You are on page 1of 280

CompTIA® Healthcare IT

Technician (Exam HIT-001)

o n
iti
Ed
TE
or
CA
LI
ct
P
DU
ru
T
NO
st
DO
In

CompTIA® Healthcare IT Technician
(Exam HIT-001)

n
Part Number: NH85710(IGEE)
Course Edition: 1.0

ACKNOWLEDGMENTS

o
Project Team
Content Developer: Geoffrey Silkey, Kelly Popen, Lindsay Bachman and Trina Jones • Content Manager: Nancy Curtis •

iti
Graphic Designer: • Project Manager: • Media Instructional Designer: • Content Editor: • Material Editor: • Business
Matter Expert: Mike Horan • Technical Reviewer: • Project Technical Support: Mike Toscano

NOTICES

Ed
DISCLAIMER: While Element K Corporation takes care to ensure the accuracy and quality of these materials, we cannot guarantee their accuracy, and all materials are provided without any warranty
whatsoever, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. The name used in the data files for this course is that of a fictitious company. Any
resemblance to current or future companies is purely coincidental. We do not believe we have used anyone’s name in creating this course, but if we have, please notify us and we will change the name in
the next revision of the course. Element K is an independent provider of integrated training solutions for individuals, businesses, educational institutions, and government agencies. Use of screenshots,
photographs of another entity’s products, or another entity’s product name or service in this book is for editorial purposes only. No such use should be construed to imply sponsorship or endorsement of
the book by, nor any affiliation of such entity with Element K. This courseware may contain links to sites on the Internet that are owned and operated by third parties (the ″External Sites″). Element K is
not responsible for the availability of, or the content located on or through, any External Site. Please contact Element K if you have any concerns regarding such links or External Sites.

TE
TRADEMARK NOTICES: Element K and the Element K logo are trademarks of Element K Corporation and its affiliates.

Microsoft and Windows are registered trademarks of Microsoft Corporation in the U.S. and other countries; the Sun Microsystems and Apple products and services discussed or described may be
trademarks of Sun Microsystems or Apple, Inc., respectively. All other product names and services used throughout this course may be common law or registered trademarks of their respective
or
proprietors.

CA
Copyright © 2011 © 2011 Element K Corporation. All rights reserved. Screenshots used for illustrative purposes are the property of the software proprietor. This publication, or any part thereof, may not
be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, storage in an information retrieval system, or otherwise, without express written
permission of Element K, 500 Canal View Boulevard, Rochester, NY 14623, (585) 240-7500, (800) 478-7788. Element K Courseware’s World Wide Web site is located at
www.elementkcourseware.com.
LI
This book conveys no rights in the software or other products about which it was written; all use or licensing of such software or other products is the responsibility of the user according to terms and
conditions of the owner. Do not make illegal copies of books or software. If you believe that this book, related materials, or any other Element K materials are being reproduced or transmitted without
ct
P
permission, please call (800) 478-7788.

The logo of the CompTIA Authorized Curriculum Program and the status of this or other training material as Authorized under the CompTIA Authorized Curriculum Program signifies that, in CompTIA’s
DU

opinion, such training material covers the content of CompTIA’s related certification exam. CompTIA has not reviewed or approved the accuracy of the contents of this training material and specifically
disclaims any warranties of merchantability or fitness for a particular purpose. CompTIA makes no guarantee concerning the success of persons using any such Authorized or other training material in
order to prepare for any CompTIA certification exam. The contents of this training material were created for the CompTIA® Healthcare IT Technician exam covering CompTIA certification exam objectives
that were current as of 2011.
ru

How to Become CompTIA Certified: This training material can help you prepare for and pass a related CompTIA certification exam or exams. In order to achieve CompTIA certification, you must register
T

for and pass a CompTIA certification exam or exams. In order to become CompTIA certified, you must:
1. Select a certification exam provider. For more information, visit www.comptia.org/certifications/testprep.aspx.
NO

2. Register for and schedule a time to take the CompTIA certification exam(s) at a convenient location.

3. Read and sign the Candidate Agreement, which will be presented at the time of the exam(s). The text of the Candidate Agreement can be found at www.comptia.org/certifications/policies/
agreement.aspx.
st
DO
In

ii CompTIA® Healthcare IT Technician (Exam HIT-001)

CONTENTS
COMPTIA® HEALTHCARE IT TECHNICIAN
(EXAM HIT-001)

o n
LESSON 1 - HEALTHCARE IT FUNDAMENTALS
A. Core Concepts in Healthcare IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

iti
Healthcare IT Concerns vs. Traditional IT . . . . . . . . . . . . . . . . . . . . . . . . . . 2
PHI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Types of Health Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Ed
EMR and EHR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
HIPAA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
B. EMR/EHR Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

TE
Key Features and Uses of EHR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Benefits of EHR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
or
CA
Other EHR Effects on Medical Stakeholders . . . . . . . . . . . . . . . . . . . . . . . 10
PHRs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
LI
Stakeholder Requirements to Consider. . . . . . . . . . . . . . . . . . . . . . . . . . . 10
ct
P
DU
ru
T
NO
st
DO
In

Contents iii

CONTENTS
C. Stakeholders, Regulations, and Standards . . . . . . . . . . . . . . . . . . . . . . . . . 12
EHR Organizational Stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Federal Organizational Stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Medicare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

n
Parts of Medicare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Medicaid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

o
Private Health Insurers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Laws and Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

iti
Meaningful Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
The Meaningful Use Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Components of Meaningful Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Ed
Stages of Meaningful Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Eligible Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Covered Entities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
D. HIPAA Controls and Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

TE
Medical Record Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
or
HIPAA Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

CA
HIPAA Security and Privacy Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
ROI Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
LI
Permissions Within Healthcare IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
ct
P
DU

LESSON 2 - THE MEDICAL ENVIRONMENT
ru

A. Healthcare Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
T

Types of Hospitals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
NO

Other Types of Healthcare Organizations . . . . . . . . . . . . . . . . . . . . . . . . . 26
Inpatient Treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
st
DO

Outpatient Treatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
General Departments in Healthcare Organizations . . . . . . . . . . . . . . . . 28
Specialized Departments in Healthcare Organizations . . . . . . . . . . . . . 30
In

Basic Medical Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
IT-Based Enhancements to Medical Workflow . . . . . . . . . . . . . . . . . . . . . 31

iv CompTIA® Healthcare IT Technician (Exam HIT-001)

CONTENTS
B. Medical Terminology, Equipment, and Software . . . . . . . . . . . . . . . . . . . . . 34
Medical Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Trauma Center Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Controlled Substance Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

n
Types of Medical Equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Medical Administrative Equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

o
Types of Medical Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
C. Medical Coding and Billing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

iti
Medical Coding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
CPT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
ICD-10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Ed
SNOMED CT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
NDC ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
E/M Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Medical Billing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

TE
EMR/EHR Outbound Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
or
ROI Departments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

CA
Billing Clearinghouse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
D. Medical Computer Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
LI
Medical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
ct
P

HL7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
DU

Standard Components of HL7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
CCR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
ru
T

CCD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
NO

PACS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
e-Prescribing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
st
DO

Medication Reconciliation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
The Medication Reconciliation Process . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Bedside Medication Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
In

The Bedside Medication Verification Process . . . . . . . . . . . . . . . . . . . . . . 49
Allergy Interactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Formulary Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Contents v

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Information Sensitivity and Clearance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Medical Document Imaging . . . . . . . . 58 Ed Technical Communication Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 LI Important Medical Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Contractors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Roles and Responsibilities . 54 Break Glass Access . . . . 69 T BAAs . . . . . . . . 67 ct Working with PHI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Time of Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 n Medical Personnel . . . . . . . . . . . 72 st DO Document Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Common Medical Environments . 63 TE C. . . . . . . . . . . . . . 70 D. . . . . . . . . . . . . and Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Professional Conduct . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 or CA Record Keeping and Documentation . . . . . . . . . 67 P DU Disposal of PHI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Communication Skills . . . . . . . . . . . 67 Liability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 vi CompTIA® Healthcare IT Technician (Exam HIT-001) . . . . . . . . . . . . . . . . . 61 Adapting to Varying Medical Environments . . . . .USING IT IN THE MEDICAL WORKPLACE A. . . . . . . . . . . . . . . . . . . . . . . 55 o IT and Other Technical Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 In The EMR/EHR Scanning Process . . . . . . . . . 72 Image File Types . . . . . . 56 B. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .CONTENTS LESSON 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Business Associates. . . . . . . . . . . Requirements. . . . . . . . . . 69 NO Third-Party Interactions . . . . . . . . . . 56 iti Working Within a Medical Team . . . . . 55 Medical Office Staff and Business Personnel . . . . . . . . . . . . . . . . . . . . . . and Third Parties . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 ru Liability Waivers . . Legal Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 OCR . . . . . . . . . . . . . . . . . . . Manage Communication and Ethics Issues . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 In Contents vii . . . . . . . . . . . . . . 81 Human Interface Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .HEALTHCARE IT TECHNICAL COMPONENTS o A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 TE Network Cable Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 n LESSON 4 . . . . . . Computing Essentials . . . . . 80 iti Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Essential Components of Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 st DO Cloud Computing . . . . . . . . . . . . 83 Ed Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 ru Programming Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 IT Equipment Sanitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 NO Types of Servers . . Manage Servers and Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 ct P Command Line Tools for Networking . . Sanitation Management . . . . . . . . . 90 LI Types of Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 ISPs . . . . . . . . . . . . . . 88 or Distributing IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Network Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Virtualization . . . . . . . 95 T APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 DU C. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 When to Use Sanitation Techniques . . . . . . 81 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Server Load and Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 CA DHCP Address Distribution . . . . . . . . . . 90 Common Network Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CONTENTS E. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Networking . . . 83 B. . . . . . 75 Proper Sanitation Techniques . . .

. . . . . . . . . . 138 Troubleshooting Billing Software Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 st DO Troubleshooting e-Prescriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Optional Equipment . 135 T Integrating Medical Technology with Traditional IT Systems . . . . . . . . . . . . . . . . . . . . 139 Troubleshooting Lab Orders and Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .CONTENTS D. . . . . . . . . . . . . 121 CA Troubleshooting Computer and Accessory Hardware Issues . . . . . . . . . . . . . . . . . 129 LI Troubleshooting Software Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .PROVIDING MEDICAL IT SUPPORT Ed A. . . . . . . . 121 or Troubleshooting Network Issues . . . . . . . . . . . . . . . . . 110 Router Installation and Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardware Support . . . . . . . . . . . . . . . . . . . . . . . 107 Mobile Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Troubleshooting Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Set Up a Workstation . . . . . . . . . . . 109 o WAP Basic Configuration Settings . . . . . . . . 136 Troubleshooting HL7 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Necessary Equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshoot Medical IT Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 LESSON 5 . 108 Supporting Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 n Portable Storage Devices . . . 135 ru Escalating Support Issues . . . . . . . . . . . . . . . . . . . . 132 ct P C. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Troubleshoot Basic IT Issues . . . . . . . . . . . . . . . . . . . . . . . . . . 113 iti Firewall Installation and Configuration Considerations . . . 140 In viii CompTIA® Healthcare IT Technician (Exam HIT-001) . . 119 TE B. . . . . . . . . 135 DU Identifying Support Resources . . . . . . . . . . . . . . . . . . 106 Imaging Devices . . . . . . . . 135 NO Troubleshooting Medical Devices . . . . . 118 Software . 106 Physical Interfaces and Connection Types . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 LI Change Control Considerations . . . . . . . . . . . . . . . . . . 148 Environment Size Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 EMR/EHR Clients . . . . . . . . . . . . . . 150 Ed Secondary Software Dependencies . . . . . . . . . . . 155 ct P DU ru T NO st DO In Contents ix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Change Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 EMR/EHR Hardware Considerations . 145 Project Management Principles . . . . . . . . . . . . . . . . . . . . . . . . CONTENTS D. . . . . . . . Implementation of an EMR/EHR System . . . . . . . . . . . . . . . . . . . . 148 The Software Vendor Selection Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 EMR/EHR Implementation Goals . . . . . . . . . . . . . . . . . . . . . . 146 n EMR Hosting Options . . . . . . . . . . . . . . 147 o Structured Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 Change Control Environments . . . . . . . . . 151 TE Timing and Scheduling of Rollout Events . . . . . . . . . . . . . . . . . . 148 iti Funding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 The Implementation Process . . . 144 The EMR Project Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 or E. . . . . . . . . . . . . . . . . 151 Implementation Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 CA Why Control Change? . . . . . . . . . . 151 Interoperability with Legacy Systems . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 P DU Social Engineering Awareness . . . . . 171 or CA Types of Network Attacks . 161 o Types of Physical Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 T C. . . . . . . . . . . . . . . . . . . . . . 166 Ed Encryption . . . 165 Security Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Physical vs. . . . . . . . . . . . . . . . 167 Encryption Protocols and Utilities . . . . 184 In x CompTIA® Healthcare IT Technician (Exam HIT-001) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 NO Remote Access . . . . . . 182 st DO VPNs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Physical Security Considerations . . . . . . . . . . . 163 iti Logical Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manage Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 ct Protecting Against Social Engineering . . . . . . . . . . . . . . 176 LI Threat Prevention Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Advantages and Disadvantages of Remote Access . . . . . . . . . 160 Physical Security Threats and Vulnerabilities . . . . . . . . . .SECURITY A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Strong Passwords . . . . . . . . . . . . . . . . . . . . . . . . 182 Remote Access Protocols . . . . . . . . . . . . . . . . . . . . . . . 179 ru Communicating Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Uses for Encryption . . . . . . . . . . . . . . 170 TE Types of Malicious Software . . . . . . . . . . . . . Logical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manage Physical and Logical Security . . . . . . . . . . . . . . . . . . . . . . . . . . Implement Security Best Practices and Threat Mitigation Techniques . . 169 Removable Media Considerations . . 172 B. . . . . . .CONTENTS LESSON 6 . . . . . . 158 Common Security Risks . . . . 159 n Physical Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Permissions . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Secure Backup Transfer Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Backup Uses . . . . 188 Wireless Security . . . . . . . . . . . . . . . . . . . 231 ct P INDEX . . . . . . . . . . . . . . . . . . . . . . . . 197 Ed How to Plan for Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 n Wireless Security Best Practices . . . . . . . . . . . . . . . . . . . . . . . . 188 Wireless Threats and Vulnerabilities . . 191 E. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 o DRP . . . . . . . . . . . . . . . . . . . . . . . . . . . .COMPTIA ACRONYMS or ADDITIONAL INSTRUCTOR NOTES . . . . . . 197 APPENDIX A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Manage Wireless Security.MAPPING COURSE CONTENT TO THE COMPTIA® HEALTHCARE IT TECHNICIAN (EXAM HIT-001) OBJECTIVES TE APPENDIX B . . . . . . . . . . . . . . . . . . . . . . . 229 CA LI GLOSSARY . . . . . 253 DU ru T NO st DO In Contents xi . . . . . . . . 188 Wireless Security Protocols . . CONTENTS D. . . . 195 Backup Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 iti Backup Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Perform Backups and Disaster Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

NOTES o n iti Ed TE or CA LI ct P DU ru T NO st DO In xii CompTIA® Healthcare IT Technician (Exam HIT-001) .

NO who is looking for opportunities within the healthcare industry or may already be working within the healthcare industry. Notes • Installing and troubleshooting Microsoft® Windows®XP and Windows® 7. CompTIA intends the Healthcare IT Technician certifi- cate to serve as an add-on to the CompTIA® A+® certification. essential healthcare and IT concepts and terminology and the integration of the two realms of practice. network administrator. INTRODUCTION n Please review the information o in the Additional Instructor ABOUT THIS COURSE Notes section at the back of the manual regarding overall course timing and flow. and support healthcare IT systems. and competency in. deploy. LI Course Description ct P DU Target Student ru T The typical student for this course is an experienced IT professional in a role such as desktop support technician. See Additional Instructor • The functional components of a computer and a network (both wired and wireless). The CompTIA® Healthcare IT Technician certificate (exam HIT-001) was developed as a supple- ment to both real-world experience and other IT certifications as a way for IT personnel to demonstrate basic understanding of. iti Healthcare and information technology are both growing fields. or database administrator. It can also form an important part of your preparation for the CompTIA® Healthcare IT Technician certificate examination (exam HIT-001). TE As an IT professional. This course will provide you with founda- or tional knowledge that is critical to your ability to take advantage of the tremendous CA opportunity presented by the advancements in healthcare-IT integration. st DO Course Prerequisites While there are no strict prerequisites. systems administrator. Introduction xiii . you are in a unique position to contribute to and benefit from the increasing integration of IT and healthcare systems. Such students want to prove through certification that they have the knowledge and skills required to implement. Additionally the deployment and utilization of electronic record keeping systems for use in healthcare presents both an opportunity and a challenge to everyone involved. In Students should have experience and comfort with the following concepts and tasks: • Computer and networking terminology. The recent explosion of the use of various IT systems in the healthcare arena presents a tremendous opportunity for IT profes- Ed sionals.

background information. • CompTIA® Security+® and CompTIA® Network+® will also be helpful. ru T As a Review Tool NO Any method of instruction is only as effective as the time and effort you. As a Reference In The organization and layout of this book make it an easy-to-use resource for future reference. xiv CompTIA® Healthcare IT Technician (Exam HIT-001) . and networking components. lessons are arranged in order of increasing proficiency. covering a subject or a set of related subjects. • Working with computer peripherals. the student. and summaries. is n required. and table of contents. How to Use This Book Ed TE As a Learning Guide or This book is divided into lessons and topics. and troubleshooting mobile devices. • Computer and network security best practices. index. For this reason. hardware. Students can take any one of the following New Horizons courses: • Introduction to Personal Computers: Using Windows XP • Introduction to Personal Computers: Using Windows 7 o • Windows XP: Introduction • Microsoft® Windows 7: Level 1 iti Recommended courses (or the equivalent certifications): • CompTIA® A+® Certification: A Comprehensive Approach for All 2009 Exam Objectives (Windows 7) is strongly recommended. You will also find an index to assist in locating information within the instructional components of the book. In CA most cases. maintaining. you can use this book as a first source of definitions. or equivalent skills and knowledge. are will- ing to invest in it. Each topic has various types of activities designed to enable you to practice the guide- LI lines and procedures as well as to solidify your understanding of the informational material ct presented in the course. we encour- st DO age you to spend some time reviewing the content of the course after your time in the classroom. but it may become important later. • Setting up. In addition. Taking advantage of the glossary. The results-oriented topics include relevant and supporting information you need to master the content. An introductory course in a Windows operating system. some of the information that you learn in class may not be important to you immediately. you will find a glossary of the definitions of the terms and concepts DU used throughout the course. P At the back of the book.INTRODUCTION • Installing and troubleshooting software.

the instructor will need a projection system to display the course overheads. T NO Class Setup st DO To prepare for the class. In Introduction xv . Mozilla® Firefox® 3 ru or later. • To perform the optional Set Up a Workstation activity. • integrate security best practices into your daily healthcare IT workflow. Apple® Safari® 3+. stakeholders. INTRODUCTION Course Objectives In this course. • A supported web browser: Microsoft® Internet Explorer® 6 or later. turn on all computers and load a supported web browser. ct P Software DU • The recommended operating system is Microsoft® Windows® 7. have any hardware and software LI components that are appropriate for your environment ready and available to install. • describe the essential elements of computing including hardware. or Google Chrome™. you will identify essential healthcare and IT concepts and terminology and how to integrate the two realms of practice. iti and change control. networking. each student and the instructor will need a Windows-based computer with an Internet con- or CA nection. • In addition. and the most o significant technologies. Ed Course Requirements Hardware TE • To perform the research activities and run the various media components of the course. You will: n • define and describe concepts and terminology that are fundamental to your understanding of the use of IT in a healthcare environment. software. Opera™ 10. • provide IT support and solve IT problems in the medical workplace. • leverage core medical concepts to describe the use of IT in the medical workplace. • describe the medical environment including its organization.

NOTES o n iti Ed TE or CA LI ct P DU ru T NO st DO In xvi CompTIA® Healthcare IT Technician (Exam HIT-001) .

or CA LI ct P DU ru T NO st DO In Lesson 1: Healthcare IT Fundamentals 1 . and stakeholders that are involved in healthcare IT. • Identify major issues surrounding the use of EHR. You will: • Identify concepts that are core elements of modern healthcare IT. standards. • Describe regulations. LESSON 1 LESSON 1 n Lesson Time 3 hour(s). TE • Describe HIPAA controls and what it means to be HIPAA complaint. you will define and describe concepts and terminology that are fundamental to Ed your understanding of the use of IT in a healthcare environment. 30 minutes o Healthcare IT Fundamentals iti In this lesson.

• And. stored. and handled. hardware and software installation. students. so in this lesson. and trouble- DU students have a strong background supporting an IT shooting are all relevant within the field of healthcare IT. this class could field layers some very specific IT requirements. including basic P computing concepts. you will identify essential healthcare and IT concepts and terminology and how to integrate the two realms of practice. LESSON 1 Introduction In this course. For this reason. n Whenever IT is applied to a specialized area. To ensure success as an healthcare IT profes- CA sional. but they can be intricate and can TE vary across organizations. you’ll start by exam- ining some of the issues that are key to healthcare IT that are not common to the general information technology profession. But on top of that. DO vacy. NO experience levels of your • Specialized working environments. above all. If your Basic IT skills such as user setup and support. displayed. This lesson introduces terms and concepts that are central to the use of IT in a healthcare environment. A strong base in the core concepts of healthcare IT is necessary to begin building healthcare IT-specific skills. You may want to plan T accordingly based on the • Specialized software. you need to establish a framework on which to build your knowledge of the healthcare domain. • Government and other regulations. o otherwise they will be unaware of key issues and unable to effectively communicate with key stakeholders. In 2 CompTIA® Healthcare IT Technician (Exam HIT-001) . and families for pri- st Healthcare IT Concerns vs. ru three. providing you with a foundation upon which you can build your healthcare IT knowledge. the healthcare environment. technicians must make an effort to familiarize themselves with the jargon and concepts that form the foundation of operations in that area. Traditional IT ct of material. LI This class covers a wide range Healthcare IT Concerns vs. The surge of opportunity in healthcare IT is based upon the increased use of electronic systems or for recording and managing medical information. many of the specialized concerns in the healthcare IT field relate to medical information and how it is classified. respect. and confidence in the systems they are relying on in times of physical and Traditional IT emotional stress. These concepts may seem simple at first glance. including: be taught in two days versus • Specialized hardware. a deep concern for the needs of providers. patients. iti TOPIC A Ed Core Concepts in Healthcare IT Your knowledge of healthcare IT begins here with an introduction to the essential elements of the topic.

These laws require that an individual be able to view and control access to their PHI. Lesson 1: Healthcare IT Fundamentals 3 . care. • Billing information including payment arrangements and insurance information. diagnosis. and release authori- zation of PHI. Information that is not considered to be PHI includes: • Employment records. • Conversations in any form about an individual’s health. The U. • In Nearly all information about the individual contained in a provider’s. in a computer. and other work orders. insurer’s. or other concerned party’s computer systems. lab. or treat- ment. LESSON 1 PHI Definition: PHI Nearly all information about an individual held by parties that are involved in the healthcare and billing process is considered Personal Health Information (PHI). protection. or as part of a ver- n bal conversation. Access to and the dissemination of PHI is strictly controlled by various laws and regulations that lay out guidelines for the use. st DO • Test and lab results. This information can be in any form including on paper. iti Example: Ed TE or CA LI ct P DU Figure 1-1: Results of a lab test contain PHI. ru Information That May Be Part of PHI T Information that can fall under the categorization of PHI includes: NO • Demographic information. • Test.S. • Diagnoses. Department of Health and Human Services (HHS) further identifies protected health information as individually identifiable health information that is transmitted or maintained in any form or medium by a covered entity or busi- o ness associate.

company health plans. but is not limited to: ct P • Names. and their staff. Parties Involved in PHI The parties involved in PHI include any person or organization that is involved in the healthcare process. • ru Dates. health maintenance organizations (HMOs).LESSON 1 • Family Educational Rights and Privacy Act (FERPA) records. De-Identification of PHI or CA In many cases.S. o • Health plans including: insurance companies. • Workers’ compensation carriers. • State agencies such as child protective service agencies. There are three main types of records. Department of Health and Human Services (HHS) there are some organizations that are not required to follow PHI protection laws: • Life insurers. iti PHI Protection Exceptions According to the U. IT. DU • Geographic information more granular than the state. • Office. and professional staff. T NO Types of Health Records Types of Health Records Health records include any documentation that is stored in any format. could be detrimental. government programs that are involved in healthcare. research or other disclosure will be desired in situations where personal information is not required. Ed • Employers. • Social Security numbers (SSNs). including: • The individual whose information is in question. • TE Law enforcement agencies. In these cases. • Schools and school districts. Information that must be removed includes. n • Most healthcare providers and other medical professionals. it is necessary to remove information from the record that could link LI that information to an individual. or where consent cannot be obtained. st DO In 4 CompTIA® Healthcare IT Technician (Exam HIT-001) . billing.

In the past. or domestic violence. The legal health record generally does not include administration or financial information. These authorities have a strong history of providing appropriate security for PHI. some diseases or conditions are closely monitored by n authorities and any occurrences need to be promptly reported. TE or Legal health record CA The legal health record is the documentation that a healthcare LI organization would provide if an official record was requested. the legal health P record was nearly always the paper chart generated during DU treatment and stored by a provider. neglect. and local regulations as well as community and profes- NO sional standards when defining what constitutes an legal health record in their environment. state. • Additional reasons that all or part of a record may enter the iti public domain include: legal requirements. Organizations should consider federal. st DO In Lesson 1: Healthcare IT Fundamentals 5 . health research. It should contain patient-centric. LESSON 1 Type of Record Description. legal proceed- ings. some public health organizations have the authority to obtain and use PHI in the course of their normal opera- o tions. • Second. Public health record There are a few reasons that part of a health record may be public: • First. Private health record Private records are those that are not for public consumption Ed and require appropriate releases before they can be shared. and workers’ compensation proceedings. The modern healthcare IT environment is far more complex because various systems are involved and an organization must work to define the exact ru contents and scope of the legal health record within their envi- T ronment and capabilities. law enforcement efforts. personally identifiable docu- ct mentation of services provided. cases of abuse.

pdf Custodian A custodian is the role. Generally. EMR and EHR EMR and EHR Definition: While the terms Electronic Medical Records (EMRs) and Electronic Health Records TE (EHRs) are often used interchangeably. or individual that is formally responsible for a n record. iti Certification Formally certifying a record specifies that a copy or the other version of the record is a completely accurate representation of the original record. EMRs are specific to a facility (doctor’s office.gov/NonMedicalPrograms/BusinessOffice/documents/2010pres/LegalHealthRecord. collection of data for the record.LESSON 1 There are additional websites you can visit to read more about legal health records: www. not just specific medical reports. there is a subtle distinction that should be noted. The custodian is responsible Ed for certifying a record. and protection and archiving of the record.ihs. department. and may be required to o testify to the procedures and protections involved in the record-keeping process. EHRs generally contain LI multiple EMRs collected from various systems within a provider network or umbrella ct organization. the health information management (HIM) department is the custodian of health records with specific individuals designated for certification and affidavit purposes. Custodians are usually authorized to certify records. Responsibilities of the custodian include oversight of systems and services involving the record. and more) and its computer system. In 6 CompTIA® Healthcare IT Technician (Exam HIT-001) . P DU Example: ru T NO st DO Figure 1-2: EMRs and EHRs. treatment CA facility. EHRs are made up of all of the recorded health information about a person stored within a given network and provide an overall view of a patient’s health. They are the modern or equivalent of a paper chart. and admissibility of the record. EMRs are computerized records of a health encounter.

gov/ for more information on HIPAA regulations. They establish a framework for the This is an overview of HIPAA. Visit www. What is the significance of the word ″accountability″ in the HIPAA acronym? Because the Privacy Rule and Security Rule mandate how information is accessed and In stored. ru c) They are always on paper. b) They are the same everywhere.hhs. What You Do How You Do It Allow time for students to work through this activity and TE discuss personal experiences. security. LESSON 1 HIPAA HIPAA is an acronym for the Health Insurance Portability and Accountability Act. T ✓ d) They contain specific treatment information. True or False? EHRs often contain multiple EMRs. you will discuss how IT issues impact concerns relevant to medical record- keeping. Which of the following are true of protected health information? (Select all that It is important for them to fully apply. c) It is stored by the government. 1. ✓ True st DO False 4. and maintenance of PHI that permeates nearly every aspect of n more detail is available later in healthcare IT from software selection to document printing to archive and backup procedures. Lesson 1: Healthcare IT Fundamentals 7 . LI d) It is not accessible by the patient. Enacted in HIPAA 1996. ct P 2. protection. CA of this topic before moving on. The most significant of these rules are the Privacy Rule and the Security Rule. NO 3. ✓ b) It is protected by law. HIPAA establishes several rules and regulations regarding healthcare in the United States. these rules form the core of HIPAA as most people think of it. accountability represents who is responsible for keeping that information secured. o ACTIVITY 1-1 iti Discussing the Implications of IT on Medical Records Ed Scenario: In this activity. the lesson.) understand the key concepts or ✓ a) It is personally identifiable. use. Which one or more of the following are true of legal health records? DU ✓ a) They are personally identifiable.

st • Messaging between staff. these systems will have a robust feature set. imaging. so a solid grasp of the issues and constraints concerning EMR and EHR implementations will be an important foundation for you. or integration with outside transcription software. LESSON 1 5. Generally. TOPIC B o EMR/EHR Issues iti In the first topic of this lesson. You may want to split the class into small n groups and have them discuss some personal experiences and what they find on the various web sites. TE Key Features and Uses of EHR or CA Key Features and Uses of EHR EHR systems are available from several vendors and in many configurations. pharmacy. Visit any of the websites mentioned in this topic and spend some time exploring and researching the various core concepts. you will identify major issues surrounding the Ed use of EHR and EMR. In this topic. ru Communication management • Document management for scanned and imported documents. • Drug interaction checking. you defined some of the most basic information-related ele- ments of healthcare IT. but may include locating information on HIPAA regulations. LI Scope Features ct P Patient interaction and records • Checks and balances to ensure complete and accurate encounter DU notes. 8 CompTIA® Healthcare IT Technician (Exam HIT-001) . As a healthcare IT professional. are central to the growth of healthcare IT. lab. or import from. EMR and EHR are probably the most significant components of healthcare IT information needs. In • Orders management. What were your findings? Time permitting. students explore the various regulatory agencies presented in this topic. terminology. • Transcription functionality. and reports with internal and NO external personnel. • e-Prescription integration. • Formulary checking. T and practice administration • Ability to share documents. and notes to self. as well as significant regulations concerning EHR. • Note taking for encounter and progress notes. and requirements no matter what your role is in the field. Orders and prescription man. let the Answers will vary. Understanding the uses and benefits of EMR. you will be interacting with EMR and EHR systems. records. and bill- agement ing department systems. DO • Spell checking against common and medical terminology. • Referral management. • Integration with.

• Patient education. care plans. and organizations • Patient information is consolidated into once place. • Audit trail recording. st DO In Lesson 1: Healthcare IT Fundamentals 9 . • Increased quality of care through reduced potential for human error. ct P • Easier measurement of outcomes. Benefits of EHR cal providers and to patients. TE • Consistent history information for one patient across all participating providers. LESSON 1 Scope Features Data security • Robust security and access control mechanisms. Practice workflow management • Built-in workflow for patient encounters and billing. and documentation. • More efficient research across vast volumes of patient data. n • Diagnosis and decision making support through forms and inte- grated logic. • Decreased information retrieval time. • Reduced costs through increased efficiency and reduced rework. • Increased ability to track patients for follow-up care. DU • Reduced time required for data entry. • 24/7/365 access to information. Ed Stakeholder Group Benefits Medical providers • Easier and faster access to more up-to-date patient information. • NO Increased formulary compliance. • More complete and accurate patient profiles. o Benefits of EHR iti EHR and EMR systems offer many benefits over traditional paper-based systems to both medi. • Smaller space requirements to store many more records. • Reduced or eliminated work effort to gather data or charts. • Increased efficiency for forms processing and billing. or CA • Notes that are nearly always more legible than handwritten ones. LI • Use of intelligent forms and predefined workflows that can reduce the potential for human error and increase care efficiencies. ru T • Increased regulatory compliance.

• Easier to change address and insurance information. Stakeholder Requirements to Consider ru T Stakeholder Requirements to Within an organization. Ed Other EHR Effects on Medical Stakeholders Other EHR Effects on Medical For medical professionals and organizations. • Data is more easily shared among providers when working with providers that are part of the same EHR system. there are many long term benefits of an EHR sys- Stakeholders tem. It is also vital to anticipate challenges when st integrating with existing software systems. diagnosis. • Easier and faster access to more up-to-date information. • Reduces the time it takes to make a diagnosis or consult for advice or a sec- iti ond opinion. While PHRs P are not usually part of the Legal Medical Record. DO In 10 CompTIA® Healthcare IT Technician (Exam HIT-001) . This is usually available through a web portal that ct has been purchased by the provider as an additional feature for the EHR system. they can be shared with medical profession- DU als for use during history taking. n • Easier and more accurate prescription submissions and refills. or CA PHRs PHRs In some systems patients may be granted some level of access to an EHR. LESSON 1 Stakeholder Group Benefits Patients • Increased quality of care through reduced potential for human error. • Patients may have some level of access to their own EMR. most likely through a Personal Health Record (PHR) component. and treatment. However. • Increased treatment compliance through automated follow ups. • Consistent history information across all participating providers. The PHR is a place for patients to input their LI own medical history and status information. There are also concerns about achiev- ing the same level of efficiency as paper charts and the adoption of new workflows and TE processes. It is important to have input and buy-in from all concerned roles when selecting a new EMR or EHR system. and front office staff will all have different needs and desires from an EMR or EHR system. shorter term concerns include funding an EHR implementation and qualifying for federal and state programs to help with that funding. NO Consider Doctors. nurses. lab technicians. • o All care providers get all pertinent information. consideration must be given to a variety of needs from many job roles.

) iti a) Automated diagnosis ✓ b) Note taking ✓ c) Referral management d) Staff recruiting Ed ✓ e) e-Prescribing 2. Have you had any personal experience with an EHR system? Answers will vary. o What You Do How You Do It 1. Which of the following are features of an EHR system? (Select all that apply. you will discuss major issues related to EMR and EHR implementations. LI ct 4. LESSON 1 ACTIVITY 1-2 Discussing EMR/EHR Issues n Scenario: In this activity.) ✓ a) More complete patient profiles b) Reduced potential for audits TE ✓ c) Increased efficiency ✓ d) Increased regulatory compliance or CA 3. but might include having a prescription submitted electronically. What potential road blocks do you foresee with an EHR implementation? P Answers will vary. Which of the following are benefits of an EHR system? (Select all that apply. but may include needing additional IT staff to support the system. DU ru T NO st DO In Lesson 1: Healthcare IT Fundamentals 11 .

LI Advise students that meaningful use will be Federal Organizational Stakeholders ct P covered in more detail later in this topic. and Standards n You have reviewed the basic concepts behind and major benefits of EHR systems. some level of reimbursement is available from CA federal and state stakeholders. There are many regulations. EHR also gives public health authorities a great deal more flexibility and efficiency in researching trends and generating reports. A properly implemented system allows authorities to verify that standards are maintained and that appropriate access and security controls are in place and functioning. and stakeholders involved with any health issue. Federal Organizational ru Stakeholders T Organization Description NO HHS The U. implementation. standards. These Stakeholders organizations have set standards that EHR systems providers and medical organizations must meet and then enforce those standards. or With regards to funding EHR implementations. This funding is nearly always dependent upon the documented. LESSON 1 TOPIC C Stakeholders. In 12 CompTIA® Healthcare IT Technician (Exam HIT-001) . you need to recognize the names and functions of the federal DU organizations that have a significant effect on the selection. To truly understand the context of EHR in today’s environment. HHS is one of the largest federal agencies and works closely with state and local agencies to provide services including the Medicare and Medicaid programs. Regulations. but can also reduce potential liabilities. and the provision of a great deal of grant monies for the implementation of EHR systems.S. you also need to see who has a stake o in healthcare IT and what standards and regulation influence the entire healthcare IT system. HHS is st DO involved with healthcare IT through regulations. IT professionals need to be aware of which of these may apply to a given situation and what the iti effects might be. Department of Health and Human Services (HHS) is charged with pro- tecting the health of the population and providing various human services.hhs. As a healthcare IT professional. the quick access to data allowed by EHR systems could save lives. guidance. EHR Organizational Stakeholders Ed EHR Organizational Various federal organizations have an interest in the implementation of EHR systems. and maintenance of healthcare IT systems. You can find the HHS website at www. effective use EHR systems. This awareness will not only increase efficiency. If an emerging outbreak is TE detected.gov.

CMS The Centers for Medicare and Medicaid Services (CMS) are responsible not only for overseeing Medicare and Medicaid services but also for administering a chil- iti dren’s insurance program. Medicare Information In Extensive information regarding the Medicare programs and related procedures and standards is available at www.cms. The primary authority is the Office of the National Coordinator for Health Information Tech- nology (ONC) within HHS.gov/healthcare/security/hipaasecurity. Medicare also has the ability to provide incentives or to discipline providers through financial means. Parts of Medicare Lesson 1: Healthcare IT Fundamentals 13 .cms. Medicare program. st DO Medicare is also used as a program title in Canada and Australia. coding and billing practices. innovation and industrial competitiveness by advancing measurement science. It is one of the largest government programs and has significant influence over electronic record integration. standards. You can find the CMS online at www.hhs. o The ONC website is http://healthit. NIST has also published some guidance on implementing the HIPAA Security or Rule at www.gov. LESSON 1 Organization Description ONC Regulatory requirements related to EHR/EMR systems can be complex.gov. use. NIST works to achieve its goal through active participation in research and development projects both independently and with industry organizations and businesses.S. and scroll to the Final Rule link under Meaningful Use. ONC Final Rule Information CA LI More information about the Final Rule can be found at http://healthit. NIST’s mission is to promote U. and sometimes conflicting. administering. The Final Rule is an effort to set standards. Parts of Medicare Medicare has three main parts.cfm. This discussion is limited to the U.S. and come from several different sources. some portions of HIPAA. Department of Commerce. and coordination of benefits NO practices. TE You can find the main NIST website at www. The ONC is charged with encouraging. and other programs. standardize. NIST The National Institute of Standards and Technology (NIST) is an agency of the Ed U. and regulating the advancement of IT in healthcare. and criteria for the implementa- tion.nist.gov. NIST has provided some guidance on implementing the security com- ponents of HIPAA. CMS works closely with ONC to encourage. n The ONC has issued the Standards & Certification Criteria Final Rule. and security of healthcare IT systems.nist.gov. specifications.S.hhs. DU Medicare Medicare is a federal health insurance program for the elderly and some disabled individuals ru Medicare T in the United States. and incent the efficient adop- tion and use of compliant EHR systems. Click ct P Resources & Guidance. and technology in ways that enhance economic security and improve our quality of life.gov.

Due to this size and the complexity of the regulations governing Medicaid. This insurance is provided by independent. While each state sets eligibility and service guidelines.S. the program works closely with state and local organizations’ healthcare IT in general. and how much will be con- tributed. include the Blue Cross and Blue Shield Association. such as “Soonercare” in Oklahoma. private insurers who offer plans under this program. AARP Health. and EHR systems in particular. they must meet certain conditions to receive benefits.S. to reduce costs and increase efficiency. easy-to-use technol- ogy a key factor in billing office efficiency. o Prescription drug Prescription drug coverage is available to all Medicare recipients. non-government businesses that contract with indi- P viduals or employers to help pay medical expenses. Medicaid provides direct payment to providers for their services to these indi- viduals. Private Insurers st DO Major private insurers in the U. Most individuals do pay a monthly premium for Part B coverage. there are separate laws and regulations that have an impact on healthcare IT. Some states have distinct names for their programs that fall under Medicaid. Most will pay an coverage additional monthly premium. iti Medicaid Ed Medicaid Medicaid is the U.LESSON 1 Medicare Part Description Part A Part A coverage (hospital insurance) helps pay for treatment in an inpatient hospital or skilled nursing facility. Many of these insurers also have separate contracts with many health organizations that specify negotiated rate structures for that health organization’s ser- ru vices. making up a significant portion of federal TE and state budgets. federal program to provide healthcare for certain low-income individuals and families. While most individuals do not pay a monthly premium for this insurance. Due to its scope.S. The contract specifies what DU treatments or activities the insurer will contribute towards. Cigna. and Aetna. as well as hospice and some home healthcare. Laws and Regulations In Laws and Regulations In addition to government agencies. These varied payment schemes are complex and potentially increase the NO margin for error in the billing process. making the use of reliable. Medicaid is a very large program. 14 CompTIA® Healthcare IT Technician (Exam HIT-001) . Example: U. Patients usually pay a portion of the fee in the form of a co-payment or T deductible. n Part B Part B coverage (medical insurance) applies to doctor’s services and other outpa- tient services as well as some services not covered under Part A. or CA Private Health Insurers LI Private Health Insurers Definition: ct Private health insurers are private. having a low income is only one of the milestones that must be met to be eligible for Medicaid coverage.

Food and Drug Administration (FDA). LI • HSS. non-regulatory. LESSON 1 Regulation Description ARRA The provisions of the American Recovery and Reinvestment Act (ARRA) included provisions for funding of some healthcare initiatives and the creation of the HITECH Act. iti • Adds the notion of willful infringement. • Allows patients to request electronic copies of records. in collaboration with other stakeholders. well-considered use. but they are only realized after a sound implementation st and consistent. The Joint Commission is an independent. promotes the adoption and meaningful use of healthcare IT through enhanced enforcement and extension of HIPAA policies. The ARRA was the initiator of the push to achieve DO true. This act links bil- lions of dollars in incentives to the achievement of this sometimes nebulous concept. not-for-profit organiza- Ed sion tion that provides accreditation and certification for healthcare organizations in the United States. • Creates four categories of violations and culpability with corresponding increases in penalties. by evaluating healthcare organizations and inspiring them to excel in providing safe and effective care of the highest quality and value. In Lesson 1: Healthcare IT Fundamentals 15 . TE Additional Regulatory Authorities or Additional authorities to be concerned with include: CA • HIPAA. The Joint Commission’s mission statement is to continuously improve healthcare for the public. P • State and local regulations and authorities. n HITECH The Health Information Technology for Economic and Clinical Health Act (HITECH). part of the ARRA. DU Meaningful Use ru T Definition: Meaningful Use NO Meaningful use is a regulatory concept that describes the ideal of effectively and effi- ciently leveraging EHR technology in the medical workplace.S. There can be many advantages provided by EHRs. • Medicare and Medicaid. HITECH: o • Enhances and extends HIPAA Security and Privacy Rules. • ct The U. The Joint Commis. and removes allowances for ignorant infringement. meaningful use for EHR implementations in the United States.

Stage 1 is the only stage currently defined. the practice or hospital receives the reimbursement from the govern- ment. iti Phase Description Application In this first phase. a sole practitioner. CMS. One of the optional items the practice implemented is the inclusion of lab and test results in the EHR—the practice is already associated with a large. the practice. There are generally four phases. DU • And. Dr. ru Certified EHR Systems T HHS. The Meaningful Use Process o The Meaningful Use Process The process of establishing meaningful use can be complex. the majority of which are mandatory. 16 CompTIA® Healthcare IT Technician (Exam HIT-001) . More information is available at: http:// healthit. has to make some decisions on which items her practice would choose to implement. as she is not required to meet every single objective during the initial deployment. Certification falls under the domain of the ONC and assures the purchaser of the EHR system that the system will perform to a minimum standard and will be secure. the practice or hospital will demonstrate meaningful use by meeting all the objectives established in the application phase. use of the certified system to submit clinical quality and other measures. TE or Components of Meaningful Use CA Components of Meaningful There are several components that combine to demonstrate meaningful use: Use • Use of a certified EHR system.pt/community/certification_programs/1196/home/ st DO 15505 Stages of Meaningful Use In Stages of Meaningful Use Meaningful use benchmarks have been broken into three stages that are currently planned to be completed by 2015.gov/portal/server. Implementation In this phase. Reimbursement In this phase. hospital. so this feature was relatively easy to implement. LI • Use of the certified system in a meaningful way—such as e-prescribing. or organization implements the EMR/EHR sys- Ed tem within the environment. regional health information net- n work.hhs. ct P • Use of the certified system to electronically exchange health information to improve the quality of care. and ONC all require the use of a certified EHR system for the implemen- NO tation to be eligible for incentive payments. The requirements for stages 2 and 3 are still in flux.LESSON 1 Example: Meaningful Use in Private Practice When examining the meaningful use standards. Bublik. Demonstration In this phase. Stage 1 requires professional providers or healthcare organizations to complete a set of meaningful use objectives. It is to take place in 2011 and 2012. the practice or hospital will apply for applicable meaningful use funding or grants and be given the objectives needed to meet requirements.

gov/ehrincentiveprograms/30_Meaningful_Use. There o are separate requirements for individual professionals and hospitals. Providers who meet the requirements are designated as eligible providers.asp DO In Lesson 1: Healthcare IT Fundamentals 17 . a business relationship where a third party will be handling DU PHI also qualifies that provider as a covered entity for compliance and security pur- poses. a healthcare clearinghouse. More Information on Eligibility Detailed descriptions of eligibility requirements and an easy-to-use flowchart are avail- able from CMS at: www. or a health plan. ru Example: A Covered Entity T A hospital that is utilizing an electronic billing system is a covered entity. All covered entities must adhere to the HIPAA Privacy Rule and Secu- ct P rity Rule. NO More Information on Covered Entities Detailed descriptions of entities and an easy-to-use flowchart are available from CMS st at: www. it is not possible to participate in both incen- iti tive programs. LESSON 1 Meaningful Use Stage 1 Objectives More information and a detailed lists of the objectives can be found at the CMS website at www.gov/hipaageninfo/06_areyouacoveredentity. Example: Typical Eligible Providers Most private practices and hospitals are eligible to be considered for incentives once Ed they implement an EMR or EHR system.asp TE Covered Entities or CA Definition: Covered Entities According to CMS. a covered entity is any healthcare provider that conducts certain transactions in electronic form.asp.gov/ehrincentiveprograms/15_Eligibility. Eligible Providers n Definition: Eligible Providers An eligible provider is a healthcare provider that meets legally defined criteria and thus is eligible for incentive payments for the implementation of EHR systems.cms. In some cases. Providers must choose whether they want to participate in the Medicare or Medicaid incentive program. as well as for Medicare and Medicaid. All cov- LI ered entities fall under the HHS Administrative Simplification standards adopted as part of HIPAA.cms.cms.

