Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards
share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

HIT CHAPTER 12

QuestionAnswer
ACCESS CONTROLS COMPUTER SOFTWARE PROGRAM DESIGNED TO PREVENT UNAUTHORIZED USE OF AN INFO. RESOURCE(2)PROCESS OF DESIGNING, IMPLEMENTING & MONITORING A SYSTEM FOR GUARANTEEING THAT ONLY INDIVIDUALS WHO HAVE LEGITIMATE NEED ARE ALLOWED TO VIEW OR AMEND SPECIFIC DATA SETS
ADMINISTRATIVE SAFEGUARD SET OF 9 STANDARDS DEFINED BY THE HIPAA SECURITY RULE INCLUDING SECURITY MANAGEMENT FUNCTIONS, ASSIGNED SECURITY RESPONS., WORKFORCE SEC., INFO. ACCESS MAMGT, SEC. AWARENESS&TRAINING, SEC. INCIDENT REPORTING, CONTINGENCY PLAN, EVALUATION& BUS ASSOC. CONTR
ADMINISTRATIVE SIMPLIFICATION THE SECTION OF HIPAA THAT DEALS WITH PRIVACY AND SECURITY AS WELL AS STANDARDIZATION OF ELECTRONIC TRANSACTIONS AND CODE SETS
ASC X12 STANDARD A COMMITTEE OF AMERICAN NATIONAL STANDARDS INSTITUTE (ANSI) RESPONSIBLE FOR THE DEVELOPMENT & MAINTENANCE OF ELECTRONIC DATA INTERCHANGE(EDI)STANDARDS FOR MANY INDUSTRIES.THE SUBCOMMITTEE OF ASC X12 RESPONSIBLE FOR THE EDI HEALTH INSURANCE ADMINISTRATIVE
AUDIT CONTROLS A METHOD FOR MONITORING ATTEMPTS TO GAIN ACCESS TO A COMPUTER INFORMATION SYSTEM
AUDIT REDUCTION TOOL REVIEW THE AUDIT TRAIL AND COMPARE IT TO FACILITY-SPECIFIC CRITERIA AND ELIMINATE ROUTINE ENTRIES SUCH AS THE PERIODIC BACKUPS
AUDIT TRAIL A CHRONOLOGICAL RECORD OF ELECTRONIC SYSTEM ACTIVITIES THAT ENABLES THE RECONSTRUCTION, REVIEW & EXAMINATION OF THE SEQUENCE OF EVENTS SURROUNDING OR LEADING TO EACH EVENT &/OR TRANSACTION FROM BEGINNING TO END. INCLUDES WHO PERFORMED WHAT EVENT AND WHEN
BIOMETRICS THE PHYSICAL CHARACTERISTICS OF USERS THAT SYSTEMS STORE & USE TO AUTHENTICATE IDENTITY BEFORE ALLOWING THE USER ACCESS TO A SYSTEM (FINGERPRINTS, VOICEPRINTS)
BUSINESS ASSOCIATE AN INDIVIDUAL OR GROUP WHO IS NOT A MEMBER OF A COVERED ENTITY'S WORKFORCE BUT WHO HELPS THE COVERED ENTITY IN THE PERFORMANCE OF VARIOUS FUNCTIONS INVOLVING THE USE OR DISCLOSURE OF PATIENT IDENTIFIABLE HEALTH INFO. OR DISCLOSURE OF INDIVIDUALLY HEALTH I
CERTIFIED IN HEALTHCARE PRIVACY AND SECURITY (CPHS) AHIMA CREDENTIAL THAT RECOGNIZES ADVANCED COMPETENCY IN DESIGNING, IMPLEMENTING, & ADMINISTERING COMPREHENSIVE PRIVACY & SECURITY PROTECTION PROGRAMS IN ALL TYPES OF HEALTHCARE ORGANIZATIONS
CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) CERTIFICATION IS SPONSORED BU THE INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM (ISC).NOT HEALTHCARE SPECIFIC. 5 YRS FULL TIME EXPERIENCE
CODE SET UNDER HIPAA, ANY SET OF CODES USED TO ENCODE DATA ELEMENTS, SUCH AS TABLES OF TERMS, MEDICAL CONCEPTS, MEDICAL DIAGNOSTIC CODES OR MEDICAL PROCEDURE CODES; INCLUDES BOTH THE CODES & THEIR DESCRIPTIONS
