| |
| |
| |
Introduction to HIPAA and the Privacy and Security Rules | |
| |
| |
Introduction | |
| |
| |
What Is HIPAA? | |
| |
| |
The Privacy and Security Rules | |
| |
| |
Terminology | |
| |
| |
General Terminology in Healthcare | |
| |
| |
Significant Points | |
| |
| |
Compliance Deadlines | |
| |
| |
| |
The Privacy and Security Rules and Healthcare Documentation | |
| |
| |
Introduction | |
| |
| |
What Does the Privacy Rule Really Do? | |
| |
| |
What Does the Security Rule Really Do? | |
| |
| |
Privacy for Protected Health Information Is the Goal! | |
| |
| |
What Constitutes Protected Health Information? | |
| |
| |
Who Must Comply and How Does Compliance Impact the Work Setting? | |
| |
| |
State Laws | |
| |
| |
Application of the Privacy Rule in Healthcare Documentation | |
| |
| |
Policies and Procedures | |
| |
| |
Training | |
| |
| |
Use and Disclosure | |
| |
| |
Minimally Necessary Information | |
| |
| |
Access Control | |
| |
| |
De-identified Information | |
| |
| |
Confidentiality Agreements | |
| |
| |
Computer Security | |
| |
| |
Work Areas | |
| |
| |
Transfer of Data | |
| |
| |
Destruction of Hard Copy protected Health Information | |
| |
| |
Use of the Fax | |
| |
| |
Use of E-Mail | |
| |
| |
Disaster Recovery | |
| |
| |
Offsite Workers | |
| |
| |
Storage and Retention | |
| |
| |
Audit Trails | |
| |
| |
Termination Procedures | |
| |
| |
Recycling of Computers | |
| |
| |
Access to PHI for Educational Purposes | |
| |
| |
Vendors | |
| |
| |
Breaches | |
| |
| |
Complaints | |
| |
| |
Penalties | |
| |
| |
Enforcement | |
| |
| |
HIPAA for the Independent Contractor | |
| |
| |
Are You a Business Associate? | |
| |
| |
General Requirements | |
| |
| |
| |
A Blueprint for Compliance with the Privacy Rule | |
| |
| |
Introduction | |
| |
| |
Where Do I Start? | |
| |
| |
Gap Analysis Checklist | |
| |
| |
Vendor Compliance Checklist | |
| |
| |
Training Checklist | |
| |
| |
What Policies Do I Need? | |
| |
| |
Privacy Officer Policy | |
| |
| |
Policy for the Use of Protected Health Information | |
| |
| |
Policy for the Use of Protected Health Information in Quality Assurance and Educational Programs | |
| |
| |
Training Policy | |
| |
| |
Computer Security Policy | |
| |
| |
Policy for Confidentiality Agreements | |
| |
| |
Policy for Work Area Arrangements | |
| |
| |
Access Policy for Digital Dictation Systems | |
| |
| |
Policy for the Use of Hard Copy Protected Health Information | |
| |
| |
Policy for Use of the Fax Machine | |
| |
| |
E-Mail Policy | |
| |
| |
Disaster Recovery Policy | |
| |
| |
Policy for Offsite Workers | |
| |
| |
Termination Policy | |
| |
| |
Breaches and Sanctions Policies | |
| |
| |
Complaint Policy | |
| |
| |
Vendor Policy | |
| |
| |
Policies for Business Associates | |
| |
| |
Sample Contracts and Agreements | |
| |
| |
Policy for Subcontractors | |
| |
| |
Policy for Offshore Contractors | |
| |
| |
A Word About Disclosures | |
| |
| |
What About Indemnification? | |
| |
| |
| |
The Security Rule and Healthcare Documentation | |
| |
| |
Introduction | |
| |
| |
What Does the Security Rule Really Do? | |
| |
| |
What Constitutes Protected Health Information? | |
| |
| |
Who Must Comply and How Does Compliance Impact the Work Setting? | |
| |
| |
State Laws | |
| |
| |
Application of the Security Rule | |
| |
| |
Administrative Safeguards | |
| |
| |
Physical Safeguards | |
| |
| |
Technical Safeguards | |
| |
| |
Organizational Requirements | |
| |
| |
Policies and Procedures and Documentation Requirements | |
| |
| |
Penalties | |
| |
| |
Enforcement | |
| |
| |
HIPAA for the Independent Contractor | |
| |
| |
Are You a Business Associate? | |
| |
| |
| |
A Blueprint for Compliance with the Security Rule | |
| |
| |
Introduction | |
| |
| |
Administrative Safeguards | |
| |
| |
Security Management Process | |
| |
| |
Assigned Security Responsibility | |
| |
| |
Workforce Security | |
| |
| |
Information Access Management | |
| |
| |
Security Awareness and Training | |
| |
| |
Security Incidents | |
| |
| |
Contingency Plans | |
| |
| |
Evaluation | |
| |
| |
Business Associate Contracts and Other Arrangements | |
| |
| |
Physical Safeguards | |
| |
| |
Facility Access Control | |
| |
| |
Workstation Use | |
| |
| |
Workstation Security | |
| |
| |
Device and Media Controls | |
| |
| |
Technical Safeguards | |
| |
| |
Access Control | |
| |
| |
Audit Controls | |
| |
| |
Integrity | |
| |
| |
Person or Entity Authentication | |
| |
| |
Transmission Security | |
| |
| |
Organizational Requirements | |
| |
| |
Business Associate Contracts and Other Arrangements | |
| |
| |
Requirements for Group Health Plans | |
| |
| |
Policies and Procedures and Documentation Requirements | |
| |
| |
Policies and Procedures | |
| |
| |
Documentation | |
| |
| |
A Final Note on Security | |
| |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Industry Resources | |
| |
| |
| |
AAMT Paper on Special Considerations for Offsite Medical Transcriptionists | |
| |
| |
| |
Abbreviations and Acronyms | |
| |
| |
Glossary | |
| |
| |
Index | |