The Practical Guide to HIPAA Privacy and Security Compliance
Purchasing Options
Features
Summary
HIPAA is very complex. So are the privacy and security initiatives that must occur to reach and maintain HIPAA compliance. Organizations need a quick, concise reference in order to meet HIPAA requirements and maintain ongoing compliance.
The Practical Guide to HIPAA Privacy and Security Compliance is a one-stop resource for real-world HIPAA privacy and security advice that you can immediately apply to your organization's unique situation. This how-to reference explains what HIPAA is about, what it requires, and what you can do to achieve and maintain compliance. It describes the HIPAA Privacy and Security Rules and compliance tasks in easy-to-understand language, focusing not on technical jargon, but on what you need to do to meet requirements.
IT managers, CIOs, consultants, security professionals, office managers, physicians and anyone else preparing an organization for HIPAA will receive expert guidance on requirements and other commonly-discussed topics. Everyone will be affected by HIPAA; this book enables you to determine how HIPAA will impact you regardless of whether your business or organization is a HIPAA Covered Entity.
Table of Contents
HIPAA ESSENTIALS
Introduction to HIPAA
How HIPAA Came to Be
What HIPAA Covers
Organizations that Must Comply with HIPAA
Compliance Deadlines
HIPAA Penalties and Enforcement
Insight into the Electronic Transactions and Code Sets Rule
Summary
Chapter 1: Practical Checklist
Preparing for the HIPAA Changes
Background
Managing Change
Creating the Mindset
It's Up to You
Chapter 2: Practical Checklist
HIPAA Cost Considerations
Background
Privacy Implementation Costs
Privacy Ongoing Maintenance Costs
Costs Related to Providing Access to PHI
Privacy Officer Costs
Security Implementation Costs
Security Ongoing Maintenance Costs
Security Officer Costs
Chapter 3: Practical Checklist
The Relationship Between Security and Privacy
Background
Privacy Rule and Security Rule Overlaps
Conclusion
Chapter 4: Practical Checklist
Section 1 Quiz
HIPAA PRIVACY RULE
HIPAA Privacy Rule Requirements Overview
Background
Uses and Disclosures
Incidental Uses and Disclosures
Minimum Necessary
De-Identification
Business Associates
Marketing
Notice of Privacy Practices for PHI
Individual Rights to Request Privacy Protection for PHI
Individual Access to PHI
Amendment of PHI
Accounting Disclosures of PHI
PHI Restrictions Requests
Administrative Requirements
Personal Representatives
Minors
Transition Provisions
Compliance Dates and Penalties
Looking Forward
Performing a Privacy Rule Gap Analysis and Risk Analysis
Gap Analysis and Risk Analysis
Chapter 6: Practical Checklist
Writing Effective Privacy Policies
Notice of Privacy Practices
Example NPP
Organizational Privacy Policies
Chapter 7: Practical Checklist
State Preemption
What is Contrary?
Preemption Criteria
Exceptions to Preemption
Preemption Analysis
Conclusion
Chapter 8: Practical Checklist
Crafting a Privacy Implementation Plan
Some Points to Keep in Mind
Conclusion
Chapter 9: Practical Checklist
Privacy Rule Compliance Checklist
HIPAA SECURITY RULE
Security Rule Requirements Overview
Introduction to the Security Rule
What's New in the Final Security Rule
General Rules for Security Rule Compliance
Required versus Addressable
Insight Into the Security Rule
Other Organizational Requirements
Reasons to Get Started on Security Rule Initiatives
Chapter 11: Practical Checklist
Performing a Security Rule Risk Analysis
Background
Risk Analysis Requirements According to HIPAA
Risk Analysis Essentials
Stepping Through the Process
Calculating Risk
Managing Risks Going Forward
Chapter 12: Practical Checklist
Writing Effective Information Security Policies
Introduction to Security Policies
Critical Elements of Security Policies
Sample Security Policy Framework
Security Policies You May Need for HIPAA Security Rule Compliance
Managing Your Security Policies
Chapter 13: Practical Checklist
Crafting a Security Implementation Plan
Background
Some Points to Keep In Mind
Conclusion
Chapter 14: Practical Checklist
Security Rule Compliance Checklist
COVERED ENTITY ISSUES
Healthcare Provider Issues
Background
Privacy Notices
Fees for Record Review
Mitigation Measures
Fax Use
Sign-In Sheets
Patient Charts
Business Associates
Authorizations
Chapter 16: Practical Checklist
Healthcare Clearinghouse Issues
Background
Requirements
Transactions
Financial Institutions
Conclusion
Chapter 17: Practical Checklist
Health Plan Issues
What is a Health Plan?
