Chapter 12: HIPAA Security Rule

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What does the Privacy rule protect?

PHI regardless of the medium on which it resides

What is under the workforce security?

Adequate authorization and supervision for workforce accessing ePHI Clearance procedures to determine appropriateness of access Termination procedures to terminate access when a workforce member is no longer employed or alter access when job responsibilities change.

What is the Assigned security responsibility?

Assign official responsible for overseeing the development of security policies and procedures.

What is under the Business Associate Contract?

BA complies with sub part that subcontractors comply with all terms of the agreement. Other arrangements- CE is in compliance with applicable provisions of the law

Who does the HIPAA Security rule applied too?

CE and BA

What are the implementation considerations?

CE size complexity and capabilities Security capabilities of CE hardware and software Costs of security measures Likelihood and security of potential risks to ePHI

What is under the facility access control?

Contingency operations- procedures to allow access to recover lost data Facility security plan- Policies and procedures to safeguard equipment from unauthorized access Access control and Validation Procedures- Control and validate access to facilities based on users roles or functions Maintenance Records- Policies and procedures to document repairs and modifications to physical components of a facility as they relate to security

What are the key ingredents to protect a ePHI?

Created Maintained Transmitted Recieved

What are 4 contingency planning?

Data backup plan Disaster recovery plan Emergency mode operation plan Testing and revision procedure

What is Integrity?

Data that has not been altered or destroyed

What is under information Access management?

Developing policies and procedures Isolating healthcare clearing house functions Authorize access by workstation, transactions Using access to authorization to establish, document, review, and modify a users right to access a workstation

What is under device and media controls?

Disposal- Policies/procedures for disposal of ePHI Media reuse- procedures for wiping data before media can be reused Accountability- Maintain a record of the movement of hardware, reassignment, relocation Data backup and storage- Create a retrievable, exact copy of ePHI, when needed before movement of equipment.

What is security incident reporting?

Document security incidents and their outcomes Document mitigation of harmful effects of security incidents

What is an ePHI?

Electronic protected health information

What are the general requirements for the security rule?

Ensures confidentiality, integrity, and availability of all ePHI created, received, maintained or transmitted Protects security or integrity of ePHI from reasonably anticipated threats or hazards Protects against reasonably anticipated ePHI uses or disclosures not permitted or required by the privacy rule. Ensure workforce compliance with the security rule

What are policies and procedures?

Establishment and implementation of policies and procedures to comply with the standards, implementation specifications and other requirements. A CE OR A BA MAY CHANGE ITS POLICIES AND PROCEDURES AT ANY TIME PROVIDE THAT THOSE CHANGES ARE DOCUMENTED AND IMPLEMENTED AND IN COMPLIANCE WITH THE SECURITY RULE

What is an evaluation?

Periodic performance of technical and nontechnical evaluations in response to environmental or operational changes affecting security of ePHI

What is under the group health plan?

Plan documents compliance with all provisions of the HIPAA Security rule

What is audit controls?

Implementation of hardware, software, and/or procedures that record and examine activity i the information system

What is workstation Security?

Implementation of physical safeguards for all workstations used to access ePHI to restrict unauthorized access (Password protected screensavers)

What is workstation use?

Implementation of policies and procedures by workstation as to functions performed, the manner performed, physical attributes of the surroundings in the accessing of ePHI

What is transmission security?

Implementation of technical measures to guard against unauthorized access to ePHI transmitted across a network.

What is #1 vulenrability?

Outsourcing healthcare

What is person or entity authentication?

Procedures for identity vertification

What is security?

Protecting information from loss, unauthorized access, or misuse, and also keeping it confidental

What is under the Security Management Process?

Risk analysis- conduct an assessment of vulnerabilities Risk management- implement security measures to reduce vulnerabilities Sanction policy- apply appropriate sanctions against workforce members who fail to comply Information system activity review- audits, access logs, security incident, tracking reports.

What is under secruity awareness training?

Security reminders Protection from malicious software Log-in monitioring Password management

What is confidentiality?

Speak with a healthcare provider or anyone in the health field in confidence of information integrity

What is the HITECH act 2009?

Strengthen privacy and security under HIPAA to promote the adoption and meaningful use of health information technology.

What is the purpose of the HIPAA security rule?

To ensure that CE's implement basic safeguards to protect ePHI from unauthorized access, alteration, deletion, and transmission, while ensuring that data or information is accessible and usable on demand by authorized individuals.

What is under access control?

Unique user identification- must assign name or number for identification Emergency access procedure- Establish procedures for obtaining necessary ePHI in an emergency Automatic log-off- implement electronic processes that terminate an electronic session after a predetermined time in inactivity Encryption and decryption- should implement a mechanism to encrypt and decrypt ePHI.

What does the security rule protect?

ePHI


Ensembles d'études connexes

Indiana Life & Health Insurance Exam Review

View Set

Chapter 22 - Listening Guide Quiz 12: Purcell: Dido and Aeneas, Act III, Lament

View Set

NU272 Week 1 PrepU: Hearing Impairment

View Set

AP World History: AP Test Review(Complete)

View Set