Health Information Systems Security

Questions and Answers

What does integrity in Health Information Systems (HIS) refer to?

• Data being accessible to all users at any time.
• Data being controlled by non-authorized users.
• Data being regularly deleted for security.
• Data being dependable and accurate. (correct)

Which factor does NOT contribute to the availability of Health Information Systems?

• Regularly updating software.
• Speedy internet connection.
• Delaying disaster recovery plans. (correct)
• Proper maintenance of hardware.

What is the primary goal of security in Health Information Systems?

• To reduce the cost of information services.
• To prevent any type of information from being accessed.
• To protect sensitive information while ensuring its availability. (correct)
• To promote data sharing among all users.

What motivates attackers in a security threat context?

To disrupt normal operations or steal information. (C)

What must system administrators understand to protect assets in HIS?

Various aspects of security. (C)

What is the primary goal of malicious attacks in information security?

To penetrate and copy sensitive information (A)

Which of the following is an example of a non-malicious threat?

An employee using Notepad to edit a Word document (A)

What type of error could lead to significant information security issues?

An unintentional data entry error (B)

Which of the following best describes a malicious attack's intention?

To gain personal satisfaction or a reward (A)

In which phase of the system life cycle can errors that contribute to security problems occur?

In all phases of the system life cycle (A)

What does information security aim to protect within Health Information Systems?

Information from unauthorized access (C)

Which of the following is a responsibility of healthcare workers regarding patient confidentiality?

Access only necessary patient information (D)

What is the primary principle that helps ensure the confidentiality of information in HIS?

The CIA triad (A)

What may be a consequence of a lack of trust in Health Information Systems?

Reputational and financial harm (C)

Which type of attack is characterized as non-malicious?

Accidental data breaches (B)

What is one possible risk of security breaches in Health Information Systems?

Vulnerability of patient information (A)

Which statement best describes the concept of patient right not-to-know?

Patients can choose to remain uninformed about certain health information (A)

Which of the following represents a benefit of using Electronic Health Records (EHR)?

EHRs enhance continuity of patient care (A)

What is a major natural disaster threat to computer systems?

Earthquakes (C)

Which group is identified as a significant source of malicious threats?

Disgruntled or malicious employees (C)

What is considered a primary threat to data integrity?

Authorized users making errors (C)

Which type of natural disaster is specifically mentioned as causing loss of productivity?

Floods (B)

What is a recommended approach to mitigate natural disaster threats?

Developing disaster recovery plans (C)

Who are considered the most dangerous attackers to an organization?

Former insiders (D)

Which of the following describes threats classified as disasters?

Riots and wars (B)

What can lead to valuable data being lost or damaged?

Authorized user errors (D)

Flashcards are hidden until you start studying

Study Notes

Introduction to Health Information Systems (HIS) Security

• HIS security is crucial for trust and confidence in digital health information.
  • Breaches in HIS security can lead to reputational and financial harm, harm to patients, and vulnerability of patient information.

The CIA Triad of Information Security

• Confidentiality: Protecting patient's personal health information from unauthorized disclosure.
  • Promotes a trusting environment for patients to seek healthcare.
  • HIPAA requires institutions to implement policies protecting the privacy of patients' electronic information.
• Integrity: Ensuring the accuracy and reliability of healthcare data.
  • Only authorized users should access patient data.
  • Data should not be altered or destroyed.
• Availability: Making the HIS accessible for end users.
  • Proper hardware maintenance, system upgrades, communication bandwidth, and disaster recovery are essential.

Security Threats in Health Care

• Security threats target valuable organizational information and aim to disrupt normal operations.
• Attackers exploit system vulnerabilities using various methods and tools.
• System administrators must understand security aspects to develop protective measures and limit vulnerabilities.

Human Threats

• Malicious threats: Deliberate acts to harm or disrupt an organization.
  • Insiders: Disgruntled or malicious employees with knowledge of security measures.
  • Outsiders: Hackers seeking to disrupt services or steal information.
• Non-Malicious threats: Unintentional errors by untrained employees who are unaware of security threats and vulnerabilities.
  • Data entry errors: Mistakes in data entry can lead to loss, damage, or alteration of valuable data.
  • Programming errors: Errors in code can crash systems or create vulnerabilities.

Natural Disasters

• Natural disasters like earthquakes, hurricanes, floods, and fires can severely damage computer systems.
• Potential consequences include loss of information, downtime, and damage to hardware.
• Disaster recovery plans and contingency plans are crucial for preparedness.
• Terrorist attacks and riots, though human-caused, are classified as natural disasters due to their disruptive nature.