Shared Flashcard Set

Details

Health Informatics: Section 5
hsc 500: user/administration/management
41
Software
Graduate
09/12/2011

Additional Software Flashcards

 


 

Cards

Term
Cobit (The Control Objectives for Information and related Technology)
Definition
CobiT is a set of best practices for IT management. CobiT focuses on defining program and management control functions. It is designed to help ensure IT programs are implemented and managed effectively to maximize the investment of technology efficiently. While not specifically a security standard, strong CobiT compliance typically indicates a higher quality of control over internal practices that help manage an effective security infrastructure, as well as sound business practice.
Term
Cloud computing
Definition
Internet-based computing, whereby shared resources, software, and information are provided to computers and other devices on demand, like the electricity grid.
Term
IaaS (Infrastructure as a Service)
Definition
Rather than purchasing servers, software, data-center space or network equipment, clients instead buy those resources as a fully outsourced service. Suppliers typically bill such services on a utility computing basis; the amount of resources consumed (and therefore the cost) will typically reflect the level of activity.
Term
PaaS (Platform as a Service)
Definition
s the delivery of a computing platform and solution stack as a service. PaaS offerings facilitate deployment of applications withoutthe cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities, providing all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet.
Term
SaaS (Software as a Service)
Definition
sometimes referred to as "on-demand software," is a software delivery model in which software and its associated data are hosted centrally (typically in the (Internet) cloud) and are typically accessed by users using a thin client, normally using a web browser over the Internet.
Term
Cyber Security
Definition
The protection of data and systems in networks that connect to the Internet.
Term
Enterprise Architecture
Definition
A strategic resource that aligns business and technology, leverages shared assets, builds internal and external partnerships, and optimizes the value of information technology services.
Term
Extranet
Definition
An intranet that allows specified levels of access to authorized, external users.
Term
HITRUST (Health Information Trust Alliance)
Definition
The HITRUST Common Security Framework (CSF) is a framework that normalizes the security requirements of healthcare organizations including federal (e.g., ARRA and HIPAA), state (Mass.), third party (e.g., PCI and COBIT) and government (e.g., NIST, FTC and CMS).
Term
HIPAA Privacy, Security, and Enforcement
Definition
he HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The HIPAA Enforcement Rule contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations of the HIPAA Administrative Simplification Rules, and procedures for hearings
Term
Authorization
Definition
“authorization” is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. An authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations, or to disclose protected health information to a third party specified by the individual.
Term
BA (Business Associate)
Definition
A person or organization that performs a function or activity on behalf of a covered entity, but is not part of the covered entity's workforce. A business associate can also be a covered entity in its own right.
Term
BAA (Business Associate Agreement)
Definition
The agreement standard document that clearly defines the roles and responsibilities of a business associate and the covered entity. The other key piece of the Business Associates Agreement is the assurance that businesses will take proper steps to implement the appropriate administrative, physical and technical safeguards.
Term
Breach
Definition
A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.
Term
Breach Notification Rule
Definition
The regulations requiring HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.
Term
CE (Covered Entity)
Definition
Any business entity that must comply with HIPAA regulations, which includes health-care providers, health plans and health-care clearinghouses. For purposes of HIPAA, health-care providers include hospitals, physicians and other caregivers. Examples include Providers, Health Plans, Clearinghouses, and Business Associates.
Term
Criminal Penalties
Definition
The U.S. Department of Justice established who can be held liable for HIPAA violations due to criminal activity. This includes covered entities and any specified individual working under a covered entity. Anyone who knowingly misuses health information can be fined up to $50,000 including up to a year of imprisonment. More serious offenses call for higher fines and prison time.
Term
De-Identified Information
Definition
De-identified data (e.g., aggregate statistical data or data stripped of individual identifiers) require no individual privacy protections and are not covered by the Privacy Rule.
Term
Health Information
Definition
Patient information collected by a health plan, health care provider, public health authority, employer, healthcare clearinghouse or other organization that falls under covered entity.
Term
Individually Identifiable Health Information
Definition
A subset of health information, this includes demographic information about an individual’s health that identifies or can be used to identify the individual. This includes name, address, date of birth, etc
Term
PHI (Protected Health Information)
Definition
Relates to past, present, or future physical or mental condition of an individual; provisions of healthcare to an individual; or for payment of care provided to an individual. Is transmitted or maintained in any form (electronic, paper, or oral representation).This includes any individually identifiable health information collected from an individual by a healthcare provider, employer or plan that includes name, social security number, phone number, medical history, current medical condition, test results and more.
Term
Due Diligence
Definition
An organization is in violation, but they have taken every possible step they could have foreseen to prevent that. Minimum fine: $100 per incident with annual maximum of $25,000 for repeat violations. Maximum fine: $50,000 per violation with annual maximum of $1.5 million for repeat violations
Term
Privacy Rule
Definition
