The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules

The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules

Published:
Content:
Author(s):
Free Standard Shipping

Purchasing Options

Hardback
$79.95
ISBN 9781466507678
Cat# K14680
Add to cart
eBook (VitalSource)
$79.95 $55.97
ISBN 9781466507685
Cat# KE16192
Add to cart
SAVE 30%
eBook Rentals
Other eBook Options:
 
 

Features

  • Assists healthcare providers in reviewing the accessibility of EPHI to verify that it is not altered or destroyed in an unauthorized manner and that it is available as needed only by authorized individuals
  • Covers all implementation standards and provides recommendations on how to comply with these standards
  • Includes recommendations based on other related regulations and industry best practices
  • Provides samples of documents that are required and direction in using these policies and procedures to establish proof of compliance.
  • Helps prepares entities for a HIPAA assessment or in the event of an HHS audit

Summary

The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules is a comprehensive manual to ensuring compliance with the implementation standards of the Privacy and Security Rules of HIPAA and provides recommendations based on other related regulations and industry best practices.

The book is designed to assist you in reviewing the accessibility of electronic protected health information (EPHI) to make certain that it is not altered or destroyed in an unauthorized manner, and that it is available as needed only by authorized individuals for authorized use. It can also help those entities that may not be covered by HIPAA regulations but want to assure their customers they are doing their due diligence to protect their personal and private information. Since HIPAA/HITECH rules generally apply to covered entities, business associates, and their subcontractors, these rules may soon become de facto standards for all companies to follow. Even if you aren’t required to comply at this time, you may soon fall within the HIPAA/HITECH purview. So, it is best to move your procedures in the right direction now.

The book covers administrative, physical, and technical safeguards; organizational requirements; and policies, procedures, and documentation requirements. It provides sample documents and directions on using the policies and procedures to establish proof of compliance. This is critical to help prepare entities for a HIPAA assessment or in the event of an HHS audit. Chief information officers and security officers who master the principles in this book can be confident they have taken the proper steps to protect their clients’ information and strengthen their security posture. This can provide a strategic advantage to their organization, demonstrating to clients that they not only care about their health and well-being, but are also vigilant about protecting their clients’ privacy.