What is a Small Health Plan?
Health Plan Requirements
Marketing Issues
Notice of Privacy Practices
Types of Insurance Plans Excluded from HIPAA
Communications
Government and Law Enforcement
Chapter 18: Practical Checklist
Employer Issues
Background
"Small" and "Large" Employers
Health Benefits
Enforcement and Penalties
Organizational Requirements
Health Information
Medical Surveillance
Workers' Compensation
Training
Resources
Conclusion
Chapter 19: Practical Checklist
Business Associate Issues
Is Your Organization a Business Associate?
Business Associate Requirements
What You Can Expect to See or Hear from Covered Entities
Issues to Consider
Moving Forward
Chapter 20: Practical Checklist
HIPAA TECHNOLOGY CONSIDERATIONS
Building a HIPAA Compliant Technology Infrastructure
Overview
Areas of Technology to Focus On
Looking Deeper into Specific Technologies
Mobile Computing Concerns
Summary
Chapter 21: Practical Checklist
Crafting Security Incident Procedures and Contingency Plans
Background
Handling Security Incidents
Security Incident Procedure Essentials
Basics of Contingency Planning
Moving Forward
Chapter 22: Practical Checklist
Outsourcing Information Technology Services
Background
Reasons to Consider Outsourcing
What Functions to Outsource
What to Look for in Outsourcing Firms
Common Outsourcing Mistakes
Chapter 23: Practical Checklist
MANAGING ONGOING HIPAA COMPLIANCE
HIPAA Training, Education, and Awareness
Creating an Effective Awareness Program
Identify Awareness and Training Groups
Training
Training Design and Development
Awareness Options
Document Training and Awareness Activities
Get Support
Measure Effectiveness
Conclusion
Chapter 24: Practical Checklist
Performing Ongoing HIPAA Compliance Reviews and Audits
Background
Privacy Issues
Security Issues
Making Audits Work
Chapter 25: Practical Checklist
APPENDIXES
HIPAA Case Studies: Experiences Shared
Sample Documents
HIPAA Resources
Answers to Chapter Quizzes
HIPAA Glossary
Editorial Reviews
"The book's main strength is its abundant and varied content. It thoroughly describes the main provisions of HIPAA's security and privacy requirements using actual language from the legislation interspersed with the authors' commentary. This format…helpfully guides readers through the labyrinthine HIPAA requirements."
Scott Forbes, Microsoft
"Rebecca and Kevin have compiled a wealth of knowledge in an easy-to-read, conversational style. This book is packed with useful facts and practical tips that grabs and keeps your attention as though you are listening to the authors in your own living room. The astute reader will keep a pad of paper and a pile of 'sticky notes' handy. You will no doubt come back to this valuable resource over and over again!"
Michael J. Corby, CCP, CISSP, President and CEO, M. Corby & Associates, Inc.
"This is a very comprehensive view of HIPAA privacy and security compliance which provides a pragmatic, step by step methodology for understanding and complying with the regulation. The practical checklists, the quizzes which
can be used in HIPAA awareness programs, and the pointers to valuable resources are all added benefits."
Micki Krause, CISSP, Chief Information Security Officer, Pacific Life Insurance
Related Titles
