Hippa Security Made Simple

HIPAA Security Made Simple

Author : Kate Borten

Publisher : Hcpro, a Division of Simplify Compliance

Page : 0 pages

File Size : 31,50 MB

Release : 2013

Category : Computer security

ISBN : 9781615692736

Get eBook

Book Description

HIPAA Security Made Simple: Practical Compliance Advice for Covered Entities and Business Associates, Second Edition Kate Borten, CISSP, CISM Synopsis Written by highly respected author Kate Borten, CISSP, CISM, this updated edition explains how the Omnibus Rule affects organizations that are subject to HIPAA. It will help facilities and business associates understand how they and their information security programs can remain in compliance with new and continuing regulatory requirements. This second edition emphasizes that security is not a one-time project and reminds readers that they should already be performing risk assessments to comply with the HIPAA Security Rule. A new Introduction explains the significance of the HITECH Act and the Omnibus Rule to covered entities and their business associates (BA). HITECH made BAs directly liable for Security Rule compliance, and the Omnibus Rule went further, revising the definition to include all downstream subcontractors with access to PHI. This closed a major loophole in privacy protection, significantly expanding the number of organizations deemed BAs and directly subject to HIPAA compliance and enforcement. This book explains how HIPAA and the Omnibus Rule do the following: Clarify the definition of BA, which now includes all downstream subcontractors with access to PHI Clarify that covered entities and BAs must have ongoing programs to protect electronic PHI, including regular updates to security documentation Revise and modernize the definition of electronic media to align it with the terminology used by the National Institute of Standards and Technology Ensure that access termination procedures apply to all workforce members, not only to employees Encourage encryption but not require it across the board Table of Contents: Introduction HITECH Act and Omnibus Rule Impact on Security Chapter One: HIPAA Security Introduction and Overview What is HIPAA? How Security Fits In How to Use This Book Layered Approach Some Pitfalls to Avoid Documentation Tips Chapter Two: HIPAA Security Rule: General Rules General Requirements Flexibility of Approach Standards Implementation Specifications Maintenance Chapter Three: HIPAA Security Rule: Administrative Safeguards Security Management Process Risk Analysis Traditional Risk Assessment Methodology Risk Management Sanction Policy Information System Activity Review Assigned Security Responsibility Workforce Security Authorization and/or Supervision Workforce Clearance Procedure Termination Procedures Information Access Management Isolating Healthcare Clearinghouse Function Access Authorization Access Establishment and Modification Security Awareness and Training Security Reminders Protection From Malicious Software Login Monitoring Password Management Security Incident Procedures Response and Reporting Contingency Plan Data Backup Plan Disaster Recovery Plan Emergency Mode Operation Plan Testing and Revision Procedures Applications and Data Criticality Analysis Evaluation Business Associate Contracts and Other Arrangements Written Contracts or Other Arrangements Chapter Four: HIPAA Security Rule: Physical Safeguards Facility Access Controls Contingency Operations Facility Security Plan Access Control and Validation Procedures Maintenance Records Workstation Use Workstation Security Device and Media Controls Disposal Media Reuse Accountability Data Backup and Storage Chapter Five: HIPAA Security Rule: Technical Safeguards Access Control Unique User Identification Emergency Access Procedures Automatic Logoff Encryption and Decryption Audit Controls Integrity Mechanism to Authenticate Electronic Protected Health Information Transmission Security Integrity Controls Encryption Chapter Six: HIPAA Security Rule: Additional Organizational Requirements Business Associate Contracts or Other Arrangements Business Associate Contracts With Subcontractors Requirements for Group Health Plans Policies and Procedures Documentation Time Limit Availability Updates Chapter Seven: HIPAA and the Security of Nonelectronic PHI Oral Disclosure of PHI Faxed Disclosure of PHI Protecting Other Paper PHI A Clean Desk Policy Disposing of Paper and Other Nonelectronic Media Safely Administrative Controls Appendix HIPAA Security Rule Appendix A Glossary of Common Security Terms Security Resources



