A. Obvious to designers of Health IT
B. Related to a mismatch of the function of the HIT and what the user really does with it
C. Are discovered most often after the system is installed and being used
D. Are discovered most often during the programming phase as the HIT is being built
E. B & D
F. B & C
A. Offer (but do not force) an alternative, but equally effective and less expensive medication when a clinician orders a drug.
B. Provide a link to the institution’s practice guidelines
C. Offer a “tip” or a “shortcut” on log in – such as “would you like to see how to use the system to quickly discharge a patient today?”
D. All of the above
A. The doctors were not skilled enough to use the computer
B. The providers believed that they had sufficient levels of expertise to not bother with the lab results
C. The nurses did it for them
D. The designers of the system did not understand the normal workflow and did not sufficiently plan for the change that doctors had to retrieve their own results from the system
A. Result in undue trust and belief in what the computer suggests or displays
B. Replace or augment human decision-making
C. Augment decision-making by the human but never replace it
D. A & B
E. C & A
A. Electronic records can be transported over networks as long as encryption is not used during transport.
B. With electronic records, it is not necessary to prepare for potential disasters, such as fires and natural catastrophes, which affect paper records.
C. Electronic records allow for fine-tuned control of access permissions, potentially putting patients in control of their health information.
A. HIPAA Security Rule
B. ISO 27001
C. NIST 800-53
D. PCI DSS
A. Employer protected health inquiry
B. Employer processed health information
C. Electronic processed health information
D. Electronic protected health information
A. Administrative safeguards
B. Complacent safeguards
C. Physical safeguards
D. Technical safeguards
A. Risk analysis
B. Risk management
C. Risk prevention
D. System activity review
A. Desktop computer
C. USB drive
D. All of the above
A. Delete files containing EPHI from the computer simply using the delete function of the operating system.
B. Change the passwords of all users accessing the system, preventing access to all EPHI.
C. Either remove the hard drives from the computer equipment for destruction, or perform a secure deletion of all data using special methods that ensures data on magnetic media is completely unreadable.
D. Make sure that whoever acquires the computer equipment agrees not to hold you liable for any EPHI contained on the equipment.
A. Requiring a user to provide a password along with a smart card to access an EHR.
B. A physician having access to more patient information in an EHR than an administrative user.
C. Enforcing complexity requirements when changing a password.
D. Biometric authentication.
A. Strategic Planning
B. User Needs Analysis
A .Observation of current workflow
B .Implementation of software to solve a workflow challenge
C .Interviewing employees involved in a business process
D. Sharing analysis with those interviewed
A. Identify testing environment.
B. Create test scenarios and scripts.
C. Identify participants.
D. Identify required equipment.
B. Project description.
C. System backup.
D. Project sign-off.
A. Less-experienced staff.
B. Program experts.
C. Workflow experts.
D. B and C.
E. All of the above.