7. Security management functions assigned security responsibility and information access management are all standards included in which safeguard category of the HIPAA Security Rule?
8. A type of software that protects computing resources and is most commonly found between the health care organization’s internal network and the Internet is known as a(n):
9. A common type of computer virus that resides in a removable media device such as a flash drive is known as a:
Boot sector virus
10. According to the National Institute for Standards and Technology (NIST) what type of contingency-related plan is typically IT focused and used in the event of a major hardware or software failure?
Disaster recovery plan
External breaches of security are far more common than internal breaches.
The most common encryption algorithm in use today is RSA; however, the AMA recommends AES as a better choice for encrypting electronic protected health information (ePHI).
The HIPAA Security Rule governs all protected health information (PHI).
Password and PIN systems are the most common forms of entity authentication and provide the strongest form of security
Computer viruses are among the most common and virulent forms of intentional computer tampering.
The proxy server is a more complex firewall device than the packet filter and runs on a computer.
Ciphertext is a computer program that converts plaintext into an enciphered form.
The primary challenge of developing an effective security program in a health care organization is balancing the need for security with the cost of security
All of the specifications contained within the HIPAA Security Rule are considered required.
Time limit, availability, and updates are all implementation specifications contained within the Policies, Procedures, and Documentation section of the HIPAA Security Rule.
The policies and procedures that govern the receipt and removal of hardware, software, and devices such as disks and tapes are known as:
The most stringent type of access control is:
One of the key components of applying administrative safeguards to protect an organization’s health care information is:
Password system, PINS, and biometric identification systems are all specific examples of:
HITECH gave the responsibility for enforcing the HIPAA Privacy and Security Rules to:
Under the HIPAA Security Rule, which is NOT considered a covered entity (CE)?
A business associate
Data center management, network engineers, and help desk personnel are all examples of roles that would fall under:
Operations and Technical Support
What is an example of an infrastructure service metric that can be used to formally measure services levels?
The percentage of time that systems have unscheduled downtime
An advantage to managing IT in a health care organization with a decentralized structure is:
Innovative use of information systems
Managing contracts with vendors, and developing and monitoring the IT budget are all tasks that are likely be performed by:
According to Agarwal and Sambamurthy, what core IT process involves identifying new ways for IT to improve business operations and ensure that IT investments deliver value?
An IT professional that would be responsible for identifying information system needs and problems, evaluating workflow, and determining strategies for optimizing the use and effectiveness of particular systems is a:
IT staff and services that are organized to support a particular application such as a billing system or clinical area are structured according to?
All are characteristics of a high-performing IT staff except:
They have a clinical background
Asking questions such as ‘To what degree are IT strategies well aligned with the organization’s overall strategic goals?’ are related to what key area of evaluating IT effectiveness?
A member of the IT team that is concerned with leading clinical information system initiatives is likely the:
On average, hospitals spend 5 percent of their operating budget and 25 percent of their capital budget on IT.
Organizing IT staff according to critical organizational processes is a common approach because most organizations are structured this way.
The role of CMIO is usually held by a physician and may be filled through a part time commitment.
Applications programmers write programs to maintain and control infrastructure software, such as operating systems, networked systems, and database systems.
In recent years, health care organizations have shown a growing interest in outsourcing part or all of their IT services.
It general, over half of all health care provider CIOs report directly to the CEO of their health care organization.
Network administrators and telecommunications specialist often work closely together to manage a healthcare organization’s communication network.
Tracking emerging technologies, and identifying the ones that might provide value to the organization are tasks commonly carried out by the CTO.
The organization or form of the IT department in an integrated delivery system (IDS) is sometimes matrixed.
Despite the advantages of a more centralized approach to managing IT services, many health care organizations have moved in recent years to a relatively decentralized structure.
The development of an organization’s strategy has two major components known as:
Formulation and Implementation
What term refers to broad properties of the organization’s infrastructure such as reliability and agility?
What vector of IT strategy development can be highly speculative and may not require any immediate action?
Assessment of strategic trajectories
Strategy discussions surrounding the application asset as a whole focus on all of these key areas EXCEPT:
What is an objective of the IT strategic planning process?
All of the Above
The IT asset is composed of what four components?
Applications, infrastructure, data, and IT staff
The determination of the basic long-term goals and objectives of an organization, the adoption of the course of action, and the allocation of resources necessary to carry out those actions is known as:
All of the reasons are attributed to the persistent difficulty many health care organization’s face in achieving IT alignment EXCEPT:
The complexity of the IT alignment process
All of the following are considered members of the IT staff who are responsible for the day in and day out management of information technology systems EXCEPT:
What process centers on discussions of ideas and issues that lead to the determination of goals and initiatives and the definition of organizational capabilities and competencies needed to implement these goals and initiatives?