18 CompTIA® Healthcare IT Technician (Exam HIT-001) . HIPAA and its rules are probably the largest concern for most medical facilities. True or False? Most healthcare providers and facilities can be considered covered enti- ties. Now that you have an understanding of the variety of regulations and government stakeholders. you will review your knowledge of healthcare IT regulations. HHS is responsible for which of the following? (Select all that apply. HIPAA has a major influence upon all healthcare IT operations. and stakeholders. CA LI ct P TOPIC D DU HIPAA Controls and Compliance ru T NO Of the regulations discussed so far. Standards. but the benefits to both patients and providers make the effort pay off.) iti ✓ a) Medicare ✓ b) Medicaid ✓ c) Healthcare IT regulation Ed d) Accrediting hospitals 2. o What You Do How You Do It 1. and Stakeholders n Scenario: In this activity. Being aware of and understanding HIPAA. you can focus on the effects of HIPAA. and how they interact with healthcare IT systems will make you a more effective healthcare IT technician by allowing you to communicate with In healthcare staff and resolve potential issues. its requirements. ✓ True False TE 3. st HIPAA is a large statute with many requirements. and perform further research on the or various federal organizations.LESSON 1 ACTIVITY 1-3 Discussing Regulations. standards. Successfully complying with HIPAA require- DO ments can be an arduous task. Visit some of the websites presented in this topic.

and release PHI. This audit information should include an identifier for LI the record accessed. It is important that IT providers work with healthcare and business personnel to meet and adapt to the relevant requirements. clarifica. DO There are many resources available to assist with identifying and testing which requirements your organization may need to meet and how well you are doing with compliance. • NO Preparing documentation to demonstrate adherence to the HIPAA Privacy and Security Rules. and federal. In HIPAA Security and Privacy Rules There are two rules that HIPAA requirements are based on. and probably a third identifying features like part of an address or phone number. ct P • Establishing policies and procedures to allow individuals to request amendments to their DU PHI. or building entrances. • Ensuring that interactions with contractors and other third parties protect any PHI that is transmitted. The basic or CA aspects of HIPAA compliance include: • Implementing mechanisms to track and record the identity of individuals or organizations that access. ru • T Enacting and enforcing of penalties for the mishandling of PHI. and CMS. and an identifier for the accessing indi- vidual. Processes and procedures are one way of controlling information to ensure records are not released. or edited unless the appropriate n steps have been taken and authorizations obtained. even if the staff is familiar with the patient. appointing a privacy officer to oversee the implementation and enforcement of the st HIPAA Privacy and Security Rules. including the websites for the HHS. Exactly what controls are put in place and how they are carried out is dependent upon the working environment. they should verify the patient’s identity by asking for the name. and enhancements can be a daunting task. HIPAA Compliance TE Complying with the various requirements of HIPAA and subsequent modifications. state. HIPAA Compliance tions. LESSON 1 Medical Record Controls Definition: Medical Record Controls Medical record controls are mechanisms that are put in place to limit access to elec- tronic health information. moved. the time and date of access. It is also important to take into account a patient’s wishes—there may be iti some instances where a patient will want tighter control over certain pieces of informa- tion. • And. date of birth. The prevailing wishes of the provider’s community are sometimes taken into account. computer screens. These controls can be physical in nature by restricting access to secured areas. edit. and local requirements. ONC. HIPAA Security and Privacy Rules Lesson 1: Healthcare IT Fundamentals 19 . Example: Controls in a Physician’s Office Ed When a patient visits their doctor. The controls can also be computer-based through a variety of methods including lim- o ited access and permissions.

cfm st DO HIPAA Privacy Rule Information More information about the HIPAA Privacy Rule can be found at these resources: • www. o workforce training and management. and evaluation.hhs.nih. ct • Business management and planning services. and whether the individuals involved or the practice has taken necessary measures in cor- recting the issues.cms.cdc.hhs. • Conduct reviews.gov/hipaageninfo/04_PrivacyandSecurityStandards.asp • www. iti • Implement technical safeguards.html In • www. or legal services when needed.gov/ocr/privacy/hipaa/understanding/srsummary. Privacy The HIPAA Privacy Rule protects an individual’s health information while allowing TE sufficient access and transfer of information to allow increased effectiveness and effi- ciency in treatment. The rule is written to be flexible enough to allow covered entities to implement compliance measures that are appropriate to their organi- zation and risks.gov/ocr/privacy/hipaa/administrative/securityrule/index.html • www. and integrity controls. and work to manage identified risks. audits.html NO • www.gov/ 20 CompTIA® Healthcare IT Technician (Exam HIT-001) . • Implement administrative safeguards for security management. The HHS defines several main areas to be addressed under the Privacy Rule: or CA • Ensure quality assessment and improvement activities. Covered entities can be subject to fines when violations against the Privacy Rule occur. The amount of a fine or penalty given is based on the severity of the violation. The HHS defines several main areas to be addressed under the n Security Rule.LESSON 1 Rule Description Security The HIPAA Security Rule requires that covered entities maintain the integrity.hhs. and security of PHI. • Implement physical security measures in the form of physical access controls and electronic device security. P DU HIPAA Security Rule Information ru More information about the HIPAA Security Rule can be found at these resources: T • www. and written records of activities Ed undertaken as part of rule enforcement for 6 years after their effective date. covered entities must: • Perform and document risk assessments. LI • Insurance functions. • Ensure competency activities are carried out. information access.gov/healthcare/security/hipaasecurity. • Maintain written security policies and procedures. including access.gov/mmwr/preview/mmwrhtml/m2e411a1. and transmission security. audit. • Be aware of their responsibilities under the rule.nist.htm • http://privacyruleandresearch. confi- dentiality.gov/ocr/privacy/hipaa/administrative/privacyrule/index.

and limited data sets. but there are generally few exceptions of more relaxed rules. This can be a very difficult line to find in healthcare because in many situations. Some states or counties have ct P stricter rules than the HIPAA Privacy Rule. ROI Requirements iti HIPAA places many guidelines on the release of PHI. opt in or opt out scenarios. as the initial analysis can’t really simulate working life in the new EHR. ROI HIPAA responsibilities begin with the Privacy Rule. Lesson 1: Healthcare IT Fundamentals 21 . their PHI. pay- LI ment. changes to users’ permissions are likely. Overall. Many institutions have entire departments dedicated to handling the release of information. These ROI departments are often part of a larger health information management Ed (HIM) department. but usually within an EMR or EHR system. they become much more NO Permissions Within Healthcare important. The analysis and setup phases of an implementation can be lengthened by the need to DO satisfy these requirements. commonly known as Release of Infor. When there is a potential breach of security. and healthcare operations. and complicated. Psychotherapy Notes o Due to their sensitive nature. most uses of notes relating to psychotherapy require additional security. Permissions Within Healthcare IT ru T While permissions are a part of any network or computer installation. PHI may only be used or disseminated as the Privacy Rule requires. There are two cases where disclosure is required: 1. Be sure to analyze and get authorization for granting the requested access quickly and fairly to ensure a good working relationship with your users. ROI Requirements mation (ROI). in a healthcare environment. or when authorized by the indi- vidual in writing. then HHS will conduct a compliance investi- TE gation or review or enforcement action. providers will have an easier time making a diagnosis when they have complete access to a patient’s information. or an accounting of disclosures of. When the individual requests access to. including treatment. or a lack of information could potentially harm an indi- n vidual. You only share the minimum amount of information that is necessary for a person to do their job. Violations of the Privacy Rule can bring about audits that may DU result in fines or other reprimands. default profiles are available with permissions assigned. After implementation. This In access will make both the users’ and your working life easier. When users ask for new or increased permissions. The additional requirements HIPAA IT places on ensuring privacy and audit trails necessitates increased complexity for the permis- sions granted to users and systems within the healthcare IT environment and the EMR or EHR st system. Any use or dis- closure of PHI by a covered entity is subject to the provisions of the Privacy Rule. Other aspects of the rule discuss incidental use. public interest. it is likely that they do need the requested access. LESSON 1 PHI Disclosure It might be helpful to think of PHI disclosure as a “need-to-know” scenario. 2. or CA ROI and the Privacy Rule The Privacy Rule lays out additional permitted uses of PHI. only the minimum necessary disclosures should take place.

In your current position. What regulatory authorities presented in this lesson are familiar to you? Answers will vary. With this basic understand- ing. Research the HIPAA Privacy and Security Rules using the websites listed in this topic. ru T 2. you should be able to interact confidently with various stakeholders within a medical ct P environment regardless of your role as a healthcare IT professional. o What You Do How You Do It 1. Most people have had experience with signing HIPAA medical release forms while visiting a doctor’s office. but may include HIPAA and the FDA. but may include having to meet the requirements set forth by HIPAA. TE or Lesson 1 Follow-up CA In this lesson. c) It is more concerned with security than privacy. students form small groups to What type of information did you find? Was anything familiar to you? complete the research and discuss the results. Answers will vary but may include a full description of the rules. You may want to have Ed 2. or the position you are seeking. what concepts presented in this lesson do you think will be important on the job? NO Answers will vary. LESSON 1 ACTIVITY 1-4 Discussing HIPAA Controls and Compliance n Scenario: In this activity. as well as some back- ground history information. DU 1. you will review issues related to HIPAA controls and compliance. Which statements are true about ROI? ✓ a) It is subject to the HIPAA Privacy Rule iti ✓ b) It is usually under the HIM department. st DO In 22 CompTIA® Healthcare IT Technician (Exam HIT-001) . you defined and described the concepts and terminology that are fundamental to LI your understanding of the use of IT in a healthcare environment.

and the most significant technologies. stakehold- Ed ers. You will: • Describe the structure and key components of healthcare organizations. LESSON 2 LESSON 2 n Lesson Time 3 hour(s) o The Medical Environment iti In this lesson. • Describe the medical coding and billing processes and identify the most significant tech- TE nological components of these processes. • Define medical computer interfaces and their role in healthcare IT. and software. or CA LI ct P DU ru T NO st DO In Lesson 2: The Medical Environment 23 . you will describe the medical environment including its organization. equipment. • Identify key concepts in medical terminology.

A specialized hospital will follow formalized procedures. systems.LESSON 2 Introduction Having established the fundamental concepts and definitions about IT in the healthcare indus- try in the previous lesson. and manage healthcare IT systems. you will describe these types of healthcare organizations. In the medical environment. focusing on material that IT professionals who are not familiar with the healthcare industry will need the most. DO Specialized Specialized hospitals are far more specific in their scope of work. LI Types of Hospitals ct P There are numerous types of hospitals. An IT professional will need to know or and understand these different organizations and the technologies used in these environments. such as research or drug trials. systems. implement. such as cancer. and perform general surgeries. A general hospital will have access to a variety of different medical resources. and capabilities. DU Types of Hospitals Type of Hospital Description ru T General or community The majority of hospitals are general or community hospitals which treat a wide scope of medical issues. specialties. each TE with its own set of requirements. you will learn more about the medical environment and the myriad of devices. but may also utilize techniques or treatments not yet embraced by the more general medical organizations. A specialized hospital may have access to particular resources specific to the condition that a general hospital may not have In access to. and technologies used within it. there are a wide variety of healthcare organizations. or a specific type of patient. In this topic. and technologies used in these organizations. there are a number of different types of organizations that all meet a specific niche of healthcare. which can be categorized in a number of ways. n Working in a medical environment can be very different from life in other industries. There are a variety of devices. treating a specific disease or condition. and would follow more formalized procedures for treatment using general medicine standards and st practices. including emergencies and inpatient or outpa- NO tient care. 24 CompTIA® Healthcare IT Technician (Exam HIT-001) . this lesson will focus more in depth on the healthcare industry itself. Within the medical environment. CA Identifying these variations and how information flows within them will enable you to more effectively design. Having an under- standing of how the medical environment is structured and familiarity with essential jargon o will allow healthcare IT technicians to meet the challenge of this unfamiliar environment. such as children. iti TOPIC A Healthcare Organizations Ed In this lesson. The many unique aspects of this environment will present many new challenges.

A non-profit hospital may not cover as broad a scope of medical issues or have the same access to resources as a for-profit hospital. and formality of procedures that are followed will vary. A public hospital would still fol- low formalized procedures. usually by a corporation or a group of individual persons. like a general hospital. allowing CA medical students and residents to gain hands-on learning and obtain real- world experience by working in the hospital environment. Ed Public Public hospitals are owned and operated by federal. n will have access to resources and technologies. Long-stay facilities do not DO provide a wide scope of services for a variety of issues. for instance. specialization and possible affilia- NO tions. staff at a teaching hospital will also hold teaching positions at the affiliated medical LI school. or city govern- ments. based on the services it provides and its affiliation with a medical school. A for-profit hospi- tal aims to gain profits from the services provided to be paid back to those invested. Non-profit Non-profit hospitals are typically owned by not-for-profit organizations. but are more “spe- ru T cialized” in nature to treat conditions that can be treated on a short-term basis. It may also not follow the same standards or formal- ity of procedures. and may or may not follow formalized procedures. Lesson 2: The Medical Environment 25 . or Teaching A teaching hospital is affiliated with a nearby medical school. A teaching hospital could be affiliated with a general hospital or a specialized hospital. also known as acute care facilities. where they can provide subsidized medical services to patients unable to pay for their medical services. avail- ct P ability of resources. and are usually over- seen by a board of trustees. public hospitals do not always have the same funding available as other types of hospitals. provide services aimed to resolve immediate and short-term medical conditions like preg- nancy or a heart attack. but are more “specialized” in nature to treat conditions that require a longer treatment period. but are reinvested back into the hospital or the community through the owner orga- iti nization. like a general hos- pital. One individual hospital may be more than one type of hospital. DU Short-stay Short-stay facilities. or government organizations. LESSON 2 Type of Hospital Description For-profit A for-profit hospital is investor-owned. Because these hospitals are found in more poor. a short-stay facility may or may not have access to resources. for-profit hospital will likely cover a broad scope of issues and treatments. They may not cover as broad a scope of medical issues and treatments and may not have access to the resources that a more TE well-funded hospital may have access to. Long-stay Long-stay facilities provide services like rehabilitation to address more st long-term medical conditions like mental illness. one hospital could be categorized as a general hospital. Due to the nature of charging for services and generating funding. and will follow more for- malized procedures. Depending on funding sources. Depending on funding sources. Short-stay facilities do not provide a wide scope of services for a variety of issues. Profits do not go back to the investors. as it may not have the same governance as other types of hospitals. Typically. which may include those on staff. and are usually located in impoverished inner cities. state. a long-stay facility may or may not have access to In resources. o religious organizations. specialization and possible affiliations. and a teaching hospital. urban areas. and may or may not follow formalized procedures. due to the nature of funding. a for-profit hos- pital. the scope of work. depending on the affiliation.

Nursing home A residential facility for patients who need constant medical or nursing care Ed and supervision. a facility of this type would T need to have a broad scope of services offered. a practice may not follow the more formalized procedures found in a general hospital or facility. Depending on factors such NO as affiliations with other facilities. Depending on In factors such as affiliations with other facilities. ct P Continuing care facility A blend of assisted living and nursing home care and may include indepen- dent living options. with medical assistance as needed. Due to the nature of a wide variety of patient types. with the comfort of knowing nursing home care is available at the same facility when they can no longer remain independent. a private practice may or may not have iti access to available resources such as equipment. Depending on the medicine being practiced. or even specific skillsets and knowledge. Depending on factors such as affiliations with other facilities. it may or may not have access to LI resources and may or may not follow formalized procedures. 26 CompTIA® Healthcare IT Technician (Exam HIT-001) . residents can start out with more independence through assisted living. Due to ru the nature of a wide variety of patient types. a practice of dermatologists would only focus on the scope of services related to dermatology). a facility of this type would need to have a broad scope of services offered. it may or may not have access to resources and may or may not follow formalized procedures. It is a residential facility with “steps” of care based on DU the residents needs. Depending on factors such as funding sources or affiliations. Depending on factors such as affiliations with other facilities. Typically. Often it is made up of single resident “apartments” where a resident can live alone or with their or CA spouse in an independent environment. it may or may not have access to resources and may or may not follow formalized procedures. Due to the nature of a wide variety of patient types. per- sonnel.LESSON 2 Other Types of Healthcare Organizations Other Types of Healthcare There are many other types of healthcare organizations besides hospitals. By its nature private. with the goal to transition to another care facility or return home. a private practice may or may not cover a o broad scope of services (a practice of primary care physicians will cover a broad spectrum of services. the latest technology. but do not need constant medical st DO care or supervision. a facility of this type would need to have a broad scope of services offered. it may or may not have access to resources and may or may not follow formalized procedures. Intermediate care facility A residential facility for individuals with persistent medical conditions who are currently unable to live independently. Assisted living facility A residential facility or community for patients who may need assistance TE with some functions of daily living. such as bathing or medication remind- ers. but can otherwise remain mostly independent. Organizations Healthcare Organization Description n Private practice An independent medical practice opened by one or more accredited medical practitioners of any specialty area in an office environment. they provide support or rehabilitative ser- vices aimed to enable the resident to regain independence in functions of daily living. Due to the nature of a wide variety of patient types. a facility of this type would need to have a broad scope of services offered.

a facility of this type would need to have a broad scope of services offered. Depending on factors such as affiliations with other facilities. etc. it may or may not have access to resources and may or may not follow formalized procedures. a facility of this type would need to have a broad scope of services n offered. sprains. Hospice care is designed to provide comfort and care for patients and support for the patient’s family during end-of-life. etc. and is admitted to inpatient care to monitor his cardiac stability. often including physical therapy and medi- cation delivery through more complicated methods like injections. due to the fact that the patient’s condition must be closely monitored. Surgeries are usually outpatient. NO Inpatient Treatment Scenarios Inpatient scenarios may include but are not limited to: st DO • A patient comes to the Emergency Department (ED) with chest pains. a facility of this type would need to have a broad scope of services offered. it may or may not have access to resources and may or may LI not follow formalized procedures. Depending on factors such as affiliations with other facilities. • A patient with a history of drug addiction checks into an inpatient rehabilitation center to address her chemical dependency. Surgical center Also known as an outpatient surgery center. Depending on factors such as affiliations with other facilities. it may or may not have access to resources and may or may not follow for- malized procedures. Due iti to the nature of a wide variety of patient types. ct P DU Inpatient Treatment Inpatient treatment occurs when a patient’s medical condition requires being admitted to the ru Inpatient Treatment T hospital for anywhere from an overnight stay to a long-term stay. and his dementia prevents him from being able to monitor his own glucose levels care- fully. but are not an or emergency. Due to the nature of a wide CA variety of patient types. TE Urgent care facility An outpatient facility where treatment can be provided for medical prob- lems or conditions that need immediate medical attention. Lesson 2: The Medical Environment 27 . It is a healthcare facility that Ed performs surgical procedures that does not require hospitalization. In • An elderly patient with dementia and diabetes is checked into an inpatient facility for rehabilitation after he fell and broke his hip. Due to the growing num- ber of outpatient surgeries. intravenous therapy. meaning the surgery performed does not require an overnight or extended hospital stay for recovery. because he needs medical super- vision for both the treatment of his diabetes and his rehabilitation. such as ear infections. Depending on factors such as affiliations with other facilities. Due to the nature of a wide variety of patient types. LESSON 2 Healthcare Organization Description Home healthcare A wide variety of medical services that are provided in a patient’s home by an accredited home health aide. it may or may not have access to resources and may or may not follow formalized procedures. a facility of this type would need to have a broad scope of services offered. o Hospice care A residential facility for terminally ill patients who have reached the end stages of their condition.

LI Department Description ct Peri-Op Peri-Operative Care (Peri-Op) provides medical services and care to a patient P before. iti • A patient visits the ED because she has been experiencing pain in her ear. even including minor outpatient surgeries. She is diagnosed with an ear infection. Ed • A patient visits an urgent care facility when he sprains his ankle playing soccer. He is treated and released that night with a prescription for pain killers and a wrapped ankle. and after surgical procedures. during. There are a number of or General Departments in CA Healthcare Organizations general departments that would be found in most organizations. intensive treatments and monitoring. Treatment can be pro- vided in a doctor’s office or clinic.LESSON 2 Outpatient Treatment Outpatient Treatment Outpatient treatment occurs when medical services can be provided to a patient without the need for the patient to be admitted to any type of healthcare facility. General Departments in Healthcare TE Organizations Healthcare organizations are large and made up of many departments. She is released a few hours after surgery is performed and will use outpatient rehabilitation to recover from the surgery. usually supplemented by at-home use of medications to address or control the medical condition. often including life support. Specialized departments include: st • Neonatal Intensive Care Unit (NICU) DO • Pediatric Intensive Care Unit (PICU) • Trauma Intensive Care Unit (TICU) Med/Surg Medical/Surgical (Med/Surg) provides general. DU Departments within Peri-Op include: • Pre-Surgical • Operating Room (OR) ru • Post-Anesthesia Care Unit (PACU)/Recovery T ICU Intensive Care Units (ICU) or Critical Care Units (CCU) provide medical services NO for critically ill patients who need constant. Out- patient care is also referred to as ambulatory care. This includes the OR. and released the same day with a prescription for antibiotics and the direction to make a follow up appointment with her primary care physician in two weeks. 28 CompTIA® Healthcare IT Technician (Exam HIT-001) . non-specialized medical and surgi- In cal services to patients of all types. n Outpatient Treatment Scenarios Outpatient scenarios may include but are not limited to: o • A patient has minimally invasive arthroscopic surgery on her knee to address an ongoing issue.

that may or may not be life-threatening in nature. • Med/Surg. Departments that run or analyze tests related to a patient’s condition or dispense CA tions medications to treat a patient’s condition. or Tests and medica. • Tests and medications. st DO • ED. In Outpatient General Departments General departments within a healthcare organization that provide outpatient services include: • Therapeutic departments. and are released once the visit or surgery is completed. Departments include: • Radiology LI • Laboratory ct • Pharmacy P DU Inpatient General Departments ru General departments within a healthcare organization that provide inpatient services T include: NO • Peri-Op.Therapeutic departments provide a wide variety of therapy services to patients to ments help them recover from a medical condition or surgery. • ICUs. • Ambulatory. without prior appointment. LESSON 2 Department Description ED An Emergency Department (ED)—sometimes also referred to as Accident and Emergency (A&E) or Emergency Room (ER)—treats a wide range of medical needs on an immediate basis. where patients TE typically have scheduled visits or day surgeries. • Therapeutic departments. Departments include: Ed • Respiratory Therapy • Physical Therapy • Occupational Therapy • Speech-Language Therapy Ambulatory Provides medical treatments and surgeries on an outpatient basis. Lesson 2: The Medical Environment 29 . Departments within the ED may include: n • Triage • Main ED Unit • Trauma Unit o • Pediatric Unit • Behavioral Health Unit iti • Observation Unit • Short-Stay Unit Therapeutic depart.

30 CompTIA® Healthcare IT Technician (Exam HIT-001) . Additional specialties Additional specialty areas include but are not limited to: • Ophthalmology LI • Dermatology • Plastic Surgery ct P • Nuclear DU • Urology (URO) and Dialysis • Ear. In • Oncology. Specialized Departments in Healthcare Organizations Any medicine that treats a specific area of the body or type of medical condition is considered n Specialized Departments in Healthcare Organizations a specialty. and adolescents. and Throat (ENT) • Rheumatology ru T NO Some facilities may refer to their OB/GYN departments as the Stork department. including or CA radiation and chemotherapy treatments. Departments within OB/GYN include: iti • Family Birthing Center (FBC) • Labor and Delivery (L&D) Peds Pediatrics (Peds) provides medical care for infants. Nose. etc. there are usually specialities as well. o Department Description OB/GYN Obstetrics and Gynecology (OB/GYN) provides maternity services including pre. • Behavioral Health. children. Departments within Behavioral Health include: • Behavioral Health Unit TE • Behavioral Health Observation Unit ONC Oncology (ONC) provides treatments for cancers and blood disorders.LESSON 2 • Tests and medications. Pediatric Oncology. such as Pediatric Ortho- Ed pedics. st DO Inpatient Specialized Departments Specialized departments within a healthcare organization that provide inpatient services include: • OB/GYN. Within Pediatrics. Behavioral Health Provides treatment for a wide variety of mental health issues. from depression to schizophrenia. • Peds.and post-natal care. Cardiovascular Provides specialized medical services relating to diseases or conditions of the heart and blood vessels. There are also a number of specialized departments within an organization.

1. 7. 2. When a patient first arrives at a facility. LESSON 2 Outpatient Specialized Departments Specialized departments within a healthcare organization that provide outpatient ser- vices include: • OB/GYN. disposition classification will determine when the patient will be potentially discharged. 3. 4. Also. and an initial diagnosis or classification of their medical issue or condition will be made. or process. 5. o Basic Medical Workflow iti There is a general workflow. Based upon the diagnosis. with the TE goal of meeting the discharge date as determined by the disposition classification. with consultations from medi- Ed cal professionals from other specialties as needed. Follow-up appointments or treatments will be scheduled with the necessary doctors to ensure that the patient is recovering appropriately. After the intake process. and is stored within a data collection database that can be accessed by a variety of medical staff. LI ct IT-Based Enhancements to Medical Workflow P DU There are a number of IT-based enhancements with the introduction of new technology that IT–Based Enhancements to aim to improve the workflow process and make each step easier. • Oncology. CA then they will be discharged from the facility. • n Peds. • Cardiovascular. Care will then be provided to the patient as determined by the treatment plan. If the patient’s treatment plan goes as planned and the patient meets the requirements. Medical Workflow ru T IT-Based Enhancement Description NO Computerized data collection Electronic data about a patient is collected and entered into a patient’s medical file. the patient will then be examined. a treatment plan will be developed for the individual patient’s needs. that will take place when a patient visits any Basic Medical Workflow healthcare organization facility. st This enhancement is used during the following workflow steps: DO • Registration/intake/admission • Examination and initial classification • Treatment plan and care In Lesson 2: The Medical Environment 31 . or 6. the patient will be registered and admitted. • Additional specialities.

as recorded by a physician or other healthcare professional.LESSON 2 IT-Based Enhancement Description CPOE Computerized physician order entry (CPOE) is the process of entering electronic information and instructions concerning a patient into that patient’s medical files. a digital signature is encrypted NO data that acts as a person’s signature on electronic documents or files.This enhancement is used during the following workflow steps: • Examination and initial classification Ed • Consultation • Disposition classification • Treatment plan and care • Discharge • Follow-up TE Transcription The process of converting dictated audio recordings of patient data. Also includes entering patient orders currently in written format into the Electronic Medical Record (EMR) or Electronic Health Record (EHR) system. and was not somehow altered in transit. It verifies that the message or document is authentic. This enhancement is used during the following workflow steps: LI • Examination and initial classification ct P • Consultation • Disposition classification DU • Treatment plan and care • Discharge ru • Follow-up T Digital signatures Equivalent to a handwritten signature. into a text format. was created by a known sender (the signer). Orders can then be communicated over a net- work to other medical staff or departments that are involved in processing the order. st This enhancement is used during the following workflow steps: DO • Examination and initial classification • Consultation • Disposition classification • Treatment plan and care In • Discharge • Follow-up 32 CompTIA® Healthcare IT Technician (Exam HIT-001) . n This enhancement is used during the following workflow steps: • Consultation • Disposition classification o • Treatment plan and care • Discharge • Follow-up iti Dictation The process of reading aloud and recording patient data using a dicta- tion device. as done by a medical transcriptionist or via computer through or CA voice recognition.

which of the following departments would the woman likely come in contact with throughout her treatment? (Select all that apply. She is rushed to the hospital. and is recovering well. This enhancement is used during the following workflow steps: n • Consultation • Follow-up o ACTIVITY 2-1 iti Understanding Healthcare Organizations Ed Scenario: Use the knowledge you gained in this topic to answer these questions about healthcare organi- zations. A 67-year-old woman falls down in her home.) ✓ a) ED LI b) Cardiovascular department ct P ✓ c) Perioperative Services DU ✓ d) Radiology e) ICU ru T 2. LESSON 2 IT-Based Enhancement Description Electronic referrals/consults Taking the place of handwritten letters of referral or consult. it is the process of electronically generating and sending a referral message from the referring medical professional to the one providing the referred service. cutting it open. NO True ✓ False st DO In Lesson 2: The Medical Environment 33 . breaking her hip and hitting her head. True or False? A public hospital cannot be a teaching hospital. What You Do How You Do It TE 1. where she is treated for the head wound or and has hip replacement surgery. Based on the knowledge of CA the different departments in an organization.

and software types that are specific to the healthcare industry that an IT professional working in the industry should be familiar with. you will identify terminology.” it is used to connote immediacy or urgency. and Software In the previous topic. Equipment. TE there are numerous terms. Likewise. Familiarizing yourself with these things is an essential step in learning to DU communicate with medical professionals. equipment names. Similarly. and technology found in healthcare can be overwhelm- LI ing. and he takes daily medication for diabetes management. and who also serves as either the diagnosing doctor or the referring doctor when a patient presents a medical condition that he or she cannot treat. 34 CompTIA® Healthcare IT Technician (Exam HIT-001) . terms. NO Medical Terminology Medical Term Definition st DO Imaging Medical imaging refers to the use of various technologies to create images of the human body for use in the clinical field. Understanding and being able to use correct terminology will allow you to effectively communicate with healthcare staff and be more successful at meeting their needs. and tracking of a disease or medical issue within the body.LESSON 2 3. and software that are specific to the medi- CA cal industry. such as diagnosis. The industry-specific equipment. She was recently diagnosed with the onset of Alzheimer’s disease. you discussed the different types of healthcare organizations. ct P specific pieces of equipment and software are common to the healthcare field that are not found elsewhere. PCP The primary care physician (PCP) is a doctor who serves as the first contact In for a patient for a variety of medical services. In or the topic. but is otherwise mentally and physically healthy. including physicals or well- visits. Medical Terminology ru T There are a number of commonly used medical terms that you should become familiar with. Stat Derived from the Latin “statim. and work within a healthcare IT environment. Of the following healthcare organiza- tions. equipment. treatment. A married couple needs to determine a healthcare plan for themselves that will suit their immediate needs and for the coming years. which would make the best choice to fulfill their healthcare needs now and over time? a) Nursing home n ✓ b) Continuing care facility c) Intermediate care facility d) Home healthcare o iti TOPIC B Ed Medical Terminology.

that are permitted for an individual in a particular licensing area. LESSON 2 Medical Term Definition Acuity The acuteness. It is differentiated from Level IV because In it is not required to have services available 24 hours a day. Code Blue/Rapid Hospitals will often use their own “code” terminology (“code red. LI Level II Trauma Center Can provide essential trauma care 24 hours a day with all available spe- ct cialties. but must have an after-hours trauma response plan in place. iti Preceptor A senior. Level V Trauma Center Can provide initial evaluation. skilled medical staff member who serves as an instructor or super- visor. providing experience and feedback. usually driven by criteria such as specific education and experience requirements. and diagnosis of a trauma patient. Ed Trauma Center Levels A trauma center is a facility equipped to treat patients suffering traumatic injuries. or actions. TE Level Description or Level I Trauma Center Can provide the highest possible level of surgical care to trauma patients. It is required to have an ongoing research program and trauma education/ prevention services. but then the patient must be transferred to a Level I. Level III Trauma Center Can provide treatment. or level of severity of an illness or disease. but does not have all available specialists and their equipment in T facility. II or III facility for treatment and care. processes. and diagnosis of a trauma patient. CA with a full range of specialists and technology available 24 hours a day. The scope of practice for a license is limited to what is per- mitted by law to be performed under that license. but then the patient must be transferred to a Level I. There are Trauma Center Levels five levels of trauma center care. personnel. It is differentiated DU from Level I because it is not required to have ongoing research pro- grams or surgical residency. II or III facility for treatment and care. Level IV Trauma Center Can provide initial evaluation. stabilization. Provides comprehensive trauma care P and clinical assistance to a Level I facility as needed. to medical students or newly hired employees still in training. surgery and intensive care to most trauma ru patients. as defined by state and national o licensing boards. Lesson 2: The Medical Environment 35 . Scope of practice The procedures. stabilization. It has transfer agreements with a Level I or II facility for the NO treatment of severe injuries that the Level III cannot treat. It is required to provide services 24 hours st DO a day. and n immediate medical attention/rapid response is needed to resuscitate the patient. and equipment.” “code Response black” ) to mean different situations/response levels. but typically “code blue” is used to communicate that a patient has gone into cardiac arrest.

the drug or substance Substance is currently accepted for medical use in treatment in the United States. 36 CompTIA® Healthcare IT Technician (Exam HIT-001) . Schedule II Controlled The drug or substance has a high potential for abuse. Schedule III Controlled The drug or other substance has less potential for abuse than those catego- or CA Substance rized as Schedule I or II. with severe restrictions. Types of Medical Equipment In Types of Medical Equipment There are numerous types of medical equipment that you may encounter in your experience and which you should be familiar with. the drug or substance is currently accepted for medical use in treatment in the United States. which includes the designation of the trauma level of the facility. especially in comparison to those categorized in Schedule III.LESSON 2 Trauma Center Certification A hospital must receive certification to be considered a trauma center. the drug or substance is currently accepted for medical use in treatment in the United States. An example of a Schedule III drug is LI pentobarbital. An example ru of a Schedule IV drug is lorazepam. or use. possession. Controlled Substance Levels o Controlled Substance Levels A controlled substance is any drug or chemical substance that is regulated by the federal gov- ernment in its production. The drug or substance has a high potential for abuse. including illegal and prescription drugs. An example of a Schedule II TE drug is morphine. the drug or substance is currently accepted for DU medical use in treatment in the United States. of controlled substances. An st DO example of a Schedule V drug is pyrovalerone. Official designa- tion as a trauma center is governed by individual state laws. and there is a lack of accepted safety for use of the drug or substance under medical supervision. the drug or substance Ed stance currently has no accepted medical use in treatment in the United States. An example of a Schedule I drug is heroin. abuse of the drug or sub- stance may lead to limited to physical or psychological dependence. abuse of the drug or sub- stance may lead to moderate or low physical dependence or high psychological dependence. abuse of the drug or substance may lead to limited to physical or psychological depen- dence. iti Schedule Description Schedule I Controlled Sub. especially in comparison to those categorized in Schedule IV. and abuse of the drug or substance may lead to severe psychological or physical dependence. There are five levels. or schedules. ct P Schedule IV Controlled The drug or substance has a low potential for abuse as compared to those Substance categorized in Schedule III. To be designated as a trauma center. a hos- pital must meet specific criteria that have been established by the American College of Surgeons and must pass an onsite review performed by the Verification Review Com- n mittee. T Schedule V Controlled The drug or substance has a lower potential for abuse as compared to NO Substance those categorized in Schedule IV.

temperature. New technol- n ogy is small enough and energy-efficient enough to transport the machine from floor to floor. administers fluids. Lesson 2: The Medical Environment 37 . to create a two. or brain disorders. PET A positron emission tomography (PET) scan is an imaging test that uses a LI radioactive chemical. Ultrasound An ultrasound machine uses high-frequency sound waves. LESSON 2 Type of Medical Equip- ment Description Portable X-ray machine A mobile X-ray machine that allows X-ray technicians to bring the X-ray to the patient. or infusion pump. called a radiotracer. other organs and cancers as compared to iti CT scans or X-rays. or medication into a patient’s circulatory system intravenously. such as an image of a fetus in the womb. producing an image of bloodflow to and from the heart. and a gamma camera detects the test radiotracer as it travels to the heart. MRIs provide good contrast for soft tissues. ru CT A computed tomography (CT) or computerized axial tomography (CAT) scan T uses a series of X-rays taken of the same area from different angles to gener- ate a three-dimensional image of an area of the body being scanned. In Medical Administrative Equipment There are several types of specialized equipment used primarily by medical administrative Medical Office Equipment staff. nutrients. NO Vascular/nuclear stress A radioactive tracer is injected into a vein.or three-dimensional CA image of something within the body. and is often used to detect cancer. MRI A magnetic resonance imaging (MRI) machine uses high-powered magnetic o fields and radio frequencies to scan and create images of the body. and fingertip heart rate monitor. It typically includes a vitals (or blood pressure) cuff. instead of bringing the patient to a separate room. heart disorders. which reflect or or echo off of a boundary within the body. st DO Blood glucometer A glucose meter. making it an especially useful tool for imaging the brain. is used to test the levels of glucose in the blood. or blood glucometer. ther- mometer. heart. and blood oxygen saturation (SpO2) levels. and wireless capabilities to be able to push X-rays imme- diately for review. Ed EKG/ECG An electrocardiogram (EKG or ECG) is an non-invasive procedure in which electrodes are placed on the outer surface of the skin and an electrocardio- graph detects and records the electrical activity of the heart produced with each heartbeat. Vital signs monitor Portable or fixed stations that can be used to take a patient’s important vital signs such as blood pressure. that is injected into the blood- stream and is absorbed by the organs and tissues and a scanner that detects ct P and records the radioactive energy given off by the radiotracer to create a three-dimensional image of the organ or tissue being studied. muscles. a particularly important daily activity for those with diabetes IV pump An IV pump. It can measure DU vital functions like blood flow and oxygen usage. EEG Electroencephalography (EEG) is a non-invasive procedure in which elec- trodes are placed on the scalp to record the electrical activity of the brain TE produced with neural communications.

etc. It also integrates key information or patient data at key points in the process to streamline the workflow for staff. and during and after dis- ru charge. Also o used to scan barcodes on patient and staff facility identification (wrist bands. Scheduling Online or electronic scheduling software provides a start-to-finish st DO workflow from the time a patient is scheduled through their checkout after their appointment. check-in. Allows for multiple or recurring appointments to be scheduled at once. and other materials specific for use in a lab environment. and scanners are often used in facilities to print. and payment. including insurance verification. A prescription (Rx) printer will print pharmacy-accepted and tamper-resistant prescriptions from the patient’s EMR files. copy. which can be retrieved and exported. electronic prescriptions are iti also taking the place of handwritten prescriptions. accurately reads the information on the card. through treatment.LESSON 2 Medical Administrative Equipment Description Card scanner A document reader that scans card-sized documents such as a driver’s license or insurance card. barcodes. Rx printers As the medical world goes to electronic records. TE or CA Types of Medical Software Types of Medical Software There are numerous software applications used in the healthcare industry designed to stream- LI line management of data and information for the facility or organization. or scan in sensitive materials like medical records. which can then be uploaded to a patient’s EMR or sent electronically to other necessary parties. copiers. ensuring that a facility is uti- lizing its capacity and resources most efficiently and preventing delays. A hand-held device that can scan stock-keeping unit (SKU) barcodes to ner manage inventory for a variety of items kept on hand within a facility. staff ID badges) to obtain patient information. Hand-held barcode scan. ct P DU Type of Software Description Patient tracking Patient tracking software allows staff to track a patient’s flow of care in the system from registration. Ed Copiers There are no copiers specific to use in the healthcare industry. In 38 CompTIA® Healthcare IT Technician (Exam HIT-001) . but it is important to know that printers. Lab printers Specialized printers and printing supplies that allow for the printing of labels. and potential to lose revenue. medication verification. check- out. and n then records and stores an image of the card and the data using accompany- ing software. Dictation devices Digital dictation devices are now available which record a verbal dictation of a patient’s medical files in a digital format. dissatisfaction. Patient tracking monitors and coordinates NO patient movements throughout the system. both procedurally (where are they in the process) and physically T (where are they in the facility).

CPOE sys- tems reduce the potential for error that comes with handwritten orders. LESSON 2 Type of Software Description Order entry Computerized physician/provider order entry (CPOE) systems allow for the electronic entry of all medical orders/instructions for treatment for a patient from their licensed caregiver into the software system. payment collection (both insurance company and co-payer). and payments can be posted and pro- cessed. rules compliance. DU ru T NO st DO In Lesson 2: The Medical Environment 39 . tools. and reporting capabilities. or Legacy Systems Versus EMR/EHR CA LI In legacy medical systems. codes Ed can be checked. notifying the ordering caregivers in advance of potential hazards. but now they are typically integrated into a single EMR/EHR system ct P solution. aggregate all medical orders in one location for one patient. Tracking/auditing Tracking and auditing software provides a single system for tracking and managing compliance with medical claims audits that are performed by both government and commercial healthcare (insurance) organizations. medical coding and billing. o Practice management Practice management software is an all-encompassing solution of many other IT-based pieces that streamlines the workflow processes of all activities needed to run a practice or facility while providing the ability to iti become a paperless office. and reminders to TE make sure that all steps in the auditing process are completed fully and on time. Billing/coding Billing and coding software streamlines the medical billing and collec- tions process by providing one location where charges are entered. these software applications are often used as stand-alone applications. including patient tracking. and prevents future errors in similar tasks. claim denials can be managed. Streamlines tasks and processes with dashboards. insurance claims and statements can be generated and sent. and prevent n the potential for medications or procedures to negatively interact with each other down the line.

processes. Dr. o What You Do How You Do It 1. b Trauma center d. and Software n Scenario: Use the knowledge of medical terminology. that are permitted for an individual in a particular or licensing area. Match the medical term on the left with the correct definition on the right. The procedures. and software you gained in this topic to answer the following questions. usually driven by cri- CA teria such as specific education and experience requirements. d Scope of practice c. as defined by state and national TE licensing boards. They went to move to a paperless system for their patients. iti a Acuity a.LESSON 2 ACTIVITY 2-2 Identifying Medical Terms. A medical facility equipped to treat patients suffering from life- Ed threatening injuries. A senior. skilled medical staff mem- ber who serves as an instructor or supervisor to medical students or new hires in training. LI 2. Equipment. The level of severity of a patient’s illness or disease. Michaels and two of his colleagues are opening a private practice. equipment. or actions. c Preceptor b. Which software system would make the ct P most sense for them to implement at their office? DU a) Patient tracking b) Order entry ✓ c) Practice management ru T d) Scheduling NO st DO In 40 CompTIA® Healthcare IT Technician (Exam HIT-001) .

High-powered magnetic fields and radio frequencies are used to scan o and create images of the body. b MRI a. or CA e Ultrasound f. and cancers. LESSON 2 3. heart. making it an especially useful tool for iti imaging the brain. A series of X-rays taken of the same area from different angles to generate a three-dimensional image of an area Ed of the body. High-frequency sound waves are used TE to reflect or echo off of a boundary within the body to create a two. Electrodes are placed on the scalp to record the electrical activity of the brain produced with neural communi- cations. Electrodes are placed on the outer surface of the skin and a special machine detects and records the elec- LI trical activity of the heart produced with each heartbeat. ct P DU ru T NO st DO In Lesson 2: The Medical Environment 41 . Pro- vides good contrast for soft tissues. other organs. f EKG c. d EEG b. muscles. A radioactive chemical. a PET d. c CT e. Match the type of medical imaging process with the correct description on the right.or three-dimensional image. called a radiotracer. is injected into the blood- stream and is absorbed by the organs and tissues and a scanner detects and records the radioactive energy given n off by the radiotracer to create a three-dimensional image.

Acquiring this basic familiar- ity with these departments and the technologies they use will provide a foundation you can use to maintain and troubleshoot these systems. and asked about the situation that had resulted in the need for a tetanus shot. and with the advent of electronic medical records. and what related technologies you may need to support as part of your IT responsibilities. published every year by the American Medical Association. Susie had to receive a tetanus shot. Different coding systems address different aspects of medical care. There are many accepted medical coding systems that are issued by vari- or ous authorities. CA Example: CPT Code for a Vaccination Last year. you should be prepared to deal with technologies related to this area. ru CPT T NO CPT Current Procedural Terminology (CPT) is a list of descriptions and accompanying five-digit numeric codes used for reporting medical services and procedures. st DO ICD-10 ICD-10 The International Statistical Classification of Diseases and Related Health Problems.LESSON 2 TOPIC C Medical Coding and Billing n In the previous topic. LI the Current Procedural Terminology (CPT) code for receiving a tetanus shot. he recognized the medical code. When he reviewed her DU files. 42 CompTIA® Healthcare IT Technician (Exam HIT-001) . they now rely nearly 100 percent on technology to function correctly. The ICD-10 is published by the World Health Organization (WHO). Ed Medical Coding Medical Coding Definition: Medical coding is the process of assigning a universally recognized and used medical TE code number to a specific clinical term. 10th revision (ICD-10) is one of several internationally endorsed medical coding classifications lists In which gives a numeric code to diseases. Susie’s ct insurance company recognized the code. and since it covers tetanus shots. or diagnosis or procedure. Just as important as the equipment and devices used in the medical environment are the ways in which patient data is communicated: through the use of medical coding and bill- o ing. paid for the P service. you will learn more about medical coding and billing. you were introduced to some of the medical terminologies and equip- ment that an IT professional will need to be familiar with to function in the healthcare industry. As an IT professional working in the healthcare industry. In this topic. Earlier this year. her doctor entered 90714. such as a medical task or service. In her EMR. signs and symptoms. and possible causes of injuries and diseases. abnormali- ties. possible complaints. Susie transferred to a new doctor. Medical coding and billing are complex administrative functions within any healthcare organi- iti zation.

any medications prescribed another code. The act also directed the FDA to create a National Drug Code Identification (NDC ID). Patients can request a copy Communication of their records. and these codes will be transmitted to NO the patient’s insurance company to be reviewed and processed to determine the amount the insurance company will pay based on the scope of service. It was cre- ated by the College of American Pathologists (CAP) and is currently owned. Ed E/M Codes Evaluation and Management (E/M) Codes are five-digit codes. pre- iti pared. microorganisms. or others In may request information from a patient’s records. medications. to facilitate the billing process. Obviously. insurance companies. and external clinicians outside the practice. They were established by the United States Congress. The FDA compiles and publishes this list. and so forth that may be used in a patient’s records. procedures. updating it on a semi-monthly basis. st DO EMR/EHR Outbound Communication There are numerous parties outside of those included in a particular EMR or EHR system that EMR/EHR Outbound may request or require information from a patient’s EMR or EHR. the National Drug Code Directory. a medical biller for the practice will determine ru the proper medical code corresponding to all of the services rendered to the patient T (the office visit would be one code. Drug Listing Act of 1972 requires that all registered drug manufacturers provide the NDC ID Food and Drug Administration (FDA) with an up-to-date list of all drugs manufactured. DU Example: Billing for a Physician’s Visit Following a patient’s visit to her PCP. Lesson 2: The Medical Environment 43 . based on CPT codes. and there are required processes in place to prevent just anyone from requesting or being able to obtain information from a patient’s EMR or EHR. and so on). maintained and distributed by the International Health Terminology Standards Development Organization n (IHTSDO). NDC ID o The U. patient health information is sen- sitive material. or Medical Billing Definition: CA Medical Billing LI Medical billing is the process of submitting and tracking claims made by healthcare providers or organizations to insurance companies on behalf on the insured patient in ct P order to receive payment for services rendered. a not-for-profit medical association in Denmark.a unique. and have been adopted by private health insurance companies as the standard for determining and com- TE municating the types and severity of patient conditions. three-segment numeric code for each drug registered.S. such as an office visit or a hospital. 10-digit. LESSON 2 SNOMED CT The Systemized Nomenclature of Medicine – Clinical Terms (SNOMED CT) is an organized SNOMED CT collection of numeric codes correlating to clinical information such as diseases. processed and distributed for commercial use. the patient’s diagnosis would be another code. that are E/M Codes used to describe a medical professional-patient interaction.

