Ethical & Legal Issues Sp23

Antivirus software

Programs to detect and remove computer viruses

Audit Trail

Security system report that tracks a user's access, deletion or modification of data and the time at which each event happened. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred

Authentication

The verification of the identity of a person or process for purposes of accessing medical records, whether they are stored on paper or digitally. In the case of computerized systems, this typically involves entering a combination of account numbers and passwords or other personal information so that the identity of the person using the computer is verified and access can be enabled

Biometrics

automated methods of recognizing a person based on a physiological characteristic such as fingerprints, retina, voice, etc.

Confidentiality

ensure that information is not disclosed

Consent

process by which an individual authorizes healthcare personnel to process his or her information based on an informed understanding of how this information will be used.

Cookie

a small piece of information about you

Copyright

exclusive legal right to reproduce

De-identified data

Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is de-identified. Health information is considered de-identified (1) if stripped of all of the 18 direct identifiers defined under HIPAA (see the full list), or (2) if an expert in statistical and scientific method determines that there is a very small risk that the information could be used alone or in combination with other information to identify an individual. HIPAA does not apply to de-identified data

Electronic protected health information (EPHHI)

All individually identifiable health information that is created, maintained or transmitted electronically

Firewall

type of gateway designed to protect private network resources from outside hackers, network damage, and theft or misuse of information

Health Information

Patient information collected by a health plan, health care provider, public health authority, employer, healthcare clearinghouse or other organization that falls under covered entity

Healthcare Insurance Portability and Accountability Act (HIPAA)

Developed in 1996, the acronym HIPAA stands for Healthcare Insurance Portability and Accountability Act. Initially created to help the public with insurance portability, they eventually built administrative simplifications that involved electronic, medical record technology and other components. In addition, they built a series of privacy tools to protect healthcare data.

Health Information Technology for Economic and Clinical Health (HITECH)

In 2009, as part of the American Recovery and Reinvestment Act (ARRA), there was an act within that called HITECH, short for The Health Information Technology for Economic and Clinical Health Act. The act included incentives offered to physicians in private practices, as well as institutional practices to implement and adopt electronic medical records. Ethical & Legal Issues Terminology

In addition to incentives, the act included a series of fines to help enforce HIPAA rules. HITECH also mandated that business associates of covered entities, as well as the covered entities themselves, were responsible for the same level of HIPAA compliance

HIPAA Audit

A HIPAA audit is based off a set of regulations, standards and implementation specifications. The audit is an analysis that helps to pinpoint the organization's current state and what steps need to be taken to get the organization compliant

HIPAA Violations

If a company fails to comply with HIPAA rules, they are subject to both civil and criminal penalties

Information Privacy

right to choose the conditions and the extent to which information and beliefs are share with others. Informed consent for the release of medical records represents the application of information privacy

Information security

protection of confidential information against threats to its integrity or inadvertent disclosure

Malware

Malicious code. Programs written for the purpose of stealing information, causing annoyance or performing covert actions

Phishing

Sending out legitimate looking e-mails with the intent getting personal information

Protected Health Information (PHI)

This includes any individually identifiable health information collected from an individual by a healthcare provider, employer or plan that includes name, social security number, phone number, medical history, current medical condition, test results and more.

Privacy

Freedom from unauthorized intrusion.

Security

Measures taken to guard against crime

Security rule

The part of the HIPAA rule that outlines national security standards intended to protect health data created, received, maintained or transmitted electronically

Spyware

Intended to track surfing habits in order to build marketing profiles

Trojan horse

A type of computer virus disguised as a program

Virus hoax

Deceptive alert warning users of a security threat which in reality does not exist

Vulnerability

flaw or weakness in system procedures, design, implementation, or internal controls that could accidentally or intentionally be used to breach security or violate the system's security policy.

Worm

Small programs that propagate by attaching copies of themselves to other programs

Virus

A software program that replicates on computer systems by incorporating itself into shared programs