HIPAA Security Made Simple

Author : Kate Borten

Publisher : Hcpro Incorporated

Page : 0 pages

File Size : 50,49 MB

Release : 2003

Category : Medical records

ISBN : 9781578392698

Get eBook

Book Description

Written by Kate Borten, CISSP, the former chief information security officer at one of America's leading health care networks, HIPAA Security Made Simple: Practical Advice for Compliance takes the mystery out of the final security rule with practical, money-saving advice on how to comply with each of the rule's 18 administrative, physical, and technical standards, as well as with each of the 36 underlying implementation specifications. HIPAA Security Made Simple points out the common pitfalls and mistakes that health care organizations make in overreacting to the security rule. This resource will save you the frustration and wasted money and time of trying to comply with some of the many misinterpretations of the HIPAA security rule that are widely repeated by other so-called security experts. All information security programs should protect the confidentiality, integrity, and availability of data. HIPAA Security Made Simple will show you how the HIPAA security rule addresses these principles. Regardless of your level of information security experience, HIPAA Security Made Simple offers do's and don'ts for you to follow as you build or refine your information security program. More specifically, this resource provides: A plain-English guide to the final HIPAA security rule Useful tips on HIPAA security rule compliance Background on the HIPAA security rule's intent Common health care information security pitfalls Cost-effective HIPAA security compliance guidance Valuable HIPAA security compliance assistance tools: Policy templates and forms which are included on the customizable CD-ROM Clear guidance about how security and privacy go hand-in-hand under HIPAA This Resource is a "Must-Have" Tool for: Information Security Officers Compliance Officers Privacy Officers Risk Managers Chief Information Officers Information Technology Managers HIPAA Security Made Simple: Practical Advice for Compliance will help you build a reaso



Guide to HIPAA Security and the Law

Author : Stephen S. Wu

Publisher : American Bar Association

Page : 348 pages

File Size : 33,17 MB

Release : 2007

Category : Law

ISBN : 9781590317488

Get eBook

Book Description

This publication discusses the HIPAA Security Rule's role in the broader context of HIPAA and its other regulations, and provides useful guidance for implementing HIPAA security. At the heart of this publication is a detailed section-by-section analysis of each security topic covered in the Security Rule. This publication also covers the risks of non-compliance by describing the applicable enforcement mechanisms that apply and the prospects for litigation relating to HIPAA security.



The Practical Guide to HIPAA Privacy and Security Compliance

Author : Rebecca Herold

Publisher : CRC Press

Page : 532 pages

File Size : 14,14 MB

Release : 2014-10-20

Category : Business & Economics

ISBN : 1439855595

Get eBook

Book Description

Following in the footsteps of its bestselling predecessor, The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition is a one-stop, up-to-date resource on Health Insurance Portability and Accountability Act (HIPAA) privacy and security, including details on the HITECH Act, the 2013 Omnibus Rule, and the pending rules. Updated and



Hipaa Security Made Simple For Physician Practices

Author : HCPRO

Publisher :

Page : 192 pages

File Size : 20,8 MB

Release : 2004-01-01

Category : Law

ISBN : 9781578394197

Get eBook

Book Description

Focused advice to help your physician practice comply with the HIPAA security rule We understand your practice has limited resources to put toward HIPAA security rule compliance. HIPAA Security Made Simple for Physician Practices clearly explains the difference between what you should have already accomplished to comply with the HIPAA privacy rule, and what you need to do now to prepare for the HIPAA security rule, officially enforceable April 21, 2005. This book and companion CD-ROM give you the inside scoop on how the HIPAA security rule specifically affects physician practices. Your compliance efforts need to be customized based on your risk, and you are unlikely to have the same level of risk and complexity as hospitals and other large organizations.



Information Security

Author : Matthew Scholl

Publisher : DIANE Publishing

Page : 117 pages

File Size : 38,6 MB

Release : 2009-09

Category : Computers

ISBN : 1437914950

Get eBook

Book Description

Some fed. agencies, in addition to being subject to the Fed. Information Security Mgmt. Act of 2002, are also subject to similar requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The HIPAA Security Rule specifically focuses on the safeguarding of electronic protected health information (EPHI). The EPHI that a covered entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. This publication discusses security considerations and resources that may provide value when implementing the requirements of the HIPAA Security Rule. Illustrations.