ROI staff will process and track the request. that the records are being securely sent to the requesting party. This can involve going back and forth between provider and clearinghouse to ensure that the or claim is accurate. iti Billing Clearinghouse Billing Clearinghouse A billing clearinghouse acts as the intermediary between a medical biller at the healthcare practice and the insurance company. a patient does not have to be notified that a third-party requested information from their personal o health information. and this list can be requested by the patient. ✓ b) There are so many different types of systems using various codes. Under HIPAA. and recording that the request and response were completed. securely transmits the claims file to the insurance company. making sure the claim sent by the practice is accurate before sending it on to the insurance company. taking on the arduous task of ensuring that each claim is correct before being processed. there needs to be some consistent system for patient data and payment purposes. n ensuring that it has the required signatures. if necessary). Of the following statements. The billing clearinghouse receives all of these claims and acts as the middle man between the providers and the insurance compa- TE nies. There are millions of pro- viders submitting numerous insurance claims for their millions of patients—sometimes even submitting multiple claims for one patient and one visit.LESSON 2 ROI Departments ROI Departments Most large healthcare organizations will likely have dedicated staff to handling requests for EMR or EHR information in a Release of Information (ROI) department. 44 CompTIA® Healthcare IT Technician (Exam HIT-001) . The billing clearinghouse scrubs each claim to Ed check for errors. and forms must be completed to authorize the release of the information from the records (typically. but record of all disclosures of a patient’s health information is required. The billing clearinghouse plays a crucial role in the billing process. Forms must be com- pleted to request the information from the records (patient or other organization). which most accurately explains the importance of medical st billing and coding in the healthcare industry? DO a) Medical professionals need to get paid appropriately for the services they provide. In c) Patients need to be able to feel comfortable that their information can be trans- ferred between professionals with no mistakes. d) Medical professionals need to be able to quickly and efficiently record and store per- tinent patient information. the patient or the patient’s designee. T NO What You Do How You Do It 1. ACTIVITY 2-3 CA LI ct P Understanding Medical Billing and Coding DU Scenario: Use the knowledge of medical billing and coding you gained in this topic to answer the fol- ru lowing questions. and once it is accepted without error.

these various systems all need to be able to communicate between one another to send and receive important patient information. Lesson 2: The Medical Environment 45 . b ICD-10 a. Numeric codes used to describe a medical professional-patient interac- tion. you have learned about the numerous systems and applications that have been introduced to the healthcare industry as more organizations move towards being entirely electronic. The billing clearinghouse scrubs the claim. signs and n symptoms. The claim is submitted to the insurance company. The claim is submitted to the insurance company. Classification list of numeric codes used to describe diseases. you will learn about st DO the interfaces that have been developed to allow communication between systems. especially when it In concerns information as sensitive and important as a person’s health? With all of the various types of systems. how do we ensure that all of these various systems can communicate seamlessly between one another. The insurance company accepts or rejects the claim. The claim is generated. a multitude of systems and applications have been introduced. CA LI ct P TOPIC D DU Medical Computer Interfaces ru T NO In the previous topics. The claim is generated. The insurance company accepts or rejects the claim. o a E/M Codes d. TE d) The codes for services rendered are determined. etc. The claim is submitted to the insurance company. The claim is submitted to the insurance company. In this topic. The insurance company accepts or rejects the claim. d SNOMED CT b. The billing clearinghouse scrubs the claim. A unique numeric code used to iden- tify registered drugs. The billing clearinghouse scrubs the claim. As more healthcare organizations move towards functioning entirely electronically. Which of the following describes the complete medical coding and billing process most accurately? ✓ a) The codes for services rendered are determined. Ed b) The codes for services rendered are determined. An organized collection of numeric codes correlating to clinical informa- tion. LESSON 2 2. c NDC ID c. or The insurance company automatically accepts the claim. interfaces specific to the healthcare industry have been developed to ensure that systems can communicate with one another. The problem is. Part of your role as a healthcare IT technician may be to implement or troubleshoot these interfaces. Yet. c) The codes for services rendered are determined. Match the type of medical coding systems to the correct description. The claim is generated. iti 3.

Each segment is a unique. the doctor’s office and the lab use two different software systems. three- character code that relays a specific piece of patient medical data. LESSON 2 Medical Interfaces Medical Interfaces Definition: Medical interfaces are software systems solutions developed using specific industry standards and rules that allow all the separate medical systems to communicate as seamlessly as possible with one another. Vendors developing inter- faces adhere to these standards. Fortu- nately. and HL7 messages are made up of segments. not-for-profit consortium called Health Level Seven. as developed by the voluntary. ensuring that the disparate software applications used by healthcare organizations and the interfaces that communicate between them are all speaking the same electronic language to accurately exchange patient medical data. There are close to 200 LI segments used in HL7. n Example: Medical Interfaces for a Lab Test A patient’s PCP orders a series of blood work. TE Standard Components of HL7 or CA Standard Components of HL7 Software applications communicate with one another using HL7 messages. ru HL7 Segment Relayed Information T AL1 Patient Allergy Information NO BLG Billing DG1 Diagnosis EVN Event Type st DO FT1 Financial Transaction GT1 Guarantor IN1 Insurance In MSH Message Header NK1 Next of Kin/Associated Parties NTE Notes and Comments OBR Observation Request OBX Observation Result 46 CompTIA® Healthcare IT Technician (Exam HIT-001) . HL7 Ed HL7 HL7 specifications are healthcare industry standards and a framework concerning the exchange and integration of patients’ electronic information between software systems. the lab’s system can understand the order being sent. a group of fields that contain data. and the doctor’s office can decipher the results returned. The order is placed electronically. because the two systems communicate through an inter- iti face that uses standard messaging systems to operate seamlessly between different applications. ct P HL7 Segments DU This table shows some of the most commonly used HL7 segments. o Unfortunately.

CCRs can be shared electronically between medical caregivers regardless of their respective EMR or EHR software applications. current medications being taken. combining the interoperability of HL7 tech- nologies with the consistency of CCR information exchange amongst organizations. iti CCR A Continuity of Care Record (CCR) is a health record standard that was developed by a num. It is a more robust implementation of CCR. PACS NO is used as the platform for the integration of medical images with other medical software sys- tems. such as insurance infor- Ed mation. CCD designed to provide guidelines for creating summary documents containing the most pertinent or patient information. which can be shared electronically between medical caregivers regardless CA of their respective EMR or EHR system.interfaceware. as it was developed with representation from both HL7 and the American Society for Testing and Materials International (ASTM). so that all patient medical information can be viewed within a single-source location.html. recent diagnoses. known allergies. PACS ru cal images of almost all kinds. ct P DU PACS A Picture Archiving and Communications System (PACS) is an application system where medi. visit www. and mammograms can T be stored and retrieved electronically by various members of a healthcare organization. These images can also be accessed by doctors at other facilities or accessed remotely in cases where the immediate view of an image is neces- st DO sary. like that patient’s electronic medical record. medical professionals can use e-prescribing. and so forth.com/hl7-standard/ hl7-segments. CCR ber of American healthcare organizations as a means of creating summary documents containing the most relevant and pertinent information about a patient. CCD TE A Continuity of Care Document (CCD) is a health record standard similar to the CCR. The pharmacist must validate the prescription before dispensing the medication to the patient. which was a key player in the development of the LI CCR. CCD can be viewed as a “next generation” of the CCR. CT scans. LESSON 2 HL7 Segment Relayed Information ORC Common Order ROL Provider Type PID Patient Identification SCH Scheduling Activity Information o n For a complete list of all HL7 segments. including MRIs. which is the transmission of a patient’s prescription for medication elec- tronically from the prescriber’s computer to the pharmacy’s computer. e-Prescribing In Definition: e-Prescribing If available as part of their medical software. ultrasounds. Lesson 2: The Medical Environment 47 .

renewing expired prescriptions. comparing the two lists for redundancies. developing and reviewing a list of medications currently being taken by the patient (with the help of the patient or someone close to the NO patient). LESSON 2 Example: o n iti Figure 2-1: An e-prescription. changing dosages of existing st medications. The complete list of a patient’s medications should be updated and shared with all necessary persons after each reconciliation ct P is completed. at the correct time. a list of a patient’s prescription orders is compared to a list or of those that the patient is currently taking in order to avoid any possible medication errors CA such as duplicated prescriptions. DO Bedside Medication Verification Bedside medication verification is a checks-and-balances system that ensures that a patient is In Bedside Medication Verification receiving the correct medication. whether between doctors or between facilities. and prescribing new medications. DU The Medication Reconciliation Process The medication reconciliation process includes: developing a list of medications currently pre- ru The Medication Reconciliation T Process scribed or that will be prescribed for a patient. 48 CompTIA® Healthcare IT Technician (Exam HIT-001) . and then making important clinical decisions based on the comparison. the correct dose of medication. dosage errors. and more. or potentially hazardous drug interactions. which may include discon- tinuing non-active prescriptions. from an authorized caregiver by requiring that barcodes be scanned and information verified prior to the medication being administered. interactions. Medication Reconciliation Ed TE Medication Reconciliation During medication reconciliation. errors in dosage. Medication reconciliation should be completed at every transition point of a patient’s LI healthcare plan.

2. Ultimately. The medicine label of the drug being administered. two to three barcodes must be The Bedside Medication scanned: Verification Process 1. or contraindications. and against current medications for possible adverse drug-drug interactions. The reaction is caused by the immune system not recognizing the drug as helpful in the body. 3. the pharmacist is responsible for ct P performing additional checking and validating the drug order before dispensing. If required. before administering any medication. the prescriber or LI pharmacist is notified and must make the final decision to override the notification and fill the prescription or decide on another course of action. to confirm that it is the proper medi- o cation and dosage for that particular patient. Formulary Checking TE Formulary checking is the automatic process of checking a prescription for medication against Formulary Checking a patient’s known allergies for possible drug-allergy reactions. LESSON 2 The Bedside Medication Verification Process Depending on the system. Once the prescrip- tion is entered into the EMR or EHR system. identifying the patient. but rather overreacting to the drug as if it were attacking the body. When these have been verified. Adverse Allergy Interactions reactions from a drug allergy can range from mild and irritating like skin rashes. is a condition or factor that serves as a reason to withhold a specific medical treatment. the ID of the person administering the medication. ensuring that the person is authorized to dispense the medication and that another staff member has not done so n already. the medication can then be administered to the patient. ru T NO st DO In Lesson 2: The Medical Environment 49 . a basic formulary check is run automatically to determine if there is any potential for negative interaction. DU A drug-to-drug interaction. If one is flagged. to potentially Ed life-threatening like anaphylaxis. iti Allergy Interactions Any adverse reaction to a medication is referred to as a drug allergy or drug reaction. also known as a contraindication. The patient’s wristband. Formulary checking occurs or CA immediately when the new drug is prescribed in the e-prescription system.

LESSON 2 ACTIVITY 2-4 Understanding Medical Interfaces n Scenario: Use the knowledge of medical interfaces you gained in this topic to answer the following questions. ✓ c) The barcode on the medication label is scanned. ✓ d) The ID of the administering personnel is scanned. o 1. the correct dose TE of medication. errors in dosage. A process that involves comparing a list of a patient’s medication orders to ct P a list of those that the patient has DU been taking to avoid any possible medication errors such as duplicated prescriptions.) ✓ a) The patient’s wristband is scanned. b. iti c Medication reconciliation a. and possibly dispensing personnel prior to the medication being dispensed. Match the prescription-related term on the left with the correct description on the right. Which of the following steps would potentially take place during bedside medication verification? (Select all that apply. e) The ID of the provider who prescribed the medication is scanned. medi- CA cation. A checks-and-balances system that cation ensures that a patient is receiving the correct medication. The automatic process of checking a prescription for medication against a patient’s known allergies (drug- allergy) and current medications for Ed possible adverse interactions (drug- drug) immediately when it is prescribed in the e-prescription sys- tem. or potentially hazardous drug interac- ru T tions. b Bedside medication verifi. NO 2. LI a Formulary checking c. In 50 CompTIA® Healthcare IT Technician (Exam HIT-001) . st DO b) The ID of the dispensary personnel is scanned. at the correct time. from an authorized caregiver by or requiring verification of patient.

but may include: you need to understand the constraints and concerns of the environment you are working in. you learned about the medical environment including its organization. CAT scans. and the most significant technologies. Match the interface-related term on the left with the correct description on the right. d HL7 a. but may include: the need to be able to assist in troubleshooting issues specific to the healthcare industry and support healthcare employees as a healthcare IT professional. A health record standard that was developed as a means of creating summary documents containing the most relevant and pertinent informa- tion about a patient that can be shared n electronically between medical caregivers. including MRIs. How does the information presented in this lesson directly affect your responsibilities as an IT professional in the healthcare industry? st DO Answers will vary. mammograms. stakehold- ru ers. An application system where medical images of almost all kinds. can be stored and retrieved electronically. but uses standards from both HL7 and Ed ASTM. Healthcare industry standards and a framework concerning the exchange and integration of a patients’s elec- or CA tronic information between software systems. Why do you think it is important to have an understanding of the medical environment overall? In Answers will vary. 1. LI ct P Lesson 2 Follow-up DU In this lesson. LESSON 2 3. b CCD c. which can be shared electronically between medical caregivers regardless of their respective EMR or EHR system. Having an understanding of how the medical T environment is structured and familiarity with essential jargon will allow you as a healthcare NO IT technician to meet the challenges of this unfamiliar environment. ultrasounds. Lesson 2: The Medical Environment 51 . o c PACS b. 2. etc. TE a CCR d.. so understanding IT issues specific to the healthcare industry is imperative. regardless of their respec- tive EMR or EHR software applications. A health record standard designed to provide guidelines for creating sum- mary documents containing the most iti pertinent patient information.

NOTES o n iti Ed TE or CA LI ct P DU ru T NO st DO In 52 CompTIA® Healthcare IT Technician (Exam HIT-001) .

roles. LESSON 3 LESSON 3 n Lesson Time 3 hour(s) o Using IT in the Medical iti Workplace Ed In this lesson. and documentation used in the medical environment. requirements. TE • Communicate effectively with other IT staff and healthcare staff while using technology appropriately and respecting all applicable rules. or CA • Identify the legal best practices. LI • Identify the techniques used to properly manage sanitation. and regulations. • Explain the process of medical document imaging. ct P DU ru T NO st DO In Lesson 3: Using IT in the Medical Workplace 53 . You will: • Describe the need for and use of roles and responsibilities in healthcare IT. you will leverage core medical concepts to describe the use of IT in the medical workplace.

54 CompTIA® Healthcare IT Technician (Exam HIT-001) . unless authorized by the patient. you will now focus on how technology fits into the everyday medical workplace. With all this in mind. you will describe the roles and responsibilities of those who work in the healthcare field. strict clearance guidelines are established to dic- DU tate who can access and read the contents of any patient record. there is usually a warning presented to the user asking if access to data is necessary. iti TOPIC A Roles and Responsibilities Ed Earlier in the course. you must be able to identify key roles and responsibilities that need to access Electronic Medical Record (EMR) or Electronic Health or Record (EHR) systems. and in emergency situations. This action is common in record keeping. In this topic. common terminology used. situations that require a release of information. In the United States. LI Information Sensitivity and Clearance ct P Information Sensitivity and Any medical office setting or hospital is responsible for keeping all patient records and files Clearance private. and other medical systems commonly found in a medical environment. TE To properly support any type of medical office. Because of the sensitivity of the data. st DO Break Glass Access Break Glass Access Definition: In Break glass access is temporary and specific emergency access to specifically locked Personal Health Information (PHI) data in order to gain access to information which enables task completion. Understanding the practical implications of technologies and how they are applied to healthcare business problems builds upon your understanding of the healthcare environment to enable you so successfully solve business problems in healthcare o using IT. Working with IT in any workplace has unique challenges. you identified various medical departments. government law states that only the healthcare provider and the patient can read the contents of the health record. the focus had been primarily on the healthcare industry and environment. A sensitivity label determines the clearance for an information zone within the EMR system. including regulations and standards that govern a medical environment. The next logical step is to identify all the common roles and responsibilities of the people who work in those areas.LESSON 3 Introduction Earlier in the course. ru T Sensitivity Labels NO Access to patient data within the EHR system can be managed using sensitivity labels. When a situation requires break glass access. but the medical workplace is par- n ticularly fraught with challenges. This enables you to provide the right level of support quickly and effi- CA ciently when issues arise.

Keep in mind that the PM acronym can refer to both a project manager and practice manager. or HIV status that needs to be considered in order to provide the right level of care. • And. • A practice manager (PM). o n iti Ed Figure 3-1: Break the glass access. LI • A patient care technician (PCT). • A project manager (PM). CA • A registered nurse (RN). DU • And. LESSON 3 Example: ED Access A doctor or nurse caring for a patient within the Emergency Department (ED) may use a break glass access to view a patient record to verify that there is no previous psycho- logical diagnosis. Most EMR and EHR TE systems will have predefined profiles available in the system that can be assigned to clinical roles within your environment: • or A medical doctor (MD). Within an medical office or hospital there are a variety Business Personnel of common roles you may encounter including: • A nursing unit clerk/secretary (NUC). ru Medical Office Staff and Business Personnel T NO Medical office staff and other business clients may have limited access to EMR or EHR system Medical Office Staff and data. • ct A medical assistant (MA). In • An office manager. Medical Personnel Within the EHR or EMR system. a dental assistant (DA). st DO • A unit administrator (UA). access roles and responsibilities are assigned according to Medical Personnel Health Insurance Portability and Accountability Act (HIPAA) regulations. other business personnel and staff members. Lesson 3: Using IT in the Medical Workplace 55 . • A physician’s assistant (PA). depending on their specific role. P • A licensed practical nurse (LPN).

implementing. you must be aware of the business contracts and agreements that exist ru when there are contractors involved in everyday processes and procedures. • Support medical staff in changing workflows due to systems updates or changes. application problems. systems. is responsible for designing. you must recognize the various roles that Team you will be supporting and working with. depending on the needs and size of a business. Healthcare IT environments have similar roles and responsibilities. and visit a number of different medical practices NO within a given day. Contractors. LESSON 3 IT and Other Technical Roles IT and Other Technical Roles Within the IT field. and wireless networks. 56 CompTIA® Healthcare IT Technician (Exam HIT-001) . As you work with various medical teams: • Understand what the overall system does. access requests. and new hardware requests. Systems administrator Responsible for the maintenance of an organization’s hardware systems. there may be strict guidelines issued as to what access roles and rights to data they can have. and optimizing of network hardware components. These individuals are required to sign HIPAA documentation. Desktop support Responsible for assisting end users and attempting to restore normal ser- vice to users as quickly as possible. and repairing databases. updating. such as hardware malfunction. In many cases. This role may be an individual or a team of administrators. there may be a need for other business associates and contractors to access data within the EHR or EMR system. and Third CA LI Parties ct P Business Associates. Ed Database administrator Also referred to as a DBA. Responsibilities include the setup. and facilities. you would most likely be required to sign a business agree- ment contract for each practice. st Working Within a Medical Team DO Working Within a Medical As an IT technician in the healthcare environment. monitoring. Wide Area Networks (WANs). you T may be working with an IT outsourcing firm. In this case. Desktop support typically deals with TE basic computer issues. Local Area iti Networks (LANs). For example. networking issues. • Recognize that technology may be challenging for some medical staff. there are many common roles that have unique responsibilities within an IT infrastructure. In • Understand what the various roles and responsibilities are within that system. As the IT technician. n Role Responsibility Security administrator Responsible for ensuring that an organization’s information security poli- cies are being followed by employees and that sufficient controls are in o place to prevent unauthorized access to data. or Business Associates. This person is also responsible for the security and maintenance of an organization’s database system and all the data stored on the systems. • And. DU Contractors. ensuring that PHI is secured. Network administrator Responsible for the network infrastructure and components within an orga- nization. management. and Third Parties so they can have limited access to sensitive information within the system. In these cases. and server systems. networks. maintaining. be aware of the acronym use between both technical staff and medical staff.

The treatment team is made up of a number of clinicians who have been assigned to work with a specific patient at any given time. This can happen in an emer- gency situation. Team members are assigned and tracked within the EMR/EHR system. When you arrive at the office and check out the situation. an RN. Ed 1. Who should you contact for server issues? a) Security administrator TE b) Network administrator or c) DBA CA ✓ d) Systems administrator 2. When is break glass access necessary in a medical setting? LI Break glass access is necessary when a clinician must access information that has been ct P classified as highly sensitive within the EMR/EHR system. but not the billing application. You determine that the issue has to do with the EMR/EHR in-house server. n ACTIVITY 3-1 o Examining Roles and Responsibilities iti Scenario: In this activity. you determine that she can con- nect to the Internet. such as an MD. when a clinician needs to check a patient’s medical record for medication DU reactions and other pre-existing medical conditions. What NO medical roles will this impact? Because this environment is limited to the ED. PAs. there has been a breach in ru security within the ED. One of the medical facilities you support has contacted you because they cannot con- nect the EMR/EHR system to access the patient billing web-based application. and a PA. most likely the medical personnel impacted are MDs. st DO In Lesson 3: Using IT in the Medical Workplace 57 . and can be updated and changed as clinician work shifts are changed. Someone has reported that a laptop has been stolen. and LPNs. The T laptop was a shared device for updating and tracking all ED patient information. RNs. 3. LESSON 3 The Treatment Team Any of the clinical roles can be a member of the treatment team. you will examine roles and responsibilities that interact with the EMR or EHR system on a daily basis. In the hospital where you work as an IT support technician.

you may ask him or her to slow down so that you can get all the information. you will manage communication and eth- ics issues. you can o focus on using good communication skills and conducting yourself in a professional way while on the job at any medical environment. Many clini- ct cians and office staff will not have the same level of technical P knowledge as you and your colleagues. and how to overcome them. TE Communication Skill Description or CA Verbal communication • Use clear. nurses. If a situation escalates and the person you are interact- T ing with becomes agitated. and even more so in a medical environment where time is short and jargon abounds. concise. LI • Avoid using IT jargon. you identified different medical roles you may encounter while support- ing IT within a medical facility. iti Communicating and interacting with non-IT professionals can be challenging. and slang. Ed Communication Skills Communication Skills Using the proper communication skills when dealing with clients and colleagues provides a professional environment that is conducive to effective communication with doctors.LESSON 3 TOPIC B Manage Communication and Ethics Issues n In the previous topic. Now that you know who you will be working with. and using terminology that is DU beyond their level of knowledge can confuse or upset them. as it allows you time to formulate ru your response. Because of this. and it will help the clinician under- stand what you are saying. A pause may be more valuable than an immediate answer. it is vital to your effectiveness as an IT professional that you are aware of the hurdles that may arise. NO st DO In 58 CompTIA® Healthcare IT Technician (Exam HIT-001) . • Use timing to set the pace of a conversation. This will help you get to the crux of the matter more quickly. acronyms. In this topic. and direct statements. and other medical staff within the healthcare environment. abbreviations.

which indi- iti cates disinterest. maintain. Avoid staring directly at the clincian—a form of invading personal space—or letting your gaze wander. If this clini- or CA cian or staff member backs up. and break eye contact as you talk o with each other. sarcasm. Stud- ies show that up to 70 percent of a message is conveyed through actions.5 to 4 feet away from the person you are interacting with. Even when you are talking on the phone. Slouching indicates ″I am bored with this LI conversation. intensity. If the person’s agitation escalates. as well as P those of the clinician you are working with. You may be working in close quarters. A rise in your voice at the end of a sentence makes it sound ru like a question. Lis- T ten to the clinician’s tone. • Use the appropriate level of physical contact. • Be aware of physical positioning and posture. LESSON 3 Communication Skill Description Non-verbal communication • Be aware of the non-verbal clues you use. Respect the person’s TE personal space. you are too close. Other st forms of touching are generally unnecessary. and risky. You convey that you are listening and want to know more. non-verbal n characteristics—such as tone of voice—will add meaning to your mes- sage and help you interpret the concerns of the clinical staff. and meaning of facial expressions are almost endless.″ Watch your body’s signals. A firm handshake is appreciated and may be expected in some business dealings. When attention is directed to the problem at hand. You and the person you are inter- acting with will make. try lowering your NO volume to re-establish a sense of calm. Depending on the circumstances. fear. boredom. implying lack of assurance instead of competence. friendly gestures indicate being open to the conversation. Encourage the person you are interacting with to continue with ″Mm-hmm″ and a slight nod of your head. inappropriate interest. DU • Be aware of the effect of tone of voice. DO In Lesson 3: Using IT in the Medical Workplace 59 . Messages are conveyed by body position. Volume—loudness or softness—colors the spoken message. • Use non-verbal encouragement to gather information. or uncer- tainty. you may be from 1.″ Holding one’s arms across the chest says ″I am closed ct off to what you are saying. while sharp or jabbing gestures usually mean anger. sitting in the office chair. or even worse. The variety. whether you are talking or listening. • Use gestures and facial expressions to reinforce the spoken message. inappropriate. You and the cli- Ed nician you are working with read each other’s faces to gain insight into the spoken words. The tone of voice indicates many internal moods: excitement. Body language communicates more than actual words. Broad. • Use the proper level of eye contact. eye contact may be minimal. ask permission before you move into a person’s per- sonal space—for example.

access. IM is an efficient method of T communication. In Secure FTP Secure File Transfer Protocol (Secure FTP) is a secure version of FTP that uses a Secure Shell (SSH) tunnel as an encryption method to transfer. but do not par- ticipate actively in the conversation. This method is useful when you need to communicate with one or ct P more contacts about system updates. and manage files. you run the risk of missing some important information that can help you solve the problem. iti which are conveyed non-verbally. Your silence may help the individual to collect his or her thoughts. there are a number of methods to use for com- munication. • Employ active listening techniques.. but. This type of communication method is used commonly to send medi- cal reports. Technical Communication Methods TE Technical Communication When supporting a medical office or hospital. Depending on the situation. It may be difficult to keep from jumping in with a question or a ″Yes. DU IM and secure chat Instant messaging (IM) is a type of communication service which involves a private dialogue between two persons via instant-text-based messages over the Internet. DO Fax A fax is typically used to send an electronic copy of a hardcopy document quickly. Listen for factual data and be alert for feelings and attitudes.″ Resist the temptation by writing down your thoughts to refer to later. and doctor referrals between offices. This will convey the message that you respect them and want to hear what he or she is saying. • Allow the clinician or staff member to complete statements—avoid n interrupting. because it is done in real-time and can enable you to com- municate on an individual basis quickly. patient prescriptions. When the clinician or staff mem- ber is describing the problem. and accepting. installations. • Employ passive listening techniques. or Methods Method Description CA LI Email Email allows a user to send an electronic message to another user or group of users.″ You are alert. If you do not. especially if he or she is upset or angry. attentive. Secure FTP is used primarily on Microsoft® Windows® systems. NO EMR system The EMR system may have built-in workflow functionality that would notify personnel when a process or procedure is completed.LESSON 3 Communication Skill Description Listening skills • Listen to the clinician or staff member. 60 CompTIA® Healthcare IT Technician (Exam HIT-001) . This process can be used to communicate when a task is complete. Secure chat is an instant messaging service that uses strong ru encryption to send and receive secure messages. one method may be more effective than others. or issues. Clarify user statements by asking pertinent questions. Your message is: ″I am listening. o Tell me more. or has moved to the next st phase. listen actively to elicit as much Ed information as you can..

and blogs within a healthcare environment. The phone can be an IP telephone unit. a VoIP interface at a Private Branch Exchange (PBX) or a softphone (a software application such as Skype). n VoIP Voice over IP (VoIP) is an implementation in which voice signals are trans- mitted over IP networks. Most often the phone system is used to manage appointments and communicate with patients about medi- cal issues. which enables the originating device to access the o IP network and place and receive telephone calls. For example. LESSON 3 Method Description Phone The phone is a traditional way of communicating and is used primarily in a medical setting to quickly resolve patient issues. Collaborative software Collaborative software refers to applications that enables sharing of files. clean. Microsoft® iti SharePoint®. CA LI ct P DU ru T NO st DO In Lesson 3: Using IT in the Medical Workplace 61 . business-like appear- or ance. wikis. Professional Conduct Ed Acting in a professional manner when dealing with colleagues and clients provides a work Professional Conduct environment where expectations are met and work is completed as expected. Any medical facility requires that you present a neat. Facet Description TE Appearance Exhibit a professional appearance while in the medical environment.

• Maintain a positive attitude when talking with clinicians and other staff members. Repeatedly answering a mobile phone. • Be sure to keep your work area at any of the medical office sites neat. Prioritizing Set priorities. You will recommend whether your clinician should repair or replace equip- ment. You will rank the urgency of the needs. Be familiar with your medical office or hospital policies and follow them. • When dealing with clinicians and medical staff. This is especially important within a medical envi- ronment. workspace. or being defensive. or train- ing. Tardiness can give a negative impression of you. being judgmental. • Never insult a clinician. competence. The issues involved are com- plex and ever-changing in the medical field. talking to coworkers. or • Be respectful of the property at the medical site. and keeping promises. Treat any information located on a desktop. avoid distractions and interruptions. always call and communicate with the medical staff. An unethical practice may NO become so routine that it is falsely assumed to be acceptable behavior. or any other staff member. DU Confidentiality Be circumspect. If you are going to be late. 62 CompTIA® Healthcare IT Technician (Exam HIT-001) . Do not pile materials on staff member’s books and files.LESSON 3 Facet Description Respect Be respectful and sensitive of the medical environment in which you are working. What seems simple to you could be a mission- critical problem to the clinician. Learn your medical office or hospital policies and adhere to them. Never minimize a problem. using the tele- phone. You have an obligation to take responsibility for ru T ethical conduct within your delivery of service. • When dealing with a difficult person or situation. or attending to any other personal distractions while you are supposed to be supporting medical staff sends the message that the problem is unim- Ed portant to you. and admit your mistakes. Base your decisions on In common courtesy. rudeness is never the answer. In ct questions of conflict of interest between your company and the medical staff. a computer. • Be culturally sensitive. Always ask permission CA before entering an office. LI Accountability Be accountable. or adjusting the workspace. Take responsibility for your actions. P refer to your supervisor or follow your company’s procedure. o • Never minimize a problem. or a printer that pertains to patients or medical staff as confidential. No matter how frus- iti trating a situation might become. Always be conscious of who you are working with. Honesty Be forthright with clinicians and staff members about what is occurring and st the actions you will take. You will often need to set priorities and make judgment calls. When onsite at a medical office or hospital. avoid arguing. and how your actions can be portrayed. sitting down at a computer. fundamental fairness. Arguing or getting defensive with individuals will make it n harder for you to solve problems and fix issues. Ethics Practice ethical conduct. TE • Be on time. ask where to dispose of materials. or hospital room. Clients have a right to understand the process you DO are following and how it will affect them. Do not misrepresent your credentials.

Environments stand that you may be exposed to clinical areas where patients are being treated. and in some cases trauma centers. temp room. If a situation or environment brings on a strong physical or feeling of being uncomfortable. When working with project managers on assignments. Adapting to Varying Medical nursing home. and provide the proper documentation needed for the services provided. ultrasounds. Patients are closely monitored for any st indications of post-operative complications. and so forth. Float Room Any room used to temporarily house patients when they are in transi- In tion between their patient room and another location. or prep room. Situational Awareness In some cases. you must be aware and under. DO Examination Room A private room where a patient is examined and diagnosed by a medical practitioner. it is crucial to conform to any requirements before. iti Adapting to Varying Medical Environments Working within a medical environment can be challenging depending on the office. Set a timeline and a communication plan that both you and the staff agree on at the start of the relationship. and know how to express your feelings. These P Common Medical common areas may demand specific safety and operating procedures. As the IT technician. during. computed tomography NO (CT) scans. Operating Room (OR) Area where surgical procedures are performed in a sterile environ- ment. Environments DU Medical Environment Description ru T Imaging Center Area where all medical imaging procedures are conducted. you may not be comfortable with the varied circumstances in a medical TE environment. A Float Room may also be called a holding bay. In these cases it is important to acknowledge your limitations. you must adapt the appropriate procedural behavior according to the situation or environment. LESSON 3 Facet Description Expectations You should set expectations with the medical staff up front. then you must recognize this and take action to allevi- CA ate the negative feelings and remove yourself from the situation or environment. Always follow up and get feedback on the work completed. where Ed emergency medical care is given. to make sure o that all expectations have been met for a project. or outpatient care center. such as before or after tests or surgeries. Always communicate repair and replacement options. Common Medical Environments LI ct There are a number of common medical environments within a healthcare organization. hospital. Recovery Room Area where patients are housed after a surgical procedure or any pro- cedure requiring anaesthesia. Before entering any medi- cal setting or room. and after work completed. This information allows n you to improve customer satisfaction with future projects. Lesson 3: Using IT in the Medical Workplace 63 . such as magnetic resonance imaging (MRI) scans.

you prepare yourself mentally and realize that you T may be exposed to things that may make you feel uncomfortable. Once she is done.LESSON 3 Medical Environment Description Isolation Room Areas within a medical facility designed to prevent the spread of air- borne infections through the use of negative pressurization control of the air inside and outside the room. before being admitted for further treatment by another depart- iti ment. you ask her if you can access the system. like tuberculosis. Procedure Room Area where minor procedures are performed. and adjust your behavior accordingly. Proper communication and ethics can be crucial to providing sup- port while being respectful of your surroundings. the NO RN is visibly frustrated with the computer system. Guidelines: TE To properly manage communication and ethics issues: • Use good communication skills when conversing with medical and office staff. • Conduct yourself in a professional way. Manage Communication and Ethics Issues Ed Manage Communication and Working within a healthcare environment can be challenging due to the nature of the services. When you arrive. o Emergency Room (ER) Area of the facility where needing immediate medical treatment arrive and are provided with initial care for their medical illness or injury. LI • If working on an assigned IT project. make sure to work within the guidelines and ct standards set forth by the project manager. Ethics Issues and care given to patients. including minor surger- ies not requiring anaesthesia and post-operative care. • Be aware of your environment. or • CA Actively listen to clients when they are communicating an issue or problem. so you can fix the problem. ru Before you go down to the ED. and you just listen and nod as she steps through the process. P DU Example: You are an IT support technician who has been called down to the ED to help one of the RNs who is having trouble accessing a patient’s file within the EMR system. Patients with highly infectious diseases. will be isolated in these pressure con- trolled environments to prevent the spread of the infection to other n patients and staff. You calmly ask her to explain the steps she has taken. st DO In 64 CompTIA® Healthcare IT Technician (Exam HIT-001) .

you will manage communication and ethics issues within a medical environ- ment. you will be supporting a new medical facility with their EMR/EHR implementation. Do not let non- verbal communication cues appear judgmental. 2. o 1. b. Ask permission before sitting down in a user’s chair or touching a user’s computer. Do not use information gained during Ed a service call for your personal ben- efit. Which are examples of displaying respect during a service call? LI ✓ a) Asking permission before changing display settings ct P b) Asking ″What happened just before you noticed the problem?″ DU c) Sitting in a user’s chair without permission ✓ d) Silencing your pager or mobile phone ru T 3. Project professionalism by being neat tion and clean. e Respect d. TE d Confidentiality f. Allow the user to complete statements without interruption. Your supervisor has warned you that the environment may be uncomfortable and unsettling due to the medical facility with a low-income provider and its location being in a known problem area of the city. Lesson 3: Using IT in the Medical Workplace 65 . g Non-verbal communica. c Ethical behavior e. Use clear. iti f Verbal communication a. or CA b Appearance g. Keep sensitive client information to yourself. LESSON 3 DISCOVERY ACTIVITY 3-2 Managing Communication and Ethics n Scenario: In this activity. Recognize that this is already an area of high anxiety and that stress may be increased because of having to adapt to a new sys- In tem. You will be onsite all day for a whole NO week helping the front-end office staff with setting up and configuring their worksta- tions. Maintain the proper amount of eye contact. and direct state- ments. stay calm and be patient. Match each communication skill or behavior with the appropriate example. How st should you prepare yourself for working in this type of setting? DO Start by reviewing the medical office ethics policies and make sure to adhere to them while on the job. a Listening skills c. When you are in the situation. concise. where drugs are a constant problem. You have been informed that starting next week.

whether the patient is deceased. documentation support for possible legal evaluations. For example. record retention laws and regulations. • Medical board and association policies. and what communication methods can be used while supporting those roles. In this topic. the Occupational Safety and Health Administration (OSHA). Common reasons for retaining records are: • TE Patient progress and management documentation. Patient record retention procedures vary depending on the type of medical facility. approvals. you identified the roles working within a medical environment. or • CA And. Regulations may differ depending on factors such as the age of the patient. and so forth. Ed Record Keeping and Documentation Record Keeping and There are a number of regulatory rules and general guidelines on medical record keeping and Documentation documentation. patient age. you can focus on the legal issues you should be familiar with and how they affect procedures and policies. regulations. and Documentation n In the last topic. and signatures involved in healthcare documentation. ru T State and Federal Record Retention Laws NO In most cases. • Patient record sharing between healthcare providers. whether the patient is covered by Medicare or Medic- aid. • And.LESSON 3 TOPIC C Legal Best Practices. Awareness of which documents are the most important and the legal requirements surrounding them can help you and your provider avoid potential miscommunica- tions or even legal liabilities. iti There are a large number of required documents. requirements. Time of Storage LI Time of Storage The time of storage for any medical record is based on a number of different factors: ct P • State and federal laws. Records should be kept for the longest time required by any of the applicable laws. DU • Case laws. and HIPAA may each have their own requirements for record st DO retention. you will describe legal best practices. In 66 CompTIA® Healthcare IT Technician (Exam HIT-001) . Now that you are aware of o people and communication issues. and documentation. The time of storage varies among regulating agencies. Medicare. Requirements. or policies.

and medication lists should be in a secured section of the office and only accessible by authorized users. guidelines should be in place. In certain states. If clinicians NO forget to log out. This feature is useful to block information from view. the ct computer is accessible by anyone. and all media such as X-rays. Types Important Medical Records of records can include any doctor notes. lab testing results. prescriptions. immunization reports. nurse notes. graphs. n Working with PHI o In order to keep personal health information safe within a healthcare environment. Screens can also be used to block the view of computers. st DO Disposal of PHI PHI information that meets expiration requirements must be disposed of using an approved Disposal of PHI secure disposal method. TE Printer placement Any printer that is used for printing patient records. then a time lockout will lock a computer automatically. Simple planning and proper equipment placement pre- vents the data displayed on computer screens from being viewed. Privacy screens Privacy screens should be used to block any general access to patients while they are being treated. or CA Screensavers Screensavers should be used when a system has been idle for a certain amount of time. medications adminis- tered or prescribed. and charts. The guidelines on when they should be used are specific to the office. billing information. The time lockout feature is similar to the screensaver in that it pre- ru vents unauthorized users from viewing any information displayed. iti Practice Description Computer placement Proper placement of computers within a medical office can prevent expo- Ed sure to sensitive data by preventing unauthorized individuals from viewing a computer screen. you must enter a password to access any information. and billing areas. especially when in an Examination Room with a patient. but once T locked. patient files and records. but when systems are in view by individuals other than autho- LI rized users. LESSON 3 Important Medical Records Any record that contains specific clinical care that was given to a patient must be kept. P Time lockout Computer systems should be configured to lock when there has been no DU activity within a given time. In Lesson 3: Using IT in the Medical Workplace 67 . Clinicians should lock out of all computers before they walk away. but once the mouse or keyboard is activated. there are a Working with PHI number of practices used to ensure that information is not exposed or shared with unauthorized individuals. healthcare providers may be required to also retain all billing information and any records that have been transferred from another provider.

and patient records that have been imaged and entered into the EMR system. A medical practitioner can be held liable for mal- In practice when there was a specific duty owed. • DVDs/CDs. Liability st DO Liability Definition: Liability is the condition of being actually or potentially subject to a legal obligation based on one’s actions or omissions. bills. LI • Hard drives. NO • Tablets. • DU Copier hard drives. but the duty was breached. Examples of physical media that may contain PHI data include: or • CA Paper charts. the practitioner and the hospital are liable for the results. device. When these factors are present. Degaussing changes the iti magnetic alignment of data. Physical disposal Paper shredders are used to dispose of hard copy materials. For security purposes. • Tapes. ru T • Smartphones. and the breach caused an injury or additional damages.LESSON 3 Method Description Secure shredding/ A method used to securely remove data from hard drives and other electronic sanitizing storage devices. such as receipts. ct P • Fax machine hard drives. so that it cannot be recovered. or media can potentially be sto- TE len and used to harm the patient or healthcare provider. There are two common methods used in sanitizing devices: n Data wiping is a method used to remove any sensitive data from a device and permanently delete it. • Thumb drives. • External hard drives. 68 CompTIA® Healthcare IT Technician (Exam HIT-001) . This helps prevent attackers from obtaining sensitive information from discarded hardware and media. you must shred or burn sensitive documents and bulk erase magnetic media such as disks or tapes before discarding them. Data sanitization is the method used to repeatedly delete and overwrite any traces o or bits of sensitive data that may remain on a device after data wiping has been done. Degaussing A method used to remove data from magnetic media. Crack or break Ed optical disks. Secure shredding utilities completely remove data and any data remnants from a device. PHI Media Any bits of electronic data left on a computer.

and the language of the waiver. The agreement also st DO includes actions to be taken in the event of a breach of PHI. a BAA is required to ensure that information is secure from unauthorized access. n Liability Waivers o Definition: A Liability Waiver A liability waiver is a legal document that may be signed by a patient (or those acting legally on behalf of a patient) to acknowledge the risks involved in a specific medical iti procedure or medication. liability waivers may not be enforceable. By doing so. In Lesson 3: Using IT in the Medical Workplace 69 . The anesthesiologist overlooked a previous treatment complication. the signer potentially removes legal liability from the hospital and medical practitioner. BAAs are commonly used by medical service providers when they hire additional suppliers and service pro- viders. ru BAAs T NO Definition: BAAs A business associate agreement (BAA) is a document that defines the authorized uses of PHI. When the service provided by any of these suppliers includes access to PHI. The hospital and all treat- ment team members may also be held liable. and as a result the patient suffers liver damage and possible life-threatening complications. However. LESSON 3 Example: Liability in a Surgical Procedure A patient going in for surgery is given an anesthetic. and how the information is to be used and managed. In this case the anesthesiologist is held liable because he or she overlooked key information in the EMR. Ed Example: TE or CA LI ct P DU Figure 3-2: A sample liability waiver. public policy. juries. depending on the specific state law.

