What is another name for the Kennedy Kassebaum Act 1996 and why is it important to organizations that are not in the healthcare industry quizlet?

Name
Address (all geographic subdivisions smaller than state
including street address, city, county, or ZIP code)
All elements (except years) of dates related to an individual (including birth date, admission date discharge date, date of death, and exact age if over 89)
Telephone and/or fax number
Email address
Social Security number
Medical record number
Health plan beneficiary number
Account number
Certificate/license number
Vehicle identifiers and serial numbers, including license plate numbers
Device identifiers or serial numbers
Web URLs and IP addresses
Biometric identifiers, including finger or voice prints
Full-face photographic images and any comparable image
Any other unique identifying number, characteristic, or code

The Employer Identification Number (EIN), issued by the Internal Revenue Service (IRS), effective July 30, 2002
The National Provider Identifier (NPI) was adopted as the standard unique health identifier for healthcare providers to use in filing and processing healthcare claims and other transactions
compliance dates for all, but small health plans, was May 23, 2007. Small health plans by May 23, 2008
CMS is responsible to enforce standards for transactions, code set standards, security and identifier standards
CMS will enforce insurance portability requirements under Title I of HIPAA. The OCR in HHS enforces the privacy standards
The civil monetary penalty for violating transaction standards is up to $100 per person, per violation, and up to $25,000 per person, per violation, of a single standard, per calendar year

impose criminal penalties as well as increased civil monetary amounts
Tier A is for violations in which the offender didn't realize he or she violated the Act .$100 fine for each violation, and the total imposed for such violations cannot exceed $25,000 for the calendar year
Tier B is for violations due to reasonable cause, but not willful neglect. The result is a $1,000 fine for each violation, and the fines cannot exceed $100,000 for the calendar year
Tier C is for violations due to willful neglect that the organization ultimately corrected. The result is a $10,000 fine for each violation, and the fines cannot exceed 250,000 per calendar year
Tier D is for violations of willful neglect that the organization did not correct. The result is a $50,000 fine for each violation, and the fines cannot exceed $1,500,000 per calendar year

Terms in this set (40)

1. Dust storms, Tornado, fire, flood , earthquake, lightning, volcanic, eruption and insect infestation.
2. Las Vegas has dust contamination Earthquakes, mud-slides, wildfires, and riots
-Lost Angeles has firestorms and mud-slides.
-Oklahoma City has tornadoes.
Miami has hurricanes or tsunamis.

Home

Subjects

Solutions

Create

Log in

Sign up

Upgrade to remove ads

Only ₩37,125/year

Terms in this set (20)

What is the difference between law and ethics?

Laws - are rules that mandate or prohibit certain behavior and are enforced by the state.
Ethics - Are the branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgment.

What is civil law, and what does it accomplish?

Civil law embodies a wide variety of laws pertaining to relationships between individuals and organizations. It provides a legal precedent for various relational situations.

What are the primary examples of public law?

Constitutional law
Statutory law
Regulatory or Administrative law
Common law, Case law, and Precedent

Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change?

National Information Infrastructure Protection Act of 1996. It increased the severity of punishment based on the value of information, and for the reason for the offense: Commercial advantage, Private financial gain, or furtherance of a criminal act.

Which law was created specifically to deal with encryption policy in the United States?

Security and Freedom through Encryption Act of 1999.

What is privacy in an information security context?

In the context of Info Sec, the right of individuals or groups to protect themselves and their information from unauthorized access, porviding confidentiality.

What is another name for the Kennedy-Kassebaum Act (1996), and why is it important to organizations that are not in the healthcare industry?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA). HITECH expanded HIPAA to include businesses associated with HCO's such as legal and accounting firms, and IT partners.

If you work for a financial services organization such as a bank or credit union which 1999 law affects your use of computer data? What other affects does it have?

Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999. This act requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information.

What is the primary purpose for the USA PATRIOT act and how has it been revised since its original passage?

Allows the federal government greater authority to intercept communications for law enforcement and national security purposes.

What is PCI DSS and why is it important for information security?

Payment Card Industry Data Security Standards. Offers a standard of performance to which businesses that handle credit, debit, ATM, or gift cards must comply.

What is intellectual property (IP)? Is it afforded the same protection in every country of the world? What laws currently protect IP in the United States and Europe?

Intellectual Property is an individuals or an organizations created work and property such as art, research, or some other data. Some laws that protect IP are:
-Digital Millennium Copyright Act
-The Agreement on Trade-Related Aspects of Intellectual Property Rights.
-No Electronic Theft Act.

How does the Sarbanes-Oxley Act of 2002 affect information security managers?

Enforces accountability for executives.

What is due care? Why should an organization make sure to exercise due care in its usual course of operations?

Due Care - Measures that an organization takes to ensure every employee knows what is acceptable and what is not. A company should use due care to ensure all of its employees protect themselves, the company, and its customers.

How is due diligence different from due care? Why are both important?

Due Diligence - Reasonable steps taken by people or organizations to meet obligations imposed by law or regulations.

Diligence is different from Due Care because it is a legal compliance, hardware, software, policy issue. Where Due care deals with the people who interact with the above.

What is a policy? how is it different from a law?

Policy - Guidelines that dictate certain behavior within the organization.

The difference between policy and law is that ignorance of a policy is an acceptable defense.

What are the three general categories of unethical and illegal behavior?

-Ignorance: Ignorance of a law is no excuse, but ignorance of a policy or procedure is.
-Accident: Individuals with higher levels of access and privilege are more likely to cause damage by mistakes.
-Intent: The state of mind of the person who committed the act.

What is the best method for preventing an unethical or illegal activity?

Deterrence

Of the information security organizations listed in this chapter that have codes of ethics, which has been established for the longest time? When was it founded?

Association of Computing Machinery (ACM) 1947.

Of the organizations listed in this chapter that have codes of ethics, which is focused on auditing and control?

Information Systems Audit and Control Association (ISACA)

How do people from varying ethnic backgrounds differ in their views of computer ethics?

Different cultures have different values, morals, and ethics. So their perception of what is unethical use of a computer will vary proportionately.

Priciples of Information Security 5th Edition - Ch…

20 terms

Tristie_Jones

Chapter 3 - Review Questions

20 terms

mnmart05

Principles of Information Security, 4th Edition. C…

20 terms

co92

SRA111 Chapter 3

46 terms

Ambi143

Ch. 1

24 terms

Luke_Andrukitis

Ch. 2

20 terms

Luke_Andrukitis

Ch. 4

32 terms

Luke_Andrukitis

Risk Management

8 terms

Luke_Andrukitis

Identity and Access services

20 terms

Luke_Andrukitis

Architecture and Design

14 terms

Luke_Andrukitis

Authentication Suites

18 terms

Luke_Andrukitis

the foot

10 terms

kelseyoremmm

MKT exam 1

50 terms

layne_lohsePLUS

Geog 200 Final Exam Review

128 terms

lindsay_bryan9

COB Final Review

35 terms

Lazkir

QUESTION

Which correctly relates a function with a type of tissue?

4 answers

QUESTION

Which statement best explains why air bubbles rise to the surface in a pond?

3 answers

QUESTION

True or False: While a substance melts, its temperature remains constant.

5 answers

QUESTION

The reaction CH2=CH2 + H2 → CH3CH3 would best be described as:

8 answers

What is PCI DSS and why is it important for information security quizlet?

What is the primary purpose of the USA Patriot Act and how has it been revised since its original passage quizlet?

What is intellectual property IP )? What laws currently protect IP in the United States and Europe quizlet?

What is it called when an organization makes sure every employee knows what is acceptable and unacceptable behavior?