Unit 7: Health Information, Privacy, Confidentiality, Security, and Ethics

Question 1

The right to be left alone

a. privacy
b. confidentiality
c. security
d. ethics

Answer 1

privacy

Question 2

The right to keep personal information secret

a. privacy
b. confidentiality
c. security
d. ethics

Answer 2

privacy

Question 3

The right to control personal
information

a. privacy
b. confidentiality
c. security
d. ethics

Answer 3

privacy

Question 4

freedom from intrusion or invasion into one’s private affairs

a. privacy
b. confidentiality
c. security
d. ethics

Answer 4

privacy

Question 5

Sharing or disseminating data only to those with a “need to know”

a. privacy
b. confidentiality
c. security
d. ethics

Answer 5

confidentiality

Question 6

the status accorded to data or information indicating that it is sensitive for some reason and therefore it needs to be protected

a. privacy
b. confidentiality
c. security
d. ethics

Answer 6

confidentiality

Question 7

Odd one out:
Data must be protected against

a. theft
b. disclosure
c. improper use
d. dissemination to authorized entities

Answer 7

dissemination to authorized entities

Question 8

the means to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration, destruction or loss

a. privacy
b. confidentiality
c. security
d. ethics

Answer 8

security

Question 9

Mechanisms to ensure the safety of data and systems in which the data reside

a. privacy
b. confidentiality
c. security
d. ethics

Answer 9

security

Question 10

Odd one out:
Challenges from Proliferation of Technologies and Applications

a. Increased technology use by all care providers
b. Selective health information dissemination on all platforms
c. Cloud computing and third-party outsourcing
d. Increased use by patients, families, and consumers of their devices

Answer 10

Selective health information dissemination on all platforms

Question 11

Odd one out:
Challenges from Proliferation of Technologies and Applications

a. New models of care require more care providers to access data across the patient care continuum
b. Health information exchange and data-sharing activities across multiple networks
c. Localized computing and in-house operations
d. Clinicians using their own device
e. Connected medical devices and implantable devices

Answer 11

Localized computing and in-house operations

Question 12

T/F:
Computer profiling and mistakes in the computer matching of personal data are other controversial threats to security.

Answer 12

false;
threats to PRIVACY

Question 13

the favorite tactic of mass mailers of unsolicited advertisements, or junk e-mail

a. flaming
b. spamming

Answer 13

spamming

Question 14

T/F:
Spamming has also been used by cyber-criminals to spread computer viruses or infiltrate many computer systems.

Answer 14

true

Question 15

the practice of sending extremely critical, derogatory, and often vulgar e-mail messages ( flame mail) or newsgroup postings to other users on the Internet or online services.

a. flaming
b. spamming

Answer 15

flaming

Question 16

a broad piece of legislation intended to address a wide variety of issues related to individual health insurance (enacted by the U.S. Congress in 1996)

a. HITECH Act (Health Information Technology for Economic and Clinical Health Act)
b. GDPR (General Data Protection Regulation):
c. HITEP (Health Information Technology Extension Program)
d. Health Insurance Portability and Accountability Act (HIPAA)

Answer 16

Health Insurance Portability and Accountability Act (HIPAA)

Question 17

the result of effective protection measures

a. data security
b. data privacy
c. network security
d. access control

Answer 17

data security

Question 18

the sum of measures that safeguard data and computer programs from undesired occurrences

a. data privacy
b. access control
c. network security
d. data security

Answer 18

data security

Question 19

Odd one out:
Data security provides protection from exposure to

a. accidental or intentional disclosure to unauthorized persons
b. accidental or malicious alteration
c. preservation of data integrity
d. unauthorized copying
e. loss by theft or destruction by hardware failures

Answer 19

preservation of data integrity

Question 20

In this year, the Philippines passed the comprehensive and strict privacy legislation “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.”

a. Data Privacy Act of 2010
b. Data Privacy Act of 2011
c. Data Privacy Act of 2012
d. Data Privacy Act of 2013

Answer 20

Data Privacy Act of 2012

Question 21

a subset of a security breach that actually leads to “accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed

a. identity theft
b. personal data breach
c. data exposure
d. privacy invasion

Answer 21

personal data breach

Question 22

T/F:
As a requirement of breach notification, the breached information must be sensitive personal information, or information that could be used for identity fraud.

Answer 22

true

Question 23

T/F:
As a requirement of breach notification, there is a reasonable belief that authorized acquisition has occurred.