TE There are two common agreements used. Because of this. known as medical billing services. NO Third-Party Medical Billing st With the increase in medical practice size and the number of patients covered by an DO individual doctor. P such as uptime ratings. agreements must be established and signed by both parties before services are rendered. and proce- ru dures. the medical billing process has become more complicated and tedious. processes.LESSON 3 Example: o n iti Ed Figure 3-3: A sample BAA. ct and. It also includes the terms for penalties in case of service failures. Third-Party Interactions Third-Party Interactions Third-party vendors are used in many different capacities within the medical field. In 70 CompTIA® Healthcare IT Technician (Exam HIT-001) . A document that lists agreed upon actions between two parties. includes guaranteed performance levels. for technology vendors. Memorandum of understand. Third-party services. are sometimes used to manage all aspects of the medical billing process and increases efficiencies across all areas of healthcare. as well as descriptions of the hardware and soft- DU ware included in the service. and in some cases can hold the same binding power of a T contractual agreement. or CA Agreement Description Service-level agreement (SLA) A contractual agreement between a service provider and a customer that stipulates the precise services and support options the vendor must pro- LI vide. It can ing (MOU) be used to identify and define common actions.

ru T 4. b SLA b. even though the medication is documented as being problematic in his file. Lists all agreed upon actions and ser- LI vices between two parties. but state and federal laws. What PHI practice would you suggest in this scenario to prevent anyone from seeing sensitive information on those computers? st The first choice in this scenario is to either move the computers to block the view. There are a num- iti ber of patient files that have not been accessed in over a year. The patient is claiming that the doctor prescribed him a medication that he was allergic to. a MOU c. What time of storage factors should be considered when deciding whether to enter the files into the system? The time of storage factors will vary depending on a specific medical facility. you will examine the legal best practices. An agreement between a service pro- ct P vider and a customer that stipulates DU the precise services and support options the vendor must provide. The hospital where you work has just re-configured the main entrance and reception area to make it more accessible to wheelchairs and walkers. The patient has suffered severe asthma symptoms and has been hospitalized because of the reaction to the medication. you discover NO that the reception computer displays can now be seen by anyone sitting in the waiting area. In doing this. requirements. In this scenario. Ed 2. One of the medical offices that you support is in the process of transitioning from a traditional paper file-based system to an electronic EMR/EHR system. and the patient’s age may all be con- sidered in this situation. What is the correct description for each agreement document? c BAA a. True or False? One of the doctors in the medical practice where you work has been accused of malpractice by a patient. or DO position the waiting area so that no one can see the computer screens. Defines the authorized uses of PHI. the doctor potentially could be held liable for the outcome of this patient’s health. In Lesson 3: Using IT in the Medical Workplace 71 . TE ✓ True False or CA 3. medical board policies. or installing privacy screens. o 1. LESSON 3 ACTIVITY 3-3 Examining Legal Best Practices n Scenario: In this activity. and documentation that you may encounter while supporting medical personnel. case laws. Additional mea- sures can include enabling the screen saver and time lockout options on all front desk computers.

the physical outputs from other medical applica- tions must be scanned. or Example: CA LI ct P DU ru T NO Figure 3-4: A scanned chest X-ray. and files that need to TE be converted to digital form. you will describe how document imaging fits into the EMR or EHR system. o Even with the advent of EMR. and now you are ready to discover how document imaging feeds directly into that system. attached to a patient’s electronic record. then stored within the In system. In many cases. Some medical facilities will scan and store historical records during the system implementation. document scanning is still a large part of many healthcare IT systems. st DO Ongoing Scanning The process of scanning medical documents for storage within the EMR/EHR system is an ongoing process. Understanding the essential elements of document imaging will allow you to provide the right level of support for all day-to-day activities. Documents are scanned and stored in the EMR or EHR system in a number of differ- ent ways.LESSON 3 TOPIC D Medical Document Imaging n In the last topic. There are a number of file types that can be used when creating imaging files. iti Document Imaging Document Imaging Definition: Ed Document imaging is the electronic copying of hard copy documents to digital form. and some will wait until the system is completely implemented to scan and store records. you identified the technologies that make up an EMR or EHR system. patient records. they must conform to the file type supported by the EMR or EHR system. The imaging process can be tedious and com- plex because of the number of handwritten notes. 72 CompTIA® Healthcare IT Technician (Exam HIT-001) . Image File Types Image File Types Once the documents are scanned. In this topic. The scanning and storing process can be done at any point of an EHR or EMR implementation.

• Typically includes both vector and bitmap images. • Allows large file sizes. instead of a JPG. scanned OCR images of text or typed text into machine-encoded text. or Resolution Considerations CA LI The resolution capabilities for each file type must be considered when saving images and storing them in the EMR/EHR system. which means that quality and data is not jeopardized when compressed. GIF Graphics Interchange Format (GIF) characteristics include: • A bitmap image format. Process Lesson 3: Using IT in the Medical Workplace 73 . For example. These points must be considered when determining what file formats are used for scanned medical files. • Supports transparency and animation. • Allows a wide range of compression schemes. if you are storing a patient’s ct P electronic X-ray. DO The EMR/EHR Scanning Process EMR and EHR systems require that patient records get scanned and saved within the system. • Lower resolution capabilities TE • Compression is lossless. In The EMR/EHR Scanning The EMR scanning process includes many different phases. such as the TIFF file format. ru T OCR NO Optical character recognition (OCR) is the process of transforming handwritten. The crux of the issue is that the higher DU resolution file formats will need more space than lower resolution formats. iti JPG/JPEG Joint Photographic Experts Group (JPEG) characteristics include: • Highly compatible file format commonly used for high quality images. This process is often used to convert st hardcopy patient records into files that are compatible with the EMR or EHR system. • Lower resolution capabilities. n • High resolution capabilities. • Limited to smaller file sizes. • Compression is limited to lossy. LESSON 3 File Type Characteristics TIFF Tagged Image File Format (TIFF) characteristics include: • High-quality images and supports multiple images in a single file. which means that some data is lost when the file is Ed compressed. a high resolution may be required. including two-dimensional (2D). PDF Portable Document Format (PDF) characteristics include: o • An open standard for exchanging documents. that uses a lower resolution.

they are then re-named and indexed for ease of use within the system. and what the migration. Scanning The scanning phase involves creating the digital copies of the hardcopy docu- ments. This information can include key search terms. Sam. Hardcopy documents must be prepared for the scanning device. author. At this point. or CA ACTIVITY 3-4 LI ct P DU Examining Medical Document Imaging Scenario: ru T In this activity. Storage methods and requirements are specific to each medical facility. Output The output from the scan is then saved and moved to the appropriate location depending on the process for a specific medical facility. or may n need to be placed on a flatbed scanner. What phase of the process is this? a) Preparation and transport b) Scanning In c) Output ✓ d) Indexing e) Storage and retrieval 74 CompTIA® Healthcare IT Technician (Exam HIT-001) . Storage and retrieval Once the scanned files are complete with necessary information applied. tape. Scans can be either black and white or color.LESSON 3 Phase Description Preparation and trans. you will examine the medical document imaging process. NO 1. and creases from the documents. the patient’s unique patient identifier is associated with the record and metadata is also applied to each document to allow for quick searching and file location Ed within the system. Once the documents have been prepped. depending on the o requirements of the EMR/EHR system. the office manager for a large medical practice. backup. Indexing/metadata Once the scanned images are saved to the appropriate location. so that they can be fed into the scanner without issues. This usually port involves removing staples. Once the documents have been stored properly. using the unique identifiers and metadata keywords applied during the indexing phase. additional information such as the scan date and time may be added. is in charge of getting all patient files from hardcopy to digital copies to store in the EMR system. and other identifying attributes that get attached directly to a patient’s record. they can be retrieved by users logged in to the EMR/EHR system. He is currently in the st process of adding keywords to each scanned file so that the files can be found quickly DO during a search. At this point in the iti process. they are either fed manually into a scanner/copier machine. they can be stored within the EMR/EHR system. and dura- TE tion requirements are applied. and the sub- ject matter.

• Disinfect and clean shared computer equipment regularly. In this topic. General sanitation is important because it affects everyone. and fax machines. and X-rays. What part of the EMR/EHR scanning process is the most challenging? The preparation and transport phase is generally the most challenging phase. Knowing when and how to properly sanitize both personnel and equipment can save you and others unnecessary illness and help improve patient out- LI comes. ct P When to Use Sanitation Techniques DU Sanitation is a main concern for anyone working in the medical field. printers. even if that staff never interacts directly with a patient. you are ready to venture into a TE more medical-specific area of the healthcare environment. you will identify the sanitation requirements and best practices. and face masks. Problem areas include When to Use Sanitation shared keyboards. Proper Sanitation Techniques st DO Following the proper sanitation steps while working in a medical facility can prevent many Proper Sanitation Techniques different illnesses and diseases: • Follow proper hand washing guidelines according to the Centers for Disease Control In (CDC). LESSON 3 2. or CA Sanitation in medical environments is vital for both patients and staff. Because IT technicians will most likely Techniques ru be touching computer equipment and systems. record. and copier machines. iti TOPIC E Ed Sanitation Management Now that you have been through the medical records process. • Follow specific sanitation guidelines and procedures for the room or area that you are working in. it is important to recognize the areas that may T contain a higher level of pathogens and other infectious germs. wear protective gear such as gloves. Lesson 3: Using IT in the Medical Workplace 75 . • When required. What are some of the system implications of scanning and storing hard copy medical files? The main concern for scanning and storing medical files is having the storage space o required. IT equipment and equipment located in isolation areas must be cleaned regularly. printers. Shared equipment will always NO be problematic. The process of removing staples and clips from the hard copies alone can be tedious and time consuming. laptops. The wide range of file types used and the size of the files can demand addi- tional IT hardware installations. mice. because of the manual labor required to physically prep all hard copy documents. mice. such as keyboards. Because of this. aprons. n 3.

o In these cases. ✓ True False st DO 3. In 76 CompTIA® Healthcare IT Technician (Exam HIT-001) . ru T 2. How can you mitigate the risk of spreading diseases through shared IT equipment in a medical facility? Set up daily cleaning and disinfecting guidelines and enforce good hand washing habits among medical and IT personnel. n IT Equipment Sanitation IT Equipment Sanitation IT equipment within a medical environment is often shared among a number of professionals. and follow specific cleaning guidelines for each medical area. and CA refers to any infectious disease that originated outside the hospital environment. laptops. and fax machines. infectious diseases are classified into two levels: Hospi- tal Acquired (HA) and Community Acquired (CA). iti HA vs. ACTIVITY 3-5 TE Examining Sanitation or CA Scenario: In this activity. mice. LI ct 1.LESSON 3 • Follow specific hospital guidelines. the risk of spreading disease is higher than in other settings. CA Within a hospital environment. As an IT technician working in various medical environments. printers. True or False? Shared computer equipment within a medical facility is at a high risk for NO spreading disease to medical staff. wear protective gear when necessary. regularly disinfect equipment. IT technicians and all other personnel must enforce daily cleaning and disin- fecting of all shared IT equipment. what are some steps you P can take to prevent the spread of disease and illness while working with IT and medi- cal equipment? DU Follow proper hand washing guidelines. HA refers to any infectious disease Ed that originated within the hospital environment. you will examine sanitation techniques and guidelines. Because of this. Equipment that carries the most germs and bacteria are keyboards. The Infection Control Office The infection control office is responsible for ensuring that the guidelines issued by the Joint Commission are enforced within the hospital environment.

LESSON 3 Lesson 3 Follow-up In this lesson. but may include using your best judgment and applying good communi- cation methods when supporting the wide range of clinicians within the medical iti environment. you discovered how technology is implemented within a medical environment. 1. Given the nature of PHI data. but may include additional measures to keep data secure while you are supporting clinical staff with IT related issues. and more specifically. how do you anticipate that you have to change your n practices? Answers will vary. How do you think your IT practices will change when working in a medical setting? Answers will vary. o 2. how the roles of medical staff interact with the technology components within that system. Ed TE or CA LI ct P DU ru T NO st DO In Lesson 3: Using IT in the Medical Workplace 77 .

NOTES o n iti Ed TE or CA LI ct P DU ru T NO st DO In 78 CompTIA® Healthcare IT Technician (Exam HIT-001) .

LESSON 4

LESSON 4

n
Lesson Time
3 hour(s), 30 minutes

o
Healthcare IT Technical

iti
Components

Ed
In this lesson, you will describe the essential elements of computing including hardware, soft-
ware, networking, and change control.
You will:
• Apply core IT concepts as a foundation for healthcare IT tech support best practices.

TE
• Describe core networking components.
or
• Install and manage servers and software.

CA
• Support hardware components.
LI
ct
P
DU
ru
T
NO
st
DO
In

Lesson 4: Healthcare IT Technical Components 79

LESSON 4
Introduction
In the previous lessons, the focus has been on healthcare systems, technologies, and environ-
ments. Now you can cycle back to examine the core technical components of information
technology that remain relevant within healthcare IT. In this lesson, you will review the essen-
tial elements of computing, which include hardware, software, and networking processes and
procedures.

n
While many of the basics of computing and networking remain stable, technology is constantly
evolving. As an IT technician within the healthcare environment, it is important to understand

o
the technical components of any computer or network so that as procedures and processes
change to meet the needs of the medical community, the technology can remain supportive and
can adapt to any changes that may occur.

iti
TOPIC A

Ed
Computing Essentials
Up to this point in the course, the focus has been on healthcare-specific components and tech-
nology. In this topic, you will take a step back to review the basics of computer technology
and how basic devices and connections make up a network. In this topic, you will apply core

TE
information technology concepts as a foundation for healthcare IT technical support best prac-
tices.
or
A strong foundation in computing essentials is the keystone for any IT technician’s trouble-

CA
shooting ability. As an IT professional in any industry, you will need to understand the basics
of computer technology and network systems. Knowing these essentials will make you an
important resource to any company, but will certainly be a strong base of knowledge and skills
LI
as you look to transition into the healthcare industry as an IT professional. This topic ensures
ct

you have the knowledge necessary to be successful in your IT endeavors.
P
DU

Because an A+ certification is
not a firm prerequisite, you Essential Components of Computers
may have students with
varying levels of competence
Computers must have certain components installed and configured to be functional. The essen-
ru

tial components include:
T

with basic IT skills. You will
need to adjust your • A system unit, the main component of a personal computer, which includes the other
NO

presentation accordingly, and devices necessary for the computer to function.
treat it as an introduction or as
a review based on the levels of • A display device that enables users to view the text and graphical data output from a
your students. Point out to computer.
st

your students that there are
DO

many healthcare IT exam • And, an input device that enables users to enter data or instructions into a computer.
objectives related to general IT
support.
In

Essential Components of
Computers

80 CompTIA® Healthcare IT Technician (Exam HIT-001)

LESSON 4

o n
iti
Figure 4-1: A basic computer setup.

Ed
Operating Systems
The operating system is a component of the system unit and provides the graphical user inter- Operating Systems
face (GUI) for users. There are a number of different operating systems that you may
encounter within the healthcare system. The most common operating system is Microsoft Win-

TE
dows. Microsoft® Windows® comes in several different versions and revision levels for use on
personal computers, tablets, smartphones, and network servers. Other systems can include Mac
OS® versions, and possibly Linux and Unix systems. As smartphones become more available
or
CA
and commonly used, mobile operating systems are increasing, including Apple iOS®, Google
Android™, and BlackBerry OS®.
LI
Human Interface Devices
ct
P
Definition: Human Interface Devices
DU

Human interface devices are hardware components that enable users to interact with
computers. Interface devices allow users to read, enter, and manage data within a com-
puter system. Within the healthcare environment, there are could be a number of
ru

devices that you need to support and troubleshoot.
T
NO
st
DO
In

Lesson 4: Healthcare IT Technical Components 81

LESSON 4
Example:

o n
iti
Figure 4-2: Human interface components.

Ed
Human Interface Device Types
There are three main human interface device types.

Human Interface

TE
Device Description
or
Input Personal computer components that enable users to enter data or

CA
instructions into a computer. The most common input devices are key-
boards, computer mice, microphones and touch screens. An input
device can connect to the system unit via a cable or a wireless con-
LI
nection.
Display Personal computer components that enable users to view the text and
ct
P
graphical data output from a computer. Display devices commonly
connect to the system unit via a cable, and they have controls to
DU

adjust the settings for the device. They vary in size and shape, as well
as the technologies used.
External A personal computer’s functionality can be enhanced by connecting
ru
T

different types of external devices to the system unit. Often called
peripheral devices, external devices typically provide alternative input
NO

or output methods or additional data storage. External devices are
connected to the system unit via a cable or a wireless connection.
Some have their own power source and some draw power from the
st

system. There are many types of external devices:
DO

• Microphones
• Digital cameras
• Scanners
• Speakers
In

• Printers
• Network devices
• External drives

82 CompTIA® Healthcare IT Technician (Exam HIT-001)

LESSON 4
Applications
Definition: A Medical Record Application
Applications are software components that allow users to perform specific tasks and
job functions on a computer. Within the Electronic Health Records (EHR) or Elec-
tronic Medical Records (EMR) environment, there are many different types of

n
applications used depending on the job function. Healthcare professionals use applica-
tions to manage billing, patient data, appointment scheduling, and medical records.

o
Example:

iti
Ed
TE
or
Figure 4-3: A medical record application.
CA
LI
Documentation
ct
P
DU

When setting up and configuring any computer system or technical environment, it is essential Documentation
to document the process, as well as the components and how they are configured. Proper docu-
mentation of all hardware, software configuration and licensing, connections, application
ru

configuration and licensing, and systems configuration will help you troubleshoot issues and
T

problems when they arise.
NO
st
DO
In

Lesson 4: Healthcare IT Technical Components 83

Input device b A d. External device ru T 2. Provides audio output a Speaker b. Identify the computer components in the graphic. Match each external device with its function. System unit DU a D b. Provides text and graphical output st DO c Printer d. you will identify personal computer components. Provides additional data storage In 84 CompTIA® Healthcare IT Technician (Exam HIT-001) . iti Ed TE or CA LI ct P d B a. Display device c C c.LESSON 4 ACTIVITY 4-1 Identifying Personal Computer Components n Scenario: In this activity. o 1. Provides graphical input b Scanner c. Provides audio input e External drive e. NO d Microphone a.

Understanding the core components of a network and how they interact is an essential part of every IT technician’s TE toolbox. DHCP Dynamic Host Configuration Protocol (DHCP) is a protocol used to automatically assign IP addressing information to IP network computers. maintain. The DNS servers on the Internet work together to provide global name reso- lution for all Internet hosts. you can better serve any type of healthcare computing environ- ment. ct P DU Protocol Description TCP/IP Transmission Control Protocol/Internet Protocol (TCP/IP) is a non-proprietary. you will describe core networking compo- nents. DNS is a hierarchal system of databases that map computer names to their associated IP addresses. LESSON 4 3. routable network protocol suite that enables computers to communicate over all types of net- ru works. or CA Network Protocols Networking protocols enable data transfer over a physical or wireless connection. you will expand on that knowledge by identifying how those components are used in a basic computer network. Therefore. In this topic. What are the main categories of personal computer components? ✓ a) System unit ✓ b) Display device ✓ c) Input devices d) Network devices o n TOPIC B iti Networking Ed In the previous topic. TCP/IP is the native protocol of the Internet and is required for Internet T connectivity. Computer networking is at the center of nearly every IT environment. Networks Network Protocols LI utilize a number of common protocols. a DHCP service is a critical component of an IP implemen- tation in most medical environments. Except for a few systems In that have manually assigned static IP addresses. With this information. you identified the basic components that make up a computing environ- ment. and update data- bases and respond to DNS client name resolution requests to translate host names to IP st DO addresses. In this topic. NO DNS The Domain Name System (DNS) is the primary name resolution service on the Internet and private IP networks. DNS servers store. most IP systems obtain addressing information dynamically from a central DHCP server or a router configured to provide DHCP functions. Lesson 4: Healthcare IT Technical Components 85 .

LESSON 4
Protocol Description
FTP File Transfer Protocol (FTP) enables the transfer of files between a user’s workstation
and a remote host. A user can access the directory structure on a remote host, change
directories, search and rename files and directories, and download and upload files.
802.11 Many healthcare providers rely heavily on wireless computing devices for communica-

n
tion and record-keeping within their practices, and so there are various IEEE 802.11
standards that you may encounter in wireless networking implementations in your role
as a healthcare IT professional. Each of the approved standards in the 802.11 family has
different characteristics.

o
RDP Remote Desktop Protocol (RDP) enables a computer to connect to another computer
from a remote location as if you were in front of it. Depending on the permissions you
define, you will have full access to all resources, including printers, storage devices, and

iti
the network to which the machine is attached.
RDC Remote Desktop Client (RDC) is a client application that allows a user to log on
remotely to a networked computer from another computer or mobile device, and pre-
sents the desktop interface of the base device on the remote device, allowing for access
and control of the base device by the remote device. Clients exist for most operating

Ed
systems, including Windows, Linux, Unix, Mac OS X, Android, and other operating
systems.

802.11 Standards
The 802.11 protocols each have a specific set of functions.

TE
or
CA
Wireless
Protocol Description
802.11 A family of specifications developed by the IEEE for wireless Local Area Net-
LI
work (LAN) communications between wireless devices or between wireless
devices and a base station. The standard is supported by various working groups,
ct
P
known collectively as 802.11x. It specifies wireless data transfer rates of up to 2
megabits per second (Mbps) in the 2.4 gigahertz (GHz) frequency band.
DU

802.11a The approved specification for a fast, secure, but relatively expensive wireless
protocol. 802.11a supports speeds up to 54 Mbps in the 5 GHz frequency band.
Unfortunately, that speed has a limited range of only 60 feet, which, depending
ru
T

on how you arrange your access points, could severely limit user mobility.
NO

802.11b Also called Wi-Fi, short for “wired fidelity,” 802.11b is probably the most com-
mon and certainly the least expensive wireless network protocol. 802.11b
provides for an 11 Mbps transfer rate in the 2.4 GHz frequency. (Some vendors,
such as D-Link, have increased the rate on their devices to 22 Mbps.) 802.11b
st

has a range up to 1,000 feet in an open area and a range of 200 to 400 feet in an
DO

enclosed space (where walls might hamper the signal). It is backwards compat-
ible with 802.11, but is not interoperable with 802.11a.
802.11g The specification for wireless data throughput at the rate of up to 54 Mbps in the
2.4 GHz band. It is compatible with 802.11b and may operate at a much faster
In

speed.
802.11n A recent specification for wireless data throughput. Even before approval, many
“Draft N” or “Pre-N” products were already being produced and sold, which
were compliant with the specification. The specification increased speeds dramati-
cally, with data throughput up to 600 Mbps in the 2.4 GHz or 5 GHz ranges.

86 CompTIA® Healthcare IT Technician (Exam HIT-001)

LESSON 4
Remote Control Applications
Remote control networking solutions include Windows® Remote Desktop and Remote
Assistance, Symantec pcAnywhere, GoToMyPC™, LogMeIn, WebEx™ PCNow, vari-
ous VNC® clients and servers, Citrix XenApp, and Apple® Remote Desktop. These
enable a technician to provide support and assistance over the network.

n
Network Devices
Different types of internetwork devices provide different levels of connectivity and security Network Devices

o
between network interconnections and network segments within a healthcare computing envi-
ronment.

iti
Device Description
NIC A Network Interface Card (NIC) is a device that provides network connectiv-
ity capabilities for computer systems. In most cases, this device or card is
built into a computer system by the manufacturer to enable quick Ethernet

Ed
access.
Switch A switch is a device that has multiple network ports and combines multiple
physical network segments into a single logical network. It controls network
traffic on the logical network by creating dedicated, or “switched,” connec-
tions that contain only the two hosts involved in a transmission. Standard
switches generally forward broadcasts to all ports on the switch, but will send
individual packets to the specific destination host based on the unique physi-

TE
cal address assigned to each network adapter. Some switches can perform
routing functions based on protocol addresses.
or
CA
AP An access point (AP) is a hardware device that acts as a wireless communica-
tion hub to provide secured wireless access and security and to extend the
physical range of a wireless LAN. LI
Router A router is a device that connects multiple networks that use the same proto-
col. Routers can examine the protocol-based addressing information in the
ct
P
network packets and determine the most efficient path for data to take. They
can also filter network traffic based on other criteria. Most routers will not
DU

forward broadcast network traffic. Port forwarding on a router allows remote
devices to connect to a computer, device, or service that is networked on a
private LAN.
ru

Firewall A firewall is any software or hardware device that protects a system or net-
T

work by blocking unwanted network traffic. Firewalls generally are configured
NO

to stop suspicious or unsolicited incoming traffic, but permit most types of
outgoing traffic. Information about the incoming or outgoing connections can
be saved to a log, and used for network monitoring or hardening purposes.
st

Internet modem An Internet modem is a network device that modulates digital information
DO

onto an analog signal at one end, and demodulates the analog signal back to
digital data, used for dial-up Internet connections. Depending on the type of
connection used, you will use either a cable modem, a digital subscriber line
(DSL) modem, a wireless modem, a voice modem, or a radio modem. A
laptop modem can be an internal device, or can be added to a system using a
In

PC Card or an ExpressCard.

Lesson 4: Healthcare IT Technical Components 87

LESSON 4
Device Description
DC A Domain Controller (DC) is a Windows Server® computer that runs the
Active Directory service. Active Directory is a directory service that acts as a
central location for network administration, user management, and security.
Directory information is automatically replicated between the DCs in a given
forest.

n
Print server A print server is a device or service that distributes and manages print jobs
sent from client computers. The print server is connected to either a wired or
wireless network and sends print jobs to the designated printers within the

o
network.
Fax server A fax server is a device that manages all fax messages that are sent and
received within a network. Some fax servers are equipped to convert elec-

iti
tronic messages to a fax format and then forward them on to the designated
recipient.

Ed
Network Cable Types
Network Cable Types
There are different types of cable that may be used in networking computers together in a
healthcare environment.

TE
Cable Type Description
Twisted pair Multiple insulated conductors are twisted around each other in pairs and clad in a
or
protective and insulating outer jacket. There may be multiple pairs depending on

CA
the type and size of cabling. Shielding can be added around the bundle of twisted
pairs to reduce electronic interference.
Twisted pair cable comes in two basic types: unshielded twisted pair (UTP) and
LI
shielded twisted pair (STP). As the name implies, STP includes shielding, typically
a foil wrapper, around its conductors to improve the cable’s resistance to interfer-
ct
P
ence and noise. It tends to be more expensive than UTP and is installed only when
needed.
DU

Most hospitals will use the fastest, highest capacity cabling possible, usually UTP
Cat5, or Cat6 cables.
ru
T
NO
st
DO
In

88 CompTIA® Healthcare IT Technician (Exam HIT-001)

LESSON 4
Cable Type Description
Coaxial Also called coax, is a legacy (older) type of copper cable that features a central
conductor surrounded by braided or foil shielding. An insulator separates the con-
ductor and shield, and the entire package is wrapped in an insulating layer called a
jacket. The data signal is transmitted over the central conductor. The outer shield-
ing serves to reduce electromagnetic interference.

n
Coaxial cable may still be found in older network installations.

o
iti
Fiber A type of network cable in which the core is one or more glass or plastic strands.
The core is between 5 and 100 microns thick and is surrounded by cladding,
which reflects light back to the core in patterns determined by the transmission

Ed
mode. A buffer, often made of plastic, surrounds the cladding and core. To add
strength (or ″pull strength″) to the cable, strands of Kevlar® surround the buffer.
An outer jacket, sometimes called armor, wraps and protects the whole assembly.
Light pulses from a laser or high-intensity LED are passed through the core to
carry the signal. The cladding reflects the light back into the core, increasing the
distance the signal can travel without being regenerated.
Fiber optic transmissions are fast and reliable over extremely long distances. Due

TE
to the traffic, volume, and size of data being transmitted, like imaging files, most
hospitals will use fiber optic cables. Because they are also impervious to electro-
or
magnetic interference, fiber optic cables are appropriate for use in medical

CA
environments where radiology equipment may be used.
LI
ct
P
DU
ru
T
NO

Distributing IP Addresses
Transmission Control Protocol/Internet Protocol (TCP/IP) addresses can be distributed stati-
st

Distributing IP Addresses
DO

cally or provided dynamically by using DHCP. Configuring TCP/IP statically on a network
requires an administrator to visit each node to manually enter IP address information for that
node. If the node moves to a different subnet, the administrator must manually reconfigure the
node’s TCP/IP information for its new network location. In a large network, configuring
In

TCP/IP statically on each node can be very time consuming, and can be prone to errors that
disrupt communication.

Lesson 4: Healthcare IT Technical Components 89

LESSON 4
DHCP Address Distribution
DCHP Address Distribution
Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic
assignment of IP addresses and other TCP/IP configuration information on network nodes that
are configured as DHCP clients. DHCP requires a DHCP server configured with at least one
DHCP scope. The scope contains a range of IP addresses and a subnet mask, and can contain
other options, such as a default gateway address. When the scope is enabled, it automatically

n
leases TCP/IP information to DHCP clients for a defined lease period.

o
iti
Ed
Figure 4-4: A DHCP server dynamically assigns IP addresses to clients.

TE
Common Network Models
or
CA
Common Network Models
There are various network models you will find in medical environments.
LI
Model Description
ct

Centralized A network in which a host computer—a powerful, centralized computer system,
P
such as a mainframe computer—controls all network communication and per-
DU

forms data processing and storage on behalf of clients and other network
devices. On a host-based network, the host computer does all the computing
tasks and returns the resultant data to the end user’s computer. Users connect to
ru

the host via dedicated terminals or terminal emulators. Centralized networks pro-
T

vide high performance and centralized management, but they are also expensive
to implement.
NO

A centralized network is most commonly found in legacy systems in the medical
environment.
Client-server A network in which computer functionality is divided into two roles: a server
st
DO

computer, which provides services and controls network operations, and a client
computer, which uses the services provided by the servers. Typically, there is at
least one server providing central authentication services. Servers also provide
access to shared files, printers, hardware, and applications. In client/server net-
works, processing power, management services, and administrative functions can
In

be concentrated where needed, while clients can still perform many basic end-
user tasks on their own
In more modern EMR implementations, client-server networks are the most
commonly used.

90 CompTIA® Healthcare IT Technician (Exam HIT-001)

the infrastructure method uses already secured wireless access points to establish a connection. T NO Command Line Tools for Networking st DO There are a number of useful command line tools you can use when setting up or troubleshoot. Command Line Tools for ing basic networking environments. Ad hoc networks will occur between mobile devices. Seen most often in small or home ru offices. Mixed mode A network that incorporates elements from more than one standard network n model. multinational corporations. including metro- politan areas. the IP address. or by using existing infrastructure. Types of Networks Type Description TE WAN A Wide Area Network (WAN) spans multiple geographic locations. in a home. or entire nations. The result is that CA users and computers in one location can communicate with users and computers in other locations. PAN A Personal Area Network (PAN) connects wireless devices in very close proximity but not through a Wireless Access Point (WAP). WANs typically connect multiple or LANs and other networks using long-range transmission media. Typically used in a single building of an organiza- DU tion. Usually limited to 100 meters. Lesson 4: Healthcare IT Technical Components 91 . Infrastructure There are advantages and disadvantages for establishing a network connection using an ad hoc method. Ping checks the host name. such as those created and LI maintained by Internet service providers or the Internet itself. Ad hoc connections allow you to iti quickly connect two devices wirelessly. ct LAN A Local Area Network (LAN) implementation in which nodes use a wireless network P card to connect to other stations. hotspot machines. geographic regions. etc. WANs can be private. or they can be public. o Ad Hoc vs. as in the case of those built and maintained by large. On the other hand. or in a hotspot such as a coffee shop. LESSON 4 Model Description Ad hoc A type of network that is established spontaneously through a peer-to-peer wire- less connection. and that the remote system can be reached. This method may not be as quick to set up. but is more secure for file and data sharing. this can result in wireless attacks. Networking Tool Use In Ping Verifies the network connectivity of a computer. but without the right security settings estab- lished. Ed Types of Networks Networks can be categorized into three different types.

n Tracert Determines the route data takes to get to a particular destination over an IP network.168.1. subnet mask.168. • ipconfig /renew requests the renewal of an IP address for a DHCP assigned or network connection.25 to 192. IP address. This allows TTL to count how many hops it is to the desti- nation. To display addi- tional information about the IP configuration. iti The Command Prompt Utility Windows provides a command prompt interface that enables you to enter text-based commands or run command-line tools. The activity simulation can be launched either directly from the CD by clicking the ru Interactives link and navigating to the appropriate one.1. Ipconfig Commands for DHCP The Windows ipconfig utility provides switches that enable you to manage dynamic address leases: • ipconfig /release forces the release of an IP address of a DHCP assigned TE network connection. and the IP address of the DNS server is 192. You can run this simulation on any Windows computer. the Time to Live (TTL) value is reduced before the packet o is forwarded. On Windows 7. In 92 CompTIA® Healthcare IT Technician (Exam HIT-001) . Must be run from a command line.200.0. use the Ipconfig /all parameter with the command.255. The Internet Control Message Protocol (ICMP) sends out Time Exceeded messages to each router to trace the route. and default gateway.95. Scenario: st You are an IT technician for a small practice with leased addresses from their ISP in the range DO of 192. ACTIVITY 4-2 CA LI ct P Assigning IP Addresses Manually DU This is a simulated activity that is available on the CD that shipped with this course. The DNS server is also the default gateway on the network.LESSON 4 Tool Use Ipconfig Displays the connection-specific DNS suffix.168.1. Each time a packet is sent.255. or from the installed data file location by opening the T C:\HCIT\Simulations\Lesson 4\Assigning IP Addresses Manually folder and double-clicking the executable (. You have been assigned with a task of configuring their computers to use the IP addresses provided to them by their ISP. The subnet mask is 255.exe) NO file. you can run the command Ed prompt utility by choosing Start→All Programs→Accessories→Command Prompt.

You can run this simulation on any Windows computer. LESSON 4 What You Do How You Do It 1.Security Warning mes- sage box. You have just been notified that the server is back up and you can change the addressing back to DCHP leased addresses. The activity simulation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one.exe) LI file. Close the C:\HCIT\Simulations\Lesson 4\Assigning IP Addresses Manually folder. o d. a. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 4\Assigning IP Addresses with DHCP folder and double-clicking the executable (. c. click Run. b. ru T NO st DO In Lesson 4: Healthcare IT Technical Components 93 . Browse to the C:\HCIT\Simulations\Lesson 4\Assigning IP Addresses Manually folder. In the Open File . ACTIVITY 4-3 Ed TE Assigning IP Addresses with DHCP or CA This is a simulated activity that is available on the CD that shipped with this course. Double-click the Assigning IP Addresses n Manually executable file. iti e. ct P Scenario: DU Your practice has been experiencing problems with the DHCP server and it has been offline for several hours. Follow the on-screen steps for the simula- tion. Assign IP addresses manually.

and how would you go about fixing it? The issue is that the Internet connection set up for all office computers is established through DHCP. c. Close the C:\HCIT\Simulations\Lesson 4\Assigning IP Addresses with DHCP folder. 94 CompTIA® Healthcare IT Technician (Exam HIT-001) . users connect from individual workstations to access the EMR/EHR system running within a data center. In the TCP/IP proper- In ties. In this configuration. Browse to the C:\HCIT\Simulations\Lesson 4\Assigning IP Addresses with DHCP folder. Double-click the Assigning IP Addresses n with DHCP executable file. the IP addresses are assigned automatically from the DHCP server. iti e. Once you arrive. A manually assigned address is likely to be incorrect. What is the issue. On your network. b. You have been called to one of the outpatient care centers because the office staff cannot connect to the Internet. ACTIVITY 4-4 Ed TE Examining Networking Concepts or CA Scenario: In this activity. click Run. but in the TCP/IP properties of the workstation. the option to obtain an IP address automatically must be selected. o d. LI What You Do How You Do It ct P 1.Security Warning mes- sage box.LESSON 4 What You Do How You Do It 1. you verify that the DHCP server is st functional. an IP address has been DO assigned statically. Assign IP addresses with DHCP. Follow the on-screen steps for the simula- tion. Your network uses which network model? DU a) Ad-hoc b) Mixed mode ru ✓ c) Client/server T d) Centralized NO 2. a. you will examine the network technology used in medical environments. In the Open File .

and web applications. Programming Languages ru tions for a wide range of computing devices. T NO Language Description XML eXtensible Markup Language (XML) is a widely adopted markup language used in st many documents. and applica. you identified the components that make up a basic computer setup as well as a network. its time to see how the or CA devices are used within an EMR or EHR environment. They can also be the most problematic. Now that you know what the components are. DO SQL Structured Query Language (SQL) is a programming and query language common to many large-scale database systems. ✓ True False n 4. LESSON 4 3. Lesson 4: Healthcare IT Technical Components 95 . Com- ponents built in to Adobe Flash play in the Adobe Flash player on a variety of computer systems and mobile devices. you can use the ipconfig command line tool to verify that the computer is receiving a valid IP address. HTML Hypertext Markup Language (HTML) is the a main standard that controls how web pages on Internet sites are formatted and displayed. True or False? Once you have changed the TCP/IP settings to match the Internet con- nection setup method. Having a strong foundation in how these components interact will give you a leg-up when it comes time to troubleshoot problems. websites. What utility would you typically use to verify that the system can communicate with other computers? a) ipconfig/all o ✓ b) Ping c) Tracert d) FTP iti Ed TOPIC C Manage Servers and Software TE In the previous topics. Servers and software are some of the elements of the EMR or EHR solution that users interact LI with the most. videos and other interactive components using the ActionScript® programming language. ct P DU Programming Languages Programming languages are used by developers to create applications. web pages. In Flash Flash is an Adobe® platform that allows developers to create animations. There are many different languages available. and how servers and software fit into the overall system.

operating systems. It is important to remember that you are most likely concurrently running multiple servers on one machine. Various operating systems. there may be a number of different servers used. APIs can be developed to work with applications.LESSON 4 Language Description PHP PHP is a server-side programming language used to develop dynamic web pages by embedding its code into HTML pages. Ed Example: TE or CA Figure 4-5: An API. Linux. and other service related applications to provide a wide variety of customizations. n APIs o APIs Definition: iti An Application Programming Interface (API) is application code that enables various applications to communicate with each other. This type of server is also used by developers to store and share application components that can be used in web applications. such as Unix. 96 CompTIA® Healthcare IT Technician (Exam HIT-001) . and Windows® sys- DU tems have different requirements that must be evaluated prior to implementation. Application server A server that runs applications for client use. ASP Active Server Pages (ASP) is a server-side programming language developed by Microsoft to provide a method to create dynamic web pages. The In database is usually connected in a client-server model. OS and Application Interoperability LI Another consideration when installing applications within your network. st DO Type Description Database server A server that provides database services to other computers in a network. NO each with a different purpose. Types of Servers ru T Types of Servers Within the healthcare computing environment. is to verify ct that the application and operating system are compatible and meet the specifications of P the application.

and converts the messages and forwards them to the correct recipient. Web servers are assigned a domain name. and IP address. T SANs are special purpose high-speed networks dedicated to data storage. A NAS server can be accessed over the network by clients and servers running different operating sys- ru tems. resources. store. or monitor present in the NAS server. NAS is a specialized file server designed and dedicated to support only data ct P storage needs. Fiber Distrib- uted Data Interface (FDDI). File server A server that is primarily used to share. Proxy server A server that isolates internal networks from the Internet by downloading and storing Internet files on behalf of internal clients. Lesson 4: Healthcare IT Technical Components 97 . In Interfaces Server interfaces provide users with the ability to access and manage files. DNS server A server that consists of databases that store domain name information and Ed translate and resolve fully qualified domain name requests from clients. The NO SAN contains servers that share access to data storage devices such as disk arrays and tape drives. The direct data traffic between servers and storage appliances on the SAN is separated from the traffic on the production network. Data can be stored and accessed quickly. LESSON 4 Type Description Mail server A server that receives email requests from hosts on a network. however. There are many different types of mail servers: • Simple Mail Transfer Protocol (SMTP) • Post Office Protocol 3 (POP3) n • Internet Message Access Protocol (IMAP) Web server A server that displays web pages to clients. and redirects them to the intended recipient. and can contain other options. The server can. Time server A server that provides the most accurate actual time to all clients in a computer network. services. it automatically leases TCP/IP information to DHCP clients. Functions will vary depending on the type of server installed. This information is used by clients to connect to a web o page. iti DHCP server A server that contains at least one DHCP scope. or high-speed st Ethernet. The server synchronizes all devices. and because the servers and DO storage devices all have redundant connections. or it can simply be a hard drive with an Ethernet port. There is no mouse. keyboard. data remains available during a server failure. Asynchronous Transfer Mode (ATM). The servers and devices within the SAN interconnect using a high-speed networking technology such as Fiber Channel. such as a default gateway address. which runs a streamlined operating system. TE Fax server A server or software program that enables users to send and receive fax mes- sages through a network connection. Storage server A server that stores files and programs. DU contain a variety of storage devices such as large hard disk arrays or tape drives. FTP server A server that uses the file transfer protocol (FTP) to exchange files over an Internet connection. and applications on a server. and access files. Types include Network Attached Storage LI (NAS) and Storage Area Network (SAN). The scope contains a range of IP addresses and a subnet mask. The server is generally connected to a or CA phone line and fax modem. When the scope is enabled.

o and choosing an ISP that can meet these demands is incredibly important. Example: iti Ed Figure 4-6: An ISP. and a method for connecting to the ISP. file editing applications. Most ISPs charge a fee for this connection. This method of computing relies on the Internet to provide computing capabilities that a LI single machine cannot. NO st DO In 98 CompTIA® Healthcare IT Technician (Exam HIT-001) . access to servers that provide name resolution and email n services. The main idea behind cloud computing is that you can access and manage your data and applications from DU any computer anywhere in the world while the storage method and location is hidden. and social networking websites. Once connected to the ISP. data. Cloud Computing TE Cloud Computing Definition: or CA Cloud computing is a method of computing that relies on the Internet to provide the resources. as there is the question of data security and availability due T to the simple fact that all data and applications are being accessed through the Internet when using this model. storage services. or organization. This could include business websites. A medical environment requires high levels of reliability and bandwidth guarantees. consumer websites. “The cloud” refers to anything available on the Internet. business. and services for a user.LESSON 4 ISPs An ISP Definition: An Internet Service Provider (ISP) is a company that provides Internet access to indi- viduals and to businesses. the customer can access the Internet. Customers receive logon information. software. dynamic or static IP configurations. IT-related ser- ct P vices. There is a high level of concern around implementing the cloud computing model in ru the medical environment.

Lesson 4: Healthcare IT Technical Components 99 . making it simpler to provide server redundancy. LESSON 4 Example: o n iti Figure 4-7: A cloud computing architecture. to customers. each thinking it is the only system present. Service Description Software Software as a Service (SaaS) refers to using the cloud to provide applica- tions to users. This can LI include data centers. such as operating systems. This enables a great deal of additional flexibility and increases hardware utilization by running multiple operating systems on a single com- puter. or any networking devices needed. Cloud Computing Service Types Ed Cloud computing provides three main services to users. servers. virtualization allows st DO hardware resources in an organization to be pooled and leveraged as part of a virtual infrastructure. • Separating software applications within a single operating system to prevent con- flicts. In addition. Virtualization has many uses in the modern IT environment: • Running multiple operating systems on one computer. ct P DU Virtualization ru T Definition: Virtualization NO Virtualization technology separates computing software from the hardware it runs on via an additional software layer. • Increasing the utilization of processing and storage resources throughout the orga- nization by creating a “virtual infrastructure. increasing available processing and storage capacity. or Platform Platform as a Service (PaaS) refers to using the cloud to provide virtual CA systems. reducing hardware require- In ments. IaaS can guarantee quality of service (QoS) for clients.” • And. Infrastructure Infrastructure as a Service (IaaS) refers to using the cloud to provide access to any or all infrastructure needs a client may have. This service eliminates the need for users to have the TE software installed on their computers and for organizations to purchase and maintain software versions.

An example of a terminal service is Citrix. By spending money on a big server DU and using older clients. mouse. Microsoft’s terminal emulation software can CA be installed on almost any Windows operating system. T including desktop computers. Even handheld PCs running Windows® CE can connect to a Terminal Server and run applications. It is possible for a P Terminal Server to support hundreds of sessions. Terminal emulators are software that enables a standard client computer to appear to a host computer as a dedicated termi- Ed nal. or mobile devices. Terminals usually consist of just a keyboard and a monitor. companies can sometimes save considerable upgrade money. Microsoft Windows Terminal Services The technologies formerly known as Terminal Services were renamed Remote Desktop Services in Windows Server 2008 R2. web browsers. Citrix Clients ru Because of Citrix’s digital independence. Terminal Services is a client/server system that enables multiple clients to run applications or manage a server remotely. it has lower central processing unit (CPU) power. almost anything can be a Citrix client. In 100 CompTIA® Healthcare IT Technician (Exam HIT-001) . but no hard drives or CD-ROM drives (they might or might not have floppy drives). LI The low demands on the client have led a lot of companies to deploy Terminal Ser- ct vices as a way of extending the life of their outdated computers. and data or storage is handled by the Terminal Server. and its entire job is to DO connect to a MetaFrame server. Even though it is a low-power device.LESSON 4 Example: o n Figure 4-8: Running multiple operating systems on one computer. The net appliance’s operating system is embedded in a read-only memory st (ROM) chip. All application execution. Terminal Ser- TE vices provides client access to all Windows-compatible applications by opening a user session on the Terminal Server. net appliances. and video. data processing. Terminal Services iti Terminal emulation services enable a client to connect remotely to a server. Web-based access is also available. it can run any application on the server. Net NO appliances are dedicated thin client workstations that have a keyboard. Standard client computers that need to interact with host computers can run software called a terminal emulator so that they appear as dedicated terminals to the host.

installs the server and gets it up and running on the network. the assigned technician. Results will drive application migration and new server investments. Once he verifies that the server is connected. • Enable logging on the server to track activity. Server load refers to the amount of work a server performs on a regular basis. The next step is to make sure the server is secured from unauthorized access. Alex. • Configure the security settings. Within an EMR or EHR environment. o How to Manage Servers and Software Managing servers and software can be challenging depending on how complex the IT environ. that will eventually get networked with the affiliated LI hospital. there is a new server being installed to run an EMR system. TE • Set up performance monitoring. management tasks are vendor specific. How to Manage Servers and iti ment is. and that logging DU and tracking settings are configured to identify any suspicious activity. ru T NO st DO In Lesson 4: Healthcare IT Technical Components 101 . Server utilization is a key met- n ric in long term planning and trending. Ed Guidelines: • Assign access control rights and privileges. There are how- ever. The performance of a server is directly related to how it’s being utilized within the infrastructure. Once he man- ages to secure the server. he assigns access control ct P rights to the therapists and office staff according to the sensitivity guidelines. some high level guidelines you can apply when managing servers and software within the healthcare IT environment. • Set a baseline for server performance. or CA Example: In the small physical therapy office you are supporting. and low utilization and work load results in better performance. he can manage the performance monitoring configurations to make sure that the server is functioning as expected. and Software should be applied according to vendor recommendations and documentation. LESSON 4 Server Load and Utilization Server utilization is managing the performance levels of server to ensure that critical opera. High utilization and work load often results in poor performance. Server Load and Utilization tions are highly available to resources.

o Scenario: You have replaced the various hardware components of a server and before you move on to iti installing the server software. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 4\Verifying the Server Installation folder and double-clicking the executable (. click Run. Close the C:\HCIT\Simulations\Lesson ct P 4\Verifying the Server Installation folder. What You Do How You Do It Ed 1. You can run this simulation on any Windows computer. Browse to the C:\HCIT\Simulations\Lesson 4\Verifying the Server Installation folder. a. Follow the on-screen steps for the simula- tion. In the Open File . you want to ensure that the hardware components are configured properly.Security Warning mes- sage box.LESSON 4 ACTIVITY 4-5 Verifying the Server Installation n This is a simulated activity that is available on the CD that shipped with this course.exe) file. or CA d. The activity simulation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one. LI e. DU ru T NO st DO In 102 CompTIA® Healthcare IT Technician (Exam HIT-001) . Verify the server installation. b. Double-click the Verifying the Server Installation executable file. TE c.

click Run. or CA c. ru T NO st DO In Lesson 4: Healthcare IT Technical Components 103 .Security Warning mes- sage box. You can run this simulation on any Windows computer. Now you want to create a domain. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 4\Configuring Roles and Features on the Server folder and double-clicking the execut- o able (. b. and connect a client computer to the domain. ct P e. In the Open File . LI d. The activity simulation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one. Scenario: iti You have installed an operating system and tested network connectivity on a new server. deptsrv. Ed What You Do How You Do It 1.com. LESSON 4 ACTIVITY 4-6 Configuring Roles and Features on the Server n This is a simulated activity that is available on the CD that shipped with this course.exe) file. Browse to the C:\HCIT\Simulations\Lesson server. Close the C:\HCIT\Simulations\Lesson DU 4\Configuring Roles and Features on the Server folder. Double-click the Configuring Roles and TE Features on the Server executable file. Follow the on-screen steps for the simula- tion. for the departmental server and clients. Configure roles and features on the a. add users to the domain. 4\Configuring Roles and Features on the Server folder.

or CA d.LESSON 4 ACTIVITY 4-7 Viewing Event Logs n This is a simulated activity that is available on the CD that shipped with this course. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 4\Viewing Event Logs folder and double-clicking the executable (. The activity simulation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one. click Run. Browse to the C:\HCIT\Simulations\Lesson 4\Viewing Event Logs folder. What You Do How You Do It Ed 1. View event logs. you will view the event logs of a server you manage for any events that might iti have been reported. Close the C:\HCIT\Simulations\Lesson 4\Viewing Event Logs folder. o Scenario: In this activity. Follow the on-screen steps for the simula- tion. Double-click the Viewing Event Logs executable file.exe) file. LI e.Security Warning mes- sage box. TE c. You can run this simulation on any Windows computer. a. b. ct P DU ru T NO st DO In 104 CompTIA® Healthcare IT Technician (Exam HIT-001) . In the Open File .

