Introduction to Security Audits

Description

Flashcards on Introduction to Security Audits, created by Timisha on 28/04/2015.
Timisha
Flashcards by Timisha, updated more than 1 year ago
Timisha
Created by Timisha over 9 years ago
30
2

Resource summary

Question Answer
Why are security audit policies important to organizations? It hold workers accountable for their actions while utilizing ePHI and an electronic health record (EHR).
How are security audits conducted? Security audits are conducted using audit trails and audit logs that offer a back-end view of system use. Audit trails and logs record key activities, showing system threads of access, changes, and transactions.
Why are periodic reviews of audit logs important? 1.) Detecting unauthorized access to patient information. 2.) Establishing a culture of responsibility and accountability. 3.) Detecting new threats and intrusion attempts. 4.) Identifying potential problems.
Which legal and regulatory requirements should HM professionals follow when developing a security audit strategy? 1.) HIPAA Security Rule 2.) Payment Card Industry Data Security Standard 3.) HITech Act 4.) Meaningful Use 5.)Joint Commission
A multidisciplinary team is essential to developing and implementing an effective security audit strategy. The team should include at a minimum IT, risk management, and HIM representation. Who should the team be led by? The organization's designated security official in coordination with the designated privacy official.
What should the team consider when developing strategic ideas? 1.) Determining what audit tools will be used for automatic monitoring and reporting. 2.) Determining appropriate retention periods for audit logs, trails, and audit reports. 3.) Ensuring top-level administrative support for consistent application of policy enforcement and sanctions.
What should be audited? 1.) The record of a patient with the same last name or address as the employee 2.) VIP patient records (e.g., board members, celebrities, governmental or community figures, physician providers, management staff, or other highly publicized individuals) 3.) The records of those involved in high-profile events in the community (e.g., motor vehicle accident, attempted homicide, etc.)
Certified EHRs should meet which requirement when implementing audit tools ? Stage 1 Meaningful Use
User activities within clinical applications should be conducted how often? Monthly, it's best to review audit logs as close to real time as possible and as soon after an event occurs as can be managed.
An organization's audit strategy must stipulate the following actions to protect and retain audit logs? 1.) Storing audit logs and records on a server separate from the system that generated the audit trail 2.) Restricting access to audit logs to prevent tampering or altering of audit data 3.) Retaining audit trails based on a schedule determined collaboratively with operational, technical, risk management, and legal staff
True or False: Education is a preventive measure that must be executed and re-executed to ensure optimal outcomes in the success of a security audit strategy. True
Show full summary Hide full summary

Similar

KEE3
harrym
Key Events, People and Terms of the French Revolution
poppwalton
French Tense Endings
James Hoyle
| GCSE Busniness Studies | AQA | Key Terms | "Starting A Business" |
Spuddylicious
Input Devices
Jess Peason
Physical Geography
clongworth25
AQA Physics: A2 Unit 4
Michael Priest
Ancient China - Glossary of Terms
Ms M
Computer science quiz
Ryan Barton
Social Influence
Kizzy Leverton
Isabella; Or The Pot Of Basil Quotes
Jazmine Derwin