Homework answers / question archive / HMP-513 Final – Due 8/24 Part I  - 15 Multiple Choice (1 points each, 15 points total)  (-5 points if you do not put your answers in the table below) Please fill in the below table Ques

HMP-513 Final – Due 8/24 Part I  - 15 Multiple Choice (1 points each, 15 points total)  (-5 points if you do not put your answers in the table below) Please fill in the below table Ques

Computer Science

Share With

---

HMP-513 Final – Due 8/24

Part I  - 15 Multiple Choice (1 points each, 15 points total)  (-5 points if you do not put your answers in the table below)

Please fill in the below table

Ques. #	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15
Answer

1. Data quality refers to:
   1. Data is more accurate
   2. Data has finer granularity
   3. Data is more consistent
   4. All of the above

2. The most important element of a standard is:
   1. It is technically the best solution to a problem
   2. It is the simplest solution to a problem
   3. It is to complex for small companies to implement
   4. Everybody agrees to adopt the standard

3. Which of the following is not a standard for encoding clinical patient data.
   1. ICD-9-CM
   2. FHIR
   3. Ethernet
   4. SNOMED CT
4. What information listed below is not protected by HIPAA regulations
   1. The list of medications you take as listed on the EMR your primary care physician keeps.
   2. X-Ray of your hand on file at the imaging center.
   3. The fact that you have AIDs as listed in your PHR on Google or Microsoft Healthvault
   4. The record of your blood pressure kept by your primary care physician.
5. What is the main value of a CPOE that includes clinical support
   1. Potential reduction of medication errors
   2. Make it more fun to prescribing medication
   3. The Doctor gets a cool tablet PC to enter the prescription
   4. Keep better records
   5. All of the above
   6. None of the above

6. Which of the below is true about public/private key encryption:
   1. The sender can hide the data
   2. The receiver can prove it came from the sender
   3. The receiver can prove the message was not changed
   4. All of the above

7. Which of the following is a good idea when choosing a password
   1. Pick the name of your kid or pet
   2. Pick a long complex set of characters not found in a dictionary
   3. Pick a short word easy to remember
   4. Pick the same password you use for all systems

8. Audit Trails are useful for the following reason
   1. Individual accountability
   2. Intrusion detection
   3. (a) and (b)
   4. None of the above

9. HL7 is NOT used to
   1. Define what messages are exchanged between a CPOE and a Lab when a test is electronically ordered
   2. Define the structure of the message in (a)
   3. Make sure a message gets from one application on a computer to another application on a different computer
   4. Provide a way to share information between two medical applications

10. Which of the following is not used to protect access to health care information
    1. Access based on your interest in the well being of the patient
    2. Access based on who you are
    3. Access based on your what you do
    4. Access based on who you are, what your role is, and what you are doing

11. Blockchain would not be a good technology for:
    1. Tracking access to EHRs
    2. Storing the entire patient’s EHR
    3. Tracking items in the health care supply chain
    4. Tracking the use of healthcare data for research

12. Which one of the following statements regarding symmetric encryption is correct?
    1. It uses the same key for both encryption and decryption
    2. Use a different key for encryption and decryption
    3. It is an extremely expensive process
    4. It is impossible to crack in all cases

13. Where in the Gartner’s hype cycle is the Blockchain technology.
    1. Technology Trigger
    2. Peak of Inflated Expectations
    3. Trough of Disillusionment
    4. Slope of Enlightenment or later phase

Questions 14 - 15: For the next two questions, assume that Alice is communicating with Bob. Alice has generated a public key A^pub and a private key A^pri. Bob, likewise, has a public key B^pub and a private key B^pri. Assume that Bob and Alice are both certain as to the legitimacy of each others keys. Also, you may assume that we use only asymmetric encryption for security.

14. Alice needs to send a message to Bob in such a way that Bob can be certain that Alice sent it. What needs to happen?
    1. Alice needs to sign the message with B^pri
    2. Alice needs to sign the message with B^pub
    3. Alice needs to sign the message with A^pri
    4. Alice needs to sign the message with A^pub

15. Alice needs to send a secured message to Bob such that only Bob can read the message. What needs to happen?
    1. Alice needs the encrypt the message with B^pri
    2. Alice needs to encrypt the message with B^pub
    3. Alice needs to encrypt the message with A^pri
    4. Alice needs to encrypt the message with A^pub

Part II – 10 Short answers (5 point each, 30 points total) – Please answer in one or two short concise sentences.  Please also write neat.  If I can’t read your answers I will require an oral follow up.

