Legal Aspects of Health Information Management, Data Breaches, and Cyber security - Study guide

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/26

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

27 Terms

1
New cards

Deals with the legal rights and relationship of private individuals

  • Torts: Any wrongful acts for which a civil suit can be brought

  • Contracts: Binding agreements between two or more parties

What is civil law?

2
New cards

Deals with relationships between individuals and government

  • Criminal Law: Crime and their punishments

  • Regulations: Published rules that interpret laws

What is public law?

3
New cards

Hearsay statements made during an incident are admissible as evidence

What is res gestae?

4
New cards

Means something is self-evident (example: surgical instruments left in the patient’s abdominal cavity)

What is res ipsa loquitur?

5
New cards

The final judgement of a competent court is conclusive →

  1. prevents a plaintiff from suing on a claim that has already been decided

  2. prevents a defendant from raising any new defense to defeat enforcement of earlier judgement

What is res judicata?

6
New cards

An employer is responsible for the legal consequences of an employee’s actions

What is respondeat superior?

7
New cards

phishing attack

What is the most common cause of data breaches in healthcare?

8
New cards

Involves converting data into encrypted format that can only be accessed with the appropriate decryption key

What is encryption?

9
New cards

Results when a health care provider acts in an improper or negligent manner and the patient’s result is injury, damage, or loss

What is medical malpractice?

10
New cards

Failure to exercise the degree of care considered reasonable under the circumstances resulting in an unintended injury to another party

What is required to establish negligence in a medical malpractice case?

11
New cards
  • A brief description of the breach

  • Instructions on how affected individuals can protect themselves

  • Contact information for further assistance

What must be included in a breach notification to affected individuals?

12
New cards

Used to document patient information released to authorized requestors

What is a release of information log?

13
New cards

Establishes national standards for the protection of individually identifiable health information held by covered entities

Describe the HIPAA Privacy Rule.

14
New cards

Sets safeguards for the security of electronic protected health information and requires covered entities to implement administrative, physical, and technical safeguards to protect ePHI

Describe the HIPAA Security Rule.

15
New cards
  • Attorney requests

  • Employers (except when PHI is released to report work-related illnesses or injuries

  • Some government agencies 

  • Health care providers that did not render care to patients

  • HIV-related information

  • IRS

  • Law enforcement

  • Marketing communications

  • Third-party payers (except for payment)

  • Workers’ compensation carriers (when required by state law

What situations require patient consent for disclosure of PHI?

16
New cards
  • Health oversight activities

  • Public health activities

  • Law enforcement purposes

  • Judicial and administrative proceedings

  • Identification and location purposes

  • Decedents 

  • Research purposes

  • FDA

  • Specialized government functions

  • Workers’ compensation

What situations DO NOT require patient consent to disclose PHI?

17
New cards

Refers to the time period after which a lawsuit cannot be filed

What is a statute of limitations?

18
New cards

Covered entities must also notify the Secretary of Health and Human Services (HHS) and media outlets serving the affected individuals without unreasonable delay and no later than 60 days after discovering the breach.

What is required if a data breach affects over 500 individuals?

19
New cards

Attempts to trick healthcare employees into providing sensitive information through deceptive emails or messages

What is a phishing attack?

20
New cards

Malicious or negligent actions by employees or other insiders who have access to EHRs

What are insider threats?

21
New cards

Malicious software that can corrupt, steal, or lockup data within an EHR system

What is malware?

22
New cards

Attempts to overwhelm the EHR system, making it unavailable to users

What is a denial of service attack?

23
New cards

A network security device or software designed to monitor and control incoming and outgoing network traffic based on predetermined security rules

  • To establish a barrier between a trusted internal network and untrusted external networks to protect the internal network

What is a firewall

24
New cards

Networking device that combines the functions of a traditional wired router with those of a wireless access point

What is a wireless router?

25
New cards

Strong encryption, multi-factor authentication, and robust network security measures.

How can healthcare organizations limit access to sensitive patient information?

26
New cards

Type of program designed to detect, prevent, and remove malicious software (malware) from computers and other digital devices

  • Protects systems from cyber threats

What is antivirus software?

27
New cards

Unauthorized access to EHR systems resulting in the exposure of sensitive patient information.

What is a data breach?