Health Information Privacy and Security

Question 1

health insurance portability and accountability act (HIPAA)

Answer 1

• 1996
• privacy and security measure in healthcare
• privacy rule mandates to de-identify data by removing 18 identifiers (name, DOB, address, phone number, ID, etc.) and getting consent
• safeguards in place to ensure data is not compromised, and that it is only used for intended purpose
• should not impede treatment of patients:
• health plans (health insurers)
• health care providers
• health care clearinghouses- empires

Question 2

american recovery and reinvestment act (ARRA)

Answer 2

• 2209
• after HIPAA
• HITECH follows

Question 3

what image do we use in health care

Answer 3

DICOM

Question 4

HIPAA is not required for

Answer 4

• life insurers
• employers
• schools and school districts
• many law enforcement agencies

Question 5

administrative requirements

Answer 5

• written privacy policies and procedures
• privacy official
• workforce training and management
• mitigation strategy for privacy breaches
• data safeguards
• designate a complaint official and procedure to file complaints
• documentation and record retention- 6 years

Question 6

data safeguard

Answer 6

-administrative, technical, and physical

Question 7

document retention

Answer 7

• must hold records for 21 years when you are born
• mammography’s are kept forever
• after the first 21st years your records are kept every 6 years

Question 8

administrative safegaurds

Answer 8

• security management processes to reduce and vulnerabilities
• security personnel
• information access management
• workforce training and management
• evaluation of security policies and procedures

Question 9

physical safeguards

Answer 9

facility access
-workstation and device security policies and procedures covering transfer, removal, disposal, and re-use of electronic media

Question 10

technical safeguards

Answer 10

• access control that restricts access to authorized personnel
• audit controls for hardware, software, and transactions
• transmission security to protect against unauthorized access to data transmitted on networks and via email
• ID, fingerprint, retinal scan, face scan, blood

Question 11

confidentiality

Answer 11

• prevention of data loss

- usernames, passwords, and encryption are common measures

Question 12

availability

Answer 12

• system and network accessibility
• power loss or network connectivity outages (Natural or accidental)
• backup generators, peripheral network security equipment

Question 13

integrity

Answer 13

• trustworthiness and permanence of data

- data backup and archival tools

Question 14

tools

Answer 14

• physical
• networks and information resources
• firewall, authentication

Question 15

authentication and identity management

Answer 15

-photo identification, biometrics, smart card technologies, tokens, and the old standard; user name and password

Question 16

basic authentication

Answer 16

• vary depending on sensitivity of data
• something one knows, something one has, or something that one is
• username and password combination
• grid card, smart card, USB token, one time password (OTP)
• token, or OTP and PIN

Question 17

single sign on

Answer 17

• one set of credentials (mechanism) to easily access many of the resources one uses every day securely
• google

Question 18

smart cards

Answer 18

• vital information with a self-contained processor and memory
• low cost, ease of use, portability and durability, and ability to support multiple applications
• encrypted patient information, biometric signatures and personal identification (PIN)
• lack of standardization and positive identification

Question 19

digital signature

Answer 19

• legal
• copy pasting signature is not as good
• writing your name with a pin and birthday is more securee

Question 20

certificate based encryption

Answer 20

• obscure the content of a message

- recipients public key by sender encrypts message

Question 21

digital and information rights management (DRM and IRM)

Answer 21

• users roles, permission, and access

- limit any unnecessary access

Question 22

biometric authentication

Answer 22

• physical user identifier

- fingerprint, retinal scan, voice imprint

Question 23

standards, compliance and law

Answer 23

• ignorance of the law is no excuse

- detailed list of standards and laws in textbook

Question 24

security breaches and attacks

Answer 24

• identity theft on the rise

- physical theft- stolen laptop from VA (computers, storage devices, servers)

Question 25

theft countermeasures

Answer 25

• render data unusable to thieves
• encryption standards
• hardware and software encryption techniques

Question 26

physical or logical access

Answer 26

-insider employees and staff

Question 27

accidental or negligent disclosure

Answer 27

• inadequate control of paper records
• inadvertent release of sensitive information to unauthorized parties
• through overheard coversations
• poor housekeeping practices around copiers, fax machines, and recycling bins

Question 28

intrusions and attack

Answer 28

-attack on physical and wireless networks attempting to compromise machines and user accounts through disguised email messages, corrupted PDF files and exploited webpages