1. Describe the concept of layered IT security and give an example.

2. What is the emerging standard for providing access to  EHR data? Provide at least one example of how this standard is being used.

3. Discuss the potential advantages and disadvantages of using AI and Machine Learning  in a Clinical Support System?

4. Discuss the attributers, advantages and disadvantages of a database and spreadsheet. When should you use which application?

5. Describe what Health Information Exchanges (HIE) along with their advantages and disadvantages?

6. Blockchain can provide access to verifiable data. 
   1. What is the cryptography tool (method) used to authenticate that the data in the block chain has not been changed?  How does this tool work?

1. 2. What is the architecture of block chain that give it the attribute that no single user can change the data in the block chain even if they break the tool used in (a)

Part III Standards (15 points) (-5 points if you do not put your answers in the table below)

Match the standard to the description

 

Standard Name	Matching Standard Definition
RxNorm
HTTPS
CDA
HL7v2
HL7v3
XML
LOINC
SNOMED
HTML
ICD-10
FHIR

1. A new version of HL7 that is based on XML
2. Secure protocol to transfer web pages from a web server to a web browser
3. New standard to exchange EHR data to replace CDA
4. An open standard used to format web pages
5. An open standard for encoding data in a structured way
6. A standard that provides a set of universal codes and names to identify laboratory and other clinical observations
7. Standard for EMRs from the HL7 Group
8. Older version of HL7 in use in many organizations.
1. Is a comprehensive clinical terminology, originally created by the College of American Pathologists (CAP) and, as of April 2007, owned, maintained, and distributed by the International Health Terminology Standards Development Organization (IHTSDO)
10. The new version of a standard that is used for coding of diseases and signs, symptoms, abnormal findings, complaints, social circumstances and external causes of injury or diseases, as classified by the World Health Organization (WHO).
11. NLM standard for standardized drug names

Part IV –NHWN   (20 points total). Read the paper by Gaynor on the NHWN.  Reading this paper, and other research about the NHWN is NOT included in the time limit of the exam.

1. Briefly describe network neutrality and the potential impact it has on providing health care. (5 points)

2. Discuss the idea of centralized compared to distributed architecture for the exchange of health care information. Please draw a simple figure to illustrate each architectural choice. (5 points)

3. Draw a figure illustrating one architecture for the NWHIN  (10 points) (Hint – you may use a figure on the web if you site it)

Part V – Security and Encryption. Each Question is worth 5 points.   (20 Points total)

1. Using the Caeser cipher (i.e. shift each letter up by 3) do the following: (Hint use the following to help. Or you can use row three in the table in problem 4 below)

a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z

1. 1.  decrypt the following:  idoo lv ixq
2. 2. encrypt the following: i love spring
3. Discus why it is important to have a trusted agency to sign a hospitals public key.
4. Below is a Vigenère Square.  A simple way to use this table is to use each row to encrypt a different letter of a word.  To encrypt a two letter word such as TO, use the 1^st row to encrypt T -> U (in the 1^st row go to the T column and pick that letter) , then use the 2^nd row to encrypt O -> Q.  For a five letter word, the 1^st letter is encrypted with the 1^st row, and the 5^th letter is encrypted with the 5^th row.  For example:  ABOUT -> BDRYY.

Using the Vigenère Square below, please encrypt “HEALTH” using the key: 6,5,4,3,2,1. 

4. Suppose the American Hospital Association (AHA) has set up a trusted agency to sign the public keys.  Compare the following two scenarios:
5. 1. When the AHA certifies your hospital it creates a public and private key for use by your hospital. It signs your public key with the private key of the AHA.  It gives you both your signed public key, and your private key.  It keeps a copy of your private key just in case you lose it.
6. 2. When the AHA certifies your hospital you creates a public and private key for use by your hospital. Your hospital gives the public key to the AHA, which signs it with their private key.  It gives you back this signed public key for use by your hospital. A.  The AHA does not have a copy of your private key. If you lose your private key, it is gone forever.