1. ability or means necessary to read, write, modify or communicate
data
Answer access
2. actions, plus policies and procedures to manage the selection,
development, implementation and maintenance of security
measures in relation to the pro-tection of information.
Answer administrative safeguard
3. audit trail
Answer - data collected during the use of electronic devices that include the who, what, when and
where.
4. authentication
Answer confirmation that a person is the one claimed
5. contingency plan
Answer policies and procedures for responding to an emergency /occurrence that damages
systems contain e-PHI.
6. e-PHI
Answer electronic protected health information
,7. encryption
Answer transforming confidential plain text into cipher text to protect it.
8. a system that normally includes software, information, data,
applications, communications and people.
Answer information system
9. infrastructure
Answer - underlying foundation or basic framework that directs information system commands
and responses and transports and stores data.
10. integrity
Answer - property of data/information of having not been altered or destroyed in an unauthorized
manner.
11. - method by which the sender of data is provided with proof
of delivery and the recipient is assured of the sender's identity so
that neither can later deny having processed the data.
Answer nonrepudiation
12. password
Answer confidential, character string used in conjunction with a user ID to verify the identity of an
individual attempting to gain access to a computer system.
,13. physical safeguards
Answer physical measures, policies and procedures to electronic information system/relat-ed
buildings/equipment from natural/environmental hazards and unauthorized intrusion
14. impact and likelihood of an adverse event
Answer risk
15. process of balancing the cost of security control measures
against the losses that would be expected
Answer risk analysis
16. risk management
Answer ongoing process that asses the risk to electronic information resources and the
information itself to determine adequate security for a system that will reduce the threat and vulnerability to
protect health information.
17. security incident
Answer attempted or successful unauthorized access, use, disclosure, modification or
destruction
of information.
18. technical safeguards
Answer technology and the policies and procedures for its use that protect e-PHI and control
access to it.
, 19. workstation
Answer electronic computing device
20. Which workstation security safeguards are YOU responsible for
using and/or protecting
Answer user ID,log-ott programs, password
21. True/False-Under HCPCS, the DHHS sets the standard but
does not specify how to comply; the Security Rule mandates that
each covered entity appoint someone to be responsible for
securing e-PHI.
Answer False
22. True/ False--- Healthcare clearinghouses process a large portion
of the total volume of health claims; these clearinghouses must
maintain security of all
e-PHI processed just as a healthcare provider does
Answer False
23. Discuss password protection and the need for privacy of
passwords. Remem-bering that passwords is problematic for some
people. Why is it essential?
Answer Short passwords or those that use parts of name or address of individual are easily
guessed. Passwords of four characters can be guess in minutes; passwords of seven missed