| |
| |
Forewords | |
| |
| |
| |
About the Authors | |
| |
| |
Introduction | |
| |
| |
| |
HIPAA, HITECH, and Breach Notification Overview | |
| |
| |
Building the Infrastructure | |
| |
| |
Four Sets of Standards | |
| |
| |
Transactions and Code Sets | |
| |
| |
Privacy Standards | |
| |
| |
Security Standards | |
| |
| |
Identifiers | |
| |
| |
Change in Focus: Administrative to Clinical Processes | |
| |
| |
The HITECH Act | |
| |
| |
Security Rule and Business Associates | |
| |
| |
Costs Related to Breach | |
| |
| |
Breach Notification | |
| |
| |
Guidance on Securing Protected Health Information | |
| |
| |
Enforcement | |
| |
| |
Getting Started | |
| |
| |
| |
Transactions and Code Sets | |
| |
| |
Transaction Standards | |
| |
| |
Need for Transaction and Code Set Modifications | |
| |
| |
Health Care Claim Payment/Advice (835) | |
| |
| |
Health Care Claim Status Request and Response (276/277) | |
| |
| |
HIPAA Transaction Standards: Final Rule | |
| |
| |
Effective Dates of Final Rule | |
| |
| |
Compliance Dates for Final Rule | |
| |
| |
Testing Requirements and Dates in Final Rule | |
| |
| |
An Overview of Code Sets | |
| |
| |
Code Sets in the Physician's Office | |
| |
| |
Code Set Categories | |
| |
| |
Medical Data Code Sets | |
| |
| |
Nonmedical Data Code Sets | |
| |
| |
How to Read Code Sets | |
| |
| |
ICD-10: Code Set Standards Modification | |
| |
| |
What 5010 and ICD-10-CM Mean to Your Practice | |
| |
| |
Impact of Health Insurance Reform on Administrative Simplification Transactions | |
| |
| |
| |
The Privacy Team | |
| |
| |
| |
Build the Foundation for Privacy Management | |
| |
| |
| |
Identify a Privacy Official | |
| |
| |
Personnel Designations (Privacy Official) | |
| |
| |
Designate a Privacy Team | |
| |
| |
Develop a Budget and Time-and-Task Chart | |
| |
| |
| |
Revisit Your Notice of Privacy Practices | |
| |
| |
| |
Consistent with Other Documentation | |
| |
| |
| |
Develop Policies and Procedures | |
| |
| |
| |
Documentation | |
| |
| |
| |
Training | |
| |
| |
| |
Sanctions | |
| |
| |
| |
Mitigation | |
| |
| |
| |
Refraining from Intimidating or Retaliatory Acts | |
| |
| |
| |
Waiver of Rights | |
| |
| |
| |
Establish Minimum Necessary Limits for Use and Disclosures of PHI | |
| |
| |
| |
Identify Permissions for Use and Disclosure of Protected Health Information (PH1) | |
| |
| |
| |
Required Disclosures | |
| |
| |
| |
Permissible Disclosures: Treatment Payment and Health Care Operations | |
| |
| |
| |
Permissible Disclosures: Another Covered Entity's Treatment, Payment, and Health Care Operations | |
| |
| |
| |
Permitted Disclosures: Family, Friends, and Disaster Relief Agencies | |
| |
| |
| |
Incidental Uses or Disclosures | |
| |
| |
| |
Other Uses or Disclosures in Which Authorization is Not Required | |
| |
| |
| |
Uses and Disclosures of De-Identified Protected Health Information | |
| |
| |
| |
Limited Data Set for Purposes of Research, Public Health, or Health Care Operations | |
| |
| |
| |
Identify Uses and Disclosures that Require Authorizations | |
| |
| |
| |
Identify Uses and Disclosures that Require Authorizations | |
| |
| |
| |
Psychotherapy Notes | |
| |
| |
| |
Identify Protected Health Information (PHI) Special Permissions | |
| |
| |
| |
Update Your HIPAA Privacy Safeguards | |
| |
| |
| |
Update New Patient Rights, Including Rights Provided in the HITECH Act | |
| |
| |
| |
Right to Access Protected Health Information (PHI) | |
| |
| |
| |
Patient's Right to Request an Amendment to Content in Patient Record | |
| |
| |
| |
Accounting of Disclosures | |
| |
| |
| |
Confidential Communications Requirements | |
| |
| |
| |
Right of an Individual to Request Restriction of Uses and Disclosures | |
| |
| |
| |
Right to File a Complaint | |
| |
| |
| |
Disclosures to Business Associates | |
| |
| |
| |
Revise and Protect Marketing Activities | |
| |
| |
| |
