MT 637 UNIT 7

Question 1

The right to be left alone
The right to keep personal information secret
The right control to personal information

Answer 1

Privacy

Question 2

Freedom from intrusion or invasion into one’s
private affairs

Answer 2

Privacy

Question 3

Federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge

Answer 3

Health Insurance Portability and Accountability
Act of 1996

Question 4

Sharing or dissemination data only to those with a “need to know”

Answer 4

Confidentiality

Question 5

The status accorded to data or information indicating that is sensitive for some reason and therefore it needs to be protected against
- Theft
- Disclosure
- Improper use, or both, and must be disseminated only to authorized individuals or organizations with a need to know

Answer 5

Confidentiality

Question 6

Information must be protected against

Answer 6

1. Theft
2. Disclosure
3. Improper use

Question 7

The means to control access and protect information from accidental or intentional disclosure to unauthorized persons and from alteration destruction or loss

Answer 7

Security

Question 8

Mechanisms to ensure the safety of data and systems in which the data reside

Answer 8

Security

Question 9

Challenges from Proliferation of Technologies & Applications

Answer 9

1. Increased technology use by all care providers
2. Health information exchange and data-sharing activities across multiple networks
3. Cloud computing and third-party outsourcing
4. Increased use by patients, families, and consumers of their devices (tablets, smartphones, etc.)
5. New models of care require more care providers to access data across the patient care continuum
6. Clinicians using their own devices - Personal laptops, tablet devices, smartphones, and so on
7. Connected medical devices and implantable devices
8. Computer profiling and mistakes
9. Spamming
10. Flaming
11. Lacks privacy law

Question 10

TRUE/FALSE: Computer profiling and mistakes in the computer matching of personal data are other controversial threats to privacy.

Answer 10

TRUE

Question 11

Favorite tactic of mass mailers of unsolicited advertisements, or junk e-mail. It has also been used by cyber-criminals to spread computer viruses or infiltrate many compute systems

Answer 11

Spamming

Question 12

practice of sending extremely critical, derogatory, and often vulgar e-mail messages (flame mail) or newsgroup postings to other users on the Internet or online services

Answer 12

Flaming

Question 13

was enacted by the U.S congress in 1996. It is a broad piece of legislation intended to address a wide variety of issues related to individual health insurance.

Answer 13

Health Insurance Portability and Accountability Act (HIPPA )

Question 14

The result of effective protection measures

Answer 14

Data Security

Question 15

The sum of measures that safeguard data and computer programs from undesired occurrences

Answer 15

Data Security

Question 16

DATA SECURITY

The sum of measures that safeguard data and computer programs from undesired occurrences and exposure to:

Answer 16

○ Accidental or intentional disclosure to unauthorized persons
○ Accidental or malicious alteration,
○ Unauthorized copying,
○ Loss by theft or destruction by hardware failures, software deficiencies, operating mistakes, or physical damage by fire, water, smoke, excessive temperature, electrical failure, or sabotage or combination thereof

Question 17

Institute laws and govern these issues (privacy)

Answer 17

National Privacy Commission (NPC)

Question 18

In 2012 the Philippines passed the comprehensive and strict privacy legislation “to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.” Republic Act No. 10173, Ch.1, Sec. 2 .

Answer 18

Data Privacy Act of 2012

Question 19

A subset of a security breach that actually leads to “accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Answer 19

Personal Data Breach

Question 20

Requirements of Breach Notification

Answer 20

● The breached information must be sensitive personal information, or information that could be used for identity fraud, and
● There is a reasonable belief that unauthorized acquisition has occurred, and
● The risk to the data subject is real, and
● The potential harm is serious

Question 21

Provider

Answer 21

Direct Patient Care

Question 22

Clinic

Answer 22

Direct Patient Care

Question 23

Hospital

Answer 23

Direct Patient Care

Question 24

Payors

Answer 24

Support activity

Question 25

Quality Reviews

Answer 25

Support activity

Question 26

Administration

Answer 26

Support activity

Question 27

Insurance eligibility

Answer 27

Social Uses

Question 28

Public Health

Answer 28

Social Uses

Question 29

Medical Research

Answer 29

Social Uses

Question 30

Marketing

Answer 30

Commercial Uses

Question 31

Managed Care

Answer 31

Commercial Uses

Question 32

Drug Usage

Answer 32

Commercial Uses

Question 33

The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources

Association of Information Technology Professionals (AITP )

Answer 33

Computer Crime

Question 34

The unauthorized release of information

Association of Information Technology Professionals (AITP )

Answer 34

Computer Crime

Question 35

The unauthorized copying of software

Answer 35

Computer Crime

Question 36

Denying an end user access to his or her own hardware, software, data, or network resource

Answer 36

Computer Crime

Question 37

Using or conspiring to use computer or network resources to obtain information or tangible property illegally