CONTINGENCY PLAN DOCUMENTATION OF THE PROCESS FOR PROCESS FOR RESPONDING TO A SYSTEM EMERGENCY, INCLUDING THE PERFORMANCE OF BACKUPS, THE LINE UP OF CRITICAL ALTERNATIVE FACILITIES TO FACILITATE CONTINUITY OF OPERATIONS & THE PROCESS OF RECOVERING FROM A DIASTER
COVERED ENTITY UNDER HHS HIPAA REGULATIONS, ANY HEALTH PLAN, HEALTHCARE CLEARINGHOUSE, OR HEALTHCARE PROVIDER THAT TRANSMITS SPECIFIC HEALTHCARE TRANSACTIONS IN ELECTRONIC FORM
DATA RECOVERY THE RESTORATION OF LOST DATA OR THE RECONCILIATION OF CONFLICTION OF ERRONEOUS DATA AFTER A SYSTEM FAILURE. RECOVERY IS OFTEN ACHIEVED USING A DISK OR TAPE BACKUP & SYSTEM LOGS
DEGAUSSING THE PROCESS OF REMOVING OR REARRANGING THE MAGNETIC FIELD OF A DISK IN ORDER TO RENDER THE DATA UNRECOVERABLE
DENIAL OF SERVICE DENIAL OF SERVICE ATTACK IS A TYPE OF MALWARE THAT IS DESIGNED TO OVERLOAD A WEB SITE OR OTHER INFORMATION SYSTEM SO THAT THE SYSTEM CANNOT HANDLE THE LOAD AND EVENTUALLY SHUTS DOWN
DESIGNATED STANDARD MAINTENANCE ORGANIZATIONS DESIGNATED BY HIPAA TO CONTROL STANDARDS USED IN THE ELECTRONIC TRANSMISSION USED IN HEALTHCARE
ELECTRONIC DATA INTERCHANGE A STANDARD TRANSMISSION FORMAT USING STRINGS OF DATA FOR BUSINESS INFORMATION COMMUNICATED AMONG THE COMPUTER SYSTEMS OF INDEPENDENT ORGANIZATIONS
ELECTRONIC PROTECTED HEALTH INFORMATION (ePHI) UNDER HIPAA, ALL INDIVIDUALLY IDENTIFIABLE INFORMATION THAT IS CREATED OR RECEIVED ELECTRONICALLY BY A HEALTHCARE PROVIDER OR ANY OTHER ENTITY SUBJECT TO HIPAA REQUIREMENTS
ENCRYPTION THE PROCESS OF TRANSFORMING TEXT INTO AN UNINTELLIGIBLE STRING OF CHARACTERS THAT CAN BE TRANSMITTED VIA COMMUNICATIONS MEDIA WITH A HIGH DEGREE OF SECURITY AND THEN DECRYPTED WHEN IT REACHES A SECURE DESTINATION
FACILITY ACCESS CONTROLS LIMIT PHYSICAL ACCESS TO AUTHORIZED INFORMATION SYSTEM STAFF TO THE DATA CENTERS WHERE THE HARDWARE AND SOFTWARE FOR THE ELECTRONIC INFORMATION SYSTEMS ARE HELD
FIREWALL A COMPUTER SYSTEM OR A COMBINATION OF SYSTEMS THAT PROVIDES A SECURITY BARRIER OR SUPPORTS AN ACCESS CONTROL POLICY BETWEEN TWO NETWORKS OR BETWEEN A NETWORK AND ANY OTHER TRAFFIC OUTSIDE THE NETWORK
FORENSICS THE PROCESS USED TO GATHER INTACT AND VALIDATED EVIDENCE AND IS THE PROCESS THAT SHOULD BE USED TO GATHER EVIDENCE OF THE SECURITY INCIDENT
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) IMPACTS MANY AREAS OF HEALTHCARE SUCH AS INSURANCE PORTABILITY, CODE SETS, PRIVACY, SECURITY, AND NATIONAL IDENTIFIER STANDARDS
INFORMATION SYSTEM ACTIVITY REVIEW THE PERIODIC REVIEW OF THE SECURITY CONTROLS
INTEGRITY THE STATE OF BEING WHOLE OR UNIMPAIRED (2)IN THE CONTEXT OF DATA SECURITY, DATA INTEGRITY MEANS THE PROTECTION OF DATA FROM ACCIDENTAL OR UNAUTHORIZED INTENTIONAL CHANGE
INTRUSION DETECTION AND RESPONSE THE ACT OF MONITORING SYSTEMS OR NETWORKS FOR UNAUTHORIZED USERS OR UNAUTHORIZED ACTIVITIES AND THE ACTIONS TAKEN FOR CORRECTION TO THESE ACTS
