Study Guide for unit 3

1. What is data recovery and when is it done?  Data recovery is the process of recouping any data that has been lost from the information system crash as well as the data that was obtained during the downtime. It is done when the information systems are functional again. 2. What process do they use?  The selected CE and business associates may be reviewed remotely at the OCR’s office which is known as a desk audit or it may be an onsite audit 3. What is semantic?  Involves the use of standardized terminologies (such as SNOMED-CT) to provide clarity, consistency, and appropriate meaning in HIE. This area of HIE is still undergoing development. 4. Spoliation  International destruction, mutilation, alteration, or concealment of evidence or alteration of evidence 5. What agency monitors compliance with HIPAA?  The Department of Health and Human Services’ Office of Civil Rights. They identify a random sample of CE’s and business associates who are selected for an audit. 6. Intrusion detection systems  Monitor networks and information systems to catch hackers and other intruders along with other security issues. It notifies the information technology staff of the issue. It also assist the information system staff in monitoring the traffic on the Internet to ensure that it is legitimate and does not contain anything that will harm the ePHI or other data stored in the database such as malware. 7. What is forensics?  The process that should be used to gather evidence of the security incident. (Used or applied in the investigation and establishment of facts or evidence in a court of law)  Policy and procedure development (including strict guidelines)  Evidence assessment (determining what should be looked for)  Evidence acquisition (how evidence will be captured)  Evidence examination (analyzing data obtained)  Documenting and reporting (documenting all activities performed) 8. HIE  The exchange of health information electronically between providers and others with the same level of interoperability. 9. Interoperability  The ability of different information technology systems and software applications to communicate; to exchange data accurately, effectively, and consistently; and to use the information that has been exchanged. 10. Security Event  Poor security practices that have not led to harm, whereas security incidents have resulted in harm or a significant risk of harm. 11. Mitigation  The process of attempting to reduce or eliminate harmful effects of the breach. 12. Two factor authentications  Combines two different categories of access control, such as something you know and something you have.  Ex: A TOKEN. Size of a credit card and contain a magnetic strip/chip that identifies the user.  Ex: PASSWORD 13. EHR vs EMR  An EMR is an electronic collection of all the patient’s health information and clinical care that is stored, managed, and referred to by authorized members of one healthcare entity, much like the actual paper health record only in digital or electronic form. An EHR includes everything in an EMR but is much more comprehensive in terms of the patient’s overall health, the care and services provided to the patient, and all healthcare providers participating in the patient's care. 14. What does a dashboard display?  The metrics established by the CE so that the chief security officer will know where the CE stands with regards to compliance with the HIPAA security rule. 15. Best practices for mobile devices  Use authentication methods to control access  Utilize encryption  Install remote wiping and remote disabling software