Close the C:\HCIT\Simulations\Lesson 4\Collecting Data for Baselining folder. click Run. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 4\Collecting Data for Baselining folder and double-clicking the executable (. ru T NO st DO In Lesson 4: Healthcare IT Technical Components 105 . LESSON 4 ACTIVITY 4-8 Collecting Data for Baselining n This is a simulated activity that is available on the CD that shipped with this course. You can run this simulation on any Windows computer. You decide to create a data collector set named baseline to collect the current performance data related to only these two parameters before performing the upgrade. or CA c.Security Warning mes- sage box. LI d. o Scenario: You are planning to upgrade your server. a. Double-click the Collecting Data for TE Baselining executable file. Browse to the C:\HCIT\Simulations\Lesson 4\Collecting Data for Baselining folder. Follow the on-screen steps for the simula- tion. Ed What You Do How You Do It 1. The activity simulation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one. b. ct P DU e. Collect data for baselining. and your manager has asked you to collect the iti baseline data for the physical disk utilization and memory utilization on the departmental server before and after the upgrade.exe) file. In the Open File .

USB connections transfer data serially. with the use of USB hubs. ct but at a much faster throughput than legacy serial connections. A parallel cable has a 25-pin male connector to plug into the system unit and a 36-pin male Centronics connector at the other end to attach to the external device. Legacy serial ports have either 9-pin (DB-9) or 25-pin ru (DB-25) male connectors. Serial connections support two-way communications and are typically used for devices such as fax cards or external modems. On system units NO that have color-coded ports. Micro-AB. Mini-B. the parallel port is burgundy or dark pink. the serial port is teal-colored. The device end of the cable commonly ends in a Type B connector. you will prob- Ed Connection Types ably encounter all types of ports and connections while supporting medical hardware. Parallel connections in older personal computers support only one-way or unidirectional communications. The computer end of the cable ends in a Type A connector. USB connections support two-way communications. USB cables may have different connectors at each end.LESSON 4 TOPIC D Hardware Support n In the previous topic. and is typically used to connect a printer to a system unit. It is essential to your efficiency as a technician that you learn to identify and work with a wide variety of devices. The size of the connec- LI tor varies depending on the device. Any components con- nected by multiple data pathways may be considered to have a parallel st DO connection. but the term is generally used to refer to a standard legacy par- allel port that uses eight data wires. Newer computers have parallel ports that support bidirectional communications. P Serial connections A serial connection is a personal computer connection that transfers data DU one bit at a time over a single wire. But what about the hardware used within the system? In this topic. 106 CompTIA® Healthcare IT Technician (Exam HIT-001) . o There are a wide variety of hardware devices you may encounter while working in an IT envi- ronment. support up to 127 CA devices per port. you identified the types of servers and how they are used within the EHR or EMR environment. All modern computer systems today have mul- or tiple USB ports and can. or Micro-B connector. or may also end in a Mini-A. Interface Description USB A Universal Serial Bus (USB) connection is a personal computer connection that enables you to connect multiple peripherals to a single port with high TE performance and minimal device configuration. Standard par- In allel ports have 25-pin female connectors. On system units that have color-coded ports. you will identify hardware components and how they are connected together to enable EMR or EHR systems to run. Parallel connections A parallel connection is a personal computer connection that transfers data eight or more bits at a time over eight or more wires. A legacy serial cable ends with a female connec- T tor to plug in to the male connector on the system unit. iti Physical Interfaces and Connection Types Physical Interfaces and Because of the wide variety of devices that may be used in a medical setting.

0 will increase the overall speed to a data rate of 2. st DO IEEE 1394 is most often called FireWire. Lesson 4: Healthcare IT Technical Components 107 . Originally called ATA. Sony names the same standard i. PATA cables are ribbon cables with 40 or 80 wires and 40-pin connectors. Version 2. Inc. optical drives. that remains o in use due to its reliability and high speed. typically used for storage devices such as tape and hard drives. this is a personal computer connection that provides a high-speed interface for peripheral devices that are designed to use the IEEE 1394 standard. 68-pin. FireWire 400 transmits at 400 Mbps and uses either a 6-pin bullet-shaped powered connector or a 4-pin square-shaped unpowered con- n nector. usually less than 30 feet. Integrated Drive Elec- tronics (IDE). enabling you to connect up to seven devices iti in a chain to one SCSI adapter.0 allows for communicating devices to be as far as 30 meters or 100 feet NO apart. or 80-pin connectors depending upon the type of SCSI in use. PATA connections are used to connect internal hard drives. TE SATA A Serial ATA (SATA) connection is a drive connection standard that enhances PATA by providing a serial data channel between the drive con- or troller and the disk drives. or Ultra DMA (UDMA). Each device in the chain requires a unique ID. Enhanced IDE (EIDE). thinner.Link™. SCSI cables have 50-pin. SATA’s physical installation is also easier because the SATA power and data cables are much smaller. which is often written iLink. Imaging Devices In Imaging devices can be used in many different ways depending on the organizational structure Imaging Devices and medical roles using the device. Bluetooth ru T 2. and tape drives to the system board. and more flexible than traditional PATA ribbon cables. On the system board. A SCSI adapter has a port for external devices and a connection for internal devices. Installation and configuration guidelines vary depending on the device. FireWire 800 transmits at 800 Mbps and uses a 9-pin connector.1 to 3 Mbps. SATA transfer speeds are much higher than CA PATA for the same drive technologies. which you configure by using switches or jumpers. FireWire can support up to 63 devices on one FireWire port. DU Bluetooth establishes a link using an radio frequency (RF)-based media and does not need line-of-sight to make connections. SCSI devices them- selves can have multiple ports. SATA connectors LI have seven pins. PATA A Parallel Advanced Technology Attachment (PATA) connection is a drive Ed connection standard that provides a parallel data channel from the drive controller to the disk drives. ct Bluetooth Bluetooth is a wireless connection method that is used to communicate P from one device to another in a small area. a name given to the standard by Apple Computer.4 GHz spectrum to communicate a 1 Mbps connection between two devices for both a 232 Kbps voice channel and a 768 Kbps data channel. Bluetooth uses the 2. SCSI Small Computer System Interface (SCSI) is an older connection standard. two sockets provide connections for up to two drives per socket. LESSON 4 Interface Description FireWire Also referred to as IEEE 1394.

the camera is used to capture an image that will then be analyzed. n The wristband is used to positively identify the patient and automatically locate and open their electronic chart from the EMR/EHR system. video. but can also be wired. portable storage capabilities can also vary. 108 CompTIA® Healthcare IT Technician (Exam HIT-001) . Barcode readers are used most often in a hospital setting to scan and identify patients using the unique barcode located on their ID wrist band. When patients pay a TE co-payment with a credit card. because some EMR/EHR sys- tems allow for a patient picture to be tied to their electronic record. as the prescription paper is typically a pre-printed “form” that needs to be secured. DO Portable Storage Devices In Mobile Storage Devices With the wide range of devices used within the healthcare field. These printers are secured and in most environments used for printing prescriptions (or a locked tray). Document scanner Document scanners are used to convert paper to electronic format and then o associate the file with the proper patient. CA LI Mobile Devices ct P Mobile Devices A mobile device is a small handheld computing device. Tablet PCs Also referred to as Wi-Fi enabled devices: Examples include Apple® iPads®. So. as or “electronic signatures” are used instead. the signature pad is used to capture the signature electronically. for diagnostics in procedures. st and Android-based and Windows-based tablets. They are typically not used to capture a clinician signature. Signature pads Signature pads are used for billing in most circumstances. Ed Camera Cameras can be used to take pictures of patients. and other audio. There are a number of devices that may be used within a medical environment by doctors. iti Fax printer Fax printers are used to fax prescriptions and patient data or to print out pre- scription or patient information from the EMR/EHR system. Card/badge scanner Card/badge scanners are used often to scan a patient’s drivers license or insur- ance card to store within the EMR/EHR system. and media players.LESSON 4 Imaging Device Installation and Configuration Considerations Barcode scanner Typically. Also. barcode scanners are wireless devices. This system is used by clinicians when they administer medications or performing procedures. and Android smartphones. Apple® iPod touch®. DU Mobile Device Type Examples ru T Smartphones Examples include BlackBerries. NO Portable media players Examples include Apple® iPods®. Apple® iPhones®. pictures can show up as discrete “image data” in a patient’s chart. nurses and office staff.

1 speed if you connect any USB 1. Keep in mind that many hubs drop all ports down to the slower USB 1. DVDs can be DVD-R (which can be written to once). SD Memory Cards are currently available in several capacities. CA CDs Compact discs store data on one side of the disc and most hold up to 700 MB of data. you will get the best possible performance from the device if you connect it to a port or hub that supports USB 2.7 GB on one side of the disc. and the microSD/TransFlash Card measures 15 mm x 11 mm x 1 mm. Lesson 4: Healthcare IT Technical Components 109 . LESSON 4 Device Specifications Flash drives Flash drives come in several form factors. from 700 KBps to 28 MBps for n read operations.1 mm tall. In • Follow proper care instructions from the manufacturer for device batteries. st DO Guidelines: To properly support mobile devices within the healthcare computing environment: • Verify that all device air ducts are cleaned on a regular basis to prevent overheat- ing. or or DVD-RW (which can be written to multiple times). iti External hard drives If you plan to install a USB external storage device.4 MB of data. DVD drives use Universal Disk Format (UDF) as the file system. there are many dif. The miniSD Card measures 21.4 mm. in which case the disc can hold up to 9. the CD drive on a computer must transfer data at a ct rate of at least 150 kilobytes per second (150 KBps). must be properly stored and secured in a cabinet or safe when not in use. capable of holding up to 17 GB. such as laptops. ru T Supporting Mobile Devices NO When you are supporting mobile devices within a healthcare environment. P Tapes Data stored on tapes can be read in a tape drive only and must be read DU sequentially. Data-transfer rates also vary. and 2. and from 350 KBps to 15 MBps for write operations. up to 2 TB. and 10 to 12 mm tall. 24 mm wide. • Verify that all mobile devices. from 50 to 70 mm long.1 devices.3 MBps.5 mm x 20 mm x o 1.0 storage device. which store additional data on each side. DVD discs are widely used to store full-length movies and other TE multimedia content. Thumb drives can be small. Data-storage capacities vary. To meet LI the audio CD standard. 17 to 20 mm wide. CDs are widely used to store music as well as data. Supporting Mobile Devices ferent devices that may need to be managed and secured for use.4 GB. Data transfer rates range from 10 MBps to 20 MBps. SD cards The original Secure Digital (SD) Memory Card is 32 mm long. There are also dual-layer discs. Try not to con- nect a slower speed device to the same hub in which you plan to connect a Ed USB 2. • Verify that proper transport and handling procedures are followed to prevent loss or damage of devices.0. and smartphones. although older discs and drives may support only up to 650. mobile phones. DVD drives access data at speeds from 600 KBps to 1. Tapes are most commonly used to store backup copies of data. including thumb drives and pen drives. Because of the huge storage capacity and fast data access. from 128 MB up to 128 GB. DVDs DVDs typically hold 4. it is possible to write to both surfaces of the disc.

Next. st DO • Position the router or access point safely. • Implement antivirus. Each doctor in the practice will be issued iti a smartphone to use throughout the day to access email and the patient prescription database. and anti-adware software to protect mobile devices against attacks. In 110 CompTIA® Healthcare IT Technician (Exam HIT-001) . and strong password guidelines. TE or Setting Countermeasures CA Placement To determine placement for the WAP. anti-spyware. Brian verifies that sufficient antivirus software for mobile devices is installed on each phone. and signal degradation. Then. handling procedures. T • Think about the sensitivity to imaging and radiology environments. has been asked to manage the smartphone implementation within the office.LESSON 4 • Ensure that security features and data encryption is configured on all portable media players used by clinical staff to protect any PHI data stored on the devices. n • Configure encryption settings on all mobile devices to meet specific HIPAA requirements. • Consider the proximity of wireless devices to radiology environments. Brian meets with the doctors in the office to Ed review storage guidelines. Brian then configures encryp- tion on all the devices. use the following questions to identify requirements: LI • Where are the nodes you wish to connect to the router located? • How long will the cable run between the WAP and the main network be? ct P • Is there access to a power outlet? DU • Will the device be physically secure? • If necessary. • Ensure that strong password policies are used and enforced on all user end devices. o Example: Brian. The radio frequency range of each access point should not extend beyond the physical boundaries of the organi- zation’s facilities. WAP Basic Configuration Settings WAP Basic Configuration There are a number of basic configuration settings used when installing or setting up a Wire- Settings less Access Point (WAP). is there access to a wired network drop? • Think about the various considerations for wireless networking including ru avoiding interference. The first thing Brian does is check the manufacturer’s battery documentation to verify that the settings on the devices are acceptable. signal range. Will the NO wireless router experience interference from imaging machines? To securely place the WAP: • Reduce your wireless LAN transmitter power. an IT technician in a outpatient surgery center.

• Change the default SSID naming broadcast. • Apply MAC address filtering to verify the address assigned to each network or card. Configure the desired settings: Lesson 4: Healthcare IT Technical Components 111 . Using a laptop. and then permit or deny the device with that address from gaining CA access to your network. about WPA covered later in st this course. LESSON 4 Setting Countermeasures Network • Assign static IP addresses to devices. • Secure/disable the reset switch/function. • Enable firewalls between the guest network and the network running the EMR ru system. Power on the WAP. • Change the default channel. or a workstation at a desk or workbench. Begin by selecting and purchasing a WAP that will meet your needs. d. iti Security • Secure your wireless router or access point administration interface. DU Guest network • Ensure isolation from the network running the EMR. configure the WAP prior to deployment: a. Determine the correct placement for the WAP using the placement guidelines. By configuring a WAP to filter MAC addresses. • Perform periodic security assessments. you can control which wireless clients may join your network. P • Avoid using pre-shared keys (PSK). Default SNMP parameters may not provide enough security. which monitors the state of the network. Ed • Change the default Simple Network Management Protocol (SNMP) parameter. • Regularly upgrade the Wi-Fi router firmware to ensure you have the latest TE security patches and critical fixes. Encryption • Enable Wi-Fi Protected Access (WPA2) encryption instead of Wired Equiva- LI lency Protocol (WEP). 3. • Use Media Access Control (MAC) filtering for access control. • Use the Remote Authentication Dial-In User Service Plus (RADIUS+) net- work directory authentication where feasible. o SSID • Don’t broadcast your Service Set Identifier (SSID). c. DO 2. ct • Change the default encryption keys. or by using manufacturer supplied configuration software. In b. • Perform periodic rogue wireless access point scans. • Disable remote administration. n • Use a virtual private network (VPN). T NO Installing a WAP There will be more information 1. and you may need to change the parameters to pro- vide more security. Connect a network cable to the WAP’s uplink port. • Change default administrator passwords (and user names). Connect to the WAP via the built-in web interface.

Use equipment to assess radio coverage. identifies any sources of interference. 6. partitions. Save the settings once configured. and fire- breaks. Conducting a site survey requires you to complete the following ct P steps: 1. Run the appropriate type of cabling from the main network to the WAP. Gather detailed information about the facility and its layout. A site survey is an analysis technique that determines the coverage area of a wireless or CA network. e. Test the WAP’s functionality by connecting a wireless client to it: • Ping or use traceroute to other computers and observe the results. • Connect to internal network shares. mea- In sure data rates and signal strengths at various locations to verify that you have placed the access point appropriately. iti 4. floors and hallways. obtain DU blueprints of the building. TE WAPs will be covered in more Steps for Conducting a Site Survey detail later in the course. You use a site survey to help you install and secure a wireless LAN. Document your findings. n f. and structural components such as walls. including any anomalies along the way. Be sure to document information such as the location of computers. Install an access point at the preliminary locations you have identified. Place the WAP in the chosen location. 7. Document your actions and their results. 8. • Consult the device manufacturer’s documentation for information on how to configure and use the device’s capabilities and settings. LESSON 4 • Consult your network documentation for configuration parameters such as the WAP’s SSID naming. Also note the location of potential barriers to RF signals such ru T as metal racks. file cabinets. 5. DHCP settings. This step enables you to identify the optimal location for WAPs and antennas. Test the WAP’s functionality in the live environment by repeating the tests from earlier. 112 CompTIA® Healthcare IT Technician (Exam HIT-001) . While an authorized site survey is a standard part of planning or maintaining a wireless network. radiology equipment and rooms. Analyze channel interference to determine the appropriate radio frequencies for your environment. 4. and security settings. 5. If possible. • Connect to the Internet. power outlets. Then. Power on the WAP. Close all medical office and room doors during this step to be sure that the locations you select work well in this environ- st DO ment. and establishes other characteristics of the coverage area. doorways. unauthorized site surveys or a compromise of the site LI survey data can be a security risk. NO 2. Label the cable or drops on both ends so that there is no confusion as to where Ed the cables go. • Use software tools to monitor the client’s wireless signal strength and o the WAP’s behavior. 3.

there are a number of factors to Firewall Installation and consider: Configuration Considerations or • CA Place the firewall correctly within the network environment. • DU Set up monitoring settings to be used to verify the firewall is functioning as expected. Firewall When available. • Once the firewall is installed. LESSON 4 Router Installation and Configuration Settings There are many different installation and configuration setting to be aware of when you install Router Installation and a router within a network. Configuration Settings n Setting Description Password The default password should be changed as soon as possible to prevent unau- thorized access. SSID For wireless routers. configure stateful packet inspection settings. o Internet connection Internet connection configuration information can be assigned in the configu- ration page for the specific router. • Verify that the firewall is set to block ICMP traffic. ct P • Disable remote administration options. enable the firewall included with the router and verify that the configuration settings meet network requirements. the SSID naming must be changed from the default iti name assigned by the manufacturer. ru T NO st DO In Lesson 4: Healthcare IT Technical Components 113 . test for security holes or other vulnerabilities. Firewall Installation and Configuration Considerations Ed TE When installing a firewall within a network infrastructure. DHCP DHCP should be turned off in most cases to prevent unauthorized users from obtaining an IP address from the router. LI • If applicable.

TE c. You can run this demonstration on any Windows computer.Security Warning mes- or CA sage box. Scenario: iti You have been asked to upgrade all the workstation storage devices in the medical facility you support. b. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 4\Installing and Configuring Storage Devices folder and double-clicking the executable o (.LESSON 4 ACTIVITY 4-9 Installing and Configuring Storage Devices n This is an animated demonstration that is available on the CD that shipped with this course. Browse to the C:\HCIT\Simulations\Lesson storage devices demonstration. click Run. The animation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one.exe) file. View the installing and configuring a. 4\Installing and Configuring Storage Devices folder. View the animated demonstration and LI close the C:\HCIT\Simulations\Lesson 4\Installing and Configuring Storage ct Devices folder. Double-click the Installing and Configuring Storage Devices executable file. What You Do How You Do It Ed 1. You will install and configure a Parallel ATA drive and a SCSI drive. d. In the Open File . P DU ru T NO st DO In 114 CompTIA® Healthcare IT Technician (Exam HIT-001) .

the LI location of the power source. used to capture an image that will then be analyzed. He would like to be able to transfer data after each patient once he gets back to his office. Ed a Card/badge scanner c. Used to convert paper to an electronic format. c Signature pads f. What is the correct description for each type of imaging device? iti f Barcode reader a. When placing a new router within an existing infrastructure. Used to scan and identify patients TE using information included on their ID wrist band. and if the device is near a network drop. or CA 2. b Fax printer d. Used to fax prescriptions or to print out prescription information from the EMR/EHR system. LESSON 4 ACTIVITY 4-10 Discussing Hardware Support n Scenario: In this activity. you will examine different hardware components and how they are installed and configured securely within a medical environment. o 1. Used to scan a patient’s driver licenses or insurance card. if there will be any inter- ference and range issues. d Camera e. One of the doctors in the medical office that you are supporting asks you for a quick DU way to transfer patient notes taken on his smartphone to his laptop. what should you consider before installing and configuring the device? Things to consider are: the location of the nodes that the router will be connected to. e Document scanner b. Used to capture a patient’s signature. What con- nection method would work well for these devices in this situation? ru a) FireWire T b) USB NO ✓ c) Bluetooth d) Serial st DO In Lesson 4: Healthcare IT Technical Components 115 . how the device will be secured. In diagnostics. ct P 3.

n 1. but may include the foundation level skills and computing components o and expecting that they will function the same way within a medical environment.LESSON 4 Lesson 4 Follow-up In this lesson. 2. you reviewed the basics of computer technology and how it is used within the healthcare environment. you can use that knowledge to fully support any technical issues that arise within the healthcare working environment. and laptops. Ed TE or CA LI ct P DU ru T NO st DO In 116 CompTIA® Healthcare IT Technician (Exam HIT-001) . What technical components are you familiar with and how do you think you will use them in a medical environment? Answers will vary. smartphones. What devices do you think are used the most within a healthcare setting? iti Answers will vary. but may include mobile devices. such as tablets. Now that you have reviewed the essential components that make up a computing environment.

You will: • Set up a user’s computer at their work area. LI ct P DU ru T NO st DO In Lesson 5: Providing Medical IT Support 117 . you will provide IT support and solve IT problems in the medical workplace. LESSON 5 LESSON 5 n Lesson Time 3 hour(s). or • CA Identify how medical organizations select. • identify components of change control. implement. 30 minutes o Providing Medical IT iti Support Ed In this lesson. • Troubleshoot medical IT problems. • TE Troubleshoot basic IT issues. and deploy EMR systems.

you will perform the most common task any IT professional will likely have to perform: setting up a worksta- or tion. Now it’s time to put all those pieces together. Skipping a step. Optional Equipment In Optional Equipment There are a number of pieces of equipment that are not necessary for a workstation setup. 118 CompTIA® Healthcare IT Technician (Exam HIT-001) . CA Setting up a workstation is a basic yet vital part of IT support. input devices such as a mouse and keyboard. • And. One of the most significant parts of an IT technician’s job is solving IT problems. or even result in a pri- vacy breach. how those tools and techniques come into n play when dealing with IT issues specific to the healthcare industry. you will need to know how to troubleshoot problems specific to the technology being used by healthcare professionals. but specific to the kinds of devices. • A laptop docking station. and gained new knowledge about the healthcare industry that you may need to have working knowledge of as you move into the healthcare field. equip- TE ment. you will identify tools and techniques for supporting IT and solving IT problems in the workplace. or forgetting a piece of equipment. can cost you time or result in a service call later. but more specifically. Having the knowledge of how to support IT in a medical environment and to troubleshoot IT issues related to specific medical technology will make you a valuable asset to the healthcare industry. As you tran- o sition into the healthcare industry. • A system unit (such as a CPU or laptop). NO • A telephone. Knowing all the components of a typical workstation set up will ensure that you LI are completing this task completely and efficiently. iti TOPIC A Ed Set Up a Workstation Solving IT problems as a professional in the healthcare industry requires the knowledge of basic IT troubleshooting and problem-solving skills. Optional equipment may include: • A printer. Nec- essary equipment includes: ru • T A desk. st • DO A display device (or monitor). In this lesson. ct P Necessary Equipment DU Necessary Equipment There are a number of pieces of equipment that are essential for setting up a workstation. you reviewed information about IT that you probably already knew. and scenarios you will encounter in the healthcare field.LESSON 5 Introduction In the previous lessons. In this topic. but may be optional equipment required or requested by an employee. • A chair.

It is near st where patients will be seated. Adam removes all the hardware for the workstation from boxes. • Standard desktop applications such as web browsers. • And. and email clients. • And. Lesson 5: Providing Medical IT Support 119 . such as a card scanner for insurance n documentation. specific devices for a given medical setting. LESSON 5 • External speakers. close to other medical devices that may be used during a DO patient visit. without impeding other patient care activities that take place within the same location. TE Guidelines: • or Choose an appropriately accessible location within the work area. • Ensure the installation location can meet the power needs of the new equipment. word processors. LI • Ensure that the installation location meets communications needs. places each device in the appropriate location. He tests all the components to make sure they are functioning. This allows him to configure the workstation with the same applications and configurations as all other workstations in the office. In Adam uses ghosting software to install all of the necessary software and applications needed for the workstation. specialized client software. you need to How to Set Up a Workstation ensure that the station is available for use by the appropriate staff. such as an ct P available network drop. for accessing Electronic Medical Record (EMR) or Electronic Health Record (EHR) systems. • A DVD burner. and connects all the equipment properly. • An external hard drive. T NO Example: Adam receives a job ticket to set up a workstation in a new patient room. Software ing: iti • An operating system. including the EMR system. and already has ample power sources and a network drop that can be used for the workstation. DU • Set up and configure the standard and optional equipment according to the manu- facturer’s instructions. for example. • Portable storage devices. CA • Place all equipment so that it can meet Health Insurance Portability and Account- ability Act (HIPAA) privacy and security requirements. • Use ghosting/imaging technology to simplify the software installation and to ru ensure a consistent set of hardware configuration specifications. includ. There is a desk in each patient room that will be a logical location for the workstation. Ed How to Set Up a Workstation When setting up and configuring a workstation within a medical environment. users will require both standard and specialized software. Software o In the medical environment.

Remove each hardware component from ponents ready for setup. TE b. He also configures the system to lock itself when the computer is not in use for more than one minute. st DO f. Connect the system unit power cable to a power source. Before leaving the room. c. Turn on the system unit and the LCD dis- play and verify that the default operating system screen is displayed. Connect the LCD power cable to a power DU source. Connect the LCD cable to the system unit. Move the system unit. and peripherals to the desired location. 120 CompTIA® Healthcare IT Technician (Exam HIT-001) . and essential components connected in preparation for the EHR or EMR environment setup. als and system unit. Adam makes sure to lock the workstation. ct P b. a. set up. a. or CA c. LCD display. Connect and power up the peripher. ensuring that sensitive patient information is not accessible unless logged on with the appropriate credentials. the boxes and packaging. Connect the keyboard to the system unit. Connect the network cable to the system unit. LI 2. n OPTIONAL ACTIVITY 5-1 o Setting Up a Basic PC Workstation Scenario: iti The hospital that you support as an IT technician has a new healthcare office opening on the third floor. The machines have to be unpacked from the manufacturer boxes. Connect the mouse to the system unit. LESSON 5 Adam makes sure to configure the workstation so that it requires a user to log in with a user name and password in order to access the system. ru T d. Get all hardware and external com. Ed Perform this activity if you What You Do How You Do It have the components of a workstation available to install and set up. NO e. 1. Get all the peripherals and connection wires out of the packaging. You have been asked by your manager to set up the front desk computers. In g.

In this topic. if a machine is statically assigned an IP address from the DHCP pool. Locate statically assigned IP address and reconfigure appropriately. Troubleshooting Network Issues Network Issue Possible Problems and Solutions TE No network connectivity or This could indicate a physical problem such as a loose cable or a defec- or connection lost tive network adapter. NO st DO In Lesson 5: Providing Medical IT Support 121 . But your responsibilities don’t end there. Make sure the DHCP server is up and that the client is physically DU connected to the network. ru resulting in a failure to communicate at either of the two machines with T the same address. If the LI address is manually configured. Reseat connections. and allow the other staff members to do their jobs more easily. part of an IT professional’s job role is to also provide day-to-day support for any issues that arise related to the IT equipment. you performed a basic workstation setup. reconfigure the connection. the Dynamic Host ct P Configuration Protocol (DHCP) server might be unavailable or unreach- able. This is particularly important in medicine. or reinstall/replace the adapter as necessary. If automatically configured. one of the most common and basic tasks of an IT professional’s responsibilities. check for a missing or incorrect IP address. Day-to-day IT support keeps an organization running smoothly. Ed Troubleshooting Network Issues There are several common network issues you might be called upon to diagnose and resolve. On IP networks using DHCP. Check cables and connections and check for link CA lights on the network adapter. this can cause duplicate IP addresses. replace cables. because common IT issues can waste valuable time and manpower that could be iti better used working with patients. you will perform the day-to-day support tasks o that an IT professional may be responsible for completing. LESSON 5 TOPIC B Troubleshoot Basic IT Issues n In the previous topic. this could be a data entry error. On IP networks. Ensuring that you have the background knowledge of how to provide the essential day-to-day support for these common IT issues will make you a valu- able addition to your healthcare organization.

or the target network not access resources resource might be unavailable. • Virtual private network (VPN) issues. or from man-made sources. The user might have insufficient permissions. Or. network engineers might need to upgrade the network bandwidth or data rate to increase throughput. Keep network cables at least 20 inches away from fluorescent lights. such as electronic interference from nearby motors or transformers. • IP Domain Name System (DNS) failures. Client can connect but can. • Improper maintenance update schedules. Ground all equip- ment and electrical circuits according to the manufacturer’s instructions and local building codes. LESSON 5 Network Issue Possible Problems and Solutions Network communications The network might be experiencing high traffic and many collisions. There is also lead shielding and steel cages that can impede wireless sig- nals. Interference or noise can come from natural sources. In Troubleshooting Computer and Accessory Hardware Issues Troubleshooting Computer and There are a number of computer and accessory hardware issues that you might be called upon Accessory Hardware Issues to diagnose and resolve. 122 CompTIA® Healthcare IT Technician (Exam HIT-001) . are slow Check the activity status indicator light for the collision frequency. is a general term issues for unwanted signals on the network media that can interfere with net- LI work transmissions and cause transient problems. such as solar radiation or electrical ct P storms. Check the firewall settings. This should be a temporary condition that will pass. and check to make sure the user has appropriate permissions. if not. ru In medical settings. n A number of things could cause the network to run slow: • Improperly configured backup schedules. it is also recommended to use st DO subcontractors that specialize in computer cabling. Intermittent signal quality Electrical noise. the IT technician will troubleshoot and the wiring specialists will fix the actual problem. In hospital and healthcare settings. Check the proxy configuration of your no Internet connection network connection. medi- DU cal equipment (such as radiology equipment) is a major source of EMI. In most cases. or electromagnetic interference (EMI). and run NO network cables parallel to each other whenever possible. the but not by name hosts file might be configured incorrectly. it is best to use CAT6 twisted-pair or else fiber optic T cable. o • Internet Service Provider (ISP) issues. TE Connections by IP address The DNS configuration is incorrect or the DNS server is down. iti • Switch issues. Check the IP configuration set- or tings and verify that the DNS server is running. Do not run data and power cables in the same conduits. When rewiring. Check the hosts file to CA make sure it does not contain incorrect entries. Check to make sure the printer or server is running and connected to the network. • Improperly scheduled virus scans. Local communications but The proxy settings are incorrect. Ed There might be firewall settings causing issues with connectivity.

• Short of cleaning the exterior parts. etc. LI • No input when keys are pressed. renamed. Often the power is not turned on. Lesson 5: Providing Medical IT Support 123 . n • The monitor turns itself off. DO • The device driver needs updating or a file related to the button has been moved. the power cable is disconnected. such as refresh rate. it may have sustained TE internal or external physical damage that cannot be corrected by any other troubleshooting technique. and needs to be removed with T compressed air. • New keyboard will not plug into the same port as the old keyboard. In • If keyboard failure is in a terminal emulation session. LESSON 5 Hardware Possible Problems and Solutions Monitor/display device Possible problems include: • A dark screen. • Check to see if the device is too close to other electronic or magnetic equipment that is causing interference. Ed screen resolution. connections are not seated properly. and if st batteries are needed. • If the display device has been dropped or tipped. noisy monitors should be replaced or repaired. Possible solutions for these issues include: ru • Foreign matter is stuck under the keys. or the adapter is incorrect. interference. no image on screen. check for connectivity issues. power settings. NO • The keyboard may be unplugged. or modified in some way. ct P • Wrong characters when keys are pressed. Keyboard Possible problems include: • Sticking keys. • A flickering. • Make sure your system and peripherals have compatible ports and connec- tors. or Uninterruptible Power Supply (UPS) that is not turned on. or the power is on but the monitor is plugged iti into a power strip. It is generally more economical and certainly or CA safer to replace the device rather than attempting repair. distorted. or an indicator light that is not lit. surge protector. • The monitor makes crackling or whining noises. o Possible solutions for these issues include: • Always check the power source. Standby swap out units are common in this case. or erratic screen. • A completely white display. the keyboard map- ping configuration file should be examined. • For wireless keyboards. plugged into the wrong port. • Check to see that the video graphics array (VGA) or high definition media interface (HDMI) cables are properly connected between devices. DU • Multimedia buttons not working properly. • Check the settings for the device.

Plug the mouse directly into a USB port on the computer. • Physically check the pointing device connection. Physically remove some of the devices on the same hub as the mouse to another port or hub or use a powered USB hub. replace the mouse pad. Clean the mouse. TE or CA LI ct P DU ru T NO st DO In 124 CompTIA® Healthcare IT Technician (Exam HIT-001) . Verify that the receiver device is connected to the port. • For wireless mice. if this Ed works.LESSON 5 Hardware Possible Problems and Solutions Mouse Possible problems include: • Mouse pointer is jumping around on screen. • The device driver needs to be updated. Possible solutions for these issues include: n • The ball or rollers are dirty. • The mouse is not working at all. and the hub is working properly. Press the Reset or Connect buttons on each device to try to re-establish the connec- tion. Verify that iti there is no obstruction between the transmitter and the receiver. • Check the status of the root hub or USB host controller in Device Man- ager. the mouse is probably not getting enough power. check the batteries and replace if necessary. or it is being rolled over an uneven or dirty surface. • Use the Device Manager and Help utilities to check the status of the point- o ing device and to verify that the correct driver is installed.

LESSON 5
Hardware Possible Problems and Solutions
Power supply Possible power supply issues include:
• The fan is not working.
• The computer will not start or reboots after startup.
• An odor is coming from the power supply.

n
• A noise is coming from the power supply.
Possible solutions for these issues include:
• Dirt and dust may gather around the power supply, causing the fan bear-

o
ings to wear and the fan to turn more slowly. Use compressed air to
remove this debris from the system. In the healthcare environment, it is
important to take precautions when performing any cleaning tasks. Consid-

iti
erations include:
— Due to sanitation issues, do not clean power supplies out in the medical
environment.
— Proper and scheduled maintenance schedules should be in place to
ensure no improper buildups within the computer.

Ed
— Mount the chassis off the floor and get units and cables securely out of
the way to promote a cleaner environment.
• If the fan becomes damaged due to dust, replace the power supply or have
qualified personnel replace the fan.
• Make sure that there is power to the outlet that the computer is plugged
into.

TE
• Check that the connections from the power supply to the system board are
secure and make sure the master switch to the power supply, at the rear of
or
the system, is on before pressing the computer’s power button.

CA
• Check power supply output voltages with a digital multimeter to verify
that the necessary voltages are being provided to the board.
• If there is an odor from the power supply, confirm that the odor is indeed
LI
coming from the power supply before contacting the manufacturer.
ct
P
• If a noise is not from the fan, but from another power supply component,
replace the power supply or take it out and send it for service.
DU

Cables Possible problems include:
• There is interference, packet loss, or temporary missing nodes on the
ru

workstation screen.
T

• There is loss of network connection.
NO

Possible solutions for these issues include:
• There is electromagnetic interference with the cables. Ensure that any
source of EMI is at least 6 to 12 inches away from where cables will be
st

located.
DO

• Check cable connections at the workstation, network adapter, router, and
switch; ensure that cables are not looped or coiled, which can generate
electrical interference; and inspect the cable for pinches or breaks and
replace cable as needed.
In

• Check that the cable is connected both to the source and the computer
properly, and check that each end of the cable is not broken. Broken tabs
are common and can cause a loose connection that can result in intermit-
tent or complete loss of connectivity

Lesson 5: Providing Medical IT Support 125

LESSON 5
Hardware Possible Problems and Solutions
Printer Possible problems include:
• Jobs are in the print queue, but do not print.
• The printer does not print the way the users expects it to.
• A user cannot access a printer on the network.

n
• The print output is garbled or showing ghosted images.
• Print jobs do not appear in the print queue.
Possible solutions for these issues include:

o
• Check for physical problems with the printer (out of toner, ink, or paper).
• Check to see that the user is aware of which printer their print job is being
sent to. In an EMR system, printers are tied to specific tasks and

iti
workflows for security reasons. Certain print jobs will only print to specific
printers configured within the EMR system. Make sure that the user is
aware of which printer their print job will be sent to.
• Check to see if the printer is paused in the operating system.

Ed
• Check to see if the computer has an incompatible or incorrect printer
driver installed.
• Check to see if the print spooler service is stalled.
• Check to see if the Use Printer Offline option has been activated.
• Check the page setup options in the applications or the properties and set-
tings of the printer.

TE
• Check printer connectivity to the network. You may need to reattach the
printer to the network, check the status of the printer or print server and
or
restart as necessary, verify or change the IP address on the printer to the

CA
correct address, or check the printer’s power cycle.
• Check whether you can install more memory, adjust the resolution in the
printer settings, update or replace the driver, or replace the cable.
LI
• Check the network status of all devices, update user permissions, or move
the spool folder or add disk space.
ct
P
• The last effort would be to contact the manufacturer or visit their website
DU

for troubleshooting information.
ru

Proper Sanitation Procedures
T

It should be common practice to disinfect the components users touch on a regular
NO

basis. Improper disinfection procedures can gum up the mechanics of the device.
Verify that proper procedures and supplies are present and used as directed.
st

Terminal Emulation Software
DO

Terminal emulation software allows a computer to emulate a terminal to connect to
legacy systems.
In

126 CompTIA® Healthcare IT Technician (Exam HIT-001)

LESSON 5
ACTIVITY 5-2
Troubleshooting Display Devices

n
This is an animated demonstration animation that is available on the CD that shipped with this course. You can
run this demonstration on any Windows computer. The animation can be launched either directly from the CD by
clicking the Interactives link and navigating to the appropriate one, or from the installed data file location by
opening the C:\HCIT\Simulations\Lesson 5\Troubleshooting Display Devices folder and double-clicking the execut-

o
able (.exe) file.

Scenario:

iti
Several users have reported problems with their monitors. All the users need their systems to
be fixed before they can continue with their work. You need to resolve the problems by using
standard display device troubleshooting techniques.

Ed
What You Do How You Do It

1. View the troubleshooting display a. Browse to the C:\HCIT\Simulations\Lesson
devices demonstration. 5\Troubleshooting Display Devices folder.

b. Double-click the Troubleshooting Display
Devices executable file.

TE
c. In the Open File - Security Warning mes-
or
CA
sage box, click Run.

d. View the animated demonstration and
LI
close the C:\HCIT\Simulations\Lesson
5\Troubleshooting Display Devices folder.
ct
P
DU
ru
T
NO
st
DO
In

Lesson 5: Providing Medical IT Support 127

LESSON 5
ACTIVITY 5-3
Maintaining and Troubleshooting Input Devices

n
This is an animated demonstration animation that is available on the CD that shipped with this course. You can
run this demonstration on any Windows computer. The animation can be launched either directly from the CD by
clicking the Interactives link and navigating to the appropriate one, or from the installed data file location by
opening the C:\HCIT\Simulations\Lesson 5\Maintaining and Troubleshooting Input Devices folder and double-

o
clicking the executable (.exe) file.

Scenario:

iti
Several users have reported problems with their keyboards and pointing devices. All the users
need their systems to be fixed before they can continue with their work. You need to resolve
the problems and get the users back to work.

Ed
What You Do How You Do It

1. View the maintaining and trouble- a. Browse to the C:\HCIT\Simulations\Lesson
shooting input devices 5\Maintaining and Troubleshooting Input
demonstration. Devices folder.

b. Double-click the Maintaining and Trouble-

TE
shooting Input Devices executable file.
or
CA
c. In the Open File - Security Warning mes-
sage box, click Run.
LI
d. View the animated demonstration and
close the C:\HCIT\Simulations\Lesson
ct

5\Maintaining and Troubleshooting Input
P
Devices folder.
DU
ru
T
NO
st
DO
In

128 CompTIA® Healthcare IT Technician (Exam HIT-001)

LESSON 5
ACTIVITY 5-4
Troubleshooting Multimedia Devices

n
This is an animated demonstration animation that is available on the CD that shipped with this course. You can
run this demonstration on any Windows computer. The animation can be launched either directly from the CD by
clicking the Interactives link and navigating to the appropriate one, or from the installed data file location by
opening the C:\HCIT\Simulations\Lesson 5\Troubleshooting Multimedia Devices folder and double-clicking the

o
executable (.exe) file.

Scenario:

iti
Several users have opened trouble tickets with the support center about problems with their
speakers. You have been asked to resolve these problems.

What You Do How You Do It

Ed
1. View the troubleshooting multimedia a. Browse to the C:\HCIT\Simulations\Lesson
devices demonstration. 5\Troubleshooting Multimedia Devices
folder.

b. Double-click the Troubleshooting Multime-
dia Devices executable file.

TE
c. In the Open File - Security Warning mes-
or
CA
sage box, click Run.

d. View the animated demonstration and
LI
close the C:\HCIT\Simulations\Lesson
5\Troubleshooting Multimedia Devices
ct

folder.
P
DU
ru

Troubleshooting Mobile Devices
T
NO

As a healthcare IT professional, you will be responsible for addressing issues with the laptop Troubleshooting Mobile
and tablet computers used in medical settings. Devices
st
DO
In

Lesson 5: Providing Medical IT Support 129

take steps to minimize heat in the laptop 130 CompTIA® Healthcare IT Technician (Exam HIT-001) . do not rest a laptop on a pillow in your lap. the laptop’s dis- play is optimized for certain dots per inch (DPI) and resolution settings. This can be one of two issues: the screen has gone bad or the LCD inverter is bad. Strategies you can use to help reduce the heat within laptops include: • Use the power management features even when the laptop is connected st DO to a power outlet. You may need to replace the screen or the inverter. ru T Laptop gets hot Because laptops have very little space in between their internal compo- NO nents. Check the device n documentation for more information on toggle modes for your specific device. video device. Verify that the backlight and resolution settings are configured to suit the user’s needs. You may need to connect the o laptop to an external monitor to verify that the graphics card is still working properly. Often this fea- ture requires the user to toggle between display modes. which leads to system lockups and even hardware failures. Changing these is not always recommended. In • Be aware of the fan in the laptop. In some cases. It is common for medical facilities to utilize workstations on wheels (WOWs).) • Medical facilities may offer cooling pads. Replacing batteries is not LI uncommon and will need to be done periodically. If you hear it running very fast on a regular basis. (For example. Configure sleep or standby modes for hard drives and displays. Many devices also offer extended life batteries. and some medical environments will provide P battery-charging stations where spare batteries are constantly being kept DU charged and ready for use. • LCD not displaying. It is common to find most medical providers using tablets on a regular basis and need the devices available and working all the time. • Try to keep the bottom of the laptop ventilated. or CA but leave the network interface controller cards active to stay connected to the network. In some cases. especially if you are using the laptop in a warm room. Short battery life Device battery life can be maximized by configuring the power manage- TE ment features of your device. the LCD cutoff switch remains stuck down even after the laptop lid is opened. Check the manufacturer’s documentation to verify replacement options. These mobile rolling stations for laptops usually have a small UPS battery and can be plugged into AC supplies for recharging in examining rooms. iti the intensity of the backlight and the amount of pixelation can conserve power if configured correctly. Ed • The screen goes dark and cannot be adjusted or the hues in the display are changing. Typically you will use ct high-capacity batteries. Newer laptops and tablets are optimized for lower power con- sumption and are usually recommended. nursing stations. and provider offices. Often. • Backlight functionality and pixelation have been changed. or projector. you can have problems with laptops overheating.LESSON 5 Portable Computer Issue Description and Solutions Display issues Some common display device issues include: • Output to an external monitor.

but will cause the user to lose all customized configu- NO ration settings and return to an out-of-the-box state. verify that the power outlet is good by plugging in a known good electrical device and verifying whether you can turn it on. You can clean them by using alcohol preps or even just a dry cloth. If this does Ed not resolve the problem. in most cases this will not only not solve the problem. LESSON 5 Portable Computer Issue Description and Solutions Laptop power issues Laptops have many possible power issues: • The laptop battery does not charge fully. or the power supply in the laptop has failed. Try using a known good power cord and then an AC adapter to determine if either is the source of the problem. driver incompatibilities after an upgrade to a newer operating system. LI For touch screens on tablet PCs. If this does not resolve the problem. Try to discourage users from employing this technique. order replacements from the manufacturer or vendor. Nickel-cadmium (Ni-Cad) bat- teries have battery memory—which means that they can lose most of their rechargeability if you repeatedly recharge them without draining n the batteries first. ct P DU Troubleshooting Smartphones You may find that users will try to self-correct lockup problems with their smartphones ru T by performing a factory reset or reinitialization. many portable devices allow users to TE connect an external mouse as a substitute for the touch pad or other inte- grated pointing devices. The only solution to this problem is to use a condi- tioning charger. the power cord or AC adapter might have failed. Nickel-metal hydride (NiMH) batteries can be affected too. Steps to take to resolve this problem include reinstalling or upgrading the driver. Pointing device issues Causes of this problem include a corrupt driver. Touch pads can suffer from dirt and hand grease contamination that CA can make the touch pad behave erratically. st DO In Lesson 5: Providing Medical IT Support 131 . Laptops commonly have touch pads or pointing or sticks. make sure to clean with alcohol preps. Unfortunately. o • The laptop not working properly when on battery power can be an indi- cation that the battery contacts are dirty. making them very difficult to use. which is designed to first drain the Ni-Cd batteries before recharging them. and a hardware failure. iti • If the laptop will not turn on when connected to AC power. the screens may need to be recalibrated to correct erratic input behavior. Pointing stick heads can wear out and become slippery. You might also test both AC and DC power by using a multimeter. the outlet to which you are attempting to connect the laptop is bad.

