popular Health & Social Care sets