The part of the HIPAA rule that addresses the saving, accessing and sharing of medical and personal information of an individual, including a patient’s own right to access.
Term
Security Rule
Definition
The part of the HIPAA rule that outlines national security standards intended to protect health data created, received, maintained or transmitted electronically.
Term
TPO (Treatment,” “Payment,” and “Health Care Operations”)
Definition
“Treatment” generally means the provision, coordination, or management of health care and related services among health care providers or by a health care provider with a third party, consultation between health care providers regarding. “Payment” encompasses the various activities of health care providers to obtain payment or be reimbursed for their services and of a health plan to obtain premiums, to fulfill their coverage responsibilities and provide benefits under the plan, and to obtain or provide reimbursement for the provision of health care. “Health care operations” are certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment.
Term
Patient Notice
Definition
Any use or disclosure of protected health information for treatment, payment, or health care operations must be consistent with the covered entity’s notice of privacy practices. A covered entity is required to provide the individual with adequate notice of its privacy practices, including the uses or disclosures the covered entity may make of the individual’s information and the individual’s rights with respect to that information.
Term
Minimum Necessary
Definition
A covered entity must develop policies and procedures that reasonably limit its disclosures of, and requests for, protected health information for payment and health care operations to the minimum necessary. A covered entity also is required to develop role-based access policies and procedures that limit which members of its workforce may have access toprotected health information for treatment, payment, and health care operations, based on those who need access to the information to do their jobs.
Term
Reasonable Cause
Definition
The steps have been taken, but something was not addressed. For example, a company went into a HIPAA audit and provided a gap analysis, but something wasn’t addressed yet. The violation is due to reasonable cause and not willful neglect. Minimum fine: $1,000 per incident with annual maximum of $100,000 for repeat violations. Maximum fine: $50,000 per incident with annual maximum of $1.5 million for repeat violations.
Term
Willful Neglect
Definition
There are two types of willful neglect. The first is when a company clearly ignores the HIPAA law but corrects their mistake within the given amount of time. Minimum fine: $10,000 per incident with annual maximum of $1.5 million for repeat violations Maximum fine: $50,000 per violation with annual maximum of $1.5 million for repeat violations The second type of willful neglect is when a company ignores the HIPAA law and does not correct their mistake. Minimum fine: $50,000 per incident with annual maximum of $250,000 for repeat violations. Maximum fine: $50,000 per incident with annual maximum of $250,000 for repeat violations
Term
Intranet
Definition
An internal network that looks and acts like the World Wide Web. Intranets allow companies to take advantage of Web-based technology and create a private means of sharing data and applications among their networked users.
Term
ITIL (Information Technology Infrastructure Library)
Definition
A set of Best Practice guidance for IT Service Management. ITIL is owned by the OGC and consists of a series of publications giving guidance on the provision of Quality IT Services, and on the Processes and facilities needed to support them.
Term
MU (Meaningful Use Criteria)
Definition
These are the ways in which practitioners must use federally-certified EHR products in order to secure EHR incentive program payments from either Medicare or Medicaid
Term
PMBOK (Project Management Body of Knowledge Guide)
Definition
A publication by the Project Management Institute on best practices for project management.
Term
RFI Request for Information
Definition
This is a procurement document sent to one or more vendors, producing similar products, to secure comparative information on product function, ancillary services, and price. An RFI usually provides extensive description(s) of the requirements that the bidder’s solution must satisfy to be acceptable.
Term
RFP Request for Proposal
Definition
This is a procurement document sent to one or more vendors which seeks a proposed solution to the described service needs of the requestor. As a general rule, these proposals do not include detailed specifications onwhat the requestor needs. The premise is that the bidder has considerable experience in the field and part of their value proposition is the innovation that the bidder provides through their solution.
Term
RFQ Request for Quotation
Definition
Generally, an RFQ is used when the product that is being sought is rather conventional and does not require much description or requirements. This document generally secures vendor prices for commodities.
Term
Scalability
Definition
The ability to add users and increase the capabilities of an application without having to making significant changes to the application software or the system on which it runs.
Term
Service Level Agreement
Definition
A contract between a service provider and a user that specifies the level of service expected during a contract term. Service level agreements determine how performance will be measured and, in the event of underperformance, how the penalties will be calculated and paid.
Term
Subscription-Based Model
Definition
A business model based on a monthly fee charged for the use of equipment, software, services or content, or some combination of those. Used by many vendors, such as providers of e-prescribing systems. See also transaction-based model.
Term
Total Cost of Ownership
Definition
A long-term view of all costs associated with a specific technology investment. Costs include that of acquiring, installing, using, maintaining, changing, and disposing of a technology during its useful life.
Term
Transaction-Based Model
Definition
A business model based on service fees charged for each transaction conducted using the vendor’s equipment, software, services or network. Used by some e-health vendors, including providers of e-prescribing systems. See also subscription-based model.
Supporting users have an ad free experience!