MALICIOUS SOFTWARE (MALWARE)DESIGNED TO HARM A COMPUTER.THE SPECIFIC DAMAGE VARIES BY VIRUS OR OTHER MALWARE.SOME OF THESE VIRUSES ARE MORE A NUISANCE, WHEREAS OTHER DESTROY DATA OR OTHER FILES THAT MAY PREVENT THE COMPUTER FROM OPERATING.HIPAA MANDATES COVERED ENTITY TO PR
MITIGATION
NETWORK SECURITY USING TECHNOLOGY TO PROTECT THE DATA TRANSMITTED ACROSS THE NETWORK & INCLUDES FIRE WALLS, ENCRYPTION & DATA INTEGRITY
ONE-FACTOR AUTHENTICATION PASSWORDS ARE COMMONLY USED IN CONJUNCTION WITH A USER NAME OR IDENTIFIER. ONE-FACTOR AUTHENTICATION AS IT ONLY UTILIZES SOMETHING YOU KNOW
PASSWORDS A SERIES OF CHARACTERS THAT MUST BE ENTERED TO AUTHENTICATE USER IDENTITY AND GAIN ACCESS TO A COMPUTER OR SPECIFIED PORTIONS OF A DATABASE
PERSON OR ENTITY AUTHENTICATION THE CORROBORATION THAT AN ENTITY IS WHO IT CLAIMS TO BE
PHISHING AN EMAIL THAT APPEARS FROM A LEGITIMATE BUSINESS THAT ASKS FOR ACCOUNT NUMBER OR OTHER PERSONAL INFORMATION. THE EMAIL IS ACTUALLY FROM A PHISHER WHO USES THE ACCOUNT NUMBER OR OTHER INFORMATION MALICIOUSLY
PHYSICAL SAFEGUARDS MEASURES SUCK AS LOCKING DOORS TO SAFEGUARD DATA AND COMPUTER PROGRAMS FROM UNDESIRED OCCURRENCES AND EXPOSURES; A SET OF FOUR STANDARDS DEFINED BY THE HIPAA SECURITY RULE INCLUDING FACILITY ACCESS CONTROLS, WORKSTATION USE, WORKSTATION SECURITY & DEVICE
PRIVACY THE QUALITY OR STATE OF BEING HIDDEN FROM,OR UNDISTURBED BY, THE OBSERVATION OR ACTIVITIES OF OTHER PERSONS, OR FREEDOM FROM UNAUTHORIZED INTRUSION,THE RIGHTS OF PATIENT CONTROL DISCLOSURE OR PERSONAL INFO
PRIVACY RULE THE FEDERAL REGULATIONS CREATED TO IMPLEMENT THE PRIVACY REQUIREMENTS OF THE SIMPLIFICATION SUBTITLE OF THE HIPPA ACT 1996
PROTECTED HEALTH INFORMATION (PHI) INDIVIDUALLY IDENTIFIABLE HEALTH INFO., TRANSMITTED ELECTRONICALLY OR MAINTAINED IN ANY OTHER FORM, THAT IS CREATED OR RECEIVED BY A HEALTHCARE PROVIDER OR ANY OTHER ENTITY SUBJECT TO HIPAA REQUIREMENTS
REDUNDANCY THE CONCEPT OF BUILDING A BACKUP COMPUTER SYSTEM THAT IS AN EXACT VERSION OF THE PRIMARY SYSTEM AND THAT CAN REPLACE IT IN THE EVENT OF A PRIMARY SYSTEM FAILURE
RISK ANALYSIS THE PROCESS OF IDENTIFYING POSSIBLE SECURITY THREAT TO THE ORGANIZATIONS DATA AND IDENTIFYING WHICH RISKS SHOULD BE PROACTIVELY ADDRESSED & WHICH RISKS ARE LOWER IN PRIORITY
RISK ASSESSMENT THE PROCESS OF IDENTIFYING POSSIBLE SECURITY THREAT TO THE ORGANIZATIONS DATA AND IDENTIFYING WHICH RISKS SHOULD BE PROACTIVELY ADDRESSED & WHICH RISKS ARE LOWER IN PRIORITY
SECURITY THE MEANS TO CONTROL ACCESS & PROTECT INFO.FROM ACCIDENTAL OR INTENTIONAL DISCLOSURE TO UNAUTHORIZED PERSONS & FROM UNAUTHORIZED ALTERATION, DESTRUCTION OR LOSS
SECURITY AWARENESS TRAINING PROVIDES EMPLOYEES OF THE COVERED ENTITIES WITH INFORMATION WITH AND A BASIC KNOWLEDGE OF THE SECURITY POLICIES AND PROCEDURES OF THE ORGANIZATION
SECURITY EVENT POOR SECURITY PRACTIVES THAT HAVE NOT LED TO HARM
