Professional Documents
Culture Documents
Relevant general privacy terms applicable to healthcare, role of and requirement for the healthcare
privacy officers and Requirements for notifying affected individuals.
i. Confidentiality
• Confidentiality is about ensuring the privacy of PHI.
• According to the CIA every organizations must have the physical, technical, and administrative safeguards in place.
• Physical: Through people or devices.
• Technical: network and data security
• Administrative: internal policies and procedures and proper employee training
• These safeguards ensure that PHI is not made available or disclosed to unauthorized individuals.
• Confidentiality is a function of compliance with HIPAA administrative safeguards.
ii. Integrity
• How PHI is handled to ensure that it is not altered or destroyed in an unauthorized manner.
• Data should be closely monitored with systems to detect any improper or unauthorized changes in PHI.
• Maintaining the integrity of PHI, will give your patients and clients a higher quality of care and protect.
iii. Availability
• Availability is about keeping systems and hardware that store and access PHI functioning properly.
• Keeping all systems up-to-date and protected against threats such as ransomware and threaten access.
• Keeping data backed-up and encrypted.
• Availability is a function of HIPAA technical and physical safeguards.
iii. Accountability
• Accountability is responsibility and the capability of proving proper data use.
• Mechanism for tracing or tracking actions to information security.
• Access logging by a computer system helps trace and track users of a system.
• Auditing information disclosure reports allows us to view and remediate any disclosures that may have been
unauthorized.
2. Security definitions
• Access Control: viewing, storing, copying, modifying, transferring, and deleting information.
• Access Control Models: Mandatory Access Control, Discretionary Access Control, Role-Based Access Control.
• Training and Awareness: Training and awareness can help prevent the breaches caused by employee mistakes.
• Logging and Monitoring: a log is a record for store and collect events, network, applications, and end user devices.
• Least Privilege: permissions, rights, and privileges necessary to perform your assigned duties.
• System Recovery: A process for bringing the systems back after a power outage or malware attack.