his unit 7 3rd shift

Question 1

The right to be left alone
The right to keep personal information secret

Answer 1

Privacy

Question 2

Mechanisms to ensure the safety of data and systems in which the data reside

Answer 2

Security

Question 3

Sharing or disseminating data only to those with a “need to know”

Answer 3

Confidentiality

Question 4

Confidentiality is the status accorded to data or information indicating that it is sensitive for some reason and therefore it needs to be protected against?

Answer 4

theft,
disclosure or
improper use, or both, and must be disseminated only to authorized individuals or organizations with a need to
know

Question 5

Security is the means to control access and protect information from _________ disclosure to unauthorized persons and from ____________

Answer 5

accidental or intentional ; alteration, destruction or loss

Question 6

Privacy is the right to ______ personal
information and __________ into one’s private affairs

Answer 6

control; freedom from intrusion or
invasion

Question 7

What are the challenges from proliferation of technologies and applications?

Answer 7

Increased technology use by all care providers

Health information exchange and data-sharing activities across multiple networks

Cloud computing and third-party outsourcing
Increased use by patients, families, and consumers of their devices (tablets, smartphones, etc.)

New models of care require more care providers to access data across the patient care continuum

Clinicians using their own devices like personal laptops, tablet devices, smartphones, and so on

Connected medical devices and implantable devices

Question 8

What are characteristics of connected medical devices and implantable devices?

Answer 8

Computer profiling and mistakes in the computer
matching of personal data are other controversial threats to privacy.

Spamming is the favorite tactic of mass mailers of unsolicited advertisements, or junk e-mail. Spamming has also been used by cyber- criminals to spread computer viruses or infiltrate many computer systems.

Flaming is the practice of sending extremely critical, derogatory, and often vulgar e-mail messages ( flame mail) or newsgroup postings to other users on the Internet or online services.

Some lacks privacy law

Question 9

Examples of privacy law?

Answer 9

HIPAA- The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.

Question 10

What is HIPAA?

Answer 10

A broad piece of legislation intended to address a wide variety of issues related to individual health insurance. Two important sections of HIPAA include the privacy rules and the security rules.

Question 11

What is the result of effective protection measures?

Answer 11

Data security

Question 12

Data security is the sum of measures that safeguard data and computer programs from undesired occurrences and exposure to?

Answer 12

• accidental or intentional disclosure to unauthorized persons
• accidental or malicious alteration,
• unauthorized copying,
• loss by theft or destruction by hardware failures, software

Question 13

What is the data privacy act of 2012?

Answer 13

A comprehensive and strict privacy legislation “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.”

Question 14

What is a subset of a security breach that
actually leads to “accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Answer 14

Personal Data Breach

Question 15

What are the requirements of a breach notification?

Answer 15

• The breached information must be sensitive personal
  information, or information that could be used for identity fraud
• There is a reasonable belief that unauthorized acquisition has occurred
• The risk to the data subject is real
• The potential harm is serious.

Question 16

What is the flow of information in healthcare?

Answer 16

Direct Patient Care to Support Activity and “Social” uses
Support activity to Commercial uses

Question 17

What are the definitions of a computer crime?

Answer 17

the unauthorized use, access, modification, and destruction of hardware, software, data, or network resources;

the unauthorized release of information ;

the unauthorized copying of software;

denying an end user access to his or her own hardware, software, data, or network resources ; and

using or conspiring to use computer or network resources to obtain information or tangible property illegally

Question 18

Who gave this definitions of computer crime?

Answer 18

Association of Information Technology Professionals (AITP)

Question 19

What are the key features o a secure system and network?

Answer 19

• Authentication
• Authorization and access control
• Data integrity
• Accountability
• Availability
• Data storage
• Data transmission

Question 20

Ensures that the actions of any entity can be traced during the movement of data from its source to the patient

Answer 20

Accountability

Question 21

Access control lists for predefined users

Answer 21

Authorization and Access Control

Question 22

Access control includes?

Answer 22

• Reading
• Writing
• Modifications
• Deletion of data
• Deletion of programs

Question 23

Protecting and maintaining the physical location of the
data and the data itself

Answer 23

Data Storage

Question 24

Error detection and error correction protocols

Answer 24

Data Integrity

Question 25

Means of verifying the correct identity and/or group membership of individual or other entities

Answer 25

Authentication

Question 26

What are some methods of authentication?

Answer 26

• User name
• Known only by the user (e.g., password)
• Held only by the user (e.g., digital signature, secure ID)
• Attributable only to the user (e.g., finger print, retinal scan)

Question 27

Used to support information accuracy to ensure that data have not been altered or destroyed in an unauthorized manner

Answer 27

Dats Integrity

Question 28

Methods of availability?