Configure power management set. Browse to the C:\HCIT\Simulations\Lesson tings. and restart the computer. In • Close all other running programs and applications to free up random access memory (RAM).exe) file. 132 CompTIA® Healthcare IT Technician (Exam HIT-001) . What You Do How You Do It Ed 1. ru T NO Troubleshooting Software Problems st Troubleshooting Software There are a number of steps that can be taken when software crashes or error messages occur DO Problems to try to find the cause and a potential fix to the problem.Security Warning mes- sage box. Close all programs. The activity simulation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one. ct P e. or malware that may be causing the pro- gram to experience the problem. Follow the on-screen steps for the simula- tion. Scenario: iti A user has indicated that the current power behavior on her portable system is not meeting her needs. Try launching the program or application again once the system has rebooted.LESSON 5 ACTIVITY 5-5 Configuring Power Management for Mobile Computing n This is a simulated activity that is available on the CD that shipped with this course. Close and immediately restart the program or application experiencing the prob- lem. LI d. In the Open File . click Run. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 5\Configuring Power Management for Mobile Computing folder and double-clicking o the executable (. • Scan the system for possible viruses. Any one or a combination of these may work to troubleshoot the software issue. You will create a new power plan for her laptop and also change the settings. Double-click the Configuring Power Man- agement for Mobile Computing executable TE file. a. or CA c. 5\Configuring Power Management for Mobile Computing folder. b. Close the C:\HCIT\Simulations\Lesson DU 5\Configuring Power Management for Mobile Computing folder. You can run this simulation on any Windows computer. spyware.

Software Patches/Hotfixes/Updates iti Software patches and updates are pieces of software created to fix problems with or provide updates to a program or application. if it has accidentally been blocked. Today. it is your job to diagnose and resolve the many common issues that medical staff might encounter on a daily basis. A software hotfix is a package of files used to address a specific problem. ACTIVITY 5-6 TE or Troubleshooting Basic IT Problems Scenario: CA LI As an IT professional. Check the firewall settings for the user to see if the program is being blocked. A doctor calls you. It worked fine ru yesterday. hotfixes. and updates will be managed on an administrative level and typically administered through a patch management process. you need to use your general computing ct P knowledge and troubleshooting skills to solve a number of basic user problems. ✓ c) Check all the power sources to the computer. In most cases within a medical environment. • Search online for instances of the same problem or if it is a known issue. In Lesson 5: Providing Medical IT Support 133 . o • If running a Windows-based system. DU 1. LESSON 5 • Check to see if the firewall has for some reason been instructed to block the program experiencing the problem. However. Find out if there are any software patches/hotfixes/updates for the problem and install them. but this morning he cannot get it to turn on. What is the first thing you T should do? a) Use compressed air to remove dirt and debris from the fan. n • Undo any changes to the user’s hardware or software to see if there are potential conflicts between newly installed parts or programs. or improving functionality or performance. soft- ware patches. st DO d) Check the network connections to the machine. often specific to a particular cus- Ed tomer’s problem and not released to all customers at large. defragment the hard drive. This may include fixing known vulner- abilities or bugs. • Uninstall and reinstall the program experiencing the problem. change the settings to allow the pro- gram to run. complaining that he cannot turn on his computer. NO b) Replace the monitor. these terms can sometimes be used interchangeably.

While talking with this user. it still would not turn on. DU What is the most logical cause and solution to her issue? a) She is running an outdated version of the program and you need to install a software update. other times. or CA ✓ d) There is foreign matter under the keys. What might be the problem? a) Her computer is configured with the wrong default gateway address. ✓ b) The power supply in the laptop has failed. You receive a call from a practice manager who reports that she is unable to access any websites in Microsoft® Internet Explorer®. o 3. c) The battery contacts are dirty. You receive a call from a physician’s assistant who has been having ongoing issues with her keyboard. n c) Her computer is configured with the wrong subnet mask. He ran out of battery power during a meeting. DO In 134 CompTIA® Healthcare IT Technician (Exam HIT-001) . you verify that none of the other users in the office can connect to websites in Internet Explorer. Sometimes it works fine. and when he tried to turn it back on using the power cord. What are some of the possible causes of this issue? iti ✓ a) The power outlet he was plugged into was not working. 5. You receive a call from an nurse practitioner who is having trouble with his laptop. TE b) There is interference between the keyboard and the computer. What is the most likely explana- tion for this issue? a) The keyboard is plugged into the wrong port. when she presses certain keys.LESSON 5 2. NO c) She accidentally blocked the program and you need to change the firewall settings to allow the program to run. ✓ b) Her ISP’s DNS server is down. ✓ d) The power cord or AC adapter has failed. there is no input or the wrong characters are input. Ed 4. You receive a call from a client who is experiencing an issue with one of her software LI applications. ru b) She is experiencing conflicts with another program that is open and you need to T uninstall one of the programs. d) Her ISP’s default gateway server is down. She cannot close the window and access the program. ✓ d) She likely downloaded something with a virus or malware and you need to scan the st system and remove it. Every time she tries to launch the program. c) The device driver needs to be updated. it will start to load but then a window pops up prompting her to go to an outside website and download antivirus ct P software.

it is expected that you have the ability to perform day-to-day IT tasks like troubleshooting a variety of common hardware and software issues. the specialized medical systems. For example. and tools are even more vital. you described the day-to-day tasks you might perform as an IT profes- sional in any industry. LI Documentation for devices and applications and other support resources. However. there may be onsite managers of an application or program. medical billing software. a laboratory information system (LIS). as an IT professional hoping to work in the highly specialized healthcare industry. Lesson 5: Providing Medical IT Support 135 . o As an IT professional. In this topic. software. the number of medical devices connected to the network Integrating Medical In can be substantial. specialized software to connect to external sources and to access medical diagnostic information. you come across an issue that you cannot diag. • And. a manu- facturer. This topic should give you a foundation for understanding how your skills will help resolve the specific IT problems that can occur within a medical setting. such as online forums ct P or support databases. DU Escalating Support Issues ru T If at any time in the troubleshooting process. For smaller organizations. Devices may include: Technology with Traditional IT • Specialized printers. Depending on the size of your organization. LESSON 5 TOPIC C Troubleshoot Medical IT Issues n In the previous topic. you will also need to iti have working knowledge of how to troubleshoot healthcare-specific IT issues. and more—it is impor- CA tant for you to know who the appropriate person within or outside your organization would be to contact for troubleshooting issues for a specific medical device or application that is outside your area of knowledge. st DO Integrating Medical Technology with Traditional IT Systems With an EMR or EHR installation. you should know your EMR or EHR system inside and out to be ready to troubleshoot and support the clinical staff. we will address specific techniques you can use to expedite medical IT troubleshooting. Ed Identifying Support Resources The important thing to know for troubleshooting in a healthcare organization is knowing who Identifying Support Resources within your organization may oversee specific programs or if you use outside support from the manufacturer of the device or program. are always a good place to start when trying to find information on troubleshooting specific issues. more than likely they will rely on support from the company that produces the device or program. Escalating Support Issues nose and resolve because of lack of access or knowledge. While core IT systems are important to a medical environment. whether that be a site manager onsite at your organization. like a private prac- TE tice. or support staff for an application. Since within the organization there may be multiple systems in use at once—an or EMR. • Speech recognition devices and software. which may be accessible on the Systems network from controlled workstations or authorized personnel. that issue should be escalated to the NO appropriate support staff. such as secured prescription printers.

In hospital settings. Dedicated power for computing equipment and medical equipment is usually designated to different power segments: — Institutional sized inline power redundancy systems. which you as the IT professional may be asked to troubleshoot. which you should check first before esca- lating the problem to someone more knowledgeable about the specific device. n Cause Description and Solution o Power Within a healthcare environment. Sometimes. Input/output The device has lost connection with another device through an interface. The Devices following are the most common causes of an issue. LESSON 5 Troubleshooting Medical Devices Troubleshooting Medical There are a number of typical reasons that any medical device will not function properly. Check that the interfaces are properly connected on both devices. such as the manufacturer. There are a number of common causes for this issue. Try disconnecting and reconnecting the power source. LI Configuration settings The device does not have the proper configuration settings. st DO In 136 CompTIA® Healthcare IT Technician (Exam HIT-001) . power is very regulated. Either the con- figuration settings were not properly set up initially. TE Network The device has lost connection with the network or was never properly set up with network access. or a manual change to ct P the configuration settings is causing a malfunction. even just moving a device to a different Universal Serial Bus (USB) port can cause DU misconfigurations to occur. A common problem is that the device is not working because the power source has been disrupted. Check that all power sources are functioning properly and on a regular basis. Check the power source to ensure it is properly engaged and providing power to the device. it is crucial to keep key medical equipment such as ventilators powered due to the critical nature of the machine keeping Ed patients alive. iti — Inline UPS. ru T Troubleshooting HL7 Problems NO Troubleshooting HL7 Problems Medical coders may experience issues with coding messages when trying to send information between the organization and the insurance company. — Lines that switch to generators if/when power is lost. Check the network status for the device and make sure that it was properly or CA connected to the network.

etc. An HL7 node is the server or machine that is running the software that is doing the conversion or mapping of HL7-complaint data. or CA Improperly formatted patient The demographic information for the patient may be incomplete or demographics improperly formatted in the EMR. System upgrades An upgrade on either end of the communication can affect HL7 seg- st ments. network. HL7 Threads and Nodes In An HL7 thread is the specific application. T Perform standard network troubleshooting. The most likely cause of a failure is that the workstation is currently ct P work. net. Ed • Restart the node as a last resort. interface. • Restart the node as a last resort.. lab. • Look at the configuration file: — To make sure that the thread is trying to contact the correct o remote node. Run ping and tracert to ensure a n communication pathway is present. and Internet and verify that they are all working ru properly. If you identify this as an issue. clearinghouse. flag it for escalation to the DO software development team. Internet) is not working not communicating with the insurance company. — For any credentials for logging into the remote node. Check with your ISP to determine if there are any issues on their end. Check the connections between the two points. — To ensure the correct ports are configured to the remote node. • Is the problem specific to your system? Communicate with the administrator of the remote node to verify that the node is opera- tional and working with other systems. Possible solutions if the HL7 thread is no longer operating as normal include: • Check application event logs on the node. LESSON 5 Cause Description and Solution HL7 thread/nodes have been Possible solutions if there are issues communicating with the HL7 node deactivated include: • Check the communication channel. Have the appropriate staff member check that the patient demographic LI has been filled out completely and properly. or disconnected Regional Health Information Organization (RHIO). causing the coding message to fail. Lesson 5: Providing Medical IT Support 137 . iti • Check to see if firewall policies have been changed or modified that might prevent communication. because either DU end is experiencing network or Internet downtime or interference. including access to the fax line. and NO tracert to detect the source of connectivity problems. using ping. ipconfig. or service running on a machine that provides the conversion or mapping of data between HL7-compliant EMR/EHR systems.” TE • Stop/restart the named thread service. Communication link (fax. • Check the node’s memory utilization to make sure the thread is not being shut down or is “not responding.

Internet) is not working or the prescriber’s device or workstation is currently not communicat- disconnected ing with the pharmacy or the pharmacy is currently offline. Have the prescriber check that all the necessary fields have been filled in and the formatting requirements for an e-prescription have In been met. Improperly formatted patient The demographic information for the patient may be incomplete or ru demographics improperly formatted in the EMR.LESSON 5 RHIO A Regional Health Information Organization (RHIO) is a health information organiza- tion comprised of key stakeholders in the healthcare industry within a specific geographical region who oversee the health information exchange of healthcare provid- ers in the area to improve the overall health and care of the community. and none of the other possible causes seem to be in play. provide that person with the proper DU permission if you have access to the system in that capacity. network. net. or escalate the issue to the responsible support staff. DO Improperly formatted prescription The prescription itself may be incomplete or improperly formatted in the system. them in the EMR Make sure that the prescriber is logged in with their own user LI name and password. If a provider or patient wants to use such a pharmacy. escalate the issue to the appropriate sup- st port staff for the EMR or e-prescription service. the prescription will need to be issued and filled manu- or ally. The pharmacy will TE not be in the system. NO Have the prescriber check that the patient demographic information has been filled out completely and properly. escalate the issue to the appropriate support staff for the EMR or e-prescription service. Troubleshooting e-Prescriptions o Troubleshooting e- The most common problem with e-prescriptions systems are errors or failures when trying to Prescriptions send the e-prescription. CA The person prescribing does not Only users with the necessary permissions will be able to prescribe have the privileges assigned to medications using the e-prescription system. Verify that the person sending the prescription ct has been given the proper permissions in the system to send an P e-prescription. 138 CompTIA® Healthcare IT Technician (Exam HIT-001) . There are a number of common causes for this issue. and none of the other possible causes seem to be in play. and will not be able to accept e-prescriptions accept or fill a prescription sent electronically. If the patient demo- graphic information is correct. which do not exchange lab orders n or results or do not have their own clinical lab services. Check the prescriber’s connections that communicate to the e-prescription system. If the all information has been properly filled in and for- matting seems correct. which you as the IT professional may be asked to troubleshoot. The selected pharmacy does not Not all pharmacies accept e-prescriptions. including access to the fax line. If appropriate. and Internet and verify that they are all working properly. iti Issue Description and Solution Communication link (fax. It is often used in non-hospital settings like private practices. The most likely cause of a failure in sending a prescription is that Ed work. causing the e-prescription to T fail.

Troubleshooting Billing Software Issues TE There are a number of common problems with medical billing software that you may be asked Troubleshooting Billing to troubleshoot. Software Issues or CA Problem Description and Solution Improperly formatted patient The demographic information for the patient may be incomplete or LI demographics improperly formatted in the EMR. If the superbill is incorrectly formatted or is missing any piece of required data. so it may still appear in the n database but cannot be prescribed. P Have the appropriate staff member check that the patient demo- DU graphic has been filled out completely and properly. Have the medical biller check that all the information required has st been added to the superbill and that active and accurate codes were DO added to the superbill. it is not removed from the database nor from the records of patients who received it. Many e-prescribers are working to meet newly established rules designed specifically with the advent of e-prescribing that will allow them to meet the two security credentials being required by the DEA to prescribe a controlled substance electronically. The most likely cause of a failure is that workstation is currently work. Internet) is not working or not communicating with the insurance company because either end disconnected is experiencing network or Internet downtime or interference. the system will return an informational message and the prescriber can select a o different medication. In Check the connections between the two points. controlled substances cannot be prescribed using an e-prescription system due to federal Drug iti Enforcement Administration (DEA) laws governing controlled sub- stances. Communication link (fax. Controlled substance As of the printing of this manual. and Internet and verify that they are all work- ing properly. including access to the fax line. causing the billing process to ct fail. network. that is compiled by the healthcare provider’s T medical biller and supplied to the insurance company or clearing- NO house as the source for the claim. it will not be transmitted properly. net. If a clinician tries to prescribe a deactivated medication. When a medication is deactivated in the system. or may be rejected altogether. Clinicians should be aware that they will not be able to select this Ed substance in the system to e-prescribe it. Improperly formatted superbill A superbill is an itemized form containing all the information needed to file a claim. Lesson 5: Providing Medical IT Support 139 . LESSON 5 Issue Description and Solution Deactivated medication Medications that have been recalled or are no longer being pre- scribed can be deactivated in the system to prevent them from being accidentally prescribed. including patient information and services ru rendered for a visit.

if needed). service location and signature of pro- vider. It is possible that the program cannot access these files because the network connections on the user’s system were not set up properly. software start-up issues the most common being that the application will not even start. Errors during installation causing Errors during initial installation can cause problems down the line. • Additional information (with notes or comments. and date of last visit). Uninstall and reinstall the application with all CA other programs closed. time. full name and degree. and check that the end user’s system is properly configured for the application to work. Verify the configuration settings for the program from the manufac- turer. modifiers. insurance provider and ID. it does not have enough memory. International Statistical Classification of Diseases and DO Related Health Problems. quantity of drugs. if neces- sary). including the firewall and virus scan soft- ware. Ed Verify that the user is logging in with the proper credentials to access the remote system. Verify that the user’s system meets the requirements for the soft- or ware installation. Follow standard I/O trouble- o shooting. date of birth. date of NO onset. 10th revision [ICD-10] diagnosis codes for diagnosis. units. or there were other programs run- ning that should have been closed during installation (causing the TE registry to not be updated properly).LESSON 5 Problem Description and Solution Network was not set up properly Some software may need to access files that are stored on the net- work in order to run properly. LI ct P Superbill Information Required information on a superbill includes: DU • Provider information (full name and degree. Software configuration settings Configurations settings for the software application could be pre- problem venting the program from working properly on the user’s system. and the National Provider Identifier (NPI) code of ru the ordering/referring/attending physician). iti Even things as simple as screen resolution could be preventing the application from opening or working. In Troubleshooting Lab Orders and Results Troubleshooting Lab Orders There are a number of issues concerning lab orders and results that you may be asked to and Results troubleshoot. T • Patient information (full name. 140 CompTIA® Healthcare IT Technician (Exam HIT-001) . National Drug Code Identifications [NDC IDs] for st any drugs prescribed. Current Procedural Terminology [CPT] procedure codes for services rendered. Verify that the system is connected to the network and that all con- n figuration settings are correct. • Visit information (date of visit. Input/output error General device input/output (I/O) issues can impede the user from interacting properly with the system. and authorization information. It could be that the system is not compatible with the requirement.

however.” or “no diagno- sis codes selected” appears. Try to resend the order from the requesting end to o see if this has solved the issue. consider the following guidelines: Lesson 5: Providing Medical IT Support 141 . One possible cause for this issue may be that the EMR or lab interface n is not running or needs to be restarted. especially to the field related to the error message (was a patient currently selected when try- or ing to select a test?) CA Error messages when trying When trying to view the result reports in a browser-based EMR client. Lab results not received Lab results have not been received or the system shows them “in progress” for an inordinate amount of time and much longer than it iti should have taken for the lab to be performed and results sent back. and try opening the results report again. Improperly formatted patient demographics can cause the lab results to Ed be stuck in a queue without being assigned to the patient. Turn off the pop-up blocker or change the settings to ct P allow for the report to open. and that the user is selecting the lab printer when trying to print labels and not using another printer by default. ru T If the user is selecting the lab printer and the labels are still not printing. Check to see if the results have not been linked to the proper patient file. the system is not verifying that the order change from “open” to “sent” was actually sent. Check the printer settings from within the application to make sure the settings are correct. the drivers are properly installed. results typically open in a new window. First. DU Cannot print to lab printer or The user may not be selecting the lab printer when they send the print label printer request. it could be that the printer settings are not set up properly in the lab NO system software. LESSON 5 Problem Description and Solution Status of an order does not Despite the order being sent. Contact the appropriate manager for the interface to see if they are experiencing issues or to have them restart the interface. Guidelines: When troubleshooting medical IT problems.” “no active patient selected. st DO How to Troubleshoot Medical IT Issues Troubleshooting IT problems in general is an important task in any organization. contact the lab to make sure that the test has been performed. It may or may not be accompanied by an error mes- sage in the system. Not all of the necessary information or fields have been populated. to view results an error message appears. Error messages appear when When the submitting facility tries to send an order. there is the added intensity of need for a solution when you are IT Issues dealing with personal and sensitive information regarding the health and well-being of count- less people. Have the person entering the information for the lab order double check that TE all of the information has been properly added. Ensure that the printer is installed. LI and it is possible that the user’s pop-up blocker is preventing the report from opening. the lab should retrigger the results to be sent to the requesting facility. In a browser-based EMR client. How to Troubleshoot Medical In within the healthcare industry. If the test has been performed. an error message trying to submit an order such as “patient not found.

• LI Be aware that the problem my require the activation of manual backup procedures and workflows. Best practice is to give your solution 24 hours on full load to ensure that the solution is working. • Ed When determining possible causes. • o Regardless of the scope of the problem. It is clear that the problem is an overall outage for the entire practice. Mike thinks that the problem is likely with the practice management system’s server. • Make sure to keep all stakeholders apprised of progress as frequently as possible. Know- ing this. One error mes- sage might only just be the most recent error message in a string of error messages that points to a much larger problem with a more intensive solution. • There is not always just one root cause. • n Once you have identified the problem. NO and more patients will be coming in shortly and the office staff need to be able to access patient data. The same is true of all other computers attempting to access the system. Mike needs to get the practice up and running with the system as soon as possible. raise red flags now and make the solu- iti tion a priority. • Locate the affected modules or fields. • If the scope of the problem seems large. begin to ascertain the scope of the issue. Find out first and foremost how many users are experiencing the issue to deter- mine the severity of the problem. Mike first asks for as much information from Sarah as possible to help diagnose the st issue. who cannot access the EMR sys- T tem for the practice. Make sure that you are finding the source of the entire problem. Example: ru Mike receives a help desk call from a client. ct P • If necessary. however.LESSON 5 • Follow a tried and true process for all troubleshooting tasks: gather information and identify the symptoms. review the data and establish a possible cause. including vendor or local application support as needed. but do not let status reports become the focus of the work. and that the practice has a hosted server. He assures Mike 142 CompTIA® Healthcare IT Technician (Exam HIT-001) . who tells him that they are experiencing unexpected server downtime. and not just one symptom of the problem. In Knowing that the entire office does not have access. TE • Many systems and subsystems have audit trails and error logs that can be reviewed to help you diagnose the issue. to avoid an “all-hands-on-deck” response when the problem becomes a crisis. • Determine the file or data types. Sarah. He places a call to the network admin for the practice management system. treat all problems regarding medical IT equipment as equally important to solve. She can access the office network and Internet. but cannot access the practice DO management system. This is incredibly important as it is the middle of the work day. iden- tify and test a solution. remember: often the first and simplest reason is the correct one. or • Make sure to test your solution and give it adequate time to prove the true solu- CA tion. follow escalation procedures to the proper support tier for the prob- DU lem.

Sherri. Mike verifies with Sarah that they can once n again access the system at the practice’s office. One colleague even DU checked her work for some of the possible formatting errors. DO d) Sherri was trying to send a prescription for a controlled substance.) TE a) The superbill or prescription is not properly formatted. After the system server is back online. He will continue to check for connectivity. Today is her first day working for the practice. Based on this information. In Lesson 5: Providing Medical IT Support 143 . 1. what is the most likely cause of the problem? ru T a) The pharmacy Sherri selected to receive the prescription does not accept e-prescriptions. Which of the following are common causes of issues in many medical software systems? (Select all that apply. NO b) The e-prescription was not filled out completely or was formatted improperly. letting her know that they should expect to regain access to the server within the hour. or CA c) Necessary nodes needed for proper communication have been deactivated. who is having problems ct with the e-prescription service. You receive a call from a physician’s assistant (PA). Mike relays this message back to Sarah. to make sure that the problem has really been resolved. and will notify her again when the issue has been resolved. Mike contin- ues to check that the system server and the office equipment still have connectivity. ✓ d) The communication link between systems is not working or is disconnected. LI 2. you know that her colleagues are not having the same issues. LESSON 5 that no data will be lost during the downtime. ✓ b) Patient demographics are formatted incorrectly or missing necessary information. and she P is having difficulty sending any prescriptions. After talking with Sherri for a minute. and that the server should be up and running again in the next half an hour. o DISCOVERY ACTIVITY 5-7 iti Troubleshooting IT Issues in the Medical Environment Scenario: Ed Use the knowledge of troubleshooting medical IT issues that you gained in this topic to answer the following questions. and she couldn’t find anything that might be causing the problem. ✓ c) Sherri has not been assigned the necessary privileges in the system to be able to send st e-prescriptions. Over the next 24 hours.

144 CompTIA® Healthcare IT Technician (Exam HIT-001) . 4. • Enhance patient care by providing quick access to comprehensive health records. • Promote consistency of patient records. Know who to escalate a problem to if you cannot solve it yourself. TOPIC D Ed TE or CA Implementation of an EMR/EHR System LI ct P Up to this point. or it may be the manufacturer or vendor. This topic will be an excellent starting point if you are ever involved with an EMR or EHR system implementation st DO EMR/EHR Implementation Goals EMR/EHR Implementation General goals for any type of EMR or EHR implementation include: Goals • Improve overall patient care. Your advanced knowledge of the implementation process and associated hurdles will give you a significant advantage over those who have net been exposed to an NO EMR or EHR implementation. • Improve prescription management processes. you have identified all the components that make up an EMR or EHR imple- mentation including IT and the roles and responsibilities assigned to use the system. • Support medical professionals in day-to-day operations. n c) Contact the system administrator for the system. you will implement an EMR or EHR system. b) Contact the manufacturer and make sure they are aware of the problem with the sys- tem. What should you do? a) Have another employee send the e-prescriptions for Sherri. you do not have the authori- zation to provide the solution. What should you do if the issue you have been called to troubleshoot is outside of the iti realm of your knowledge or skills? Figure out who is better suited to troubleshoot the problem: it may be another IT profes- sional within the organization employed specifically to serve as support for the device or program. How do DU combine all of that into deploying an EMR system? In this topic. ru The implementation of EMR systems is a tremendous opportunity for IT providers to penetrate T the healthcare market. who can provide Sherry the privi- leges she needs. In • Streamline process workflows for clinical and administrative tasks. Though you were able to troubleshoot Sherri’s problem.LESSON 5 3. ✓ d) Have another employee send the e-prescription for Sherri while you contact the sys- o tem administrator to provide Sherri with the necessary privileges.

• Determine the cost for each component. etc. Pur- chase agreements and service contracts are established. • Research grant and funding options and plan for the grant application or process. • Targeted sites for hardware installation. • Form a project team or committee. such as installing HVAC in a designated server room. ct Implementation In this phase. meet criteria for meaningful use and the associated funding incentives. T • Installation and configuration details for hardware and EHR system soft- NO ware. The EMR Project Lifecycle n Phase Description Planning In this phase there are a number of factors that must be considered: o • Identify the project stakeholder. • Requirements for preparing the environment for implementation. DO • Implementation readiness guidelines for each site targeted in the plan. Configuration This phase includes specific configurations of the EMR system to align with In workflows and processes for a specific medical office or facility. Configura- tions will be specific to each healthcare environment and be based on the services provided at each site. • Identify the necessary resources for completing the implementation. and/or checklist is created to P communicate general implementation information such as: DU • Approved timelines for implementation tasks agreed upon by the client and vendor. Lesson 5: Providing Medical IT Support 145 . an EMR implementation plan. Ed • Research potential EMR hosting options versus an in-house implementa- tion. st • Site identification for all EMR installations. • Needs for training of key personnel. This may include an IT assessment to identify existing network infrastructure components and to identify all potential IT needs. Other EHR system requirements are defined based on the hardware needs analysis done during LI the planning phase. • Define the main goals and objectives for the project iti • Determine the scope of the EMR implementation. contract ser- vices. each application. CA Selection In this phase an EMR system is selected and purchased by the practice. system downtime. LESSON 5 • And. The EMR Project Lifecycle There are a number of general phases in the EMR implementation project lifecycle. • Identify specific practice needs and requirements for EMR systems. • Identify major workflows that are used traditionally. security controls needed to secure EMR servers and systems. that will change once TE the system has been implemented. ru • If necessary.

control- ling. In 146 CompTIA® Healthcare IT Technician (Exam HIT-001) . and obtain a commitment to move for- ward from stakeholders. • Verify that required progress was made in the project. Members should be people who will support and embrace change. and commitment. patience. job aids. • Decide on training methods. and is moving toward completion. DU • Verify that tasks and processes are completed within the scope of the project. • Assess staff to determine the level of training needed. The project manager will: • LI Define the needs and specifications for the project. EMR Implementation Project Team Members Ed Because of the implementation of an EMR/EHR system requires time. and closing. reference cards. st DO EMR Hosting Options EMR Hosting Options There are two main EMR or EHR hosting options available for system implementation. such as an online wiki. the team must be chosen carefully. The team should include key roles that will can contribute to the system design. • NO Regularly document issues. n • For large-scale implementations. ru • T Report progress made to the appropriate individuals. and can represent their job functions respectively. planning. and tasks completed. • Use appropriate project management software tools. TE Project Management Principles or CA Project Management Solid project management principles help the EMR and EHR implementation staff manage the Principles phases of an EMR rollout project such as initiating. A change control process should be put in place to manage system changes appropriately. • Use good communication practices. create and distribute resources to support staff members and users of the system. or in the different project phases. and an EMR help desk support system or team. ct P • Plan and develop a strategy for how to accomplish the work in the project. executing. and training. progress. implemen- tation.LESSON 5 Phase Description Training Create an EMR training plan for all affected clinicians and staff: • Identify workflow changes that will require re-training of existing staff. o Post implementation A post implementation review is conducted to determine that the system has been implemented properly to meet the goals and objectives that were iden- tified in the planning phase. monitoring. Future updates and system changes may also be iti identified at this phase.

• A significant increase in hardware and implementation support. • An application-based client is used when the EMR or EHR application is installed on workstations. Advantages include: n • Technical issues are managed by the service provider. Client-server In a client-server environment. The infrastructure used to provide the ASP service is already HIPAA compliant. Advantages include: • Quick application response times. • It is cheaper to implement that the client-server environment. o • It provides easy remote server access and computing capabilities. st • A terminal. In Lesson 5: Providing Medical IT Support 147 . A system that is hosted remotely in the cloud. the hardware and application is onsite within the medical facility. Ed • Accountability issues with vendors can lead to data loss. • Data can be managed by medical personnel. or remote-access client connects to either a server or the Internet to access DO EMR or EHR applications. • Maybe processing speeds are slower because the Internet is used to access records. This option involves pur- vider (ASP) chasing an EMR/EHR managed service from a vendor. LESSON 5 Option Description Application service pro. LI • In-house control of data can lead to issues with unauthorized access and ct possible theft of hardware. • Customization options may be minimal. Disadvantages include: • Over time the cost may increase and could eventually be just as expen- iti sive as the client-server option. or CA Disadvantages include: • Initial implementation cost can be substantial. TE • Internet access is available. because the number of machines is minimal. The server is usually managed by the practice IT department. P DU EMR/EHR Clients ru T There are three general client types used to provide access to EMR or EHR systems: EMR/EHR Clients • NO A browser-based client is used when the EMR or EHR system is ASP hosted.

This enables a more n standardized approach to managing medical records. Environment Size Considerations Ed Environment Size It is extremely important to take into consideration the size of your organization and what Considerations affect it will have on your IT support team when implementing an EMR or EHR system. and so forth to structure iti data that can be communicated and understood amongst different systems. while others are better suited for a large orga- TE nization like a hospital. o Example: HL7 Structured Data HL7 is an example of structured data in an EMR or EHR system. as you implement and roll out the solution. The struc- ture is inherent within the system. numeric fields. then they could potentially receive anywhere from $2. and it is important to consider this at all phases of the process: as you determine which solution is the best for your specific organization. and then classified into a type and stored accordingly. segments. and promotes consistency between multiple medical providers. if there is enough staff. like a private practice. Beyond that. HL7 uses messages. fixed lengths for codes. Government has started offering incentives for physicians who implement an EMR by a certain date and can ct P demonstrate “meaningful use” of an EMR system. it is also important to determine. Once practices have qualified for the gov- ernment incentives. ru The Software Vendor Selection Process T When selecting a software vendor to provide your EMR and EHR services.000 to $18. to support the implementation of the system.000 in DU Medicare and Medicaid reimbursements per eligible provider per year. Structured data is iden- tified by a data model. data types. given the size of the environment and the scope of the solution. st DO In 148 CompTIA® Healthcare IT Technician (Exam HIT-001) . LESSON 5 Structured Data Structured Data Definition: Structured data is data that fits into a well-defined data model. there are many NO The Software Vendor Selection Process factors to consider. EHR or EMR system data is best stored and managed if it is structured. especially in IT. or Funding CA LI Funding EMR and EHR implementations are costly and should be planned carefully. Different solutions may be better for smaller organizations. and how you will maintain and support the system once it is in place.

This phase includes: • Evaluation of the all options provided by the software vendor. T • Reference checking and visits to sites where the vendor’s product is NO already installed. • Agreement on the implementation timeline and phases. iti • Storage space limitations. wants. • Creating the service-level agreement (SLA). ct Vendor evaluation In most cases. LESSON 5 Phase Description Needs Basic needs for any medical environment must be met by the software application. Most practices will require a request for proposal (RFP) to carefully document and identify all software requirements for their practice. Negotiation The negotiation process can be tedious and long. then further needs assessment plan- ning must be done. st DO • Establishing customer support requirements. • Data types supported. If the needs are more specific and do not Ed fall into the basic needs category. • Data conversion services. In Server Storage Space and Limitations When installing an EMR/EHR environment. • Demonstrations of software from all potential vendors. Requirements Provide all potential vendors with your requirements to verify that the software capabilities meet your needs. This may include: • Vendor installation requirements and limitations. or CA • Practice needs vs. This phase involves: • Creating a payment schedule. There are a number of factors that should be negotiated between the vendor and the medical facility: Lesson 5: Providing Medical IT Support 149 . • Medical environment infrastructure requirements. • Researching training options for users. or a client-server in-house implementation. n • Prescription management. • Lab ordering and management services. Any software that is certified by the Certification Commission for Health Information Technology (CCHIT). ru • Usability testing with medical infrastructure. o • Data collection requirements. a consultant will be helping you with the process of P evaluating and identifying the right software vendor to meet your spe- DU cific needs. This includes: • Billing. Hosting You must decide which hosting option suits your needs and meets the identified requirements. you must consider the specific needs of a medical facility’s application and storage needs. • Scheduling functionality. Hosting options include either a cloud-based LI ASP implementation. TE • Product limitations and benefits. will meet most of the basic needs of a EMR application.

150 CompTIA® Healthcare IT Technician (Exam HIT-001) . • The vendor’s financial stability. • Wireless offers more portability with devices. • Number of years’ experience offering the service or product. as well as iti certifies health record technology. due to easy system component replacement. • Vendor support services. For more information visit www. • Replace slow or outdated devices that may not be able to handle running the EMR or In EHR application. • Secure all hardware components and systems properly per HIPAA regulations. • LI Number of current clients using the service/product. • Vendor references. n • The number of locations supported by the EMR/EHR environment. RFPs typically contain: • Product versus system requirements. • The number of patients managed by the practice. There are also a number of factors to ensure that the system requirements will meet the future needs of the practice: • The number of physicians in the organization. This may include a hardware vali- DO dation from the vendor.LESSON 5 • Type of data stored on servers. st • Verify that the vendor hardware requirements are met. but can be more expensive to maintain due to limited battery life and potential for damage due to the handling of devices. TE • Availability of documentation. • The amount of legacy data being transferred into the EMR/EHR system. ct P DU EMR/EHR Hardware Considerations Hardware Considerations The hardware chosen to provide the EMR or EHR software is one of the most important deci- ru sions made in the implementation process.cchit.org/ RFPs A request for proposal (RFP) is an invitation for vendors to submit a plan and bid for the delivery of a product or service. • Wired implementations end up being less expensive and are easier to maintain. or CA • Availability of source code. Invitations to respond to an RFP are generally Ed offered to as many vendors as is possible so as to best determine the most cost- effective solution. There are a number of requirements and factors that T should be considered: NO • Determine the required and recommended hardware specifications for both the EMR and EHR servers hosting the application and the client computers before purchasing any hard- ware. o CCHIT The Certification Commission for Health Information Technology (CCHIT) is a not-for- profit organization that promotes the adoption of healthcare IT systems. • Specifications for user acceptance testing.

Before installing any secondary applications. The entire project should be tracked so any parallel activities. you must understand how data is used within secondary software programs. The Implementation Process The process consists of four general phases. n Secondary Software Dependencies EMR and EHR systems may store many different types of files such as scanned documents. both scheduled and unscheduled. Some implementa- tions may be done in stages or phases. depending on the size of the medical facility or st DO facilities. The Implementation Process In Once you have selected your EMR or EHR vendor. and the transition from tradi- CA tional medical record processes to an EMR or EHR system may result in many different interoperability issues. and configuration may affect the choice of hard- ware components. For example. ultrasound machines usually have a software interface for the technician to capture. Additionally. Careful TE Interoperability with Legacy planning and testing must be done at the beginning to work through all issues before the Systems installation occurs. and may require newer hardware to be purchased to meet these requirements. how it will be accessed and what software is needed. In P the end. such as bill- ing and scheduling. number of locations. For example. it may be more cost-effective for some organizations to purchase newer hardware with DU a current operating system versus spending money to upgrade older systems. milestones. so another pro- gram may be needed for a specialist to view and submit diagnosis information. o Secondary Software graphical data. Interoperability with Legacy Systems Legacy systems and hardware must be evaluated before the EMR implementation. and target dates are tracked and documented all in one place and can be systematically reviewed and adjusted as the project moves forward. Lesson 5: Providing Medical IT Support 151 . • System downtime procedures. Some legacy systems and resources will or remain in place even after the EMR or EHR system is in place. Ed diagnose. • Backup guidelines and procedures will need to be determined and established. processes. and record information. that may not be compatible with a newer system. Implementation Strategies ru T An EMR or EHR implementation is a huge undertaking and can take several months to a year Implementation Strategies NO or more. personnel. and maybe even some voice data. such as where data will be accessed from. will need to be deter- mined and established. many offices use vendor-specific applications. When applications are installed on user workstations for viewing and possi- bly amending any EMR related files. then the installations must meet the EMR and EHR iti vendor specifications. the implementation process can be started. to limit post-installation downtime. Secondary software programs may be needed Dependencies to view these files. be sure to verify all vendor specifications and recommendations. This program is usually device dependent. LESSON 5 • Environment size. The hardware used LI within a medical facility should be of commercial quality and able to run EMR applications ct and services. require- ments.

Placement of servers. Installa- tion steps include: n • Secure servers. • Onsite training may be held when this is more convenient for clinicians and staff. In this scenario. safely to the EMR system. Ed • Data is imported into the EMR by the EMR vendor. • Install and configure network security devices. where it can get expensive to send everyone to a training class or facility. Training Training of key personnel is a crucial phase of the EMR implementation. Some environments may require a staggered rollout schedule. o Data conversion This phase of the EMR implementation involves converting demographic data and clinical data. This provides the EMR support staff with the opportunity to fix issues and test the envi- In ronment before implementing at the satellite medical facility locations. This CA method can be effective in large practices. In this phase the location for hardware should be assessed and prepped for ronment delivery. Workflows Standardize workflows and processes within the system. ru T NO Timing and Scheduling of Rollout Events Every EMR implementation must have a plan to roll out the EMR within the targeted environ- st Timing and Scheduling of DO Rollout Events ment. There are a number of steps in data conversion: iti • The data must be extracted from the legacy system. workstations. and can be a LI cost effective way to train a large number of users quickly. there are a number of methods used to deliver the training to TE new users: • Train the trainer. • Web-based training may be offered by some EMR vendors. and how they will be using the system while supporting patients. ct • Classroom-based training may be required when a more hands on P instructor led approach is needed. Existing processes and workflows should be updated and altered to align directly with the EMR system. In this phase. Many factors come into play when determining how the EMR system will be distributed among various healthcare environments.LESSON 5 Phase Description Prepare and install envi. • Data must be analyzed to verify that it can be imported into the new system. network devices and other components should be carefully planned and configured properly. • Data is filtered to identify errors or coding issues. This option can be effective when DU training specific job functions. 152 CompTIA® Healthcare IT Technician (Exam HIT-001) . The rollout schedule must be based on how the medi- cal staff will use the EMR. • Assign strong passwords to workstations. with the primary office being first. the vendor trains a select few and then or those individuals are responsible for training the rest of the users. if available.

How does the size of a medical environment effect the EMR implementation process? or The size can effect how the EMR system hardware is installed and distributed throughout CA the facility. and a terminal or remote access cli- ent. TE 2. Ed 1. It can also effect how the system rollout is completed and how much support will be needed. What phase of the process does this occur in? This occurs within the vendor evaluation phase when the practice needs are compared to the vendor’s offerings. They do not want to purchase additional computer equipment other than the ct P three workstations they use at the front desk. LI 3. n ACTIVITY 5-8 o Implementing an EMR/EHR System iti Scenario: In this activity. The office manager also does not want to have to hire an administrator to manage the system onsite. LESSON 5 Vacation and Patient Load Restrictions The IT professional may be responsible for communicating parameters around the tim- ing and rollout of the EMR/EHR system. What implementation DU option would best suit the needs of the small office? a) A client-server implementation ✓ b) An ASP implementation ru T NO 4. What are the three general types of EMR/EHR clients? A browser-based client. A small private practice is looking to move their traditional patient record system to an EMR. no approved vacations) and it is strongly suggested that there be a reduction in patient load. st DO In Lesson 5: Providing Medical IT Support 153 . During implementation there is a timeframe where all practice staff should be present in the office (e. Your medical practice is in the process of selecting a vendor for the EMR implementa- tion planned for early next year. You have been asked to take part in the demonstrations given by the top three choices. an application-based client. you will identify implementation steps for EMR and EHR systems. Be prepared to have this discussion with medical staff when planning implementation of the system.g.

IT departments will save time and money when issues arise and changes to existing systems LI must be made. to manage critical changes. iti TOPIC E Ed Change Control In the last topic. 154 CompTIA® Healthcare IT Technician (Exam HIT-001) . o e Training f. • Development environments. and quality. you worked through the stages of an EMR or EHR system implementation. In Change Control Environments Change Control Environments There are generally four different environments in which change control is applied. a Implementation c. Because of this. Purchase agreements are created. After implementation. d Post implementation e. implemented. or CA Uncontrolled change can cause many problems within an IT infrastructure. The scope of the EMR installation is determined. What phase of the EMR project lifecycle is described? b Planning a. NO controlled. both immediate and long-term. change is inevitable. you will identify components of change control and how to manage this process within a healthcare environment. time. an important ongoing task is managing change within the system. Technology will continue to evolve as computing becomes more portable and efficient. EMR resources are distributed to users of the system. By implementing and following appropriate change control processes and policies. LESSON 5 5. to limit changes based on necessity. The goal is to make sure that changes to any system or environ- ment are managed with the least amount of disruption to cost. and coordinated. f Configuration d. c Selection b. Processes are aligned with the EMR system. ct P Why Control Change? DU Why Control Change? Within the IT world. whose responsibilities include governing and organizing the manner in which changes will be requested. Goals and objectives are verified n against the EMR plan. In this TE topic. reviewed. st The Governance Board DO The governance board is made up of individuals from different departments who play a crucial role in deciding what changes will take place and how they will be imple- mented. Environment readiness is determined. Change must be controlled ru T and managed by a governance board. • Quality assurance and testing environments. it happens every day. approved or rejected. the healthcare envi- ronment must adapt to technological changes that affect workflows.

o • Establish a system patching and updates installation schedule. • Recognize that in some cases. to manage improvement changes to systems. It is important to control change in an EMR/EHR environment in a timely manner. • And. production/live environments. manage and plan for negative effects resulting from changes made. Why is controlling change of great importance in the healthcare environment? st Change control is important in the healthcare environment because you are dealing with DO important and sensitive information about a person’s health. • And. you will examine the different elements of change control. • Manage expectations from all users and departments. you should plan for all types of responses. to manage changes that arise from users. In Lesson 5: Providing Medical IT Support 155 . user testing. ✓ True DU False ru 2. Ed ACTIVITY 5-9 Examining Change Control TE Scenario: or CA In this activity. and in a way that will protect the security and validity of patient information. Change Control Considerations There are specific things to consider when implementing change within the healthcare IT envi- n Change Control ronment: Considerations • Plan for the potential reaction to change. What are the four environments where change must be controlled? T Development. LESSON 5 • User testing environments. quality assurance. including any negative reactions to the ct P updates. • Establish appropriate scheduling of change procedures and processes. and production live. when change occurs there is a loss. True or False? When considering how a system-wide EMR/EHR update will affect users. • Establish a systematic method to implement customization within a system. NO 3. LI 1. iti • Expect that needs must be met by all departments.

you identified tools and techniques for solving IT problems in the workplace. In this lesson. As an IT professional in the healthcare industry. 1. and how those tools and techniques can be used to solve IT issues specific to the n healthcare industry. software. and sys- tems. hardware.LESSON 5 Lesson 5 Follow-up As an IT professional working in the healthcare industry. 2. know when and who to ask for help when you need it. How is troubleshooting IT issues for the medical environment different from other IT troubleshooting jobs you may have experience with? o Answers will vary but may include: Dealing with sensitive information may make the stakes higher when troubleshooting IT problems for the healthcare industry. many of the day-to-day activities you will be performing require knowledge of industry-specific terms. you may not always have the knowl- edge or skills to troubleshoot every problem brought to you. TE or CA LI ct P DU ru T NO st DO In 156 CompTIA® Healthcare IT Technician (Exam HIT-001) . How can you handle this possible dilemma? Answers will vary but may include: Being aware of and accepting your limitations is Ed important when troubleshooting in the healthcare industry. The hard- ware and software environment in healthcare IT may be more complex and heterogenous iti than a standard corporate installation.

passwords. • TE Implement best practices for wireless security. or CA LI ct P DU ru T NO st DO In Lesson 6: Security 157 . you will integrate security best practices into your daily healthcare IT workflow. Ed You will: • Apply physical and logical security measures to mitigate against common threats. • Implement best practice security techniques for wireless networks. • Implement backup and disaster recovery plans for your organization. 30 minutes o Security iti In this lesson. • Manage remote access. LESSON 6 LESSON 6 n Lesson Time 2 hour(s). and PHI.

and IT technology basics in the medical workplace. IT in the medical work- place. starting with the physical and logical components of your network and your organization’s overall physical locations. n Increased use of IT in the medical environment carries a commensurate increased risk of secu- rity and privacy violations. This topic will provide you with an understanding of theses vital aspects so that you may better secure assets you are responsible for. Logical Security Definition: Physical security refers to the implementation and practice of various control mecha- nisms that are intended to restrict physical access to facilities. With a strong o understanding of the potential risks. In addition. tokens. data network interruptions. Standards are in place to ensure that only those with authorization have the ability to access information on a network or workstation. and passwords. Physi- NO cal security may be challenged by a wide variety of events or situations.LESSON 6 Introduction In the previous lessons. iti TOPIC A Ed Manage Physical and Logical Security There are many risks that can threaten your organization. you’ve learned about healthcare fundamentals. • Electrical grid failures. It involves particular authentication elements such as user IDs. A very important requirement to all of that is how to keep your data and devices secure. • Or. and how to mitigate against them. LI Physical vs. Staff that may be used to old methods could unintentionally expose patient data. • Personnel illnesses. TE you will identify the types of risks that are directed against the physical and logical resources in your organization and learn how to manage their security. 158 CompTIA® Healthcare IT Technician (Exam HIT-001) . In Logical security refers to software protection for systems in an organization. st • DO Fire. including: • Facilities intrusions. and fire suppression systems. This lesson will identify components of security in the IT medical workplace. you can demonstrate the value of IT security to uninformed individuals and organizations. data networks. or CA The basis of all IT security is controlling access to both physical assets and information. In this topic. or unscrupulous individuals could attempt to gain access to data. Logical Security ct P DU Physical vs. physical ru security involves increasing or assuring the reliability of certain critical infrastructure T elements such as electrical power.

