Introduction to Security Audits

Description

Flashcards on Introduction to Security Audits, created by Timisha on 28/04/2015.
Timisha
Flashcards by Timisha, updated more than 1 year ago
Timisha
Created by Timisha over 9 years ago
30
2

Resource summary

Question Answer
Why are security audit policies important to organizations? It hold workers accountable for their actions while utilizing ePHI and an electronic health record (EHR).
How are security audits conducted? Security audits are conducted using audit trails and audit logs that offer a back-end view of system use. Audit trails and logs record key activities, showing system threads of access, changes, and transactions.
Why are periodic reviews of audit logs important? 1.) Detecting unauthorized access to patient information. 2.) Establishing a culture of responsibility and accountability. 3.) Detecting new threats and intrusion attempts. 4.) Identifying potential problems.
Which legal and regulatory requirements should HM professionals follow when developing a security audit strategy? 1.) HIPAA Security Rule 2.) Payment Card Industry Data Security Standard 3.) HITech Act 4.) Meaningful Use 5.)Joint Commission
A multidisciplinary team is essential to developing and implementing an effective security audit strategy. The team should include at a minimum IT, risk management, and HIM representation. Who should the team be led by? The organization's designated security official in coordination with the designated privacy official.
What should the team consider when developing strategic ideas? 1.) Determining what audit tools will be used for automatic monitoring and reporting. 2.) Determining appropriate retention periods for audit logs, trails, and audit reports. 3.) Ensuring top-level administrative support for consistent application of policy enforcement and sanctions.
What should be audited? 1.) The record of a patient with the same last name or address as the employee 2.) VIP patient records (e.g., board members, celebrities, governmental or community figures, physician providers, management staff, or other highly publicized individuals) 3.) The records of those involved in high-profile events in the community (e.g., motor vehicle accident, attempted homicide, etc.)
Certified EHRs should meet which requirement when implementing audit tools ? Stage 1 Meaningful Use
User activities within clinical applications should be conducted how often? Monthly, it's best to review audit logs as close to real time as possible and as soon after an event occurs as can be managed.
An organization's audit strategy must stipulate the following actions to protect and retain audit logs? 1.) Storing audit logs and records on a server separate from the system that generated the audit trail 2.) Restricting access to audit logs to prevent tampering or altering of audit data 3.) Retaining audit trails based on a schedule determined collaboratively with operational, technical, risk management, and legal staff
True or False: Education is a preventive measure that must be executed and re-executed to ensure optimal outcomes in the success of a security audit strategy. True
Show full summary Hide full summary

Similar

Characters in "King Lear"
eleanor.gregory
GCSE Maths Symbols, Equations & Formulae
Andrea Leyden
Biology AQA 3.1.3 Cells
evie.daines
Was the Weimar Republic doomed from the start?
Louisa Wania
Physics: Energy resources and energy transfer
katgads
Revision Timetable
katy.lay
GCSE Computing : OCR Computing Course Revision
RoryOMoore
GCSE Maths Quiz: Ratio, Proportion & Measures
Andrea Leyden
Using GoConqr to teach Maths
Sarah Egan
Art styles
Sarah Egan
Mapa Mental para Resumir y Conectar Ideas
Rosario Sharline Vilcarromero Saenz