Answer 28

• Back ups
• Protecting and restricting access
• Protecting against viruses

Question 29

Physical protection of processors, storage media,
cables, terminals, and workstations

Retention of data for mandated period of time

Answer 29

Data Storage

Question 30

Exchange of data between person and program or program and program when the sender and receiver are remote from one another

Answer 30

Data Transmission

Question 31

What is Firewall and Encryption?

Answer 31

Encryption
* Scrambles readable information
* De-encrypt with proper key by recipient

Firewall
* Filtering mechanism so that only authorized traffic is allowed to pass

Question 32

Audit trails include?

Answer 32

• Identification of the user
• Data source
• Whose information
• Date and time
• Nature of the activity

Question 33

Protecting and maintaining the physical location of the
data and the data itself

Answer 33

Data Storage

Question 34

Ethical principles in health informatics?

Answer 34

A program should undergo appropriate evaluation prior to use in clinical practice. It should perform efficiently at an acceptable financial and timeframe cost.

Adequate training and instruction should be completed before proceeding to the implementation

A qualified health professional should be assigned to handle concerns regarding uses, licenses, and other concerns. The software system’s applications should not replace functions as decision-making.

Question 35

What are the principles of technology ethics?

Answer 35

Proportionality
Informed Consent
Justice
Minimized Risk

Question 36

The good achieved outweigh the harm or risk
There should be no alternative that achieves the same/comparable benefits with less harm/risk

Answer 36

Proportionality

Question 37

Technology must be implemented so as to avoid all unnecessary risk

Answer 37

Minimized Risk

Question 38

Benefits and burdens must be distributed fairly

Answer 38

Justice

Question 39

Those affected must understand and accept the risks

Answer 39

Informed Consent

Question 40

Disruptive innovations are a double-edged sword, bringing both opportunity and risk

Answer 40

Issues

Question 41

What are the issues regarding EHR?

Answer 41

EHRs and computer use should facilitate patient care, support physician ethical duties, and support the patient– physician relationship

EHR use should assist and enhance clinical reasoning, development of cognitive and diagnostic skills. Features such as copy-and-paste should be employed judiciously, reflect thought processes about the current patient encounter and meet the ethical requirements for an accurate and complete medical record

Privacy and confidentiality must be maintained in EHR use

Question 42

_____ may “inadvertently narrow the scope of inquiry prematurely, a common cause of diagnostic error,” and impede the development of skills and reasoning.

Answer 42

Diagnosis-specific prompts

Question 43

Some features of electronic documentation may encourage _________

Answer 43

superficial clinical thinking and interaction.

Question 44

Physicians and students may focus on _______ but not assessing the patient’s current needs.

Answer 44

“screen-driven” information-gathering, scrolling and asking questions as they appear on the computer”

Question 45

EHR information retrieval, exchange, and remote access can improve care, but also ________

Answer 45

create the risk of unauthorized disclosure and use of protected health information

Question 46

Respect for patient autonomy requires that patient
encounters and information are kept confidential and
private, fostering trust and improving communication

Answer 46

Patient Privacy/Confidentiality Issues

Question 47

EHRs are tools that should facilitate high-value patient
centered care, strong patient–physician relationships, and effective training of future physicians. Anything less… does not compute

Answer 47

Ethics on EHR

Question 48

Ethics on EHR includes policy bodies who have recognized the potential for ______ to improve care, they have also cautioned that it does not effectively support the diagnostic process and may contribute to errors

Answer 48

health information technology (HIT)

Question 49

T or F: Breaches may occur accidentally

Answer 49

T

Question 50

EHRs can increase participation and engagement in
health care through patient access, empowerment, and
improved communication.

Answer 50

Access to Information

Question 51

T or F: Patients are always aware that they can access
their records.

Answer 51

F; may not be aware

Question 52

What is PCASSO?

Answer 52

Patient-Centered Access to Secure Systems Online

Question 53

What are the design goals of PCASSO?

Answer 53

To enable secure use of the Internet to access sensitive
patient information

To enable providers and patients to view medical data online

To develop a published, verifiable high-assurance architecture
Not proprietary
No “black box” or trade secret security

Question 54

Functions of PCASSO?

Answer 54

• Protect healthcare information at multiple levels of sensitivity
• Authorize user actions based on familiar healthcare roles
• End-to-end user accountability
• Empower consumers to access their own medical records
• Patient viewable audit trails
• Automated e-mail notification of records changes
• Security protection extended to user PC

Question 55

T or F: It is possible for EHR to simultaneously facilitate and complicate the delivery of health care

Answer 55

T

Question 56

T or F: EHRs should have the power to enhance or impede communication and relationship-building.

Answer 56

T

Question 57

T or F: In the hospital setting, reliance on computers is decreasing.

Answer 57

F; increasing, leading to a focus on the “iPatient”