Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove Ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Mod 5 Chapter 12

Computers in Health Care

Access Controls A computer software program designed to prevent unauthorized use of an information resource.
Administrative Safeguard Set of nine standards including security management functions, assigned security responsibility, workforce security, information access management, security awareness/training, security incident reporting, contingency plan, evaluation, contracts and etc.
Administrative Simplification Section of HIPAA that deals with privacy and security as well as standardization of electronic transactions and code sets
ASC X12 Standard Committee responsible for the development and maintenance of electronic data interchange standards for many industries
Audit Trail Chronological record of electronic systems activities that enable the reconstruction, review, and examination of the sequence of events surrounding or leading to each event/transaction from beginning to end including who performed what and when it occured
Biometrics Physical characteristics of users (fingerprints, voiceprints, retinal scans)that systems store and use to authenticate identity before allowing the user access to a system
Business Associate An individual/group who aren't a member of a covered entity's workforce but who helps the covered entity in the performance of various functions involving the use or disclosure of patient-identifiable health information
Certified in Healthcare Privacy and Security (CPHS) AHIMA credential that recoginzed advanced competency in designing, implementing, and administering comprehensive privacy and security protection programs
Certified Information Systems Security Professional (CISSP) A generic security certification and therefore is not healthcare specific
Code Sets Any set of codes used to encode data elements, such as tables of tterms, medical concepts, medical diagnostic codes, or medical procedure codes, includes both the code and their description
Contingency Plan Documentation of the process for responding to a system emergency, including the performance of backups, the line-up of critical alternative facilities to facilitate continuity of operations, and the process of recovering from a disaster
Covered Entity Any health plan, healthcare clearinghouse, or healthcare provider that transmits specific healthcare transactions in electronic form
Data Recovery The restoration of lost data or the reconciliation of conflicting or erroneous data after a system failure
Degaussing The process of removing or rearranging the magnetic field of a disk in order to render the data unrecoverable
Denial of Service Denial of service attack is a type of malware that is designed to overload a Web site or other information system so that the system cannot handle the load and eventually shuts down
Designated Standard Maintenance Organizations Organizations designated to control standards used in the electronic transmission used in healthcare
Electronic Data Interchange (EDI) A standard transmission format using strings of data for business information communicated among the computer systems of independent organizations
Electronic Protected Health Information (ePHI) All individually identifiable information that is created or received electronically by a healthcare provider or any other entity subject to HIPAA requirements
Encryption Process of transforming text into an unintelligible string of characters that can be transmitted via communications media with a high degree of security and then decrypted when it reaches a secure destination
Facility Access Controls Limit physical access to authorized information system staff to the data centers where the hardware and software for the electronic information systems are held
Firewall A computer system or a combination of systems that provides a security barrier or supports an access control policy between two networks or between a network and any other traffic outside the network
Forensics The process used to gather intact and validated evidence and is the process that should be used to gather evidence of the security incident
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Impacts many areas of healthcare such as insurance portability, code sets, privacy, security and national identifier standards
Information System Activity Review The periodic review of the security controls
Integrity The state of being whole or umimpaired. In the context of data security, data integrity means the protection of data from accidental or unauthorized intentional change
Intrusion Detection and Response Is the act of monitoring systems or networks for unauthorized users or unauthorized activities and the actions taken for correction to these acts
Malicious Software Software designed to harm a computer.
Mitigation Requires covered entities to lessen, as much as possible, harmful effects that result from the wrongful use and disclosure of protected health information
Network Security Using technology to protect the data transmitted across the network and includes fire walls, encryption, and data integrity
One-factor Authentication Passwords are commonly used in conjunction with a user name or identifier.
Passwords A series of characters that must be entered to authenticate user identity and gain access to a computer or specified portions of a database
Person or Entity Authentication The corroboration that an entity is who it claims to be
Phishing E-mail that appears from a legitimate business that ask for account number or other personal information
Physical Safeguards Measures such as locking doors to safeguard data and computer programs from undesired occurrences and exposures
Privacy The quality or state of being hidden from, or undisturbed by, the observation or activities of other persons, or freedom from unauthorized intrusion; in healthcare-related contexts, the right of a patient to control disclosure of personal information
Privacy Rule The federal regulations created to implement the privacy requirements of the simplification subtitle of the Health Insurannce Portability and Accountability Act of 1996
Protected Health Information (PHI) Individually identifiable health information, transmitted electronically or maintained in any other form, that is created or received by a healthcare provider or any other entity subject to HIPAA requirementd
Redundancy The concept of building a backup computer system that is an exact version of the primary system and that can replace it in the event of a primary system failure
Risk Analysis The process of identifying possible security threat to the organization's data and identifying which risks should be proactively addressed and which risks are lower in priority; also called risk assessment
Risk Assessment The process of identifying possible security threat to the organization's data and identifying which risks should be proactively addressed and which risks are lower in priority; also called risk analysis
Security The means to controll access and protect information from accidental or intentional disclosure to unauthorized persons and from unauthorized alteration, destruction, or loss; the physical protection of facilities and equipment
Security Awareness Training Provides employees of the covered entity with information with and a basic knowledge of the security policies and procedures of the organization
Security Event Security events are poor security practices that have not led to harm
Security Incident Security incidents (are poor security practices that) have resulted in harm or a significant risk of harm
Security Management Plan It must include the policies required to prevent, identify, control, and resolve security incidents
Security Official An individual to be in charge of the security program for the covered entity. Also called a Chief Security Officer (CSO)
Security Rule The federal regulations created to implement the security requirements of the Health Insurance Portability and Accountability Act of 1996
Spoliation Unintentional destruction or alteration of evidence is called spoliation
Spyware Spyware may be used to track keystrokes and passwords, monitor Web sites visited, or other actions, and report these actions back to the creator of the spyware. The spyware may contribute to identify identity theft or other breaches of privacy
Technical Safeguard The technology and the policy and procedures for its use that protect electronic protected health information and control access to it; protects ePHI from unauthorized access and destruction/alterations
Telephone Callback Procedures Procedures used primarily when employees have access to an organization's health information systems from a remote location that verify whether the caller's number is authorized and prevent access when it is not
Termination Process A HIPAA-mandated process that terminates an employee's access immediately upon separation from the facility
Token A physical device, such as a key card, inserted into a door to admit an authorized person or into a computer to authenticate a computer user
Transactions and Code Sets Rule Designed to standardize transactions performed by healthcare organizations. These apply to electronic transactions only.
Transmission Security Mechanisms designed to protect ePHI while the data are being transmitted between two points
Trigger A documented response that alerts a skilled nursing facility resident assessnent instrunent assessor to the fact that further research is needed to clarify an assessment
Two-factor Authentication Tokens are used in conjunction with a password to provide two-factor authentication (token and password are two different types of authentications)
Username A unique identifier assigned to each user
Virus A computer program, typically hidden, that attaches itself to other programs and has the ability to replicate and cause various forms of harm to the data
Workforce Clearance Procedure Ensures that each member of the workforce's level of access is appropriate
Worm A special type of computer virus, usually transfered fron computer to computer via e-mail, that can replicate itself and use memory but cannot attach itself to other programs
Created by: angelab