| |
| |
Figure List | |
| |
| |
Table List | |
| |
| |
Foreword | |
| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
About the Author | |
| |
| |
| |
Why Information Security Is Important | |
| |
| |
How to Use This Chapter | |
| |
| |
The C-I-A of Security | |
| |
| |
Drivers for Enhanced Security | |
| |
| |
Electronic Health Record Adoption | |
| |
| |
Health Information Exchange | |
| |
| |
Identity Theft and Medical Identity Theft | |
| |
| |
Breaches | |
| |
| |
Enforcement and Audits | |
| |
| |
Security for Important Information | |
| |
| |
Make Information Security a Way of Life | |
| |
| |
Check Your Understanding | |
| |
| |
| |
Overview of HIPAA and HITECH | |
| |
| |
How to Use This Chapter | |
| |
| |
HIPAA Administrative Simplification | |
| |
| |
Purpose of the Privacy Rule | |
| |
| |
Mini-Security Rule in the Privacy Rule | |
| |
| |
Security Rule Principles | |
| |
| |
Overview of the Security Standards | |
| |
| |
Understanding the Rules | |
| |
| |
Check Your Understanding | |
| |
| |
| |
Your Approach to Security | |
| |
| |
How to Use This Chapter | |
| |
| |
Step 1: Create a Culture of Privacy and Security Awareness | |
| |
| |
Step 2: Ensure a Solid Understanding of the Security Rule | |
| |
| |
Step 3: Assign/Affirm Responsibility for Information Security | |
| |
| |
Step 4: Conduct/Update a Risk Analysis | |
| |
| |
Step 5: Develop/Maintain an Information Security Plan | |
| |
| |
Step 6: Select Applicable Vendors for Security Services | |
| |
| |
Step 7: Implement Security Policies, Procedures, and Services | |
| |
| |
Step 8: Document Information Security Compliance | |
| |
| |
Step 9: Develop/Manage Ongoing Security Monitoring | |
| |
| |
Step 10: Incorporate Security Compliance into Overall Compliance Program | |
| |
| |
Take a Positive Approach for Positive Results | |
| |
| |
Check Your Understanding | |
| |
| |
| |
Organizing for HIPAA | |
| |
| |
How to Use This Chapter | |
| |
| |
Covered Entity Status | |
| |
| |
Organizational Relationships | |
| |
| |
Safeguard Requirements | |
| |
| |
Documentation | |
| |
| |
Risk-Based Decision Making | |
| |
| |
Check Your Understanding | |
| |
| |
| |
Security Risk Analysis | |
| |
| |
How to Use This Chapter | |
| |
| |
Risk Analysis and Risk Management Requirements | |
| |
| |
Risk Analysis and Risk Management Process | |
| |
| |
Risk Summary | |
| |
| |
Check Your Understanding | |
| |
| |
| |
HIPAA Security Administrative Safeguards | |
| |
| |
How to Use This Chapter | |
| |
| |
Security Management Process Standard | |
| |
| |
Workforce Security Standard | |
| |
| |
Information Access Management Standard | |
| |
| |
Security Awareness and Training Standard | |
| |
| |
Security Incident Procedures Standard | |
| |
| |
Contingency Plan Standard | |
| |
| |
Evaluation Standard | |
| |
| |
Importance of Administrative Safeguards | |
| |
| |
Check Your Understanding | |
| |
| |
| |
Business Associate Contracts and Other Arrangements Standard | |
| |
| |
How to Use This Chapter | |
| |
| |
Business Associate Inventory | |
| |
| |
Business Associate Contracts and Other Arrangements | |
| |
| |
HIE Participating Agreements | |
| |
| |
Your Web Presence | |
| |
| |
Social Media | |
| |
| |
Importance of Business Associate and Other Relationships | |
| |
| |
Check Your Understanding | |
| |
| |
| |
HIPAA Security Physical Safeguards | |
| |
| |
How to Use This Chapter | |
| |
| |
Physical Vulnerabilities and Threats | |
| |
| |
Facility Access Controls Standard | |
| |
| |
Workstation Use Standard | |
| |
| |
Workstation Security Standard | |
| |
| |
Device and Media Controls Standard | |
| |
| |
Apply Physical Controls to All PHI | |
| |
| |
Physical Security and Safety | |
| |
| |
Check Your Understanding | |
| |
| |
| |
HIPAA Security Technical Safeguards | |
| |
| |
How to Use This Chapter | |
| |
| |
Access Control Standard | |
| |
| |
Access Control Implementation Specifications | |
| |
| |
Audit Controls Standard | |
| |
| |
Integrity Standard | |
| |
| |
Person or Entity Authentication Standard | |
| |
| |
Transmission Security Standard | |
| |
| |
Network Security | |
| |
| |
Security Supports Confidentiality, Integrity, and Availability | |
| |
| |
Check Your Understanding | |
| |
| |
| |
Practical Tips for Applying Security Controls | |
| |
| |
How to Use This Chapter | |
| |
| |
Budgeting for Security Controls | |
| |
| |
Options for Managing Security Services | |
| |
| |
Technical Security Controls Selection, Implementation, and Maintenance | |
| |
| |
Responding to an OCR Complaint or Request for Audit | |
| |
| |
Breach Notification | |
| |
| |
Your Choice | |
| |
| |
Check Your Understanding | |
| |
| |
Appendix: HIPAA Security Rule (Federal Register) | |
| |
| |
Glossary | |
| |
| |
Answer Key | |
| |
| |
About the CD-ROM | |
| |
| |
Index | |