Question

1. Define the terms internal security threat and external security threat. Provide examples of each. 2. Describe the role of the HIM professional after medical identity theft has been discovered. 3. Discuss access controls such as authentication, termination of access, and remote access control. 4. Identify security threats that can occur during the electronic transmission of data. How could these be mitigated by policies and procedures? 5. Describe the role of the HIM professional in contingency planning.

Answer 1

1. External and Internal Threats

External security threats originate from outside the organization. These threats may be primarily physical threats, socio-economic threats, network security threats, communication threats, human threats like threats from hackers, software threats, and legal threats. Social engineering threats like using social engineering sites to gather data and impersonate people for the purpose of defrauding them and obtaining their credentials for unauthorized access is increasing. Theft of personal identifiable information, confidential strategies, and intellectual properties of the organization are other important threats. Some of these physical threats or legal threats may endanger an entire organization completely. Comparatively, other threats may affect an organization partially or for a limited period of time and may be overcome relatively easily. Cybercrimes are exposing the organizations to legal risks too.

Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information.

2. HIM professionals Ed patients about the importance of protecting their medical identity in the same way in which they protect their financial identity.

Remind patients to review the following information regularly:

• Medical record: Obtain a copy in-person or via the patient portal. Consider advertising the patient portal as a tool to help patients monitor PHI in the same way they would monitor their credit reports. Encourage patients to pay close attention to the documented blood type, pre-existing conditions, and allergies. If any of this data is inaccurate, tell them to notify their provider immediately.
• Explanation of benefits: Tell patients to immediately contact their health insurer to report any incorrect items.
• Billing statements: Encourage patients to look for unfamiliar charges related to medical procedures, medical equipment, or pharmaceuticals that may suggest someone has committed fraud. Tell them to notify their provider immediately.

Create an alert form that patients can fill out when they suspect medical identity theft has occurred. Appoint someone in the HIM department who can investigate these reports and work collaboratively with the patient to rectify the problem.

3.Authentication technology provides access control for systems by checking to see if a user's credentials match the credentials in a database of authorized users or in a data authentication server. Access control systems perform authorization identification, authentication, access approval, and accountability of entities through login credentials including passwords, personal identification numbers (PINs), biometric scans, and physical or electronic keys.

Remote access is the ability to get access to a network from a remote distance. In corporations, people at branch offices, telecommuters, and people who are travelling may need access to the corporation's network. Home users get access to the Internet through remote access to an Internet service provider (ISP). Dial-up connection through desktop, notebook, or handheld computer modem over regular telephone lines is a common method of remote access. Remote access is also possible using a dedicated line between a computer or a remote local area network and the "central" or main corporate local area network. A dedicated line is more expensive and less flexible but offers faster data rates. Integrated Services Digital Network (ISDN) is a common method of remote access from branch offices since it combines dial-up with faster data rates. Wireless, cable modem, and Digital Subscriber Line (DSL) technologies offer other possibilities for remote access.