HCISPP question with answers
Preventative controls - -controls that deter, detect, and or reduce impacts to the
system
-Administrative Safeguards - -administrative actions, policies, and procedures to
manage the selection, development, implementation and maintenance of security
measures to safeguard ePHI and manage the conduct of the covered entity's
workforce in relation to the protection of that information.
-Affiliated Covered Entity - -(ACE) legally separate covered entities that are
affiliated may designate themselves as a single covered entity for the purposes of
the HIPAA privacy rule. Under this affiliation, the organizations need only develop
and disseminate one privacy official, administer common training programs and use
one business associate contract.
-Ambulatory Patient Groups - -(APGs) were developed to encompass the full range
of ambulatory settings, including same day surgery units, hospital emergency
rooms, and outpatient clinics. They are a patient classification system designed to
explain the amount and type of resources used in an ambulatory visit. Patients in
each have similar clinical characteristics and similar resource use and cost. Similar
resource use means that the resources used are relatively constant across the
patients within each APG.
-American Reinvestment and Recovery Act - -(ARRA) was enacted on 02/17/09 and
includes many measure to modernize our nations infrastructure, one of which is the
"Health Information Technology for Economic and Clinical Health" (HITECH) The
HITECH act supports the concept of Meaningful Use (MU) of Health Information
Technology (IT) and healthcare reform to help the healthcare organizations to meet
its clinical and business objectives vial HIE. MU requirements consist of payment
approaches that stress care coordination, and federal financial incentives are
driving the interest and demand for HIE
-Analytics - -the systematic use of data and related business insights developed
through applied analytical disciplines (e.g. statistcal, contextual, quantitative,
cognitive, etc.) to drive fact based decision making for planning, management,
measurement and learning. They may be descriptive, predictive, or prescriptive.
Can provide the mechanism to sort through this torrent of complexity and data, and
help healthcare organizations deliver on these demands.
-Authorization - -An individuals permission for a covered entity to use or disclose
PHI for a certain purpose, such as a research study.
-Bandwith - -The amount of information that is transmitted over a period of time. A
process of learning or education could necessitate a higher _______________ than a
quick status update.
-Bundled Payment - -AKA episode based payment. Is defined as the reimbursement
of healthcare providers (such as hospitals and physicians) "on the bases of
,expected costs for clinically defined episodes of care" The middle ground between
fee-for-service and capitation
-Business Associates - -(BA) The privacy rule, allows covered providers and health
plans to disclose protected health information to services of a variety of businesses
that have access to their patients' PHI. Such as billing services, attorneys,
accountants and consultants.
-Business Associates Agreement - -A contract with a covered entity that meets the
HIPAA Privacy Rule's applicable contract requirements
-Business Partners - -A vendor, as a recipient of PHI from healthcare organizations.
As defined in HIPAA and regulations promulgated by the US Department of health
and human services (DHHS) to implement certain provisions. All must agree in
writing to certain mandatory provisions regarding, among other things, the use and
disclosure of PHI.
-Capitation - -Sometimes doctors reach an agreement with a managed care
organization where the doctor is paid per person. Under this agreement, doctors
accept members of the plan for a certain set price per member, no matter how
often the member sees the doctor.
-Catastrophic Health Insurance Plan - -Covers essential health benefits but has a
very high deductible. This means it provides a kind of "safety net" coverage in case
the patient has an accident or serious illness. Usually do not provide coverage for
services such as prescription drugs or shots.
-Chain of Trust Agreement - -Described as a contract in which the parties agree to
electronically exchange data to protect the transmitted data. The sender and
receiver are required to depend on each other to maintain the integrity and
confidentiality of the transmitted information.
-Server: Client-Server - -Is an architecture that divides processing between clients
and servers that can run on the same machine or on different machines on the
same network. It is a major element of the modern operating system and network
design. End users access workstation coputers and other physical automated
equipment directly while performing healthcare functions.
-Cloud Computing - -The practive of using a network of remote servers hosted on
the internet to store, manage, and process data, rather than a local server or
personal computer. Offered indifferent forms: Public, Private and Hybrid.
-Confidentiality - -Refers to preventing the disclosure of information to
unauthorized individuals or systems. Necessary for maintaining the pricary of the
peope whose personal information is helt in the system.
-Covered Entity - -Any organization or corporation that directly handles PHI or PHRs.
They include public clinics, nursing homes, pharmacies, specialty hospitals,
homecare programs, home meal programs, hospice, and durable medical
equipment suppliers.
