| |
| |
| Figure List | |
| |
| |
| Table List | |
| |
| |
| Foreword | |
| |
| |
| Preface | |
| |
| |
| Acknowledgments | |
| |
| |
| About the Author | |
| |
| |
| |
| Why Information Security Is Important | |
| |
| |
| How to Use This Chapter | |
| |
| |
| The C-I-A of Security | |
| |
| |
| Drivers for Enhanced Security | |
| |
| |
| Electronic Health Record Adoption | |
| |
| |
| Health Information Exchange | |
| |
| |
| Identity Theft and Medical Identity Theft | |
| |
| |
| Breaches | |
| |
| |
| Enforcement and Audits | |
| |
| |
| Security for Important Information | |
| |
| |
| Make Information Security a Way of Life | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Overview of HIPAA and HITECH | |
| |
| |
| How to Use This Chapter | |
| |
| |
| HIPAA Administrative Simplification | |
| |
| |
| Purpose of the Privacy Rule | |
| |
| |
| Mini-Security Rule in the Privacy Rule | |
| |
| |
| Security Rule Principles | |
| |
| |
| Overview of the Security Standards | |
| |
| |
| Understanding the Rules | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Your Approach to Security | |
| |
| |
| How to Use This Chapter | |
| |
| |
| Step 1: Create a Culture of Privacy and Security Awareness | |
| |
| |
| Step 2: Ensure a Solid Understanding of the Security Rule | |
| |
| |
| Step 3: Assign/Affirm Responsibility for Information Security | |
| |
| |
| Step 4: Conduct/Update a Risk Analysis | |
| |
| |
| Step 5: Develop/Maintain an Information Security Plan | |
| |
| |
| Step 6: Select Applicable Vendors for Security Services | |
| |
| |
| Step 7: Implement Security Policies, Procedures, and Services | |
| |
| |
| Step 8: Document Information Security Compliance | |
| |
| |
| Step 9: Develop/Manage Ongoing Security Monitoring | |
| |
| |
| Step 10: Incorporate Security Compliance into Overall Compliance Program | |
| |
| |
| Take a Positive Approach for Positive Results | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Organizing for HIPAA | |
| |
| |
| How to Use This Chapter | |
| |
| |
| Covered Entity Status | |
| |
| |
| Organizational Relationships | |
| |
| |
| Safeguard Requirements | |
| |
| |
| Documentation | |
| |
| |
| Risk-Based Decision Making | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Security Risk Analysis | |
| |
| |
| How to Use This Chapter | |
| |
| |
| Risk Analysis and Risk Management Requirements | |
| |
| |
| Risk Analysis and Risk Management Process | |
| |
| |
| Risk Summary | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| HIPAA Security Administrative Safeguards | |
| |
| |
| How to Use This Chapter | |
| |
| |
| Security Management Process Standard | |
| |
| |
| Workforce Security Standard | |
| |
| |
| Information Access Management Standard | |
| |
| |
| Security Awareness and Training Standard | |
| |
| |
| Security Incident Procedures Standard | |
| |
| |
| Contingency Plan Standard | |
| |
| |
| Evaluation Standard | |
| |
| |
| Importance of Administrative Safeguards | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Business Associate Contracts and Other Arrangements Standard | |
| |
| |
| How to Use This Chapter | |
| |
| |
| Business Associate Inventory | |
| |
| |
| Business Associate Contracts and Other Arrangements | |
| |
| |
| HIE Participating Agreements | |
| |
| |
| Your Web Presence | |
| |
| |
| Social Media | |
| |
| |
| Importance of Business Associate and Other Relationships | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| HIPAA Security Physical Safeguards | |
| |
| |
| How to Use This Chapter | |
| |
| |
| Physical Vulnerabilities and Threats | |
| |
| |
| Facility Access Controls Standard | |
| |
| |
| Workstation Use Standard | |
| |
| |
| Workstation Security Standard | |
| |
| |
| Device and Media Controls Standard | |
| |
| |
| Apply Physical Controls to All PHI | |
| |
| |
| Physical Security and Safety | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| HIPAA Security Technical Safeguards | |
| |
| |
| How to Use This Chapter | |
| |
| |
| Access Control Standard | |
| |
| |
| Access Control Implementation Specifications | |
| |
| |
| Audit Controls Standard | |
| |
| |
| Integrity Standard | |
| |
| |
| Person or Entity Authentication Standard | |
| |
| |
| Transmission Security Standard | |
| |
| |
| Network Security | |
| |
| |
| Security Supports Confidentiality, Integrity, and Availability | |
| |
| |
| Check Your Understanding | |
| |
| |
| |
| Practical Tips for Applying Security Controls | |
| |
| |
| How to Use This Chapter | |
| |
| |
| Budgeting for Security Controls | |
| |
| |
| Options for Managing Security Services | |
| |
| |
| Technical Security Controls Selection, Implementation, and Maintenance | |
| |
| |
| Responding to an OCR Complaint or Request for Audit | |
| |
| |
| Breach Notification | |
| |
| |
| Your Choice | |
| |
| |
| Check Your Understanding | |
| |
| |
| Appendix: HIPAA Security Rule (Federal Register) | |
| |
| |
| Glossary | |
| |
| |
| Answer Key | |
| |
| |
| About the CD-ROM | |
| |
| |
| Index | |