Answer 23

false;
unauthorized

Question 24

T/F:
As a requirement of breach notification, the risk to the data subject is real, and the potential harm is serious.

Answer 24

true

Question 25

defined by the Association of Information Technology Professionals (AITP) as including unauthorized use, release, and copying, denying an end user access, and using or conspiring to use computer illegally

a. cybercrime
b. digital fraud
c. computer crime
d. phishing

Answer 25

computer crime

Question 26

Odd one out:
Key Features of a Secure System and Network

a. Authentication
b. Authorization and access control
c. Data integrity
d. Accuracy
e. Accountability

Answer 26

Accuracy

Question 27

Odd one out:
Key Features of a Secure System and Network

a. Availability
b. Reliability
c. Data storage
d. Data transmission

Answer 27

Reliability

Question 28

Means of verifying the correct identity and/or group membership
of individual or other entities

a. Authentication
b. Authorization and access control
c. Data integrity
d. Accountability

Answer 28

Authentication

Question 29

Method(s) for authentication

a. User name
b. Known only by the user (e.g., password)
c. Held only by the user (e.g., digital signature, secure ID)
d. Attributable only to the user (e.g., finger print, retinal scan)
e. All of the above

Answer 29

all

Question 30

includes reading, writing, modifications, deletion of data, and deletion of programs for predefined users

a. Authentication
b. Authorization and access control
c. Data integrity
d. Accountability

Answer 30

Authorization and access control

Question 31

Used to support information accuracy to ensure that data have not been altered or destroyed in an unauthorized manner

a. Authentication
b. Authorization and access control
c. Data integrity
d. Accountability

Answer 31

Data integrity

Question 32

Error detection and error correction protocols

a. Data transmission
b. Authorization and access control
c. Data integrity
d. Accountability

Answer 32

Data integrity

Question 33

Ensures that the actions of any entity can be traced during the movement of data from its source to its recipient

a. Authentication
b. Data storage
c. Data integrity
d. Accountability

Answer 33

Accountability

Question 34

Ensures information is immediately accessible and usable by authorized entity

a. Availability
b. Authentication
c. Data storage
d. Data transmission

Answer 34

Availability

Question 35

Methods to ensure data availability

a. Back ups
b. Protecting and restricting access
c. Protecting against viruses
d. 2 of the choices
e. all

Answer 35

all

Question 36

Protecting and maintaining the physical location of the data and the data itself

a. Availability
b. Accountability
c. Data storage
d. Data transmission

Answer 36

Data storage

Question 37

Physical protection of processors, storage media, cables, terminals, and workstations

a. Availability
b. Accountability
c. Data storage
d. Data transmission

Answer 37

Data storage

Question 38

Retention of data for mandated period of time

a. Availability
b. Accountability
c. Data storage
d. Data transmission

Answer 38

Data storage

Question 39

Exchange of data between person and program or program and program when the sender and receiver are remote from one another

a. Availability
b. Accountability
c. Data storage
d. Data transmission

Answer 39

Data transmission

Question 40

Scrambles readable information

a. encryption
b. firewall

Answer 40

encryption

Question 41

De-encrypt with proper key by recipient

a. encryption
b. firewall

Answer 41

encryption

Question 42

Filtering mechanism so that only authorized traffic is allowed to pass

a. encryption
b. firewall

Answer 42

firewall

Question 43

T/F:
(Ethical principle)
A program should undergo appropriate evaluation prior to use in clinical practice, and it should perform efficiently at an acceptable financial and timeframe cost.

Answer 43

true

Question 44

T/F:
(Ethical principle)
Adequate training and instruction should be completed before proceeding to the implementation.

Answer 44

true

Question 45

T/F:
(Ethical principle)
A qualified health professional should be assigned to handle concerns regarding uses, licenses, and other concerns.

Answer 45

true

Question 46

T/F:
(Ethical principle)
The software system’s applications should replace functions as decision-making.