SECURITY INCIDENT POOR SECURITY PRACTICES THAT HAVE RESULTED IN HARM OR A SIGNIFICANT RISK OF HARM
SECURITY MANAGEMENT PLAN MUST INCLUDE THE POLICIES REQUIRED TO PREVENT, IDENTIFY, CONTROL AND RESOLVE SECURITY INCIDENTS
SECURITY OFFICIAL SECURITY RULE MANDATES AN INDIVIDUAL TO BE IN CHARGE OF THE SECURITY PROGRAM FOR THE COVERED ENTITY. HIPAA CALLS THIS INDIVIDUAL A SECURITY OFFICIAL; HOWEVER THIS POSITION IS FREQUENTLY CALLED CHIEF SECURITY OFFICER BY THE COVERED ENTITIES
SECURITY RULE THE FEDERAL REGULATIONS CREATED TO IMPLEMENT THE SECURITY REQUIREMENTS OF THE HIPAA 1996
SPOLIATION UNINTENTIONAL DESTRUCTION OR ALTERATION OF EVIDENCE
SPYWARE USED TO TRACK KEYSTROKES & PASSWORDS, MONITOR WEBSITES VISITED, OR OTHER ACTIONS & REPORT THESE ACTIONS BACK TO THE CREATOR OF THE SPYWARE.THE SPYWARE MAY SLOW DOWN THE COMPUTER SYSTEM & CONTRIBUTE TO IDENTIFY IDENTITY THEFT OR OTHER BREACHES OF PRIVACY
TECHNICAL SAFEGUARD THE TECHNOLOGY & THE POLICY & PROCEDURES FOR ITS USE THAT PROTECT ELECTRONIC PROTECTED HEALTH INFORMATION AND CONTROL ACCESS TO IT
TELEPHONE CALLBACK PROCEDURES PROCEDURES USED PRIMARILY WHEN EMPLOYEES HAVE ACCESS TO AN ORGANIZATIONS HEALTH INFORMATION SYSTEMS FROM A REMOTE LOCATION THAT VERIFY WHETHER THE CALLERS NUMBER IS AUTHORIZED & PREVENT ACCESS WHEN IT IS NOT
TERMINATION PROCESS A HIPAA MANDATED PROCESS THAT TERMINATES AN EMPLOYEES ACCESS IMMEDIATELY UPON SEPARATION FROM THE FACILITY
TOKEN A PHYSICAL DEVICE SUCH AS A KEY CARD, INSERTED INTO A DOOR TO ADMIT AN AUTHORIZED PERSON OR INTO A COMPUTER TO AUTHENTICATE A COMPUTER USER
TRANSACTIONS AND CODE SETS RULE DESIGNED TO STANDARDIZE TRANSACTIONS PERFORMED BY HEALTHCARE ORGANIZATIONS. THESE STANDARDS APPLY TO ELECTRONIC TRANSACTIONS ONLY, HOWEVER PAPER SUBMISSIONS ARE SIMILAR
TRANSMISSION SECURITY MECHANISMS DESIGNED TO PROTECT ePHI WHILE THE DATA ARE BEING TRANSMITTED BETWEEN TWO POINTS
TRIGGER A DOCUMENTED RESPONSE THAT ALERTS A SKILLED NURSING FACILITY RESIDENT ASSESSMENT INSTRUMENT ASSESSOR TO THE FACT THAT FURTHER RESEARCH IS NEEDED TO CLARIFY AN ASSESSMENT
TWO-FACTOR AUTHENTICATION TOKENS ARE USED IN CONJUNCTION WITH A PASSWORD TO PROVIDE 2 FACTOR AUTHENTICATION BECAUSE A TOKEN & PASSWORD ARE 2 DIFFERENT TYPES OF AUTHENTICATIONS - SOMETHING YOU KNOW AND SOMETHING YOU HAVE
USERNAME A UNIQUE IDENTIFIER ASSIGNED TO EACH USER
VIRUS A COMPUTER PROGRAM, TYPICALLY HIDDEN, THAT ATTACHES ITSELF TO OTHER PROGRAMS AND HAS THE ABILITY TO REPLICATE AND CAUSE VARIOUS FORMS OF HARM TO DATA
WORKFORCE CLEARANCE PROCEDURE ENSURES THAT EACH MEMBER OF THE WORKFORCES LEVEL OF ACCESS IS APPROPRIATE
WORM A SPECIAL TYPES OF COMPUTER VIRUS, USUALLY TRANSFERRED FROM COMPUTER TO COMPUTER VIA EMAIL, THAT CAN REPLICATE ITSELF AND USE MEMORY BUT CANNOT ATTACH ITSELF TO OTHER PROGRAMS
Created by: caustinsmom1125