Formulation involves understanding competing ideas and choosing between them
Organizations that have a history of IT excellence have evolved to a state where their alignment process is methodology-less.
The implementation component of strategy development includes the development of project plans and budgets.
An effective IT alignment requires the integration of the organization’s strategic context, environment, IT strategy, and IT portfolio
IT alignment done correctly will guarantee the effective application of IT.
Strategic decisions rarely involve changes in the core understandings that guide organizational activity.
The process of developing IT strategy should be similar in approach and nature to the process used for overall strategic planning.
The alignment process should produce a number of results including a high-level analysis of the budget needed to carry out any IT initiatives.
A strategic decision has clear and illuminating ramifications for many other decisions.
Scoring or ranking can be used as a method of prioritizing recommendations by the leadership team and should be accepted as definitive output.
Phase II as part of the evolution of IT strategy has three major classes of activity including all EXCEPT:
Foundation replacement should only occur under what circumstances?
All of the Above
What source of advantage is realized when IT is used to monitor an organization’s plans, operations, and environment?
Rapid and accurate provision of critical data
The way an organization views a particular IT challenge or opportunity is known as:
The type of strategies that result from an understanding that a set of IT strategies points to the need to elevate some aspects of organizational IT-related competency are specifically known as:
Broad Leverage Strategies
Using an EHR to implement systems such as personal health records (PHRs) and to remotely monitor chronically ill patients are examples of initiatives that would occur during what part of Phase II?
The pursuit of IT as a source of competitive advantage can result in competitive baggage such as:
All of the Above
According to Jim Collins seminal book Good to Great, all of the following are general observations of ‘great’ companies orientation to IT EXCEPT:
Often mentioned IT as being critical to their success
A source of advantage that requires a solid understanding of the needs of patients, providers, and other customers is:
Product and services differentiation
Factors that can limit the utility of IT technology as a tool include all of the following EXCEPT:
Experimenting with new technologies
Complementary strategies are organizational initiatives that do not involve the IT asset per se but are needed for the IT strategy to succeed
The competitive advantage obtained from an IT application or technology rarely comes from the actual IT system but rather from skilled process changes that distinguish an organization from its competitors.
Initiative specific strategies are developed through discussions about how to make the organization more effective in its IT efforts
Assessing the return on investment (ROI) of a foundation is an easier exercise than determining the ROI or net present value (NPV) of an application.
In many ways, the architecture, technologies, and tools that enable ongoing implementation may be more important than the current functionality of the application.
Improved organizational competitive position through process gains is usually an automatic result of IT implementation.
Planning for Phase II must start while the organization is in Phase I but should not begin until Phase I is completed.
Organizations that have been effective in the strategic application of IT over a long period of time generally have a series of ‘singles’ or small successes punctuated by an occasional leap, or grand slam.
Information technology itself can provide a competitive advantage that is sustainable for a long time
An organization should realistically be able to define all of their functionality requirements during the RFP process.
Ensuring that the IT issues and needs of a function of the organization are understood and communicated to the IT department and the executive committee is a responsibility of the:
According to Peter Weill and Jeanne Ross, which of the five major areas that form the foundation of IT governance deals with an integrated set of technical choices used to guide the organization in satisfying business needs?
One of the most critical management undertakings that involves the commitment of resources to carry out strategic initiatives is:
Ensuring that the organization has a comprehensive, thoughtful, and flexible IT strategy is a responsibility of:
Well-developed governance mechanisms have all of these characteristics EXCEPT:
They rarely change
What is the second step of IT budget development?
IT leadership reviews the strategic initiatives with senior leadership
Participating in developing and maintaining the IT agenda and priorities and understanding the scope and quality of IT initiatives within a specific department are responsibilities of:
According to Carol Brown and Vallabh Sambamurthy, which of the five mechanisms used by IT groups to improve their coordination and working relationships involves actions such as training IT staff on team building or offering user feedback during their reviews?
Human Resource Practices
All are considered characteristics of an organization that aspire to high levels of IT effectiveness EXCEPT:
True Innovation Occurs Rapidly
Despite the size of a health care organization effective management at a minimum requires:
All of the Above
The fundamental accountability for the performance of the health care organization, including the IT function is held by the organization’s senior leadership.