Availability This is the fundamental principle of ensuring that systems operate continu- or CA ously and that authorized persons can access the data that they need. They can be internal. and military secrets. The servers are in a protected area of the hospital. Information available on a computer system is useless unless the users can get to it. or man made. ct P DU Common Security Risks ru There are many types of security risks that you should be aware of. iti Principle Description Confidentiality This is the fundamental principle of keeping information and communica- Ed tions private and protecting them from unauthorized access. Mariah has the code to unlock the door. Because these attacks depend on human factors rather than on technology. Radar images would be captured but LI not distributed to those who need the information. integrity. personnel records. The three principles work together to sup- port the goals of HIPAA. health records. tax records. Consider what would happen if the Federal Aviation Administra- tion’s air traffic control system failed. Social engineering attacks can come in a variety of methods: in person. She needs to check the perfor- mance of one of their servers. natural. Integrity This is the property of keeping organization information accurate. in the 1980s movie War Games. their symptoms can be vague and hard to identify. and without unauthorized modifications. Social engineering is often a precursor to another type of attack. free of errors. actor Matthew Broderick was seen modifying his grades early in the movie. through email. Common Security Risks T NO Risk Details Social engineering A social engineering attack is a type of attack that uses deception and trickery to st convince unsuspecting users to provide sensitive data or to violate security guide- DO lines. allow- ing her physical access to the server room. This is called the CIA triad. she will then need provide her logical security credentials to authenticate herself on the server using her n unique user name and password. For example. Lesson 6: Security 159 . the security of the organization is threatened. and only authorized users can gain access. Confidential information includes trade secrets. The CIA Triad o Information security seeks to address three specific principles: confidentiality. LESSON 6 Example: Security in a Hospital Server Room Mariah is a network administrator for a large hospital. If one of the principles is compromised. Once she is in the room. external. In Physical security Physical security threats and vulnerabilities can come from many different areas. This means that the integrity TE of his grade information was compromised by unauthorized modification. or over the phone. and availability.

or to a network. TE Phishing This is a common type of email-based social engineering attack. Environmental Environmental threats pose system security risks and can be addressed with specific o mitigation These threats include fire. but fake. or to somehow exploit the target system to gain access to the target system. such as server rooms. This second goal is meant to disrupt a company’s business or cause embarrassment due to data loss. the attacker sends an email that seems to come from a respected bank or other financial institution. or to specific areas. hurricanes and tornadoes. to a similar- DU looking. proto- iti cols. and files. typically an e-commerce site. Software Attacks against software resources including operating systems. keyboard. or any other area that has hardware or information that is consid- ered to have important value and sensitivity. Determining where to use physical access controls requires a risk/benefit analysis and must include the consideration of any regu- In lations or other compliance requirements for the specific types of data that are being safeguarded. extreme tem- peratures. They can control access to a building. finance or legal areas. ru T Physical Access Controls NO Physical Access Controls Definition: Physical security controls are security measures that restrict. motherboard. 160 CompTIA® Healthcare IT Technician (Exam HIT-001) . applications. Network Attacks that are targeted at the physical or wireless networks within an organiza- tion. and MySpace. to other systems. This can also include social network attacks that are targeted towards social networking sites such as Facebook. A similar form of phishing called pharming can be done by P redirecting a request for a website. In a phishing attack. Social Security number. The goal of a network attack is to retrieve sensitive data. and monitor access st to specific physical areas or assets. Example: Controlling Facility Access The main entrance in a hospital has a visitor center with a receptionist to log and monitor visitors as they come and go. network cable runs. A second goal of a hardware attack is to make important data or devices unavailable through n theft or vandalism. website. floods. to equip- DO ment. Twitter. The email claims that the recipient needs to provide an or CA account number. and extreme humidity. or attempt access to systems and services within the network. There is also a security guard on duty in the main lobby. or smart card reader. One goal of a hardware attack is the destruction of the hardware itself or acquisition of sensitive information through theft or other means. Legitimate financial institutions never solicit this informa- ct tion from their clients. network cabling.LESSON 6 Risk Details Hardware A hardware attack is an attack that targets a computer’s physical components and peripherals.” Ironically. detect. The goal of a software attack is to disrupt or disable the software running on the target system. Individuals should never provide personal financial information to someone who requests it. whether through LI email or over the phone. the phishing attack often claims that the “account verification” is necessary for security reasons. data centers. including its hard disk. Many software attacks are designed to surreptitiously gain control of a computer so that the attacker can use that computer in the future. often for profit or further malicious Ed activity. or other private information to the sender in order to “verify an account.

For example. a disgruntled individual may choose to exact revenge by deliberately cutting fiber optic or cables. • Electronic door locks use an access ID card with an electronic chip or token that is read by the electronic sensor attached to a door. Man-made Whether intentional or accidental. or cipher locks. On the other hand. or areas within the facility that contain important computing assets should be protected against likely weather-related problems including tornados. an external power failure is usually beyond a IT specialist’s control iti because most medical facilities and practices use a local power company as their source of electrical power. • Hardware locks can be attached to a laptop. Ed Natural Although natural threats are easy to overlook. Buildings. people can cause a number of physical threats. Physical Security Threats and Vulnerabilities Physical Security n Threat and Vulnerability Description Internal It is important to always consider what is happening inside a medical facil- ity. Types of Physical Access zation’s physical environment. hurri- canes. use a keypad or dial system with a code or numeric combination to access a door. a backhoe operator may accidentally dig up fiber optic TE cables and disable external network access. CA LI Types of Physical Access Controls ct P There are a number of physical access controls available to ensure the protection of an organi. DO • Combination door locks. snow storms. or file cabinet to secure it from being opened or turned on. For example. especially when physical security is concerned. External It is impossible for any facility to fully control external security threats. LESSON 6 Physical Security Threats and Vulnerabilities Physical security threats and vulnerabilities can come from many different areas. they can pose a significant threat to the physical security of a medical facility. rooms. risks posed by external power failures may be mitigated by implementing devices such as an Uninterruptible Power Supply (UPS) or a generator. However. For example. In • Biometric door locks are commonly used in highly secure environments. disgruntled o individuals may be a source of physical sabotage of important security- related resources. DU Controls Physical Security Con- ru T trol Description NO Locks There are a number of different locks that can be used to restrict unautho- rized access to information resources: • Bolting door locks are a traditional lock-and-key method that requires a st non-duplicate policy for keys to access a door. hard drive. This method uses an individual’s unique body features to scan and iden- tify the access permissions for a particular door. and floods. Man-made threats can be internal or external. Lesson 6: Security 161 .

TE Security guards Human security guards. access This method requires all visitors to sign in and out when entering and leav- ing the building. o • Contact within the organization. but should include the following: n • Name and company being represented. This decreases the risk of unauthorized individuals gaining access to the building. one single entry point should be used for all incoming visi- iti tors. They can monitor critical checkpoints and or CA verify identification. All video recording should be saved and stored in a secure environment. A badge can also include a picture or some other identification code for a second authentication factor. This system also requires T that one person enter at a time. provide identity information about the bearer. Surveillance Video or still-image surveillance can be put in place to deter or help in the prosecution of unwanted access. Logging requirements will vary depending on the organization. NO This system typically requires two separate authentication processes. These systems can be placed inside and outside the building. and other times while they are con- ru fined to the secure area between the two doors. armed or unarmed. time of entry. They also provide a visual deterrent and can apply their own knowledge and intuition to potential security breaches. can be placed in front of and around a location to protect it. ct P Mantrap doors A mantrap door system. st DO In 162 CompTIA® Healthcare IT Technician (Exam HIT-001) . LI Bonded personnel Contracted services personnel.LESSON 6 Physical Security Con- trol Description Logging and visitor Logging should be used at all entrances that are open to the general public. such as swipe cards or security cards. such as cleaning services. An individual enters a secure area DU through an outer door. • Date. and log physical entry occur- rences. which is then checked against an appropriate access list for that location. The cards can be used along with a proximity reader to verify Ed identification and grant access. should be bonded to protect an organization from financial exposures. Badges should be required for all employees and should be visible at all times. and time of departure. An individual’s identity is sometimes verified before they enter the secure area through the first door. • Reason for visiting. with the second one being done while the authenticated person is isolated inside a reinforced enclosure. The outer door must be closed before an inner door can open. Identification systems Badges. When possible. allow or disallow access. also referred to as a deadman door. is a system with a door at each end of a secure chamber.

a hand geometry scanner. should not have windows or be visible from the outside of a building. Considerations Lesson 6: Security 163 . or closets. it is best to combine this type of authentication with a password or PIN. Alarms Alarms activated by an unauthorized access attempt require a quick or CA response. • Intermediate Distribution Frame (IDF) systems store networking hard- ware and provide networking services to local area networks within a medical environment. Ed • A Main Distribution Frame (MDF) is a hardware rack that holds net- working equipment to provide connections from public lines coming into the physical building. • Backup storage areas or systems. o • Servers must be kept out of public areas in a medical environment and should be kept in a secured room. T Biometric Authentication Tokens NO Biometric user data can be scanned and encoded once and then stored on a chip on some form of portable electronic security token such as a smart card or a digital keyfob. the user presents the token instead of submitting to another st DO biometric scan. Common medical areas to physically secure include: n • Offices usually contain Personal Health Information (PHI) materials and other computer equipment that can be used to access the Electronic Medi- cal Record (EMR) or Electronic Health Record (EHR) system. These systems are usually located in designated IDF rooms. or at least to include a user photograph on the card for visual confirmation of the user’s identity. This can involve a fingerprint scanner. a retinal scanner. Because the token could be lost or stolen. As biometric authentication becomes ru less expensive to implement. In Physical Security Considerations Hardware placement and the hardware environment are important to consider when implement. This creates a more secure barrier from the outside. LESSON 6 Physical Security Con- trol Description Physical barriers The location of highly secure resources. To authenticate. These responding individuals may trigger access control devices in the facil- ity to automatically lock. Locally stationed security guards or police may respond to alarms. • Data closets should be kept secured with a lock. Physical Security ing your physical security systems. it is becoming more widely adopted. These locations should be secured using door locks or other physical secu- TE rity controls. LI ct P Biometrics DU Biometrics are authentication schemes based on individuals’ physical characteristics. to all the IDFs located throughout the medical facility. or other physical secu- iti rity method to prevent unauthorized access to PHI data and materials. generally from the Internet Service Provider (ISP). such as a server room. or voice-recognition and facial-recognition software.

copiers. scanners. such as Wireless Access Points (WAPs). encased in a waterproof and DU climate-controlled box.LESSON 6 Physical Security Considerations IT hardware location The location of IT hardware must be considered when determining how to implement physical security controls. Considerations include: n • What floor is the hardware located on. as well as provide electricity to the medical facility during a power outage or disaster. st security precautions must be documented and distributed to all person- DO nel working within the medical facility. powered by a dedicated circuit. and printers in a secured location that the general public cannot gain access to? iti • Are network hardware components. LI • The main control panel for an organization’s alarm system should be protected and secured from any type of exposure. and copiers all need to be secured physically from unauthorized access. printers. and be accessible by the fire department. • Various fire detection systems are used to identify the threat of a fire ru • Fire suppression systems extinguish fires using special gases in areas T with a large number of computers or servers. Servers. • Security lighting should be installed in all medical facilities to pro- vide necessary lighting in the event of an emergency or disaster. and pro- grammed to function by zone within an organization. is that floor secured from unauthorized access? • Are all the servers located in a single server room with a secured o door? • Are the office scanner. so safety procedures are followed by all staff. NO Personnel The general safety and concern for personnel working within a medical facility must be considered when implementing physical security con- trols within the environment. In the event of an environmental disaster. such as humidity and temperature control. The panel must be ct P in a separate location and protected from unauthorized access. secured throughout the facility? Environmental controls There are certain environmental controls that can be implemented to help control a facility’s physical environment: Ed • An HVAC system controls the environment inside a building. In 164 CompTIA® Healthcare IT Technician (Exam HIT-001) . network hardware components. or CA • Generators or UPSs should be installed to protect computer systems. • Hot and cold aisles may be used to control temperatures in data cen- ters and server rooms. TE • EMI shielding is used to prevent electromagnetic transfers from cables and devices by creating a conductive material protective bar- rier.

When it is not practical to fight n these fires with small extinguishers or to douse fires with water. To satisfy each requirement. then special gases should be used to extinguish fires in areas with a large number of computers or serv- ers. but is otherwise maintained as the official back-up extinguisher. Logical access controls can also be policies and procedures to manage the protection mechanisms in place. organizations are outfitted with both. even though gaseous systems often provide more appropriate protection for computer equip- ment. and information. the sprinkler system will then acti- iti vate. The best practice is to contact your local fire authorities when designing a fire suppression system. Logical Access Controls Ed Definition: Logical Access Controls Logical access controls are protection mechanisms used to identify. and the chemicals used in the machines may emit toxic substances during fires. small fires may be extinguished using hand-held fire extinguishers. Their elements admin- ister access control for computer systems. Here is what occurs: if the gas system does not suppress the fire. These systems must be placed in the appropriate locations within a facility and should be inspected regularly. and authorize access to computers and their corresponding systems. In some cases. They can vary from being embedded directly in an operating system. In Lesson 6: Security 165 . or CA Example: LI ct P DU ru T NO st DO Figure 6-1: A password policy is a logical access control. local jurisdictions mandate water-based fire extinguishing systems. programs. to specific applications TE that are designed to manage access. authenticate. The damage done to computing systems is extremely expensive. LESSON 6 Fire Suppression Systems Fires in computer facilities are especially dangerous. processes. o Frequently.

there are four general levels of permissions that can be assigned to different user roles based on their access needs. T • Write. and assign the rights and permissions to the user groups. st DO In 166 CompTIA® Healthcare IT Technician (Exam HIT-001) . to create. CA LI Permissions ct P DU Permissions A permission is a security setting that determines the level of access a user or group account has to a particular resource. this is an inefficient security practice. • And. change. ru • Read. to change contents and attributes of information. NO • Modify. the users can be placed in groups with the appropriate security configuration. o Example: iti Ed TE or Figure 6-2: Security users and groups. to view information only. to create information. However. As individual users’ needs change. full access. and delete items.LESSON 6 Security Users and Groups Security Users and Groups Definition: Rights and permissions can be assigned to individual user accounts. In many IT systems. It is more efficient to create groups of users with common needs. because so many permission assignments must be dupli- cated for users with similar roles and because individual users’ roles and needs can n change frequently.

a medical doctor role will be able to place an order. Encryption Encryption is a process in which information is transcribed into an unreadable form by anyone Encryption who does not have the encryption code. The private key is used to decrypt the code. shared-key. The key must be securely transmitted between the two parties prior to encrypted communications. It is the most secure type of encryption because it won’t leave out anything that may have been forgot- ten during a manual encryption. LESSON 6 o n iti Figure 6-3: Permission levels. but is vulnerable if the key is lost or compromised. This is done manually by the user by choosing the files that need to be encrypted and LI then choosing the encryption type from the designated security system. Lesson 6: Security 167 . Ed while a technician role cannot. Asymmetric encryption This is a secure and easy way to encrypt information that you will be receiving. For example. Most EMR and EHR systems maintain role-based profiles that determine the overall user func- tionality within the system. ru T Symmetric encryption A two-way encryption scheme in which encryption and decryption are both performed by the same key. DU Transparent encryption A type of computer software encryption that can be downloaded to a com- puter to automatically encrypt everything. and DO private-key encryption. There are several types of encryption that can be uti- lized to protect information. and is gener- ally only available to the one person who holds the key. Symmetric encryption is rela- tively fast. There are two encryption keys used: a public one and a private one. TE or CA Encryption Type Details Manual encryption Computer programs that will encrypt pieces of information. Some of the st common names for symmetric encryption are secret-key. The public key is given to whomever you want or you can post it for In the public to see. The key can be configured in software or NO coded in hardware. This is beneficial for personal computing because users can encrypt personal files ct P in the best suitable way.

This is generally given only to the email address user. encryption is used. File Transfer Protocol (FTP) sites. or by using Voice over IP (VoIP) software.S. smartphone. Storage encryption Storage encryption is used to encrypt and decrypt data on storage devices. Triple DES A symmetric encryption algorithm that encrypts data by processing each (3DES) block of data three times using a different key each time. 192-. To ensure that the PHI data is secure. such as hackers. dard (AES) government as its encryption standard to replace DES. Emails can’t be read by others. Rijndael was one of five algorithms considered for adoption in the AES contest conducted by the National Institute of Standards and Technology (NIST) of the United States. The first is when an email provider is the only one to decide who gets the private key. fax. it then encrypts that ciphertext with another key. and accessed.LESSON 6 Encryption Type Details Email encryption Email encryption commonly uses asymmetrical encryption methods. It first encrypts st DO plaintext into ciphertext using one key. 168 CompTIA® Healthcare IT Technician (Exam HIT-001) . instant message chat o applications. and it last encrypts the second ciphertext with yet another key. Communication encryp. The short key length makes DES a relatively weak algorithm. Advanced A symmetric 128-. Communication encryption is used to secure PHI information that may be tion shared with authorized individuals by email. Two methods are used to encrypt email. In many cases. The AES algorithm is In algorithm called Rijndael (pronounced “Rhine-dale”) after its creators. there will be PHI data stored on a number of different devices within a medical environment. tographers Joan Daemen and Vincent Rijmen and adopted by the U. Storage devices used within the medical environ- Ed ment that should utilize encryption include: • Flash drives • Desktop computers • Laptops • Secure Digital (SD) cards • External drives TE • Servers • Network-Attached Storage (NAS) or CA • Storage Area Networks (SANs) LI Encryption Algorithms ct P Some algorithms are used for symmetric encryption. over the phone. shared. The second method allows the user to control who gets the encryption key. All these communication methods should have encryption configured for data that is iti transmitted. or 256-bit block cipher developed by Belgian cryp- Encryption Stan. DU Symmetric Algorithm Description ru T Data Encryption A block-cipher symmetric encryption algorithm that encrypts data in 64-bit NO Standard (DES) blocks using a 56-bit key with 8 bits used for parity. n thus allowing others to read encrypted emails with the private key. collaboration sites.

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is a secure version of HTTP that sup- ports web commerce by providing a secure connection between a web browser and a server. the entire SSH session. HTTPS uses SSL to encrypt data. Microsoft® Windows® does not offer native support for SSH. and to external storage devices. In addition. SSH is the preferred protocol to File Transfer Pro- tocol (FTP) and is used primarily on Linux and Unix systems to access shell accounts. Uses for Encryption dentiality by protecting data from unauthorized access. It is commonly used within EMR and EHR systems to secure communications between server storage systems to workstations. LESSON 6 Encryption Protocols and Utilities There are a number of encryption protocols and utilities used to secure data. The encrypted key is sent with the email. It supports non- T repudiation. PGP also uses pub- lic key cryptography to digitally sign emails to authenticate the sender and the contents. st DO In Lesson 6: Security 169 . is encrypted using a variety of encryption methods. Virtually all web browsers and servers iti today support HTTPS. Encryption is used in many access control mechanisms as well. It supports integrity because it is ru difficult to decipher encrypted data without the secret decrypting cipher. can connect o securely to an SSL-enabled server. Protocol Description n SSL Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with public key data encryption. SSL is a server-driven process. Encryption enables confi. including authentication. To ensure security. An SSL-enabled web address begins with the protocol iden- tifier https:// SSH Secure Shell (SSH) is a protocol used for secure remote login and secure transfer of data. any web client that supports SSL. PGP Pretty Good Privacy (PGP) is a publicly available email security and authentication TE utility that uses a variation of public key cryptography to encrypt emails: the sender encrypts the contents of the email message and then encrypts the key that was used or to encrypt the contents. including all current web browsers. SSH consists of a server and a client. but it can be implemented by using a third-party tool. LI ct P Uses for Encryption DU Encryption is used to promote many security goals and techniques. because only parties that know about the confidential encryption scheme can NO encrypt or decrypt data. some form of encryption is employed in most authentica- tion mechanisms to protect passwords. and the receiver CA decrypts the key and then uses the key to decrypt the contents. Most SSH clients also implement login Ed terminal-emulation software to open secure terminal sessions on remote servers. to email.

ru T Removable Media Considerations NO Removable Media Removable media can be very useful. a. Double-click the Using File Encryption executable file. DO Steps to Follow Details In Security policy Initiate a security policy for your employees to set expectations and man- agement of such devices. can be easily lost. Use file encryption. o Scenario: You are the support person in a small. but due to their small size. Browse to the C:\HCIT\Simulations\Lesson 6\Using File Encryption folder. You can run this simulation on any Windows computer. Close the C:\HCIT\Simulations\Lesson DU 6\Using File Encryption folder. In the Open File . click Run. Ed What You Do How You Do It 1. thus caus- Considerations ing the potential for a serious security threat to your organization.Security Warning mes- CA sage box.LESSON 6 ACTIVITY 6-1 Using File Encryption n This is a simulated activity that is available on the CD that shipped with this course. 170 CompTIA® Healthcare IT Technician (Exam HIT-001) . To minimize the risk of st exposing PHI on these devices you should follow several steps. Follow the on-screen steps for the simula- LI tion. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 6\Using File Encryption folder and double-clicking the executable (.exe) file. Make sure your employees read and sign the policy. ct P e. and wants to protect the information in the event that his laptop is ever lost or stolen when he is on the road. d. family-owned business that uses a workgroup-based iti Windows 7 Ultimate network. TE or c. b. One of your sales representatives is gathering confidential infor- mation about a prospective client. The activity simulation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one.

you are informing them about the implications that exist. n Encryption There are solutions available to protect data on removable media device types. Don’t just impose controls without explaining them otherwise users may ignore them.″ erasing and corrupting data on the user’s computer or performing other destructive or annoying operations. Audit and measure By running regular audits. Once the code is trig- gered. the logic bomb ″detonates. or performs other destructive or annoying tasks. Types of Malicious Software TE Malicious Software Type Description or CA Viruses A virus is a piece of code that spreads from one computer to another by attach- ing itself to other files. Control Implement control solutions for removable devices that will allow you control over what devices can or cannot be connected and what execut- iti able files can and cannot be run. Ed Types of Malicious Software There are several major types of malicious software. LESSON 6 Steps to Follow Details Education By educating your employees about the importance of security and data protection. Products are fast and trans- o parent. ru Trojans A Trojan. is malicious code that masquerades as a harmless T file. ct P Worms A worm is a piece of code that spreads from one computer to another on its DU own. a worm can corrupt or erase files on your hard drive or perform other destructive or annoying opera- tions. when the file to which it was attached is opened or executed. When a user executes the Trojan. The code in a virus corrupts and erases files on a user’s computer. such as a specific date. you can find out who is using removable media and if they are following policies and procedures set in place. or Trojan horse. They automatically encrypt data loaded onto devices and access is granted only to users who have the password. it NO can perform damaging or annoying operations. it can continue to masquer- ade as a legitimate program. Like a virus. while in the background it captures input from the user and transmits the data to an attacker. The term “virus” is often used as an umbrella term to refer to many types of malicious software. thinking it is a legitimate application. not by attaching itself to another file. Viruses and other types of mali- LI cious code are frequently introduced via email attachments. thus not disrupting real-time work. These encryption solutions can be managed by the IT department. Or. Logic bombs A logic bomb is a piece of code that sits dormant on a user’s computer until it st DO is triggered by a specific event. In Lesson 6: Security 171 .

which is why it is often considered to be a type of malicious software. Hoaxes can be relatively benign. Spam In the electronic world. clogging communications systems and LI annoying other recipients. The user is often o unaware that the adware has penetrated the system. Some monitoring software can detect port scans. and impedes email system performance by filling up email servers’ storage areas and generating excessive network traffic. Spamming creates nuisance conditions by filling user mailboxes with Ed unwanted messages. The adware can run in the background and collect data about the user in order to present customized advertisements. Although not technically software. Rather than validating the information. spam is generally taken to mean unsolicited commercial email. Port scans can be easily automated. users often react by DU following instructions in the hoax that might cause system damage or introduce further malicious software. n • Adware is unwanted software loaded onto a system for the purposes of pre- senting commercial advertisements to the user. A joke program that makes the computer screen image vibrate or a drive door open or shut would be a form of grayware. spam travels via email software. Although not technically software. so almost any system on the Internet will be scanned almost constantly. hoaxes often improperly alert users to the existence of unsubstanti- P ated virus threats. The adware itself can create annoyances or adverse system conditions. ru T Types of Network Attacks NO Types of Network Attacks There are a number of network-based attacks that can cause damage to your network. the main threat is from users who widely disseminate the hoax email. st DO Attack Description Port scanning A type of network attack where a potential attacker scans the computers and devices that are connected to the Internet or other networks to see which TCP In and UDP ports are listening and which services on the system are active. ct However. although electronic distribution systems facilitate their propa- gation. or they might happen without your knowledge. 172 CompTIA® Healthcare IT Technician (Exam HIT-001) . some hoaxes travel via email or software. Hoaxes A hoax is any message containing incorrect or misleading information that is disseminated to multiple users through unofficial channels. such as an email letter soliciting ″get well″ cards for a fictitious ill child. The adware can also function as spyware.LESSON 6 Malicious Software Type Description Malware There are generally three types of malware: • Spyware is unwanted software that runs in the background to monitor system activities and send collected personal user data to a third party. Hoaxes do not have TE to be electronic. In this case. or the adware can be a vec- tor for introducing other types of malicious software. iti • Grayware is a general classification for any unwanted software that produces harmful or annoying effects. which is why they are often considered to be a type of malicious soft- CA ware.

Session hijacking Involves exploiting a computer in session to obtain unauthorized access to an organization’s network or services. During the process. In most cases. Eaves- dropping is very hard to detect. or • Sending multiple service requests to consume a system’s resources. The attacker introduces unauthorized software P that turns the computer into a zombie or drone that directs the computers to DU launch the attack. unless you spot an unknown computer o leasing an IP address from a DHCP server. personal computers with high-speed connections can be compromised by malware such as viruses and Trojans. either to steal the content of the commu- nication itself or to obtain user names and passwords for future software attacks. Man-in-the-middle A form of eavesdropping where the attacker makes an independent connec- tion between two victims (two clients or a client and a server) and relays Ed information between the two victims as if they are directly talking to each other over a closed connection. A Distributed Denial of Service (DDoS) attack is a type of DoS attack that LI uses multiple computers on disparate networks to launch the attack from ct many simultaneous sources. including: • Flooding a network link with data to consume all available bandwidth. In Lesson 6: Security 173 . referred to as sniffıng. An attacker can then control all these compromised computers to launch a DDoS attack. causing the genuine messages to get bounced back to the sender. Peer-to-peer (P2P) Launched by malware propagating through P2P networks. passwords. Within a P2P network. or other authentication data. Denial of service (DoS) A type of network attack in which an attacker attempts to disrupt or disable systems that provide network services by various means. when in reality the attacker is controlling the information that travels between the two victims. or in some cases. uses special monitoring software to gain access to private network communications. Replay A network attack where an attacker captures network traffic and stores it for retransmitting at a later time to gain unauthorized access to a specific host or iti a network. replay attacks are never discovered. making it harder to st DO detect an attacker. both systems. TE • Sending data designed to exploit known flaws in an application. It involves stealing an active session ru cookie that is used to authenticate a user to a remote server and using that to T control the session thereafter. LESSON 6 Attack Description Eavesdropping Also. P2P networks typi- cally have a shared command and control architecture. On a wireless network. CA • Flooding a user’s email inbox with spam messages. This attack is particularly successful when an attacker captures packets that contain user names. an attacker needs a device capable of receiving signals from the wireless network. the attacker can view or steal information to use it fraudulently. On a wired network. Attackers can eavesdrop on both wired and wireless network commu- nications. The main intent in session hijacking attacks is NO to execute denial of service to either the client’s system or the server system. A P2P attack can be used to launch huge DoS attacks. the attacker must have physical access to the n network or tap in to the network cable.

Ed How to Manage Physical and Logical Security How to Manage Physical and Managing physical and logical security is the basis of all IT security. LESSON 6 Attack Description ARP poisoning Address Resolution Protocol (ARP) is the mechanism by which individual hardware Media Access Control (MAC) addresses are matched to an IP address on a network. • Set up surveillance to your server room so that you can keep track of who comes and goes and when. • Initiate a security policy to your employees to set expectations and management of such devices. Example: A healthcare company that uses a security policy to determine how employees can access the Internet and other network resources is employing an important logical security practice. If an attacker can access and modify the file. o Transitive access The access given to certain members in an organization to use data on a sys- tem without the need for authenticating themselves. then that will give transitive access to all data and programs to the attacker. or create a DoS condition by pointing the selected IP address at a non- existent MAC address. LI • Store backups elsewhere. Update the list every ru time there is a change in your organization. At this point. In • Educate your employees about the importance of security and data protection. T • Manage group and user accounts to ensure they only have rights to access the NO information they need. ARP poisoning occurs when an attacker with access to the target network redirects an IP address to the MAC address of a computer that is not the intended recipient. Properly secure any removable media when not in use. • Have a removable media policy in place and ensure that users have been trained st DO on and understand the policy. P • Make sure that users log off and lock all servers and workstations when they are DU not in use. Keep a set of backups offsite and make sure they are ct secure at the offsite location. Logical Security Guidelines: TE Some steps you might take to manage physical and logical security include: • Lock the server room. Ensure that there are locks on the doors and that the doors or CA are locked at all times. The information regarding the list of members that have transitive access is usually saved in a iti log or host file. • Maintain a list of employees and their access control rights. the attacker could choose to n capture and alter network traffic before forwarding it to the correct destina- tion. Therefore. Make sure your employees read and sign the policy. a transitive access attack is an attack that takes advantage of the transitive access given in order to steal or destroy data on a system. • Do not allow the use of non-approved external devices. 174 CompTIA® Healthcare IT Technician (Exam HIT-001) .

He is just running to his car and will be fast enough to ensure that no one else Ed will have a chance to enter the building. c Physical security b. extreme tempera- ru tures and extreme humidity. st DO c) Organizations should implement security policies but don’t need to train users to fol- low them. hurricanes and tornadoes. d Environmental threats d. floods. An attack that uses deception and trickery to convince unsuspecting LI users to provide sensitive data or to violate security guidelines. Leaving an otherwise locked door open allows anyone to enter the building and access systems and data. 2. Any employee gets to work and realizes that he forgot his laptop in the car. In or otherwise unusual. too good to be true. LESSON 6 ACTIVITY 6-2 Managing Physical and Logical Security n Scenario: In this activity. These can be internal. b) Users should immediately answer phone callers who make unusual requests. o What You Do How You Do It 1. Does this pose a security threat to the company? ✓ a) Yes. or b Social engineering a. TE 3. he props the door open with a rock so he won’t have to use his swipe card to get back in. ✓ d) Users should report possible attacks. Threats include fire. Lesson 6: Security 175 . ✓ e) Users should employ common sense. Upon exit- iti ing the building.) ✓ a) Do not give out passwords over the phone or in email. T 4. If anything sounds forced. external. you will discuss the ways in which you can manage physical and logical secu- rity. Why is it better to create groups instead of managing individual user accounts? Because so many permission assignments must be duplicated for users with similar roles and because individual users’ roles and needs can change so frequently. it is best to err on the side of caution. Match the type of security threat with its correct definition. b) No. natu- DU ral or man made. Which of the following are ways you can protect your environment from social engi- NO neering attacks? (Select all that apply. An attack that targets a computer’s CA physical components and peripherals. ct P a Hardware attacks c.

TE Method Details Security policies A security policy is a formalized statement that defines how security will be or implemented within a particular organization. By eliminating the threat. and expectations from the moment they walk through the door. no risk is present. In 176 CompTIA® Healthcare IT Technician (Exam HIT-001) . DO • Education. availability. practices. All implemented security measures should conform with the stated policy. and have an awareness of the potential threats to security. Threat Prevention Methods Ed Threat Prevention Methods An organization may take steps to eliminate threats through mitigation. and integrity of sensitive data and resources. Now you can start thinking of how to apply them to mitigate threats against your organization. including the network infrastructure. • Communication. avoidance is implemented. The lines of communication between medical staff and the st IT team must remain open. This topic will apply all the security measures to day-to-day scenarios to ensure your network is secure. IT professionals are often the ones responsible for educating employees and encouraging their compliance with security policies. How does it all work together to ensure your network is secure on a day-to-day basis? Lever- aging common best practices and mitigation techniques can discourage casual hackers and iti increase your organizations resiliency against more determined foes. Medical staff should be trained and educated in security proce- dures. applications. There are several methods to follow. There are three important components that work together in order to ensure proper employee ru security training: T • Awareness.LESSON 6 TOPIC B Implement Security Best Practices and Threat Mitigation Techniques n In the last topic. ct P User training Medical facility security plans can only succeed when all members of an organization understand the necessary security practices and comply with DU them. It often con- LI sists of multiple individual policies. In this o topic. and the physical environment. With no risk. It describes the means the orga- CA nization will take to protect the confidentiality. Users must understand the importance of information security NO and security policies. you will implement various security best practices. you identified some basic concepts of physical and logical security. physical and electronic data.

Some antivirus programs attempt to scan for unknown Ed harmful software. it is important for an organization to be able to properly n assess risk. When an organization changes its hardware. it risks the introduction of unanticipated con- sequences. There are many different ways end users can protect themselves against spammers. tection Internet email is a source of serious virus threats. Therefore. In addition to detection. ct P • If a virus attack is detected. and roll up and service packs. disabling all Internet connections and isolating DU affected systems. hotfixes. infrastructure. an organization can protect itself from potential adverse effects of hasty change. Companies can implement or Internet email virus protection by: CA • Screening the Internet gateway computers for viruses. By maintaining a documented change management proce- o dure.Because almost all computer systems today are connected to the Internet. Software updates Software manufacturers regularly issue different types of system updates that iti can include security-related changes to the software. LESSON 6 Method Details Change management Change management is a systematic way of approving and executing change in order to assure maximum security. These logs should be monitored to make sure that scans are taking place and ensure that infections are reported properly. Anti-spam solutions Spam detection has become an important task for end users. and other malicious st DO programs. to quantify the cost of training. and to properly weigh benefits against the complexity of a proposed change. stability. Detection ru can include an anti-spam filtering program that will detect specific words that T are commonly used in spam messages. maintenance. There is also specialized antispyware software you can install to protect against spyware threats. Antivirus software Antivirus software is a category of protective software that scans computers and sometimes networks for known viruses. support. LI • Scanning incoming email between the Internet and the email server. worms. or documentation. It is advisable to install anti-malware software on all computers to restrict user access control capabilities for downloading and installing applications. most antivirus software is capable of logging scan and detection information. In Lesson 6: Security 177 . Anti-malware solutions Consists of protective software that scans individual computers and entire enterprise networks for known viruses. and other mali- cious programs. Trojans. Some programs attempt to scan for unknown harmful software. These can include patches. • Scanning email again at the desktop. software. Trojans. and keep it updated according to your organization’s patch management policy. Other detection methods are used to block Internet Protocol (IP) addresses of known spammers or to pose an NO email address that is not in use or is too old to collect spam. • Employing good desktop antivirus software. or imple- mentation. It is advisable to install antivirus software on all computers. worms. and availability of information technology services. TE Internet email virus pro.

By configuring a Wireless Access Point (WAP) to filter MAC addresses. Those pre-approved clients are granted access n if the MAC address is “known” by the access point.vbs or . you can control which wireless clients may join your network. endpoint vulnerability assess- ment. and monitors the security infrastructure for signs of attacks in progress. and by educating yourself about how criminals use advanced net- work analysis tools and techniques to bypass the protections that are in place. CA LI Protecting Against Social Engineering ct P Protecting Against Social To protect against social engineering attacks. Through a series of phone calls. Typically. and hardware that govern access on device network interconnections. such as shoulder surfing. Once the NAC policy is determined. o and gain access to your network. Each implementation is unique. and IDS management software. the attacker obtains the phone number for remote access and the phone number for accessing the organization’s private phone and voice-mail system.LESSON 6 Method Details MAC filtering MAC address filtering provides a simple method of securing a wireless net- work. and network security enforcement. ru T Social Engineering Attack Scenarios NO These are a few typical social engineering attack scenarios: • An attacker creates an executable program file (for example. Security profes- sionals will deploy a NAC policy according to an organization’s needs based on three main elements: authentication method. it can also be used on wired networks. NAC provides an additional security layer that scans systems for conformance and allows or quarantines updates to meet policy standards. IDS An intrusion detection system (IDS) is a detection control system that scans. An IDS can comprise a variety of hard- TE ware sensors. Ed professionals must determine where NAC will be deployed within their net- work structure. and depends on an organization’s security or needs and the components chosen. iti policies. • An attacker contacts the help desk pretending to be a remote sales representative In who needs assistance setting up his dial-in access. a file with a . 178 CompTIA® Healthcare IT Technician (Exam HIT-001) . though: it is not difficult for someone with a little skill and know-how to change a MAC address. A note of caution. While MAC filtering is usually implemented on wireless networks. st DO The attacker then emails the executable file to the user with the story that the user must double-click the file and log on to the network again to clear up some logon problems the organization has been experiencing that morning. audits. falsely gain authorization using another computer.exe file extension) that prompts a network user for his user name and password. an administrator configures a list of client MAC addresses that are allowed to access the network. programmers should employ simple programming techniques that circumvent echoing passwords or prevent masking DU Engineering password entries with characters such as asterisks (*). You can help eliminate the risk of phishing by educating users. IDS software can also analyze data and alert security administrators to potential infrastructure problems. intrusion detection software. NAC Network Access Control (NAC) is a general term for the collected protocols.

and symbols. forbidden character strings. or read. o Social Engineering Awareness The most effective way to prevent damage from social engineering attacks is to educate users. too good to be true. • And. but it can also be directed against technical support staff if the attacker pretends to be a user who needs help. Social Engineering Targets n Social engineering typically takes advantage of users who are not technically knowl- edgeable. The unsuspecting user launches the executable. or otherwise unusual. such as a combination of letters. • Users should transfer phone callers who make unusual requests to a system operator. In Lesson 6: Security 179 . it is best to err on the side of caution. numbers. DU Strong passwords increase the security of systems that use password-based authentica- tion by protecting against password guessing and brute force password attacks. • Users should not give out passwords over the phone or in email. hear. particularly on the Internet. or Strong Passwords CA LI Definition: Strong Passwords ct P A strong password is a password that meets the complexity requirements that are set by a system administrator and documented in a security policy or password policy. such as the user account name or dictionary st DO words. LESSON 6 • An attacker sends an executable file disguised as an online greeting card or as a patch for an operating system or a specific application. above all. which might install email spamming software or a key- logging program. • Users should not comply with phone or email requests for personal or company informa- tion or access to company resources. iti Social Engineering Awareness Users must be able to recognize and respond to these attacks properly. • Organizations should implement security policies and train users to follow them. ru Password complexity requirements should meet the security needs of an individual T organization. or turn the computer into a remote “zombie” for the hacker. users must employ common sense. and can specify: NO • The minimum length of the password. • Required characters. TE • And. Ed • Users should report possible attacks. • Users should not automatically believe everything they see. If anything sounds forced.

180 CompTIA® Healthcare IT Technician (Exam HIT-001) . • Verify that once the user knows the password that they have destroyed the document that password has been written on. Best Practices and Threat you can ensure that your network and data will be secure. • Periodically scan your systems for vulnerabilities and unauthorized user attempts. TE • Never write down a password. • Never share your password with anyone. give it over the phone. or CA • And. • Ensure you have a strong password policy in effect. or put it in an email.LESSON 6 Example: o n Figure 6-4: A strong password. Password best practices should be followed: • Never include the password in or on same document as the user name or other identifying information pertaining to the user account. st DO • Log off systems when they aren’t being used. In • Ensure that access control has been applied to protect against malware. • Set a time-out feature for your systems so that they will lock if a user forgets to log off or lock it. iti Communicating Passwords Communicating Passwords It’s important that you communicate passwords in a secure fashion so they don’t fall into the Ed wrong hands. • Educate your users on basic security practices. or through an instant message conversation. LI How to Implement Security Best Practices and ct P Threat Mitigation Techniques DU How to Implement Security By following security best practices and knowing what techniques to use to mitigate threats. password reuse should be restricted within a medical environment when accessing multiple systems. Mitigation Techniques ru Guidelines: T These are some guidelines to follow for security best practices and threat mitigation NO techniques: • Make sure that systems are in secure areas and only authorized users can access them.

Double-click the Verifying Password Poli- cies executable file. You can run this simulation on any Windows computer. o ACTIVITY 6-3 iti Verifying Password Policies Ed This is a simulated activity that is available on the CD that shipped with this course. Follow the on-screen steps for the simula- tion. Verify the password policies. ct P DU b. She starts at the front entrance to the hospital. ru c. Before she goes to the next area.exe) file. She verifies that the greeter’s computer is secured behind the counter. n She also verifies that the time-out feature is set on the machine. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 6\Verifying Password Policies folder and double-clicking the executable (. or CA What You Do How You Do It LI 1.Security Warning mes- T sage box. you want to enforce the use of strong pass- words. since that is a busy area and usually has many visitors coming and going. In Lesson 6: Security 181 . Scenario: TE To support the security needs on your network. In the Open File . You decide to verify that the default password settings in Windows Server® 2008 require complex passwords. The activity simulation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one. st DO e. she posts a general security guidelines document next to the computer for the greeter to reference if she needs to in the future. click Run. LESSON 6 Example: Lee is an IT support technician for a large hospital and has been asked by her supervi- sor to verify that the guidelines of the hospital security policy are being followed. NO d. Close the C:\HCIT\Simulations\Lesson 6\Verifying Password Policies folder. and cannot be seen by anyone standing at the desk. and that a strong pass- word is required when logging on. or walking by. a. Browse to the C:\HCIT\Simulations\Lesson 6\Verifying Password Policies folder.

If you are not familiar with the technologies and systems.LESSON 6 TOPIC C Manage Remote Access n You’ve learned the types of risks that can be directed against the physical and logical resources in your organization and how to secure them. It can be used in synchronous and asynchronous connections. ct P Remote Access Protocols DU Remote Access Protocols There are a number of common protocols used to provide remote access to networks. Example: TE or CA LI Figure 6-5: A remote access connection. paving the way for secure authentication of remote users. You now need to consider security in connection to any employees who may work remotely. Remote access enables authorized users to access and use systems and services through a secure Internet connection. 182 CompTIA® Healthcare IT Technician (Exam HIT-001) . and is often used by clients to connect to networks and the Internet. Point-to-Point st Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over ATM DO (PPPoA) are more recent PPP implementations used by many Digital Sub- scriber Line (DSL) broadband Internet connections. PPP can dynamically configure and test remote network connections. whether it be from time to time or full time. o Remote access is a common way for workers and third parties to use IT systems. ru T Protocol Description NO Point-to-Point Protocol This is an Internet standard for sending IP datagram packets over serial (PPP) point-to-point links. iti Remote Access Remote Access Definition: Ed Remote access is the ability to connect to network systems and services from an offsite or remote location using a remote access method. you will be unable to effectively support these systems when needed. This topic will cover remote access technologies and how to support them. It also pro- In vides encryption for passwords. Its most common use is for dial-up Internet access.

n Layer Two Tunneling Pro. and data encryption services. LESSON 6 Protocol Description Point-to-Point Tunneling A Microsoft® VPN Layer 2 protocol that increases the security of PPP by Protocol (PPTP) providing tunneling and data encryption for PPP packets. ru Example: T NO st DO In Figure 6-6: A VPN. It uses the same authentication types as PPP. such as the Internet. An Internet-standard protocol combination of PPTP and Layer 2 Forward- tocol (L2TP) ing (L2F) that enables the tunneling of PPP sessions across a variety of network protocols. L2TP was specifically designed to provide tunneling and security interoperability for client-to-gateway and gateway-to-gateway connections. so L2TP employs IP Security (IPSec) Transport Mode for authentication. The IP packet. security. and Ed SSTP header are encrypted by the SSL session. frame relay. or CA VPNs Definition: A VPN LI A virtual private network (VPN) is a private network that is configured by tunneling ct through a public network. and confidentiality. and is the most widely supported VPN method among older Windows® clients. by using tunneling to encapsu- DU late and encrypt data. clients. PPP header. PPTP encapsulates any type of network protocol and transports it over IP networks. Secure Socket Tunneling This protocol uses the Hypertext Transfer Protocol over Secure Sockets Protocol (SSTP) Layer (HTTP over SSL) protocol and encapsulates an IP packet with a PPP header and then with an SSTP header. An IP header containing the destination addresses is then added to the packet. integrity. It is supported in all cur- rent Windows operating systems. or Asynchronous Transfer Mode o (ATM). such as IP. such as routers. L2TP has wide vendor support because it addresses the IPSec shortcomings of client-to-gateway and gateway- TE to-gateway connections. or servers. Lesson 6: Security 183 . VPNs provide secure connections P between endpoints. L2TP does not provide any encryption on its own and L2TP tunnels appear iti as IP packets. Special VPN protocols are required to provide the VPN tunneling.

