Review terms and
definitions Focus your studying with a path Get faster at matching termsHow do you want to study today?
Name
Address (all
geographic subdivisions smaller than state
including street address, city, county, or ZIP code)
All elements (except years) of dates related to an individual (including birth date, admission date discharge date, date of death, and exact age if over 89)
Telephone and/or fax number
Email address
Social Security number
Medical record number
Health plan beneficiary number
Account number
Certificate/license number
Vehicle identifiers and serial numbers, including license
plate numbers
Device identifiers or serial numbers
Web URLs and IP addresses
Biometric identifiers, including finger or voice prints
Full-face photographic images and any comparable image
Any other unique identifying number, characteristic, or code
The Employer Identification Number (EIN), issued by the Internal Revenue Service (IRS), effective July 30, 2002
The National Provider Identifier (NPI) was adopted as the standard unique health
identifier for healthcare providers to use in filing and processing healthcare claims and other transactions
compliance dates for all, but small health plans, was May 23, 2007. Small health plans by May 23, 2008
CMS is responsible to enforce standards for transactions, code set standards, security and identifier standards
CMS will enforce insurance portability requirements under Title I of HIPAA. The OCR in HHS enforces the privacy standards
The civil monetary penalty for violating
transaction standards is up to $100 per person, per violation, and up to $25,000 per person, per violation, of a single standard, per calendar year
impose criminal penalties as well as increased civil monetary amounts
Tier A is for violations in which the offender didn't realize he or she violated the Act .$100 fine for each violation, and the total imposed for such violations cannot exceed $25,000 for the calendar year
Tier B is for violations due to
reasonable cause, but not willful neglect. The result is a $1,000 fine for each violation, and the fines cannot exceed $100,000 for the calendar year
Tier C is for violations due to willful neglect that the organization ultimately corrected. The result is a $10,000 fine for each violation, and the fines cannot exceed 250,000 per calendar year
Tier D is for violations of willful neglect that the organization did not correct. The result is a $50,000 fine for each violation, and the fines
cannot exceed $1,500,000 per calendar year
Focus your studying with a path
Get faster at matching termsHow do you want to study today?
Learn
Match
Terms in this set (40)
1. Dust storms, Tornado, fire, flood , earthquake, lightning, volcanic, eruption and insect infestation.
2. Las Vegas has dust contamination Earthquakes, mud-slides, wildfires, and riots
-Lost Angeles has firestorms and mud-slides.
-Oklahoma City has tornadoes.
Miami has hurricanes or
tsunamis.
Home
Subjects
Solutions
Create
Log in
Sign up
Upgrade to remove ads
Only ₩37,125/year
Review terms and definitions
Focus your studying with a path
Take a practice test
Get faster at matching termsHow do you want to study today?
Flashcards
Learn
Test
Match
Terms in this set (20)
What is the difference between law and ethics?
Laws - are rules that mandate or prohibit certain behavior and are enforced by the state.
Ethics - Are the branch of philosophy that considers nature, criteria, sources, logic,
and the validity of moral judgment.
What is civil law, and what does it accomplish?
Civil law embodies a wide variety of laws pertaining to relationships between individuals and organizations. It provides a legal precedent for various relational situations.
What are the primary examples of public law?
Constitutional
law
Statutory law
Regulatory or Administrative law
Common law, Case law, and Precedent
Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change?
National Information Infrastructure Protection Act of 1996. It increased the severity of punishment based on the value of information, and for the reason for the offense: Commercial advantage, Private financial gain, or furtherance of a criminal act.
Which law was created specifically to deal with encryption policy in the United States?
Security and Freedom through Encryption Act of 1999.
What is privacy in an information security context?
In the context of Info Sec, the right of individuals or groups to protect themselves and their information from unauthorized access, porviding confidentiality.
What is another name for the Kennedy-Kassebaum Act (1996), and why is it important to organizations that are not in the healthcare industry?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA). HITECH expanded HIPAA to include businesses associated with HCO's such as legal and accounting firms, and IT partners.
