Management and IT professionals in the healthcare arena face the fear of the unknown: they fear that their massive efforts to comply with HIPAA requirements may not be enough, because they still do not know how compliance will be tested and measured. No one has been able to clearly explain to them the ramifications of HIPAA. Until now.
The HIPAA Program Reference Handbook explains all aspects of HIPAA including system design, implementation, compliance, liability, transactions, security, and privacy, focusing on pragmatic action instead of theoretic approaches. The book is organized into five parts. The first discusses programs and processes, covering program design and implementation, a review of legislation, human dynamics, the roles of Chief Privacy and Chief Security Officers, and many other foundational issues.
The Handbook continues by analyzing product policy, technology, and process standards, and what entities need to do to reach compliance. It then focuses on HIPAA legal impacts, including liability associated with senior management and staff within an organization.
A section on transactions and interactions discusses the intricacies of the transaction types, standards, methods, and implementations required by HIPAA, covering the flow of payments and patient information among healthcare and service providers, payers, agencies, and other organizations. The book concludes with a discussion of security and privacy that analyzes human and machine requirements, interface issues, functions, and various aspects of technology required to meet HIPAA mandates.
Table of Contents
PROGRAMS AND PROCESSES
The Roles and Responsibilities, Ross A. Leo, CISSP, CHS-III
The Final HIPAA Security Rule Is Here! Now What? Todd Fitzgerald, CISSP, CISA
Incorporating HIPAA Security Requirements into an Enterprise Security Program, Brian T. Geffert, CISSP, CISA
Steps to an Effective Data Classification Program, Mary Brown, CISSP, CISA
STANDARDS AND COMPLIANCE
HIPAA Security and the ISO/IEC 17799, Uday O. Ali Pabrai, S+, CHSS, SCNA
Execution of a Self-Directed Risk Assessment Methodology to Address HIPAA Data Security Requirements, Johnathan Coleman, CISSP, CISM
Ten Steps to Effective Web-Based Security Policy Development and Distribution, Todd Fitzgerald, CISSP, CISA
ECONOMICS, LEGALITY, AND LIABILITY
HIPAA Privacy Rules Require Security Compliance, Steven B. Markin
Legalities and Planning: The Stake Is in the Ground, Ken M. Shaurette, CISSP, CISA, CISM, IAM
TRANSACTION AND INTERACTIONS
HIPAA from the Patient's Point of View, Oscar Boultinghouse, M.D.
Interoperability and Business Continuity Involving HIPAA EDI Transactions, Mark Lott
The Role of DHHS, CMS, OCR, and OHS, Todd Fitzgerald, CISSP, CISA
SECURITY, PRIVACY, AND CONTINUITY
The HIPAA Security Risk Analysis, Caroline Ramsey Hamilton
HIPAA Security Compliance: What It Means for Developers, Vendors, and Purchasers, Keith Pasley, CISSP
Issues and Considerations for Business Continuity Planning under HIPAA, Kevin C. Miller
A Part I: A HIPAA Glossary
Part II: Consolidated HIPAA Administrative Simplification Final Rule Definitions
Part III: Purpose and Maintenance
B HIPAA Security Rule Standards, Implementation Specifications,
and NIST Resource Guide for Implementing HIPAA
C Policy Examples
D Guide to HIPAA Security Assessment
Prepared by WorkSmart MD, A Meyer Technologies, Inc. Company