Herold / Beaver | The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition | E-Book | www2.sack.de
E-Book

E-Book, Englisch, 544 Seiten

Herold / Beaver The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition


2. Auflage 2014
ISBN: 978-1-4398-5559-1
Verlag: CRC Press
Format: PDF
 Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

E-Book, Englisch, 544 Seiten

ISBN: 978-1-4398-5559-1
Verlag: CRC Press
Format: PDF
 Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

Following in the footsteps of its bestselling predecessor, The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition is a one-stop, up-to-date resource on Health Insurance Portability and Accountability Act (HIPAA) privacy and security, including details on the HITECH Act, the 2013 Omnibus Rule, and the pending rules. Updated and revised with several new sections, this edition defines what HIPAA is, what it requires, and what you need to do to achieve compliance.

The book provides an easy-to-understand overview of HIPAA privacy and security rules and compliance tasks. Supplying authoritative insights into real-world HIPAA privacy and security issues, it summarizes the analysis, training, and technology needed to properly plan and implement privacy and security policies, training, and an overall program to manage information risks. Instead of focusing on technical jargon, the book spells out what your organization must do to achieve and maintain compliance requirements on an ongoing basis.

Herold / Beaver The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition jetzt bestellen!

Zielgruppe

Healthcare administrators, office managers, privacy officers, information security officers, legal counsel, physicians, compliance officers, and employer benefits sponsors

Autoren/Hrsg.

Herold, Rebecca
Beaver, Kevin

Fachgebiete

Weitere Infos & Material

HIPAA ESSENTIALS

Introduction to HIPAA

How HIPAA Came to Be
What HIPAA Covers

Current State of HIPAA Compliance

Overview of the Omnibus Rule Updates

What the HITECH Act Covers
Pending Proposed Rules
Organizations That Must Comply with HIPAA
Organizations That Must Comply with the HITECH Act
HIPAA Penalties and Enforcement

Insight into the Electronic Transactions and Code
Sets Rule

Conclusion

Practical Checklist

Related Regulations, Laws, Standards, and Guidance

Introduction
ARRA and the HITECH Act
Practical Checklist

Preparing for HIPAA, HITECH, and Other Compliance Changes

Background

Managing Change
Creating the Mind-Set
It Is Up to You

Practical Checklist

HIPAA Cost Considerations

Background
Privacy Implementation Costs

Privacy Ongoing Maintenance Costs

Costs Related to Providing Access to PHI

Privacy Officer Costs
Security Implementation Costs

Security Ongoing Maintenance Costs

Security Officer Costs

Practical Checklist

Relationship between Security and Privacy

Background

Privacy Rule and Security Rule Overlaps
Conclusion

Practical Checklist

HIPAA PRIVACY RULE

HIPAA Privacy Rule Requirements Overview

Background

Uses and Disclosures
Incidental Uses and Disclosures

Minimum Necessary Requirement

De-Identification

Business Associates

Marketing

Notice of Privacy Practices for PHI

Individual Rights to Request Privacy Protection for PHI

Individual Access to PHI

Amendment of PHI

Accounting Disclosures of PHI

PHI Restrictions Requests

Administrative Requirements
Personal Representatives
Minors
Transition Provisions

Compliance Dates and Penalties
Practical Checklist

Performing a Privacy Rule Gap Analysis and Risk Analysis

Introduction

Gap Analysis and Risk Analysis

Practical Checklist

Writing Effective Privacy Policies

Introduction

Notice of Privacy Practices

Example NPP
Organizational Privacy Policies

Practical Checklist

State Preemption

Introduction

What Is Contrary?