Answer 46

false;
should not replace

Question 47

The good achieved by the technology must outweigh the harm or risk.

a. proportionality
b. informed consent
c. justice
d. minimized risk

Answer 47

proportionality

Question 48

There must be no alternative that achieves the same or comparable benefits with less harm or risk.

a. proportionality
b. informed consent
c. justice
d. minimized risk

Answer 48

proportionality

Question 49

Those affected by the technology should understand and accept the risks.

a. proportionality
b. informed consent
c. justice
d. minimized risk

Answer 49

informed consent

Question 50

The benefits and burdens of the technology should be distributed fairly.

a. proportionality
b. informed consent
c. justice
d. minimized risk

Answer 50

justice

Question 51

Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk.

a. proportionality
b. informed consent
c. justice
d. minimized risk

Answer 51

justice

Question 52

Even if judged acceptable by the other three guidelines, the technology
must be implemented so as to avoid all unnecessary risk.

a. proportionality
b. informed consent
c. justice
d. minimized risk

Answer 52

minimized risk

Question 53

T/F:
Disruptive innovations are a double-edged sword, bringing both opportunity and risk.

Answer 53

true

Question 54

T/F:
EHRs and computer use should facilitate patient care, support physician ethical duties, and support the patient– physician relationship

Answer 54

true

Question 55

T/F:
EHRs have the power to enhance or impede communication and relationship-building.

Answer 55

true

Question 56

T/F:
In the hospital setting, reliance on computers is decreasing leading to a focus on the “iPatient”

Answer 56

false;
increasing

Question 57

T/F:
EHR use should assist and enhance clinical reasoning.

Answer 57

true

Question 58

T/F:
EHR use should develop cognitive and diagnostic skills, and features such as copy-and-paste should be employed judiciously.

Answer 58

true

Question 59

T/F:
EHR use should reflect thought processes about the past patient encounter

Answer 59

false;
current

Question 60

T/F:
EHR use should meet the ethical requirements for an accurate and complete medical record

Answer 60

true

Question 61

may “inadvertently narrow the scope
of inquiry prematurely, a common cause of diagnostic error,” and
Impede the development of skills and reasoning

a. Medical Condition-Specific Dialogues
b. Disease-Centric Inquiries
c. Specialized Diagnosis Prompts
d. Diagnosis-specific prompts

Answer 61

Diagnosis-specific prompts

Question 62

T/F:
Some features of manual documentation may encourage superficial clinical thinking and interaction.

Answer 62

false;
electronic, not manual

Question 63

T/F:
Physicians and students may focus on:
(1) “screen-driven” information-gathering
(2) “scrolling and asking questions as they appear on the computer,” and
(3) assessing the patient’s current needs.

Answer 63

false;
not assessing the patient’s current needs

Question 64

T/F:
Privacy and confidentiality must be maintained in EHR use.

Answer 64

true

Question 65

T/F:
EHR information retrieval, exchange, and remote access can improve care, but also create the risk of unauthorized disclosure and use of protected health information

Answer 65

true

Question 66

Respect for patient autonomy requires that patient encounters and information are kept confidential and private, fostering trust and improving communication

a. Health information security
b. Patient privacy/ confidentiality
c. Access to Information
d. Patient data protection

Answer 66

Patient Privacy/Confidentiality

Question 67

T/F:
Breaches may occur accidentally

Answer 67

true

Question 68

EHRs can increase participation and engagement in health care through patient access, empowerment, and improved communication.

a. Health information security
b. Patient privacy/ confidentiality
c. Access to Information
d. Patient data protection

Answer 68

Access to Information

Question 69

T/F:
Patients are aware that they can access their records.

Answer 69

false;
may not be aware

Question 70

T/F:
Policy bodies have recognized the potential for health information technology (HIT) to improve care, they have also cautioned that HIT does not effectively support the diagnostic process and may contribute to errors

Answer 70

true

Question 71

tools that should facilitate high-value patient centered care, strong patient–physician relationships, and effective training of future physicians. Anything less… does not compute

a. EMR
b. EHR
c. PMR
d. AHR

Answer 71

EHR

Question 72

Odd one out:
Patient-Centered Access to Secure Systems Online (PCASSO) Design Goals

a. enable secure use of the Internet to access sensitive patient information
b. enable providers and patients to view medical data online
c. proprietary and “black box” or trade secret security
d. develop a published, verifiable high-assurance architecture

Answer 72

proprietary and “black box” or trade secret security

Question 73

Odd one out:
PCASSO functions

a. Protect healthcare information at one level of sensitivity
b. Authorize user actions based on familiar healthcare roles
c. End-to-end user accountability
d. Empower consumers to access their own medical records

Answer 73

Protect healthcare information at one level of sensitivity;
should be multiple levels

Question 74

Odd one out:
PCASSO functions

a. Patient viewable audit trails
b. Manual e-mail notification of records changes
c. Security protection extended to user PC

Answer 74

Manual e-mail notification of records changes;
should be automated