2614497
| Question | Answer |
| Why are security audit policies important to organizations? | It hold workers accountable for their actions while utilizing ePHI and an electronic health record (EHR). |
| How are security audits conducted? | Security audits are conducted using audit trails and audit logs that offer a back-end view of system use. Audit trails and logs record key activities, showing system threads of access, changes, and transactions. |
| Why are periodic reviews of audit logs important? | 1.) Detecting unauthorized access to patient information. 2.) Establishing a culture of responsibility and accountability. 3.) Detecting new threats and intrusion attempts. 4.) Identifying potential problems. |
| Which legal and regulatory requirements should HM professionals follow when developing a security audit strategy? | 1.) HIPAA Security Rule 2.) Payment Card Industry Data Security Standard 3.) HITech Act 4.) Meaningful Use 5.)Joint Commission |
| A multidisciplinary team is essential to developing and implementing an effective security audit strategy. The team should include at a minimum IT, risk management, and HIM representation. Who should the team be led by? | The organization's designated security official in coordination with the designated privacy official. |
| What should the team consider when developing strategic ideas? | 1.) Determining what audit tools will be used for automatic monitoring and reporting. 2.) Determining appropriate retention periods for audit logs, trails, and audit reports. 3.) Ensuring top-level administrative support for consistent application of policy enforcement and sanctions. |
| What should be audited? | 1.) The record of a patient with the same last name or address as the employee 2.) VIP patient records (e.g., board members, celebrities, governmental or community figures, physician providers, management staff, or other highly publicized individuals) 3.) The records of those involved in high-profile events in the community (e.g., motor vehicle accident, attempted homicide, etc.) |
| Certified EHRs should meet which requirement when implementing audit tools ? | Stage 1 Meaningful Use |
| User activities within clinical applications should be conducted how often? | Monthly, it's best to review audit logs as close to real time as possible and as soon after an event occurs as can be managed. |
| An organization's audit strategy must stipulate the following actions to protect and retain audit logs? | 1.) Storing audit logs and records on a server separate from the system that generated the audit trail 2.) Restricting access to audit logs to prevent tampering or altering of audit data 3.) Retaining audit trails based on a schedule determined collaboratively with operational, technical, risk management, and legal staff |
| True or False: Education is a preventive measure that must be executed and re-executed to ensure optimal outcomes in the success of a security audit strategy. | True |
Want to create your own Flashcards for free with GoConqr? Learn more.