Exceptions to Preemption

Preemption Analysis
Conclusion

Practical Checklist

Crafting a Privacy Implementation Plan

Introduction

Some Points to Keep in Mind

Conclusion
Practical Checklist

Privacy Rule Compliance Checklist

Introduction

HIPAA SECURITY RULE

Security Rule Requirements Overview

Introduction to the Security Rule

General Rules for Security Rule Compliance

Insight into the Security Rule

Other Organizational Requirements

Reasons to Get Started on Security Rule Initiatives

Practical Checklist

Performing a Security Rule Risk Analysis

Background

Risk Analysis Requirements According to HIPAA

Risk Analysis Essentials

Stepping through the Process
Calculating Risk

Managing Risks Going Forward

Practical Checklist

Writing Effective Information Security Policies

Introduction to Security Policies

Critical Elements of Security Policies

Sample Security Policy Framework

Security Policies You May Need for HIPAA Security Rule Compliance
Managing Your Security Policies

Practical Checklist

Crafting a Security Implementation Plan

Background

Some Points to Keep in Mind

Conclusion
Practical Checklist

Security Rule Compliance Checklist

Introduction

COVERED ENTITY ISSUES

Health-Care Provider Issues

Background

Privacy Notices

Fees for Record Review

Mitigation Measures

Fax Use

Sign-In Sheets

Patient Charts
Business Associates
Authorizations
Practical Checklist

Health-Care Clearinghouse Issues

Background

Requirements

Transactions

Financial Institutions
Conclusion

Practical Checklist

Health Plan Issues

What Is a Health Plan?

What Is a Small Health Plan?

Health Plan Requirements

Marketing Issues
Notice of Privacy Practices
Types of Insurance Plans Excluded from HIPAA
Communications

Government and Law Enforcement
Practical Checklist

Employer Issues

Background

"Small" and "Large" Employers
Health Benefits

Enforcement and Penalties

Organizational Requirements
Health Information
Medical Surveillance

Workers’ Compensation
Training

Resources

Conclusion

Practical Checklist

Business Associate Issues

Is Your Organization a Business Associate?

Business Associate Requirements

What You Can Expect to See or Hear from Covered Entities

Common Business Associate Weaknesses

Issues to Consider

Moving Forward

Practical Checklist

HIPAA TECHNOLOGY CONSIDERATIONS

Building a HIPAA-Compliant Technology Infrastructure

Overview
Caution

Areas of Technology to Focus On
Looking Deeper into Specific Technologies
Mobile Computing
Additional Technology Considerations

Conclusion

Practical Checklist

Crafting Security Incident Procedures and Contingency Plans

Background

Handling Security Incidents
Security Incident Procedure Essentials
Basics of Contingency Planning
Moving Forward
Practical Checklist

Outsourcing Information Technology Services

Background

Reasons to Consider Outsourcing

What Functions to Outsource

What to Look For in Outsourcing Firms
Common Outsourcing Mistakes

Practical Checklist

MANAGING ONGOING HIPAA COMPLIANCE

HIPAA Training, Education, and Awareness

Creating an Effective Awareness Program

Identify Awareness and Training Groups

Training
Training Design and Development

Awareness Options

Document Training and Awareness Activities
Get Support
Measure Effectiveness

Conclusion

Practical Checklist

Performing Ongoing HIPAA Compliance Reviews and Audits

Background

Ongoing Cost of Compliance

Privacy Issues

Security Issues
Making Audits Work

Practical Checklist

APPENDICES

Appendix A: Enforcement and Sanctions

Appendix B: HIPAA Glossary

Appendix C: Model Incident and Privacy Response Procedures
Appendix D: HIPAA Resources

References
Further Reading

Index

Kevin Beaver is an independent information security consultant, writer, professional speaker, and expert witness with Atlanta, Georgia based Principle Logic, LLC. He has worked in IT since 1989 and specializes in performing information security assessments for corporations, security product vendors, independent software developers, universities, government agencies, and nonprofit organizations. Before starting his information security consulting practice in 2001, Kevin served in various information technology and security roles for several health care, e-commerce, financial, and educational institutions.

Kevin has appeared on CNN as an information security expert and has been quoted in The Wall Street Journal, Entrepreneur, Fortune Small Business, Men’s Health, Women’s Health, Woman’s Day, and Inc. Magazine. His work has also been referenced by the PCI Security Standards Council in their PCI DSS Wireless Guidelines. He has given and participated in hundreds of highly rated presentations, panel discussions, seminars, and webcasts on information security and compliance.