Developing an IT steering committee to address all IT issues and decision is generally a good idea.
Too much user responsibility can lead to insufficient attention to infrastructure, resulting in application instability.
Governance structures and the distribution of responsibilities should be some what influenced by basic strategic objectives.
Some of the responsibilities of the IT group may be delegated to others for example a non-IT department may be permitted to have their own IT staff and manage their own systems.
As a general ground rule, the IT budget should be discussed in the same conversations that discuss or involve non-IT budget requests.
Capital budgets are the funds associated with using and maintaining the asset.
Effective application of IT involves the thoughtful distribution of IT responsibilities between the IT department, users of applications and IT services, and senior management.
An IT committee of the board can be composed of committee members other than board members such as IT professionals.
The IT staff or CIO should be asked to defend infrastructure investments but should not be asked to defend applications.
Changes that leave the organization and its core mission intact but significantly alter the way the organization carries out its business are:
What individual generally holds overall accountability for a project?
What tool or document provides an overview of the project and is used by the project team during the day-to-day management of the project ?
It is estimated that around what percentage of IT projects are successful?
All are considered necessary aspects of change management EXCEPT:
What committee generally focuses on a subset of IT projects and determines if the project is proceeding well or likely to be heading into trouble?
Project Review Committee
The project status report that documents and communicates the current condition of the project is generally prepared and distributed:
The two major categories of risk that confront significant IT investments are:
Strategy and Implementation Failure
Maintaining the project plan and communicating progress to sponsors, stakeholders, and team members are responsibilities of the:
What aspect of change management deals with helping the staff understand the nature of the change and how their roles and work life will be different?
Language and Vision
Fundamental change is common in health care and carries less risk than other forms of change.
Project management places an emphasis on many of the “softer” aspects of management and leadership such as communicating vision and establishing trust.
Project phases and tasks including the sequence of these phases and tasks are generally included in the project plan.
If a change affects the entire organization, then it is advisable for the CEO to chair the leadership committee.
Management strategies should be the same regardless of the type of project being undertaken.
Change initiatives and IT projects need to communicate their progress regularly but only when that progress is largely seen or apparent to the organization.
One outcome of continuous change may be the recognition that current application systems are progressively becoming a poor fit with the evolving organization.
The project team generally manages the performance of the project work and allocates resources as necessary to do the work.
Excellent project management always ensures project success.
For very complex projects, it is not unusual to see 20 to 25 percent of the budget and the duration of some tasks labeled as “unknown” or “unclear.”
Of the four types or classes of IT investment, which involves upgrading core IT infrastructure and applications or is intended to reduce the cost or improve the quality of IT services?
A common financial measure that is calculated by subtracting the initial investment from the future cash flows that result from the investment is known as:
Net Present Value
During what step related to increasing accountability for IT investments, should the project sponsors and business owners be defined and develop an understanding of the accountability they now have for the successful completion of the project?
Fewer errors, faster turnaround times for tests results, and a quicker admission process are all examples of tangible values that can be measured in terms of:
A common proposal problem that occurs when it is projected that people will use the system in a specific way is:
Reliance on Complex Behavior
What is described as a cornerstone in examining the value of an IT project?
IT Project Proposal
What is intended to significantly change the competitive position of the organization or redefine the core nature of the enterprise?
According to Ross and Johnson, prerequisites for effective IT prioritization include:
All of the Above
All of the following are examples of intangible values EXCEPT:
Increase in Brand Awareness
Steps to improve value realization include all of the following EXCEPT:
Lengthen deliverable cycles
Many studies have found that there is no overall obvious direct relationship between IT expenditures and organizational performance.
Information system infrastructure is hard to evaluate, as evaluation is often instinctive and experientially based.
Organizations commonly revisit their IT investments to determine if the promised value was actually achieved.
IT’s economic impact comes from incremental innovations rather than from ‘big bang’ initiatives.
Information system investments directed at improving the quality of service or medical care are generally evaluated in terms of service parameters.
An organization can determine the ROI of an investment in a tool only if it knows the task to be performed and the skill level of the participants who are to perform the task.
In health care it is common that information systems are the centerpiece of a redefinition of the organization.
Statements about specific numerical goals are commonly included in IT project proposals
IT investments that have different objectives and value propositions have different value assessment techniques.
When different organizations implement the same system and have comparable implementation skill levels, the value achieved is usually the same.
Need essay sample on "MISY 5330, part 2"? We will write a custom essay sample specifically for you for only .90/page