Table of Contents

HIPAA/HITECH Overview
Definitions
Required by Law
Covered Entities Defined
Covered Transactions Defined
Are You a Covered Entity?
Business Associates
The Electronic Transactions and Code Sets Rule Overview
National Provider Identifier Requirements Overview
Security Rule Overview
"Meaningful Use" Overview
Breach Notification Rule Overview
Enforcement Rule Overview
Anti-Kickback Statute
Patient Safety and Quality Improvement Act of 2005 (PSQIA)
Consumer Privacy Bill of Rights
Federal Rules of Civil Procedures
The Relevance of HIPAA/HITECH to Healthcare Organizations
Why Is Security Important?
Are Healthcare Organizations Immune to Security Concerns?
Suffering from Data Breaches
Rise of Medical Identity Theft
Internet Crimes Go Unpunished
Social Engineering and HIPAA
Social Engineering: What Is It?
Threats in the Workplace
Enforcement Activities
Impediments to HIPAA/HITECH Compliance
The God Complex
Recommendations
Critical Infrastructure Implications
What the Future Holds
Compliance Overview
Interrelationship between Regulations, Policies, Standards,
Procedures, and Guidelines
Reasonable Safeguards
Centers for Medicare and Medicaid Services Compliance Review
HIPAA/HITECH Privacy and Security Audit Program
The SAS 70/SSAE 16 Debate
Corporate Governance
Privacy Rule Detailed
Minimum Necessary
Individual Consent
Permitted Uses and Disclosures Detailed
Authorized Use and Disclosure
Privacy Practices Notice
Administrative Requirements
Organizational Options
Other Provisions: Personal Representatives and Minors
State Laws
Enforcement
Compliance Dates
The Electronic Transactions and Code Set Rule Detailed
Definitions
Standard Transactions
Medical Code Sets
Local Codes
Nonmedical Code Sets
Requirements for Covered Entities
Additional Requirements for Health Plans
Additional Rules for Healthcare Clearinghouses
Exceptions from Standards to Permit Testing of Proposed Modifications
The National Provider Identifier Requirements Detailed
Definitions
Compliance Dates
Healthcare Provider’s Unique Health Identifier
National Provider System
Implementation Specifications for Healthcare Providers
Implementation Specifications for Health Plans
Implementation Specifications for Healthcare Clearinghouses
National Provider Identifier (NPI) Application
"Meaningful Use" Detailed
Meaningful Use Defined
Meaningful Use Criteria
Meaningful Use Requirements
Meaningful Use Stage 1 (2011 and 2012)
Clinical Quality Measures
Meaningful Use Specification Sheets
Proposed Changes to Stage 1 and Proposals for Stage 2
Breach Notification Detailed
Definitions
Individual Notification
Media Notification
Secretary Notification
Business Associate Notification
Notification Delay Request of Law Enforcement
Burden of Proof
Sample of Breach Notification Policy
Sample of Breach Notification to Individuals
Enforcement Rule Detailed
General Penalty
Affirmative Defenses
Waiver
Notice of Proposed Determination
Security Rule Detailed
Implementation Specifications
Implementation Process
Standards Are Flexible and Scalable
Security Standards Defined
Policy and Procedure Drafting
Documentation Requirements
Components of Policies
Security Rule: Administrative Safeguards
Security Management Process
Workforce Security
Information Access Management
Security Awareness Training
Security Incident Procedures
Contingency Plan
Evaluation—Required—45 CFR § 164.308(a)(8)
Business Associate Contracts and Other Arrangements
Security Rule: Risk Assessments
Risk Assessment Overview
System Characterization
Threat Identification
Vulnerability Identification
Control Analysis
Likelihood Rating
Impact Rating
Risk Determination
Risk Mitigation
Risk Management
Risk Assessment Report
Security Rule: Security Awareness Training
Security Rule: Incident Response
Standard Format
Steps
Notification
Incident Details
Incident Handler
Actions Taken or Recommended Actions
Other Recommendations
Security Rule: Business Continuity Planning and Disaster Recovery
Contingency Plan—45 CFR § 164.308(a)(7)(i)
Data Backup Plan—45 CFR § 164.308(a)(7)(ii)(A)
Disaster Recovery Plan—45 CFR § 164.308(a)(7)(ii)(B)
Emergency Mode Operation Plan—45 CFR § 164.308(a)(7)(ii)(C)
Testing and Revision Procedures—Addressable—45 CFR § 164.308(a)(7)(ii)(D)(b)
Applications and Data Criticality Analysis—Addressable—45 CFR § 164.308(a)(7)(ii)(E)(b)
A Plan Addressing Both Operational and Regulatory
Requirements
Security Rule: Compliance Assessment
Gap Analysis
Develop or Modify Policies and Procedures
Approve Policies and Procedures
Policy and Procedure Implementation
Test Plans
Assessment
Reassess
Security Rule: Physical Safeguards
Facility Access Controls
Workstations Use—Required—45 CFR § 164.310(b)
Workstation Security—Required—45 CFR § 164.310(c)
Device and Media Controls
Remote Use and Mobile Device Controls
Security Rule: Technical Safeguards
Access Control
Audit Controls—Required—45 CFR § 164.312(b)
Integrity
Person or Entity Authentication—Required—45 CFR § 164.312(d)
Transmission Security
Security Rule: Organizational Requirements
Business Associate Contracts—Required—45 CFR § 164.314(a)(2)(i)
Other Arrangements—Required—45 CFR § 164.314(a)(2)(ii)
Requirements for Group Health Plans—Implementation Specifications—Required—45 CFR § 164.314(b)(2)
Frequently Asked Questions
Checklists
Policies and Procedures
Document Request List
Incident Handling Checklist
Crisis Handling Steps
Works Cited
Additional Resources
Acronyms
Glossary
Index

Author Bio(s)

Recommended For You

 
 
Textbooks
Other CRC Press Sites
Featured Authors
STAY CONNECTED
Facebook Page for CRC Press Twitter Page for CRC Press You Tube Channel for CRC Press LinkedIn Page for CRC Press Google Plus Page for CRC Press
Sign Up for Email Alerts
© 2014 Taylor & Francis Group, LLC. All Rights Reserved. Privacy Policy | Cookie Use | Shipping Policy | Contact Us