If you work for a financial services organization such as a bank or credit union which 1999 law affects your use of computer data? What other affects does it have?
Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999. This act requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information.
What is the primary purpose for the USA PATRIOT act and how has it been revised since its original passage?
Allows the federal government greater authority to intercept communications for law enforcement and national security purposes.
What is PCI DSS and why is it important for information security?
Payment Card Industry Data Security Standards. Offers a standard of performance to which businesses that handle credit, debit, ATM, or gift cards must comply.
What is intellectual property (IP)? Is it afforded the same protection in every country of the world? What laws currently protect IP in the United States and Europe?
Intellectual Property is an individuals or an organizations created work and property such as art, research, or some other data. Some laws that protect IP are:
-Digital Millennium Copyright
Act
-The Agreement on Trade-Related Aspects of Intellectual Property Rights.
-No Electronic Theft Act.
How does the Sarbanes-Oxley Act of 2002 affect information security managers?
Enforces accountability for executives.
What is due care? Why should an organization make sure to exercise due care in its usual course of operations?
Due Care - Measures that an organization takes to ensure every employee knows what is acceptable and what is not. A company should use due care to ensure all of its employees protect themselves, the company, and its customers.
How is due diligence different from due care? Why are both important?
Due Diligence - Reasonable steps taken by people or organizations to meet obligations imposed by law or regulations.
Diligence is different from Due Care because it is a legal compliance, hardware, software, policy issue. Where Due care deals with the people who interact with the above.
What is a policy? how is it different from a law?
Policy - Guidelines that dictate certain behavior within the organization.
The difference between policy and law is that ignorance of a policy is an acceptable defense.
What are the three general categories of unethical and illegal behavior?
-Ignorance: Ignorance of a law is no excuse, but ignorance of a policy or procedure is.
-Accident: Individuals with higher levels of access and privilege are more likely to cause damage by mistakes.
-Intent: The state of mind of the person who committed the act.
What is the best method for preventing an unethical or illegal activity?
Deterrence
Of the information security organizations listed in this chapter that have codes of ethics, which has been established for the longest time? When was it founded?
Association of Computing Machinery (ACM) 1947.
Of the organizations listed in this chapter that have codes of ethics, which is focused on auditing and control?
Information Systems Audit and Control Association (ISACA)
How do people from varying ethnic backgrounds differ in their views of computer ethics?
Different cultures have different values, morals, and ethics. So their perception of what is unethical use of a computer will vary proportionately.
Sets with similar termsPriciples of Information Security 5th Edition - Ch…
20 terms
Tristie_Jones
Chapter 3 - Review Questions
20 terms
mnmart05
Principles of Information Security, 4th Edition. C…
20 terms
co92
SRA111 Chapter 3
46 terms
Ambi143
Sets found in the same folderCh. 1
24 terms
Luke_Andrukitis
Ch. 2
20 terms
Luke_Andrukitis
Ch. 4
32 terms
Luke_Andrukitis
Other sets by this creatorRisk Management
8 terms
Luke_Andrukitis
Identity and Access services
20 terms
Luke_Andrukitis
Architecture and Design
14 terms
Luke_Andrukitis
Authentication Suites
18 terms
Luke_Andrukitis
Other Quizlet setsthe foot
10 terms
kelseyoremmm
MKT exam 1
50 terms
layne_lohsePLUS
Geog 200 Final Exam Review
128 terms
lindsay_bryan9
COB Final Review
35 terms
Lazkir
Related questionsQUESTION
Which correctly relates a function with a type of tissue?
4 answers
QUESTION
Which statement best explains why air bubbles rise to the surface in a pond?
3 answers
QUESTION
True or False: While a substance melts, its temperature remains constant.
5 answers
QUESTION
The reaction CH2=CH2 + H2 → CH3CH3 would best be described as:
8 answers