, -Current Procedural Terminology - -(CPT) codes are published by the American
Medical Association. It is a five0digit numeric code that is used to describe medical,
surgical, laboratory, anesthesiology, and evaluation management servises of
physicians, hospitals, and other healthcare providers. There are approximately
7800. Two digit modifiers may be appended when appropriate to clarify or modify
the description of the procedure.
-Data Augmentation - -includes demographic, geographic, and credit information.
Can also encompass data management algorithms and methodologies that combat
unique clincal data problems.
-Data Classification - -A program that looks at the different typpes of data an
organization handles, classifies those pieces of data based on sensitivity, and
establiches procedures to make sure each of these pieces of information is treated
properly. The big picture rationale of a data classification program is to reduce risk
and bring enterpride wide conistency to data handling.
-Data Integration - -Is necessary to obtain a true understanding of the health care
organization. Can occur at the individual level, the household level, the business or
corparate level, the supplier level, or some other combination of attributes.
Requires powerful matching technology that can lovate less obvious members of a
related group.
-Data Interoperability - -Eliminates barriers to data sharing by providing direct data
access; data translation tools; and the ability to build complex spatial extraction,
transfromation and loading processes. Standardize data messaging facilitates
__________ between health information systems regardless of database models
employed by individual health care enterprises. There are three levels:
Foundational, Structural, and Semantic.
-Data Lifecycle Management - -(DLM) is a policy-based approach to managing the
flow of an information systems data through is lifecycle. DLM products automate the
processes involved, typically organizing data into separate tiers according to
specified policies, and automating data migration from one tier to another based on
those criteria. As a rule, newer data and data tha tmust be accessed more
frequently is stored on faster, but more expensive storage media, while less critical
data is stored on cheaper, but slower material.
-Data Profiling - -Encompasses such activities as frequency and basic statistic
reports, table relationships, phrase and element analysis and business rule
discovery. It is primarily done before any data-oriented initiative and often can be
used to pinpoint where further efforts need to be focused
-Data Quality - -Standardize and verify data is to use a reference database or a
defined set of business rules and corporate standards. The quality building block
includes technologies that encompass parsing, transformation, verifation, and
validation.
Preventative controls - -controls that deter, detect, and or reduce impacts to the
system
-Administrative Safeguards - -administrative actions, policies, and procedures to
manage the selection, development, implementation and maintenance of security
measures to safeguard ePHI and manage the conduct of the covered entity's
workforce in relation to the protection of that information.
-Affiliated Covered Entity - -(ACE) legally separate covered entities that are
affiliated may designate themselves as a single covered entity for the purposes of
the HIPAA privacy rule. Under this affiliation, the organizations need only develop
and disseminate one privacy official, administer common training programs and use
one business associate contract.
-Ambulatory Patient Groups - -(APGs) were developed to encompass the full range
of ambulatory settings, including same day surgery units, hospital emergency
rooms, and outpatient clinics. They are a patient classification system designed to
explain the amount and type of resources used in an ambulatory visit. Patients in
each have similar clinical characteristics and similar resource use and cost. Similar
resource use means that the resources used are relatively constant across the
patients within each APG.
-American Reinvestment and Recovery Act - -(ARRA) was enacted on 02/17/09 and
includes many measure to modernize our nations infrastructure, one of which is the
"Health Information Technology for Economic and Clinical Health" (HITECH) The
HITECH act supports the concept of Meaningful Use (MU) of Health Information
Technology (IT) and healthcare reform to help the healthcare organizations to meet
its clinical and business objectives vial HIE. MU requirements consist of payment
approaches that stress care coordination, and federal financial incentives are
driving the interest and demand for HIE
-Analytics - -the systematic use of data and related business insights developed
through applied analytical disciplines (e.g. statistcal, contextual, quantitative,
cognitive, etc.) to drive fact based decision making for planning, management,
measurement and learning. They may be descriptive, predictive, or prescriptive.
Can provide the mechanism to sort through this torrent of complexity and data, and
help healthcare organizations deliver on these demands.
-Authorization - -An individuals permission for a covered entity to use or disclose
PHI for a certain purpose, such as a research study.
-Bandwith - -The amount of information that is transmitted over a period of time. A
process of learning or education could necessitate a higher _______________ than a
quick status update.