Answer 37

Computer Crime

Question 38

Key Features of A Secure System & Network

Answer 38

1. Authentication
2. Authorization & Access Control
3. Data Integrity
4. Accountability
5. Availability
6. Data Storage
7. Data Transmission

Question 39

Means of verifying the correct identity and/or group membership of individual or other entities

Answer 39

Authentication

Question 40

Methods for authentication:

Answer 40

○ User name
○ Known only by the user (e.g., password)
○ Held only by the user (e.g., digital signature, secure ID )
○ Attribute only to the user (e.g., finger print, retinal scan)

Question 41

Access control lists for predefined users
○ Reading
○ Writing
○ Modifications
○ Deletion of data
○ Deletion of program

Answer 41

Authorization & Access Control

Question 42

Used to support information accuracy to ensure that data have not been altered or destroyed in an unauthorized manner

Answer 42

Data Integrity

Question 43

Error detection and error correction protocols

Answer 43

Data Integrity

Question 44

Ensures that the actions of any entity can be traced during the movement of data from its source to its recipient

Answer 44

Accountability

Question 45

Audit trails
○ Identification of the users
○ Data source
○ Whose information
○ Data and time
○ Nature of the activity

Answer 45

Accountability

Question 46

Ensures information is immediately accessible & usable by authorized entity

Answer 46

Availability

Question 47

Methods for Availability

Answer 47

Backups
Protecting and restricting access
Protecting against viruses

Question 48

Protecting and maintaining the physical location of the data and the data itself

Answer 48

Data Storage

Question 49

Physical protection of processors, storage media, cables, terminals, and workstations

Answer 49

Data Storage

Question 50

Retention of data for mandated period of time

Answer 50

Data Storage

Question 51

Exchange of data between person and program or program and program when the sender and receiver are remote from one another

Answer 51

Data Transmission

Question 52

Scrambles readable information

De-encrypt with proper key by recipient

Answer 52

Encryption

Question 53

Filtering mechanism so that only authorized traffic is allowed to pass

Answer 53

Firewall

Question 54

A program should undergo appropriate evaluation prior to use in clinical practice. It should perform efficiently at an acceptable financial and time frame cost.

Answer 54

Ethical Principles

Question 55

Adequate training and instruction should be completed before proceeding to the implementation.

Answer 55

Ethical Principles

Question 56

A qualified health professional should be assigned to handle concerns regarding uses, licenses, and other concerns. The software system’s applications should not replace functions as decision-making

Answer 56

Ethical Principles

Question 57

Principles of Technology Ethics

Answer 57

1. Proportionality
2. Informed Consent
3. Justice
4. Minimized Risk

Question 58

The good achieved by the technology must outweigh the harm or risk. Moreover, there must be no alternative that achieves the same or comparable benefits with less harm or risk

Answer 58

Proportionality

Question 59

Those affected by the technology should
understand and accept the risks.

Answer 59

Informed consent

Question 60

The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear their fair share of risks, and those who do not benefit should not suffer a significant increase in risk

Answer 60

Justice

Question 61

Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk.

Answer 61

Minimized Risk

Question 62

Disruptive innovations are a double-edged sword, bringing both opportunity and risk

The electronic health record EHR , for example, simultaneously facilitates and complicates the delivery of health care

Answer 62

Ethical Implications of the EHR in the Service of the Patient Issues

Question 63

Respect for patient autonomy requires that patient encounters and information are kept confidential and private, fostering trust and improving communication

Breaches may occur accidentally

Answer 63

Patient Privacy

Question 64

EHRs can increase participation and engagement in health care through patient access, empowerment, and improved communication. However, patients may not be aware that they can access their records

Answer 64

Access to Information

Question 65

Policy bodies have recognized the potential for health information technology HIT to improve care, they have also cautioned that HIT does not effectively support the diagnostic process and may contribute to errors

Answer 65

Ethics on EHR

Question 66

EHRs are tools that should facilitate high value patient centered care, strong patient physician relationships, and effective training of future physicians. Anything less… does not compute

Answer 66

Ethics on EHR

Question 67

PCASSO

Answer 67

PATIENT CENTERED ACCESS TO SECURE SYSTEMS ONLINE

Question 68

PCASSO Design Goals

Answer 68

● To enable secure use of the Internet to access sensitive patient information
● To enable providers and patients to view medical data online
● To develop a published, verifiable high assurance architecture
- Not proprietary
- No “black box” or trade secret security

Question 69

PCASSO Function

Answer 69

● Protect healthcare information at multiple levels of sensitivity
● Authorize user actions based on familiar healthcare roles
● End to end user accountability
● Empower consumers to access their own medical records
● Patient viewable audit trails
● Automated email notification of records changes
● Security protection extended to user PC