Train Your Staff on New Issues and Provide Refreshers for Privacy Policies and Procedures | |
| |
| |
| |
Implement Your Plan and Evaluate Your Compliance Status | |
| |
| |
| |
HIPAA Security: Tougher, but with Safe Harbors | |
| |
| |
About HIPAA's Security Rule | |
| |
| |
General Rules | |
| |
| |
Security Standards and Implementation Specifications Overview | |
| |
| |
Administrative Safeguard Standards and Implementation Specifications | |
| |
| |
Security Management Process | |
| |
| |
Risk Analysis | |
| |
| |
Risk Management | |
| |
| |
Sanction Policy | |
| |
| |
Information System Activity Review | |
| |
| |
Assigned Security Responsibility | |
| |
| |
Workforce Security | |
| |
| |
Authorization and/or Supervision | |
| |
| |
Workforce Clearance Procedure | |
| |
| |
Termination Procedures | |
| |
| |
Information Access Management | |
| |
| |
Isolating Health Care Clearinghouse Functions | |
| |
| |
Access Authorization | |
| |
| |
Access Establishment and Modification | |
| |
| |
Security Awareness and Training | |
| |
| |
Security Reminders | |
| |
| |
Protection from Malicious Software | |
| |
| |
Log-in Monitoring | |
| |
| |
Password Management | |
| |
| |
Security Incident Procedures | |
| |
| |
Response and Reporting | |
| |
| |
Contingency Plan | |
| |
| |
Data Backup Plan | |
| |
| |
Disaster Recovery Plan | |
| |
| |
Emergency Mode Operation Plan | |
| |
| |
Testing and Revision Procedures | |
| |
| |
Applications and Data Criticality Analysis | |
| |
| |
Evaluation | |
| |
| |
Business Associate Contracts and Other Arrangements | |
| |
| |
Written Contract or Other Arrangement | |
| |
| |
Physical Safeguard Standards and Implementation Specifications | |
| |
| |
Facility Access Controls | |
| |
| |
Contingency Operations | |
| |
| |
Facility Security Plan | |
| |
| |
Access Control and Validation Procedures | |
| |
| |
Maintenance Records | |
| |
| |
Workstation Use | |
| |
| |
Workstation Security | |
| |
| |
Device and Media Controls | |
| |
| |
Disposal | |
| |
| |
Media Re-use | |
| |
| |
Accountability | |
| |
| |
Data Backup and Storage | |
| |
| |
Technical Safeguard Standards and Implementation Specifications | |
| |
| |
Access Control | |
| |
| |
Unique User Identification | |
| |
| |
Emergency Access Procedure | |
| |
| |
Automatic Log-off | |
| |
| |
Encryption and Decryption | |
| |
| |
Audit Controls | |
| |
| |
Integrity | |
| |
| |
Mechanism to Authenticate Electronic Protected Health Information | |
| |
| |
Person or Entity Authentication | |
| |
| |
Transmission Security | |
| |
| |
Integrity Controls | |
| |
| |
Encryption | |
| |
| |
| |
Communication, Training, and Social Networking Media | |
| |
| |
Why Talk About Communications in a HIPAA Book? | |
| |
| |
What HIPAA Says About Oral and Written Communication | |
| |
| |
Oral Communications in the Medical Office | |
| |
| |
Communication and Social Networking | |
| |
| |
Incidental Uses and Disclosures | |
| |
| |
How the Staff Can Confidently Deal With HIPAA | |
| |
| |
What Patients Want to Know About HIPAA | |
| |
| |
Customize Your Internal and External Communications Plan | |
| |
| |
Develop an External Communications Plan | |
| |
| |
HIPAA Crisis Communications Management | |
| |
| |
| |
HIPAA Forms | |
| |
| |
Privacy Official Job Responsibilities | |
| |
| |
Management Advisor | |
| |
| |
Human Resources and Training | |
| |
| |
Risk Management | |
| |
| |
Business Associates | |
| |
| |
Patient Rights | |
| |
| |
Complaint Management | |
| |
| |
Qualifications | |
| |
| |
Otherwise Permitted Uses and Disclosures (45 CFR 164.512) | |
| |
| |
Communicating with a Patient's Family, Friends, or Others Involved in the Patient's Care | |
| |
| |
Common Questions About HIPAA | |
| |
| |
| |
Sample 12-Month Privacy and Security Refresher Training Sessions | |
| |
| |
| |
Additional Resources | |
| |
| |
Glossary Definitions | |
| |
| |
Index | |