Across
- 2. The function and data available to the user are based on the role of the user.
- 4. Must include the policies required to prevent, identify, control, and resolve security incidents.
- 7. The means to control access and protect information from accidental or intentional disclosure to unauthorized persons and from unauthorized alteration, destruction, or loss.
- 8. An individual to be in charge of the security program for the CE.
- 10. Educates CE employees about the CE's security policies and procedures.
Down
- 1. The attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
- 3. Intentional destruction, mutilation, alteration, or concealment of evidence or alteration of evidence.
- 5. The technology and the policy and procedure for its use that protect ePHI and controls assess to it.
- 6. Poor security practices that have not led to harm, whereas security incidents have resulted in harm for a significant risk of harm.
- 7. May be used to track keystrokes and passwords, monitor websites visited, or other actions and reports these actions to the designated person or organization.
- 9. Defines the minimum that a CE must do to protect electronic ePHI, which is PHI that is "created, received, or transmitted" electronically by CEs.