-Bundled Payment - -AKA episode based payment. Is defined as the reimbursement
of healthcare providers (such as hospitals and physicians) "on the bases of
,expected costs for clinically defined episodes of care" The middle ground between
fee-for-service and capitation
-Business Associates - -(BA) The privacy rule, allows covered providers and health
plans to disclose protected health information to services of a variety of businesses
that have access to their patients' PHI. Such as billing services, attorneys,
accountants and consultants.
-Business Associates Agreement - -A contract with a covered entity that meets the
HIPAA Privacy Rule's applicable contract requirements
-Business Partners - -A vendor, as a recipient of PHI from healthcare organizations.
As defined in HIPAA and regulations promulgated by the US Department of health
and human services (DHHS) to implement certain provisions. All must agree in
writing to certain mandatory provisions regarding, among other things, the use and
disclosure of PHI.
-Capitation - -Sometimes doctors reach an agreement with a managed care
organization where the doctor is paid per person. Under this agreement, doctors
accept members of the plan for a certain set price per member, no matter how
often the member sees the doctor.
-Catastrophic Health Insurance Plan - -Covers essential health benefits but has a
very high deductible. This means it provides a kind of "safety net" coverage in case
the patient has an accident or serious illness. Usually do not provide coverage for
services such as prescription drugs or shots.
-Chain of Trust Agreement - -Described as a contract in which the parties agree to
electronically exchange data to protect the transmitted data. The sender and
receiver are required to depend on each other to maintain the integrity and
confidentiality of the transmitted information.
-Server: Client-Server - -Is an architecture that divides processing between clients
and servers that can run on the same machine or on different machines on the
same network. It is a major element of the modern operating system and network
design. End users access workstation coputers and other physical automated
equipment directly while performing healthcare functions.
-Cloud Computing - -The practive of using a network of remote servers hosted on
the internet to store, manage, and process data, rather than a local server or
personal computer. Offered indifferent forms: Public, Private and Hybrid.
-Confidentiality - -Refers to preventing the disclosure of information to
unauthorized individuals or systems. Necessary for maintaining the pricary of the
peope whose personal information is helt in the system.
-Covered Entity - -Any organization or corporation that directly handles PHI or PHRs.
They include public clinics, nursing homes, pharmacies, specialty hospitals,
homecare programs, home meal programs, hospice, and durable medical
equipment suppliers.
, -Current Procedural Terminology - -(CPT) codes are published by the American
Medical Association. It is a five0digit numeric code that is used to describe medical,
surgical, laboratory, anesthesiology, and evaluation management servises of
physicians, hospitals, and other healthcare providers. There are approximately
7800. Two digit modifiers may be appended when appropriate to clarify or modify
the description of the procedure.
-Data Augmentation - -includes demographic, geographic, and credit information.
Can also encompass data management algorithms and methodologies that combat
unique clincal data problems.
-Data Classification - -A program that looks at the different typpes of data an
organization handles, classifies those pieces of data based on sensitivity, and
establiches procedures to make sure each of these pieces of information is treated
properly. The big picture rationale of a data classification program is to reduce risk
and bring enterpride wide conistency to data handling.
-Data Integration - -Is necessary to obtain a true understanding of the health care
organization. Can occur at the individual level, the household level, the business or
corparate level, the supplier level, or some other combination of attributes.
Requires powerful matching technology that can lovate less obvious members of a
related group.
-Data Interoperability - -Eliminates barriers to data sharing by providing direct data
access; data translation tools; and the ability to build complex spatial extraction,
transfromation and loading processes. Standardize data messaging facilitates
__________ between health information systems regardless of database models
employed by individual health care enterprises. There are three levels:
Foundational, Structural, and Semantic.
-Data Lifecycle Management - -(DLM) is a policy-based approach to managing the
flow of an information systems data through is lifecycle. DLM products automate the
processes involved, typically organizing data into separate tiers according to
specified policies, and automating data migration from one tier to another based on
those criteria. As a rule, newer data and data tha tmust be accessed more
frequently is stored on faster, but more expensive storage media, while less critical
data is stored on cheaper, but slower material.
-Data Profiling - -Encompasses such activities as frequency and basic statistic
reports, table relationships, phrase and element analysis and business rule
discovery. It is primarily done before any data-oriented initiative and often can be
used to pinpoint where further efforts need to be focused
-Data Quality - -Standardize and verify data is to use a reference database or a
defined set of business rules and corporate standards. The quality building block
includes technologies that encompass parsing, transformation, verifation, and
validation.