Easy Guide to HIPAA Risk Assessments

Author : Lori-Ann Rickard

Publisher : Expert Health Press

Page : 60 pages

File Size : 17,13 MB

Release : 2015-12-10

Category : Health & Fitness

ISBN : 194076713X

Get eBook

Book Description

Risk assessments are required under the Health Insurance and Accountability Act of 1996, better known as HIPAA. HIPAA is the federal statute that requires healthcare providers to safeguard patient identities, medical records and protected health information (“PHI”). It further requires organizations that handle PHI to regularly review the administrative, physical and technical safeguards they have in place. Basically, HIPAA took established confidentiality healthcare practices of physicians and healthcare providers to protect patients’ information and made it law. Risk assessments are a key requirement of complying with HIPAA. Covered entities must complete a HIPAA risk assessment to determine their risks, and protect their PHI from breaches and unauthorized access to protected information. There are many components of risk assessments, which can often seem burdensome on healthcare providers. Let Lori-Ann Rickard and Lauren Sullivan guide you and your company as you tackle the risk assessments required by HIPAA.



HIPAA Made Simple

Author :

Publisher :

Page : 155 pages

File Size : 30,13 MB

Release : 2001

Category : Health insurance continuation coverage

ISBN : 9781578391530

Get eBook

Book Description



The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules

Author : Jr., John J. Trinckes

Publisher : CRC Press

Page : 472 pages

File Size : 50,16 MB

Release : 2012-12-03

Category : Computers

ISBN : 1466507683

Get eBook

Book Description

The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules is a comprehensive manual to ensuring compliance with the implementation standards of the Privacy and Security Rules of HIPAA and provides recommendations based on other related regulations and industry best practices. The book is designed to assist you in reviewing the accessibility of electronic protected health information (EPHI) to make certain that it is not altered or destroyed in an unauthorized manner, and that it is available as needed only by authorized individuals for authorized use. It can also help those entities that may not be covered by HIPAA regulations but want to assure their customers they are doing their due diligence to protect their personal and private information. Since HIPAA/HITECH rules generally apply to covered entities, business associates, and their subcontractors, these rules may soon become de facto standards for all companies to follow. Even if you aren't required to comply at this time, you may soon fall within the HIPAA/HITECH purview. So, it is best to move your procedures in the right direction now. The book covers administrative, physical, and technical safeguards; organizational requirements; and policies, procedures, and documentation requirements. It provides sample documents and directions on using the policies and procedures to establish proof of compliance. This is critical to help prepare entities for a HIPAA assessment or in the event of an HHS audit. Chief information officers and security officers who master the principles in this book can be confident they have taken the proper steps to protect their clients' information and strengthen their security posture. This can provide a strategic advantage to their organization, demonstrating to clients that they not only care about their health and well-being, but are also vigilant about protecting their clients' privacy.



Building a HIPAA-Compliant Cybersecurity Program

Author : Eric C. Thompson

Publisher : Apress

Page : 303 pages

File Size : 35,9 MB

Release : 2017-11-11

Category : Computers

ISBN : 1484230604

Get eBook

Book Description

Use this book to learn how to conduct a timely and thorough Risk Analysis and Assessment documenting all risks to the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI), which is a key component of the HIPAA Security Rule. The requirement is a focus area for the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) during breach investigations and compliance audits. This book lays out a plan for healthcare organizations of all types to successfully comply with these requirements and use the output to build upon the cybersecurity program. With the proliferation of cybersecurity breaches, the number of healthcare providers, payers, and business associates investigated by the OCR has risen significantly. It is not unusual for additional penalties to be levied when victims of breaches cannot demonstrate that an enterprise-wide risk assessment exists, comprehensive enough to document all of the risks to ePHI. Why is it that so many covered entities and business associates fail to comply with this fundamental safeguard? Building a HIPAA Compliant Cybersecurity Program cuts through the confusion and ambiguity of regulatory requirements and provides detailed guidance to help readers: Understand and document all known instances where patient data exist Know what regulators want and expect from the risk analysis process Assess and analyze the level of severity that each risk poses to ePHI Focus on the beneficial outcomes of the process: understanding real risks, and optimizing deployment of resources and alignment with business objectives What You’ll Learn Use NIST 800-30 to execute a risk analysis and assessment, which meets the expectations of regulators such as the Office for Civil Rights (OCR) Understand why this is not just a compliance exercise, but a way to take back control of protecting ePHI Leverage the risk analysis process to improve your cybersecurity program Know the value of integrating technical assessments to further define risk management activities Employ an iterative process that continuously assesses the environment to identify improvement opportunities Who This Book Is For Cybersecurity, privacy, and compliance professionals working for organizations responsible for creating, maintaining, storing, and protecting patient information