These employees have to follow the written remote access policy. you could experience security risks such as malware and hackers. iti • Can help to reduce an organization’s cost by cutting down on overhead. it can become challenging to offer simple and secure remote access. • Keep your antivirus software up to date. VPN. and any remote control application installations. confirmed. They have employees who work from home from time to time. TE How to Manage Remote Access Remote access enables authorized users to access and use systems and services through a or How to Manage Remote CA Access secure Internet connection. • Ensure there is a firewall enabled. The policy dictates that they can only connect to the VPN using a company-issued device such as a laptop. thus increasing pro- ductivity. ru • T Apply the latest security patches. they will be automatically disconnect and will have to log back in. if their connection is inactive after 10 minutes. • Allows your employees to work from remote locations. Disadvantages • Since there are employees working from remote locations and using a variety of personal devices. of Remote Access n Advantage/ Disadvantage Details Advantages • Can be very secure when requests for connections are verified. LESSON 6 Advantages and Disadvantages of Remote Access Advantages and Disadvantages There are advantages and disadvantages of remote access. In addition. In Example: AFR Health System is a large regional healthcare company with a central office and several branches in various locations across the region. LI Guidelines: Some guidelines to follow to ensure your remote access connections are secure ct P include: • DU Initiate a remote access policy. • Set up connections to time out when they aren’t used. Ed • If your operating system has vulnerabilities that are not patched. • Can increase network traffic due to multiple remote connections. NO • Only give remote access to people who really need it. You must ensure that access is secure to protect your organization’s data. st • DO Ensure that proper security controls are in place for a Remote Desktop Client (RDC). and o granted at both ends. 184 CompTIA® Healthcare IT Technician (Exam HIT-001) . Train users on the policy and make sure they understand it. • Log remote access attempts so you can see who is trying to access your network.

Browse to the C:\HCIT\Simulations\Lesson DU 6\Implementing RADIUS for Remote Access folder. Implement RADIUS for remote access. You can run this simulation on any Windows computer. or CA You want to test RADIUS in a lab environment before deploying it in production. and all of the other servers as RADIUS clients. Lesson 6: Security 185 . LESSON 6 RADIUS Remote Authentication Dial-In User Service (RADIUS) is an Internet standard protocol that provides centralized remote access authentication. Close the C:\HCIT\Simulations\Lesson 6\Implementing RADIUS for Remote Access folder. ACTIVITY 6-4 o iti Implementing RADIUS for Remote Access This is a simulated activity that is available on the CD that shipped with this course. LI What You Do How You Do It ct P 1. NO c. The RADIUS clients will pass all authentication requests to the RADIUS server for n verification. The activity simulation can be launched either directly from the CD by clicking the Ed Interactives link and navigating to the appropriate one. and auditing ser- vices. st DO d. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 6\Implementing RADIUS for Remote Access folder and double-clicking the executable (. When a network contains several remote access servers. authorization. User configuration. you can configure one of the servers to be a RADIUS server.Security Warning mes- sage box. Follow the on-screen steps for the simula- tion.exe) file. remote access policies. Scenario: You are an IT technician for a mid-size medical facility with a growing number of remote con- nectivity needs. click Run. Double-click the Implementing RADIUS for T Remote Access executable file. In e. In the Open File . you will install a RADIUS server and reconfigure an RRAS server to use RADIUS authentication. You plan to implement Remote Authentication Dial-In User Service (RADIUS) TE for remote authentication. a. ru b. and you want to use it in tandem with wireless authentication for an added layer of security on a wireless network that is mainly accessed by traveling employees. On a test Routing and Remote Access Server (RRAS) system. and usage logging can be cen- tralized on the RADIUS server.

LESSON 6
ACTIVITY 6-5
Securing a Remote Access Server

n
This is a simulated activity that is available on the CD that shipped with this course. You can run this simulation
on any Windows computer. The activity simulation can be launched either directly from the CD by clicking the
Interactives link and navigating to the appropriate one, or from the installed data file location by opening the
C:\HCIT\Simulations\Lesson 6\Securing a Remote Access Server folder and double-clicking the executable (.exe)

o
file.

Setup:

iti
The Microsoft® Windows Server® 2008 R2 Server computer has a physical local area network
(LAN) adapter and also a virtual Microsoft Loopback Adapter to simulate the presence of an
external connection object. The Microsoft Loopback Adapter has been configured with default
IP settings. The RRAS is configured to use Dynamic Host Configuration Protocol (DHCP) to
distribute IP addresses to remote access clients.

Ed
Scenario:
An important task as a medical facility’s IT technician is to make sure your remote access
servers are secure. In the past, there have been problems with attackers accessing services and
data that they were not supposed to have access to through VPN connections. You will now
provide VPN services through new Windows Server 2008 R2 RRAS servers, which you will

TE
secure before connecting them to the network. The IT department will install the new VPN
RRAS server in the demilitarized zone (DMZ). The DMZ has already been secured. Also, the
or
Active Directory team has already created a remote access security policy to determine who

CA
will have VPN access to RRAS servers in your domain.
You need to configure the VPN server with system-wide security settings that include:
LI
• Permitting only L2TP clients with IPSec encryption to connect.

ct

Blocking PPTP packets from external networks.
P
DU

What You Do How You Do It

1. Secure the Remote Access Server. a. Browse to the C:\HCIT\Simulations\Lesson
ru

6\Securing a Remote Access Server folder.
T
NO

b. Double-click the Securing a Remote Access
Server executable file.
st

c. In the Open File - Security Warning mes-
DO

sage box, click Run.

d. Follow the on-screen steps for the simula-
tion.
In

e. Close the C:\HCIT\Simulations\Lesson
6\Securing a Remote Access Server folder.

186 CompTIA® Healthcare IT Technician (Exam HIT-001)

LESSON 6
ACTIVITY 6-6
Setting Up Remote Access Authentication

n
This is a simulated activity that is available on the CD that shipped with this course. You can run this simulation
on any Windows computer. The activity simulation can be launched either directly from the CD by clicking the
Interactives link and navigating to the appropriate one, or from the installed data file location by opening the
C:\HCIT\Simulations\Lesson 6\Setting Up Remote Access Authentication folder and double-clicking the executable

o
(.exe) file.

Scenario:

iti
As part of your remote access implementation, the senior network administrator in your organi-
zation favors implementing Network Policy Server (NPS) so that the administrators can obtain
detailed authentication information and use a single remote access policy for all RRAS servers.
She also recommends configuring the policy to automatically disconnect users if their connec-
tions are idle for 15 minutes.

Ed
What You Do How You Do It

1. Set up remote access authentication. a. Browse to the C:\HCIT\Simulations\Lesson
6\Setting Up Remote Access Authentica-
tion folder.

TE
b. Double-click the Setting Up Remote
or
Access Authentication executable file.

CA
c. In the Open File - Security Warning mes-
sage box, click Run.
LI
ct
P
d. Follow the on-screen steps for the simula-
tion.
DU

e. Close the C:\HCIT\Simulations\Lesson
6\Setting Up Remote Access Authentica-
ru

tion folder.
T
NO
st
DO
In

Lesson 6: Security 187

LESSON 6
TOPIC D
Manage Wireless Security

n
Wireless network access is extremely common, whether it be used in the work environment, in
homes, or in retail locations such as coffee shops. Securing your data over a wireless connec-
tion is just as vital as securing it in any other form. This topic will cover how to manage
wireless access security so your data stays protected.

o
Wireless technologies enable a more mobile and productive workforce. In any wireless data
environment, there are increased concerns regarding security, and this is particularly prominent
in a medical setting. Familiarity with wireless security ensures you are properly securing your

iti
data over your wireless network.

Wireless Security

Ed
Wireless Security Definition:
Wireless security is any method of securing your wireless LAN network to prevent
unauthorized network access and network data theft. You need to ensure that autho-
rized users can connect to the network without any hindrances. Wireless networks are
more vulnerable to attacks than any other network system. For one thing, most wire-
less devices such as laptops, mobile phones, smartphones, and tablets search and

TE
connect automatically to the access point offering the best signal, which can be coming
from an attacker. Wireless transmissions can also be scanned or sniffed out of the air,
or
with no need to access physical network media. Such attacks can be avoided by using

CA
relevant security protocols.

Example:
LI
ct
P
DU
ru
T
NO
st
DO
In

Figure 6-7: A wireless security design.

Wireless Security Protocols
Wireless Security Protocols
There are several major wireless security protocols.

188 CompTIA® Healthcare IT Technician (Exam HIT-001)

LESSON 6
Security Protocol Description
Wired Equivalent Pri- Provides 64-bit, 128-bit, and 256-bit encryption using the Rivest Cipher 4
vacy (WEP) (RC4) algorithm for wireless communication that uses the 802.11a and 802.11b
protocols. While WEP might sound like a good solution at first, it ironically is
not as secure as it should be. The problem stems from the way WEP produces

n
the keys that are used to encrypt data. Because of a flaw in the method, attack-
ers could easily generate their own keys using a wireless network capture tool,
such as Kismet, to capture and analyze as little as 10 MB of data transferred

o
through the air.
Wireless Transport The security layer of the Wireless Application Protocol that uses public key
Layer Security cryptography for mutual authentication and data encryption. In most cases,

iti
(WTLS) WTLS is meant to provide secure WAP communications, but if it is improperly
configured or implemented, it can expose wireless devices to attacks that
include email forgery and sniffing data that has been sent in plaintext.
802.1x An IEEE standard used to provide a port-based authentication mechanism for
wireless communications using the 802.11a and 802.11b protocols. 802.1x uses

Ed
the Extensible Authentication Protocol (EAP) to provide user authentication
against a directory service.
Wi-Fi Protected The security protocol introduced to address some of the shortcomings in WEP.
Access (WPA/WPA2) WPA was introduced during the development of the 802.11i IEEE standard, and
WPA2 implemented all the mandatory components of the standard. It provides
for dynamic reassignment of keys to prevent the key-attack vulnerabilities of
WEP.

TE
• WPA provides improved data encryption through the Temporal Key Integrity
Protocol (TKIP), which is a security protocol created by the IEEE 802.11i
or
CA
task group to replace WEP. It is combined with the existing WEP encryption
to provide a 128-bit encryption key that fixes the key length issues of WEP.
• In addition to TKIP, WPA2 adds Advanced Encryption Standard (AES)
LI
cipher-based Counter Mode with Cipher Block Chaining Message Authenti-
cation Code Protocol (CCMP) encryption for even greater security and to
ct

replace TKIP. It provides a 128-bit encryption key.
P

• Both standards have been extended to include several types of user authenti-
DU

cation through EAP, which is considered poor in WEP. WEP regulates access
to a wireless network based on a computer’s hardware-specific MAC
address, which is relatively easy to figure out, steal, and use (that is, sniff
ru

and spoof). EAP is built on a more secure public key encryption system to
T

ensure that only authorized network users can access the network.
NO

EAP A framework that allows clients and servers to authenticate with each other
using one of a variety of plug-ins. Because EAP does not specify which authen-
tication method should be used, it enables the choice of a wide range of current
authentication methods, and allows for the implementation of future authentica-
st
DO

tion methods. EAP is often utilized in wireless networks and can also be used
in wired implementations.
Two common EAP implementations include:
• Protected Extensible Authentication Protocol (PEAP), which is an open stan-
dard developed by a coalition made up of Cisco Systems, Microsoft, and
In

RSA Security.
• Lightweight Extensible Authentication Protocol (LEAP), which is Cisco Sys-
tems’ proprietary EAP implementation.

Lesson 6: Security 189

LESSON 6
Wireless Threats and Vulnerabilities
Wireless Threats and
Wireless networks have an increasing number of specific vulnerabilities.
Vulnerabilities

Wireless Threat and

n
Vulnerability Description
Rogue access point This is an unauthorized wireless access point on a corporate or private net-
work. Rogue access points can cause considerable damage to an

o
organization’s data. They are not detected easily, and can allow private net-
work access to many unauthorized users with the proper devices. A rogue
access point can allow man-in-the-middle attacks and access to private infor-
mation. Organizations should protect themselves from this type of attack by

iti
implementing techniques to constantly monitor the system, such as installing
an IDS.
Evil twins These are rogue access points on a network that appear to be legitimate.
Although they can be installed both in corporate or private networks, typi-
cally they are found in public Wi-Fi hotspots where users do not connect

Ed
transparently and automatically as they do in a corporate network, but rather
select available networks from a list. Evil twins can be more dangerous than
other rogue access points because the user thinks that the wireless signal is
genuine, making it difficult to differentiate from a valid access point with the
same name.
Interference In wireless networking, this is the phenomenon by which radio waves inter-

TE
fere with the 802.11 wireless signals. It usually occurs at home because of
various electronic devices, such as microwaves, operating in a bandwidth
or
close to that of the wireless network. When this occurs, it causes the 802.11

CA
signals to wait before transmitting and the wait can be indefinite at times.
Bluejacking This is a method used by attackers to send out unwanted Bluetooth signals
from mobile phones, smartphones, tablets, and laptops to other Bluetooth-
LI
enabled devices. Because Bluetooth has a 30-foot transmission limit, this is
a very close-range attack. With the advanced technology available today,
ct
P
attackers can send out unsolicited messages along with images and video.
These types of signals can lead to many different types of threats. They can
DU

lead to device malfunctions, or even propagate viruses, including Trojan
horses. Users should reject anonymous contacts, and should configure their
mobile devices to non-discoverable mode.
ru

Bluesnarfing This is a method in which attackers gain access to unauthorized information
T

on a wireless device using a Bluetooth connection within the 30-foot
NO

Bluetooth transmission limit. Unlike bluejacking, access to wireless devices
such as mobile phones, smartphones, tablets, and laptops by bluesnarfing can
lead to the exploitation of private information including email messages,
contact information, calendar entries, images, videos, and any data stored on
st
DO

the device.
War driving War driving is the act of searching for instances of wireless networks using
wireless tracking devices such as mobile phones, smartphones, tablets, or
laptops. It locates wireless access points while traveling, which can be
In

exploited to obtain unauthorized Internet access and potentially steal data.
This process can be automated using a GPS device and war driving soft-
ware.
War chalking War chalking is the act of using symbols to mark off a sidewalk or wall to
indicate that there is an open wireless network which may be offering
Internet access.

190 CompTIA® Healthcare IT Technician (Exam HIT-001)

In Lesson 6: Security 191 . TE • Secure/disable the reset switch/function. T NO Network • Assign static IP addresses to devices. This gives the attacker access to view the encrypted data that is supposed to be hidden from everyone else except the authentic user or network. it also helps organizations o monitor their own networks against attackers. • Change default administrator passwords (and user names). LESSON 6 Wireless Threat and Vulnerability Description IV attack In this attack. • Perform periodic rogue WAP scans. ru • Avoid using pre-shared keys (PSK). • Change the default encryption keys. which allow the attacker to analyze the data contained in a packet. or • Change the default channel. DU Encryption • Enable WPA2 encryption instead of WEP. iti Wireless Security Best Practices There are several best practices to follow to ensure your wireless network is secure. LI you can control which wireless clients may join your network. • Apply MAC address filtering. • Change the default Simple Network Management Protocol (SNMP) parameter. • Perform periodic security assessments. DO • Use a VPN. • Use the Remote Authentication Dial-In User Service Plus (RADIUS+) net- st work directory authentication where feasible. In its benign form. • Disable remote administration. • Use MAC filtering for access control. ct P SSID • Don’t broadcast your Service Set Identifier (SSID). • Change the default SSID naming broadcast. CA • Regularly upgrade the Wi-Fi router firmware to ensure you have the latest security patches and critical fixes. the attacker is able to predict or control the initialization vec- tor (IV) of an encryption process. n Packet sniffıng This can be used as an attack on wireless networks where an attacker cap- tures data and registers data flows. By configuring a WAP to filter MAC addresses. Best Practices for Wireless Networks Ed Practice Information Configuration • Secure your wireless router or access point administration interface.

The radio frequency range of each figuration access point should not extend beyond the physical boundaries of the organi- zation’s facilities. ru — Set Bluetooth connections to hidden. Ed How to Manage Wireless Security How to Manage Wireless When you secure wireless traffic. • Do not auto-connect to open Wi-Fi networks. that you are not willing to lose if the device is lost or stolen. iti HIPAA concerns The matter of security has always been a concern with wireless standards. With the inception of Health Insurance Portability and Accountability Act (HIPAA). • Implement your hardware and software manufacturers’ security recommendations. while providing o the right level of power to operate the network. you must prevent unauthorized network access and the theft TE Security of network data while ensuring that authorized users can connect to the network. such as MAC address filtering or user authentication. Guidelines: or CA Some steps you might take to manage wireless security include: • Keep sensitive data private. and power level con- • Position the router or access point safely. ct P • Update the software on wireless devices and routers to provide additional func- tionality as well as to close security holes in wireless devices such as: DU — To prevent bluejacking and bluesnarfing attacks. Guest network set. Your wireless environment should meet or exceed the standards set by the HIPAA Advisory Committee and the Wi-Fi Alliance. T • Implement a security protocol. n • Adjust the power level controls on routers and access points as needed to help minimize power consumption within the wireless network. tings • Enable firewalls on each computer and the router. Do not include any data on a wireless device. 192 CompTIA® Healthcare IT Technician (Exam HIT-001) . • Test the functionality of systems after hardening them to make sure that required In services and resources are accessible to legitimate users. such as a smartphone. It can be difficult to manage the power of wireless to reduce the power used. LI • Install antivirus software if it is available for your wireless devices. against a directory service to prevent authentica- tion attacks such as war driving. wireless security becomes even more crucial.LESSON 6 Practice Information Antennae placement • Reduce your wireless LAN transmitter power. • Document your changes. disable the discovery setting on Bluetooth connections. st DO • To protect against a rogue access point and other wireless attacks. NO • Implement appropriate authentication and access control. implement an IDS on the wireless network for monitoring network activity.

and it is your responsibility to set up Windows laptop and desktop computers with wireless cards so that users can communicate with each other without having LI to run any cables. All wireless devices have antivirus software installed. and all software patches are kept up to date. or Scenario: CA You have been assigned the task of tightening security for your medical facility. n Wireless routers are also patched with the latest firmware updates. o ACTIVITY 6-7 iti Securing Wireless Traffic This is a simulated activity that is available on the CD that shipped with this course. you need to configure the router’s security features.11i security protocol for data encryption. You can run this simulation Ed on any Windows computer. LESSON 6 Example: AFR Health System has many healthcare professionals who use wireless laptops to work in different locations within the main office or in branch offices. model TE WRT54G2. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 6\Securing Wireless Traffic folder and double-clicking the executable (. DU ru T NO st DO In Lesson 6: Security 193 . They also use mobile devices to check email and web-based patient information from any location. All authentication is per- formed through EAP against the Active Directory accounts database. AFR Health System employs the 802. Many of the clinicians are mobile users. The practice manager is concerned that attackers may steal patient informa- ct tion by accessing the router. You have successfully tested Internet access through the router on P a desktop computer. Setup: This is a simulated activity using a Cisco Linksys Wireless-G broadband router. The activity simulation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one. Now.exe) file.

This topic addresses planning for disaster and how to recover from one. DU Accidents and hardware failures do occur. 6\Securing Wireless Traffic folder. and how the organization will recover from the disaster. click Run.LESSON 6 What You Do How You Do It 1. an inventory of hardware and software. regardless of the implications for physical and information security. the safety of personnel is the first concern. TOPIC E Ed TE Perform Backups and Disaster or CA Recovery LI Now that you’ve learned how to secure your network. o d. hardware. Follow the on-screen steps for the simula- tion. In the Open File . Configure the wireless security on a. Close the C:\HCIT\Simulations\Lesson 6\Securing Wireless Traffic folder. iti e. and people. In 194 CompTIA® Healthcare IT Technician (Exam HIT-001) . This topic will prepare you to deal with these inci- dents by presenting best practices for backup and recovering from an incident. The DRP can include a list of indi- viduals responsible for recovery. Browse to the C:\HCIT\Simulations\Lesson your wireless router. c. Double-click the Securing Wireless Traffic n executable file. In st DO any disaster situation. b. and a series of steps to take to respond to the disaster and rebuild affected systems. you need to make sure you have systems in place to recover if there is ever a disaster such as an accident or sys- ct P tem failure.Security Warning mes- sage box. ru DRP T NO DRP Definition: A disaster recovery plan (DRP) is a policy that defines how people and resources will be protected in a disaster.

also referred to as the archive bit. whether or the loss was caused by a corruption or accidental deletion. A differen- In backup tial backup does not clear the archive bit. Daily backup All selected files that have been changed on a daily basis. are backed up. The archive flag. Backups for Disaster Recovery LI Backups should be a main component of your DRP but should not be the only compo- ct nent. LESSON 6 Example: o n iti Ed Figure 6-8: A DRP. P DU Backup Types There are several backup types available to protect your data. regardless of the state of the archived bit. Backup Types ru T NO Backup Type Description Full backup All selected files. A full backup then DO clears the archive flag. When differential backups are used. you must restore the last full backup plus the most recent differential backup. There are two specific purposes Backup Uses for using a backup. The main purpose is to perform a recovery if data has been lost. A second purpose for a backup is to CA restore data from an earlier state. Backup Uses TE Backups are a key component to any disaster recovery plan. Differential All selected files that have changed since the last full backup are backed up. Restoring data from backup may not reconstitute a full computer system. is a file property that essentially indicates st whether the file has been modified since it was last backed up. The daily backup does not clear the archive flag. Lesson 6: Security 195 .

Cloud-based back. rather than magnetically. which means that the disk is built into the drive and the drive remains in the computer unless you are performing an upgrade or a repair. In optical storage. Data on the tape must be read sequentially. and secure digital (SD) memory cards. Hard disk A hard disk drive (HDD) is a personal computer storage device that uses fixed media.LESSON 6 Backup Type Description Incremental All selected files that have changed since the last full or differential backup are backed backup up.25-inch form factor. Common types of solid state storage include the USB devices commonly known as jump drives or thumb drives.25- Ed inch form factor. data is LI written by either pressing or burning with a laser to create pits (recessed areas) or lands (raised areas) in the reflective surface of the disc. An incremental backup typically takes less time to perform than a differential backup because it includes less data. you must restore the last full backup plus all subsequent incremental backups. but some are external. iti Storage Type Information Tape drive A tape drive is a personal computer storage device that stores data magnetically on a tape that is enclosed in a removable tape cartridge. A laser in the optical drive ct P then reads the data off the disc. n Backup Storage o Backup Storage The data that you back up must need to be stored on appropriate media. The TE hard disk itself consists of several metal or hard plastic platters with a magnetic surface coating. In 196 CompTIA® Healthcare IT Technician (Exam HIT-001) . The size of external tape drives varies.You can subscribe to a vendor-supplied cloud-based backup service that takes con- st ups tinual snapshots of the changed data. or CA Optical storage An optical disk is a personal computer storage device such as a CD or DVD that stores data optically. The removable plastic disks have a reflective coating and require an optical drive to be read. Solid state storage uses non- T volatile memory to emulate mechanical storage devices. Hard drives connect directly to the system board via at least one cable for data and one for power. Data is stored magnetically and can be accessed directly. Most hard drives are internal. and they generally have a 5. It clears the archive bit. Tape drives are most commonly used to store backup copies of data. DU Solid state storage Solid state storage is a personal computer storage device that stores data in special types of memory instead of on disks or tape. Optical drives can be internal or external. but solid state storage is NO much faster and more reliable than mechanical storage because there are no moving parts. flash ru memory cards. but internal drives have a 5. When incremental backups are used. The snapshots stream to the cloud to create DO redundant online backups.

keep the following guidelines in mind: LI • If your organization has not tested the BCP recently. iti Secure Backup Transfer Methods When backing up files and patient records stored within an EMR or EHR system. CA Guidelines: To plan for disaster recovery. st • Review any service-level agreements (SLAs) that are in place so that you have an DO idea of what constitutes acceptable downtime. The onsite storage location is for the most recent set of backups. Websites such as www. • The use of strong passwords to access files once they are backed up. Many organizations employ both onsite and offsite backup storage. Do the same in the event that the city or regional power is down. The offsite location is a secure. you must properly assess your organization’s current state of How to Plan for Disaster readiness. How to Plan for Disaster Recovery TE To plan for disaster recovery. but must remain accessible in case the data is needed. In • Identify and document all single points of failure. power supplies. and that the devices are secure enough to conduct business with.disasterrecoveryworld. so that they can be accessed quickly if a data restoration is needed during normal operations. Lesson 6: Security 197 . there are a Secure Backup Transfer number of methods that can be used to ensure that this process is completed securely: Methods • The use of SSL encryption during data transfer. LESSON 6 Backup Storage Options The magnetic tapes or other physical media used to create data backups must be stored securely. • Make sure that the company’s redundant storage is secure. research any available tem- DU plates that might help guide you. so it does not break should the company lose power after hours. Recovery or egy. P • If you are creating or improving the BCP and/or DRP. Conduct several ct offline scenarios that only utilize backup resources.disasterrecoveryforum. and you must know when and how to improve any limitations of the current strat. Another option is to use a secure bonded courier service to extract backup data. and your ISP. Ed • The use of encryption during authentication. ru T • Ensure that there are redundancy measures in place for servers. as well as any up-to-date redun- dancy measures.com are good places to begin. disaster-resistant n storage facility where the organization keeps either a duplicate or an older backup set to protect it against any damage caused by disaster conditions at the primary site. o and disks from your medical facility and transport it to the designated backup location for storage.com or www. do so. NO • Verify that the company has access to spare hardware and peripherals for emer- gency use. • Create a line of communication that does not make use of company resources. media.

all managers are moved to an offsite location. DO • Determine what files will be backed up. the IT department does regularly test the viability of all hospital loca- tions backup servers for the intranet. which does not always provide ample warning. configure the backup schedule settings. • If necessary. temporary network devices. as well as an assessment of the landscape of security in iti the general healthcare business. 198 CompTIA® Healthcare IT Technician (Exam HIT-001) . After conducting these tests. unannounced. ct P How to Perform Backups DU Procedure Reference: Perform Backups ru To perform backups and plan for disaster recovery: T 1. the IT department members determine how many backup resources they need to maintain uptime. Every 12 to 18 months. They begin with an analytical look at both the BCP and the DRP as they currently exist. Open the Backup and Restore utility on your system. You might want to schedule a “fire drill. and then they modify them as necessary. how many spare peripherals they need to save in case of an emergency. NO 2. This helps to simulate a disaster or emergency. • Perform a backup inventory as needed to verify that the backup data is secure and valid. and how CA quickly they can use spare hardware and peripherals to function as secure.” where one day. While it is not always financially feasible for the organization to have an unannounced offsite fire drill. Consistent and systematic planning saves time and money in the long run should something unforeseeable happen to a healthcare organization’s network LI resources. • Employees must receive training to understand the importance of the DRP. and those servers that actually host the EMR. and determine how often In you want to back up system files. and how many options they have should their ISP lose service for an extended period of time. • Select the drives and folders you want to back up. Set your backup settings: • Determine where to back up files are stored and what storage media will be st used. n Example: You work for a very large healthcare organization that supports a number of different hospitals and practices. Those employees are or then tested on how quickly they can get the backup networks operational. the IT department you work with o revisits the preparedness of the organization to withstand a disaster. this only comes after a careful assessment of the organiza- tion’s recent security history.LESSON 6 • Be sure that your DRP includes provisions for regular tests of the plan. The IT department also revisits the emergency contact information for all those TE employees identified in the BCP and DRP who will have a hand in disaster recovery and those that need to report to the hospital or practice locations. the secure servers that contain patient billing and Ed financial information.

Security Warning mes- DO sage box. Lesson 6: Security 199 . C. You need to choose a different partition. TE Scenario: or You have stored project-related documents on your computer. Close the C:\HCIT\Simulations\Lesson 6 folder. 6 folder. The animation can be launched either directly from the CD by clicking the Interactives link and navigating to the appropriate one. You update the reports and docu- CA ments after every status meeting. You also want to ensure that you back up only the modified files and not all the files. You can neither remove it from the backup nor choose it as the backup location. click Run. Browse to the C:\HCIT\Simulations\Lesson ru folders. If you want to back up the files stored on the D drive. suppose that you have three disks. you have created new files and also modified some of the existing files. and E. and you have Windows 7 installed on the C drive. D. the partition where you have installed Windows 7 will always be included in the backup. n For example. Also. By default. you must choose the E drive as the backup location. After your initial backup. or a network location. ct P DU What You Do How You Do It 1. So. T NO b. Since Windows 7 is installed on your o C drive. d. You can run this ani- mation on any Windows computer. Follow the on-screen steps for the simula- tion. you cannot choose the same partition as the backup location. You need to save a copy of these documents every week to prevent the files from being corrupted or accidentally deleted. you want to make a LI backup of these files immediately. or from the installed data file location by opening the C:\HCIT\Simulations\Lesson 6\Creating a Backup Copy of Files and Folders folder and double-clicking the execut- able (. you cannot choose the D drive as your backup location since you want to back up the files on that disk. Double-click the Creating a Backup Copy of Files and Folders executable file. LESSON 6 Supported Backup Locations If you want to back up your files on a particular partition. you cannot choose that disk as your backup location. st c. a local stor- age device. In e. In the Open File . iti ACTIVITY 6-8 Creating a Backup Copy of Files and Folders Ed This is a demonstration animation that is available on the CD that shipped with this course. Create a backup copy of files and a.exe) file.

Ed ✓ b) Contact information for key individuals. ✓ c) An inventory of important hardware and software. you can even perform a cutover. but should contain some reference to the cost of being unprepared. what do you do to make sure it DO works smoothly? Answers may vary. the company has decided that it has outgrown its o original security policies. With a growing roster of employees. You have been asked to create the company’s first DRP. In 200 CompTIA® Healthcare IT Technician (Exam HIT-001) . What You Do How You Do It iti 1. but you can perform a walkthrough or parallel testing. river flooding.LESSON 6 ACTIVITY 6-9 Creating a DRP n Scenario: You are a security professional at Ristell Health Center. You can also mention the legal ramifications or liability expo- sure of being unprepared for a disaster situation. it seems he is leery of ct P so much paid time being used in an unproductive way. Assume that a high-level manager has expressed some dissatisfaction with the notion of a “fire drill” to test the clinic’s preparedness for a disaster. and so on. LI 3. st 4. and he wonders if you cannot just write a detailed plan instead. Also make sure there is a sys- tem in place to review the plan annually and make any maintenance-level changes. heavy snowfall. but you some locales might particularly be concerned with natural CA disasters such as hurricanes. What are some unique geographical or weather-related TE conditions you might need to account for. ice storms. a larger network infrastructure. 2. ✓ d) Plans to reconstruct the network. If a company were to never test their DRP or BCP. but that might not be a consideration for other companies? or Answers will vary. Once you have the DRP and other components in place. and when you are sure it all works well. and more remote network access by traveling employees.” but such a drill could ensure that business is actually able to continue if NO disaster struck the clinic. a small but rapidly growing health clinic. Which are common components that should be in a medical facility’s DRP? (Select all that apply) a) A list of employees’ personal items. then how does one really know if they ru will work? A company might be spending a lot of money on non-billable projects during a T “fire drill. What are some things you can mention to help per- DU suade him that such an unannounced drill is necessary? Answers will vary. tornados. Assume that Ristell Health Center is located in a climate and location identical to the company you work for now.

New concepts could include various encryption methods. and which were new? Answers will vary. but familiar concepts could include policy documents and strong pass- o words. n 1. Ed TE or CA LI ct P DU ru T NO st DO In Lesson 6: Security 201 . LESSON 6 Lesson 6 Follow-up In this lesson you learned how to integrate security best practices into your daily healthcare IT workflow. but security is a continuous process that always needs to adapt to new threats and concerns. 2. You now have a strong understanding of potential risks and how to mitigate them. Which of the basic security concepts in this lesson were familiar to you. you can successfully secure your IT environment and demon- strate the value of IT security to others within your department and organization. Consider your current security measures that are in place. With this knowledge in hand. Are there any areas that are at risk? What can you do to improve upon them? iti Answers will vary.

you may need to pursue specialized training from a software or hardware vendor. With this general background understanding of the healthcare IT environment as well as your own IT support skills. you identified essential healthcare and IT concepts and terminology and took various steps to integrate the two realms of practice within the healthcare IT technician job role. you should be well-positioned to pursue both certification and n potential employment within the healthcare IT industry. or Server+. Depending on the healthcare environment in which you work. What’s Next? o After completing this course and taking time for additional review of courseware materials.FOLLOW-UP Follow-up In this course. Security+. you may choose to pursue the CompTIA® Healthcare IT certificate examination. Network+. as well as job iti opportunities in the healthcare field. Ed TE or CA LI ct P DU ru T NO st DO In 202 CompTIA® Healthcare IT Technician (Exam HIT-001) . such as CompTIA A+. You may also want to pursue training to prepare for CompTIA certifications you may not currently hold.

DU • HHS Lesson 1. Topic C ru • CMS Lesson 1. Topic C In • Eligible provider Lesson 1. Topic C st DO • ARRA Lesson 1. and regulations. Topics A and D • Medicare Lesson 1.0 Regulatory Requirements ct P 1. Topic C • HITECH Lesson 1. Topic C • NIST Lesson 1. Topics A and C • ONC Lesson 1. APPENDIX A APPENDIX A o n Mapping Course Content to the iti ® CompTIA Healthcare IT Technician (Exam HIT-001) Ed Objectives TE The following tables can assist you in your preparation for the CompTIA® Healthcare IT Tech- nician exam by mapping the content of the course to the exam objectives. or CA CompTIA Healthcare IT Technician (Exam HIT- LI Exam Objective 001) Lesson and Topic Reference Domain 1. laws. Topic C T NO • HIPAA Lesson 1. Topic C • Meaningful use Lesson 1. Topic C • Medicaid Lesson 1.1 Identify standard agencies. Topic C Appendix A: Mapping Course Content to the CompTIA® Healthcare IT Technician (Exam HIT-001) 203 Objectives .

Topic A DU — Legal health records Lesson 1. Lesson 3. • Waivers of liability Lesson 3. Topic A n • Covered Entity Lesson 1. Topic C — Time of storage Lesson 3. Topic C ru T NO CompTIA Healthcare IT Technician Lesson and Exam Objective Topic Reference st DO 1. Topic C • Business Associate Agreements (BAA) Lesson 3. Topic D CompTIA Healthcare IT Technician Lesson and TE Exam Objective Topic Reference 1.4 Explain and interpret legal best practices. Topic D Lesson 2. and documentation. disposal. Topic A ct P — Private records Lesson 1. Topics A and C • Security Lesson 1. Topic C Ed • Access permissions Lesson 1. or CA • Documentation requirements Lesson 3.2 Explain and classify HIPAA controls and compliance issues. Topic D — Requirements Lesson 1. • PHI Lesson 1. Topic A • Methods of record disposal Lesson 3. requirements. Topic D — Violations Lesson 1. and archiving. Topic C MOU) 204 CompTIA® Healthcare IT Technician (Exam HIT-001) .3 Summarize regulatory rules of record retention. Topic C In • Third-party vendor review and agreements (SLA. Topics C and D o • HIPAA Security Lesson 1. Topic A LI — Public records Lesson 1. Topic C • Types of records Lesson 1.APPENDIX A CompTIA Healthcare IT Technician Lesson and Exam Objective Topic Reference 1. Topic D iti — Fines Lesson 1. Topic D • Release of information Lesson 1.

Topic A P — NUC Lesson 3. Topic A — PCT Lesson 3. Topic C • Privacy screens Lesson 3. Topic A TE — RN Lesson 3. Topic A NO — Staff Lesson 3. Topic A DO — Security administrator — Network administrator Lesson 3. Topic A — MD Lesson 3. Topic C iti • Time lockout Lesson 3. Topic A • Business Associate Access and Contractor Access Lesson 3. Topic A or CA — DA Lesson 3. Topic A Lesson 3. Topic C o • Printer placement Lesson 3. Topic A Lesson 6. Topic A st Lesson 3. Topic C Ed CompTIA Healthcare IT Technician Lesson Exam Objective and Topic Reference 2. Topic A • Access limitations based on role and exceptions Lesson 3. • Medical roles Lesson 3. Topic A ct Lesson 3. Topic A — System administrator Lesson 3.2 Identify EHR/EMR access roles and responsibilities. Topic A • Technical roles Lesson 3. Topic A In — Desktop support — Database administrator Lesson 3. Topic A — PA Lesson 3. Topic A Appendix A: Mapping Course Content to the CompTIA® Healthcare IT Technician (Exam HIT-001) 205 Objectives . Topic A ru — PM T — Office Mgr.0 Organizational Behavior 2. APPENDIX A CompTIA Healthcare IT Technician Lesson Exam Objective and Topic Reference Domain 2.1 Use best practices for handling PHI in the workplace. n • PC placement Lesson 3. Topic C • Screensavers Lesson 3. Lesson 3. Topic A Lesson 3. Topic A LI — MA Lesson 3. Topic A DU — UA — LPN Lesson 3.

APPENDIX A CompTIA Healthcare IT Technician Lesson Exam Objective and Topic Reference 2. Topic B • Phone Lesson 3. Topic B or CA LI CompTIA Healthcare IT Technician Lesson Exam Objective and Topic Reference ct P 2. — Emergency access (break the glass) Lesson 3. Topic B • Secure FTP Lesson 3. Topic A — Hospital Lesson 2. Topic A — Home healthcare Lesson 2. secure chat Lesson 3. Topic A — Surgical centers Lesson 2. Topic B TE • VoIP Lesson 3. Topic B • EMR system Lesson 3. Topic B • Fax Lesson 3.4 Identify organizational structures and different methods of operation. Topic A • Methods Lesson 2. • Email Lesson 3. Topic A T — Nursing homes Lesson 2.3 Apply proper communication methods in the workplace. Topic A o CompTIA Healthcare IT Technician Lesson iti Exam Objective and Topic Reference 2. Topic A ru — Private practice Lesson 2. Topic A — Formality of procedures Lesson 2. Topic A In — Differences in scope of work Lesson 2. Topic A NO — Assisted living facilities Lesson 2. Topic B Ed • IM vs. DU • Organizational Structures Lesson 2. Topic A Lesson 3.2 Identify EHR/EMR access roles and responsibilities. Topic A — Availability of resources Lesson 2. Topic A st DO — Hospice Lesson 2. Topic A n • Access based on sensitive patient data — Sensitivity labels and clearance Lesson 3. Topic A 206 CompTIA® Healthcare IT Technician (Exam HIT-001) .

Lesson 3. Topic B iti — Examination room Lesson 3. Topic B — Float room Lesson 3. Topic E cautionary guidelines • Conform to requirements set forth by project Lesson 3. Topic B — Procedural room Lesson 3. Topic B TE manager or CA CompTIA Healthcare IT Technician Lesson LI Exam Objective and Topic Reference Domain 3. Topic B Ed • Adapt social behavior based on sensitivity of the Lesson 3. Topic B situations and environments o • Imaging room Lesson 3.5 Given a scenario. Topic B st DO — RDP Lesson 4. execute daily activities while following a code of conduct. Topic B — TCP/IP Lesson 4. Topic B n • Adapt procedural behavior according to different Lesson 3. Topics B and C Lesson 5. Topic B — Printer server Lesson 4. Topic B ru Lesson 4. Topic B T — DNS NO — DHCP Lesson 4. Topic B — Emergency room Lesson 3. Topic B • Industry terms Lesson 4. DU • Protocol terms Lesson 4.follow medical pre. APPENDIX A CompTIA Healthcare IT Technician Lesson Exam Objective and Topic Reference 2.11x) Lesson 4.0 IT Operations ct P 3. Topic B — Wireless (802. • Communicate in a professional fashion Lesson 3.1 Identify commonly used IT terms and technologies. Topic B In — Domain controller Lesson 4. Topic D Appendix A: Mapping Course Content to the CompTIA® Healthcare IT Technician (Exam HIT-001) 207 Objectives . Topic B — Switch Lesson 4. Topic B — Recovery room Lesson 3. Topic B environment • Use proper sanitation steps . Topic B — FTP Lesson 4. Topic B • Devices Lesson 4.

Topic C — SQL Lesson 4.2 Demonstrate the ability to set up a basic PC workstation within an EHR/EMR environment. — ASP Lesson 5. Topic C LI ct P CompTIA Healthcare IT Technician Lesson DU Exam Objective and Topic Reference 3. configuration and maintenance Lesson 5. Topic C — Terminal services Lesson 4. Topic C TE — Flash Lesson 4. Topic B — Cloud Computing Lesson 4.0 IT Operations 3. Topic B — Printer Lesson 5. Topic C or Lesson 4. Topic B • Languages Lesson 4. • Malfunctioning hardware Lesson 5. Topic B 208 CompTIA® Healthcare IT Technician (Exam HIT-001) . Topic C Ed — Fiber Lesson 4.APPENDIX A CompTIA Healthcare IT Technician Lesson Exam Objective and Topic Reference Domain 3. Topic C CA — PHP — ASP Lesson 4. Lesson 4.1 Identify commonly used IT terms and technologies. mouse. troubleshoot and solve common PC problems. Topic A monitor and applications st DO CompTIA Healthcare IT Technician Lesson Exam Objective and Topic Reference In 3. ru • Basic installation. Topic C — APIs Lesson 4. Topic C — Client-server model Lesson 5. Topic C iti — Virtualization Lesson 4. Topic C — HTML Lesson 4. Topic A T procedures NO • Basics of operating systems. Topic D o — Mainframe Lesson 4. Topic C — XML Lesson 4. Topic D n — ISP Lesson 4. keyboard.3 Given a scenario. Topic B — Mouse Lesson 5.

Topic D In — Tapes Lesson 4. Topic D st DO — External hard drives Lesson 4. Topic D — CDs Lesson 4. Topic D ct P — USB Lesson 4. Topic D — Flash drives Lesson 4. Topic D — Barcode scanner Lesson 4.3 Given a scenario. — Power Lesson 5. Topic A Lesson 6. Topic D — SD cards Lesson 4. Topic B • Software patches/hotfixes/updates Lesson 5. Topic D Appendix A: Mapping Course Content to the CompTIA® Healthcare IT Technician (Exam HIT-001) 209 Objectives . • Imaging devices Lesson 4. Topic B iti CompTIA Healthcare IT Technician Lesson Ed Exam Objective and Topic Reference 3. Topic B o • Documentation Lesson 3. Topic D NO — Bluetooth Lesson 4. Topic D • Mobile storage devices Lesson 4. Topic D — Signature pads LI • Physical interfaces Lesson 4. Topic B Lesson 5. troubleshoot and solve common PC problems. Topic C Lesson 4. APPENDIX A CompTIA Healthcare IT Technician Lesson Exam Objective and Topic Reference 3. Topic D TE — Document scanner — Card/badge scanner Lesson 4. Topic D Lesson 4. Topic D ru T — Serial Lesson 4. Topic D • Mobile devices Lesson 4. Topic D DU — IEEE 1394 Lesson 4. Topic D — DVDs Lesson 4. Topic D — SCSI Lesson 4. Topic D Lesson 4. Topic D — Camera Lesson 4. Topic D or CA — Fax printer Lesson 4.4 Install and configure hardware drivers and devices. Topic B n — Monitor — Cables Lesson 5.

Topic D T — Guest network Lesson 4. Topic D ru — SSID Lesson 4. Topic B • Internet modem Lesson 4. Topic B • Command line prompts Lesson 4. Topic D st Lesson 4. Topic D NO — Access point placement Lesson 4. Topics B and D Lesson 6. Topic B TE or Exam Objective CA CompTIA Healthcare IT Technician Lesson and Topic Reference LI 3.APPENDIX A CompTIA Healthcare IT Technician Lesson Exam Objective and Topic Reference 3. Topic D • Router Lesson 3. Topic D n — Smart phones — Portable media players Lesson 4. Topic B — ipconfig Lesson 4. Topic D — Port forwarding Lesson 4. • DHCP vs. Topic D Lesson 6. Topic B DO — DHCP Lesson 3. Topic B In 210 CompTIA® Healthcare IT Technician (Exam HIT-001) . infrastructure Lesson 4. ct P • Wireless access point Lesson 4. Topic B Ed • Adhoc vs. Topic D DU — Security settings Lesson 4. Topic B — tracert Lesson 4.4 Install and configure hardware drivers and devices. Topic B — ping Lesson 4. static IP Lesson 4.5 Compare and contrast basic client networks and tools.6 Set up basic network devices and apply basic configuration settings. Topic D o CompTIA Healthcare IT Technician Lesson iti Exam Objective and Topic Reference 3. Topic D Lesson 4. — Tablet PCs Lesson 4.

Topic E LI