Kevin has authored or coauthored 11 information security books, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as Implementation Strategies for Fulfilling and Maintaining IT Compliance (Realtimepublishers.com). He has written dozens of whitepapers and hundreds of articles and guest blog posts, and he is a regular contributor to SearchSecurity.com, SearchEnterpriseDesktop.com, SearchWindowsServer.com, and Security Technology Executive magazine.

Kevin is the creator and producer of the Security On Wheels audiobooks, which provide security learning for IT professionals on the go (http://www.securityonwheels.com) and its associated blog (http:// www.securityonwheels.com/blog). He also covers information security and related matters on Twitter (@kevinbeaver) and YouTube (PrincipleLogic). He earned his bachelor’s degree in computer engineering technology from Southern College of Technology and his master’s degree in management of technology from Georgia Tech. He obtained his CISSP certification in 2001 and also holds MCSE, Master CNE, and IT Project+ certifications.

Kevin can be reached through his website (http://www.principlelogic.com) and invites you to connect to him via LinkedIn (http://www.linkedin.com/in/kevinbeaver).

Rebecca Herold has over 25 years of information privacy, security, and compliance expertise. She is CEO of Privacy Professor® and is a partner for Compliance Helper®. She has led the NIST SGIP Smart Grid Privacy Subgroup since June 2009. She has been an adjunct professor for the Norwich University Master of Science in Information Security and Assurance (MSISA) program since 2005. She has written 17 books and hundreds of published articles. She has been invited to speak at a wide variety of events throughout the United States, and in other worldwide locations such as Melbourne, Australia; Bogotá, Colombia; and Naas, County Kildare, Ireland.

Rebecca is widely recognized and respected, and has been providing information privacy, security, and compliance services, tools, and products to organizations in an extensive range of industries for over two decades. Just a few of her awards and recognitions include the following:

- Rebecca was ranked #2 in the "Top 25 Female Infosec Leaders to Follow on Twitter" in 2014 by Information Security Buzz.

- Rebecca was named to the ISACA International Privacy Task Force in 2013.

- Rebecca was named on Tripwire’s list of "InfoSec’s Rising Stars and Hidden Gems: The Top 15 Educators" in July 2013.

- Rebecca was ranked #5 in the "Top 25 Female Infosec Leaders to Follow on Twiter" in 2013 by Information Security Buzz.

- Rebecca has been named one of the "Best Privacy Advisers in the World" multiple times in recent years by Computerworld magazine, most recently ranking third in the world in the last rankings provided.

- In 2012, Rebecca was named one of the most influential people and groups in online privacy by Techopedia.com.

- In 2012, Rebecca was named a Privacy by Design Ambassador by the Ontario, Canada Data Privacy Commissioner.

Rebecca is a partner for the Compliance Helper services for health-care organizations and their business associates to meet their HIPAA, HITECH, and other legal requirements. She is a member of the IAPP Certification Advisory Board, and is an instructor for the IAPP’s CIPM, CIPP/IT, CIPP/US, and CIPP foundations classes.

Rebecca currently serves on multiple advisory boards for security, privacy, and high-tech technology organizations. She is frequently interviewed and quoted in diverse broadcasts and publications such as IAPP Privacy Advisor, BNA Privacy & Security Law Report, Wired, Popular Science, Computerworld, IEEE’s Security and Privacy Journal, NPR, and many others. She regularly appears on the Des Moines, Iowa-based Great Day morning television program on KCWI to discuss and provide advice for information security and privacy topics.

Rebecca was born and raised in Missouri and has degrees in math, computer science, and education. She has lived in Iowa on a farm with her family for the past couple of decades, where they raise corn, soy beans, and sunflowers, and make hay. They are currently renovating a house that is over 100 years. See more about Rebecca, her work, services, and products at:

- The Privacy Professor (http://www.privacyguidance.com and http://www.privacyprofessor.org)

- Co-Owner, CPO, and CISO, SIMBUS (http://www.hipaacompliance.org)

- Partner, Compliance Helper (http://www.compliancehelper.com)

- Adjunct Professor for the Norwich University Master of Science in Information Security and Assurance (MSISA) program (http://infoassurance.norwich.edu/)

- Twitter ID: PrivacyProf (http://twitter.com/PrivacyProf)

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.