Following in the footsteps of its bestselling predecessor, The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition is a one-stop, up-to-date resource on Health Insurance Portability and Accountability Act (HIPAA) privacy and security, including details on the HITECH Act, the 2013 Omnibus Rule, and the pending rules. Updated and revised with several new sections, this edition defines what HIPAA is, what it requires, and what you need to do to achieve compliance. The book provides an easy-to-understand overview of HIPAA privacy and security rules and compliance tasks. Supplying authoritative insights into real-world HIPAA privacy and security issues, it summarizes the analysis, training, and technology needed to properly plan and implement privacy and security policies, training, and an overall program to manage information risks. Instead of focusing on technical jargon, the book spells out what your organization must do to achieve and maintain compliance requirements on an ongoing basis.
HIPAA ESSENTIALS Introduction to HIPAA How HIPAA Came to Be What HIPAA Covers Current State of HIPAA Compliance Overview of the Omnibus Rule Updates What the HITECH Act Covers Pending Proposed Rules Organizations That Must Comply with HIPAA Organizations That Must Comply with the HITECH Act HIPAA Penalties and Enforcement Insight into the Electronic Transactions and Code Sets Rule Conclusion Practical Checklist Related Regulations, Laws, Standards, and Guidance Introduction ARRA and the HITECH Act Practical Checklist Preparing for HIPAA, HITECH , and Other Compliance Changes Background Managing Change Creating the Mind-Set It Is Up to You Practical Checklist HIPAA Cost Considerations Background Privacy Implementation Costs Privacy Ongoing Maintenance Costs Costs Related to Providing Access to PHI Privacy Officer Costs Security Implementation Costs Security Ongoing Maintenance Costs Security Officer Costs Practical Checklist Relationship between Security and Privacy Background Privacy Rule and Security Rule Overlaps Conclusion Practical Checklist HIPAA PRIVACY RULE HIPAA Privacy Rule Requirements Overview Background Uses and Disclosures Incidental Uses and Disclosures Minimum Necessary Requirement De-Identification Business Associates Marketing Notice of Privacy Practices for PHI Individual Rights to Request Privacy Protection for PHI Individual Access to PHI Amendment of PHI Accounting Disclosures of PHI PHI Restrictions Requests Administrative Requirements Personal Representatives Minors Transition Provisions Compliance Dates and Penalties Practical Checklist Performing a Privacy Rule Gap Analysis and Risk Analysis Introduction Gap Analysis and Risk Analysis Practical Checklist Writing Effective Privacy Policies Introduction Notice of Privacy Practices Example NPP Organizational Privacy Policies Practical Checklist State Preemption Introduction What Is Contrary? Exceptions to Preemption Preemption Analysis Conclusion Practical Checklist Crafting a Privacy Implementation Plan Introduction Some Points to Keep in Mind Conclusion Practical Checklist Privacy Rule Compliance Checklist Introduction HIPAA SECURITY RULE Security Rule Requirements Overview Introduction to the Security Rule General Rules for Security Rule Compliance Insight into the Security Rule Other Organizational Requirements Reasons to Get Started on Security Rule Initiatives Practical Checklist Performing a Security Rule Risk Analysis Background Risk Analysis Requirements According to HIPAA Risk Analysis Essentials Stepping through the Process Calculating Risk Managing Risks Going Forward Practical Checklist Writing Effective Information Security Policies Introduction to Security Policies Critical Elements of Security Policies Sample Security Policy Framework Security Policies You May Need for HIPAA Security Rule Compliance Managing Your Security Policies Practical Checklist Crafting a Security Implementation Plan Background Some Points to Keep in Mind Conclusion Practical Checklist Security Rule Compliance Checklist Introduction COVERED ENTITY ISSUES Health-Care Provider Issues Background Privacy Notices Fees for Record Review Mitigation Measures Fax Use Sign-In Sheets Patient Charts Business Associates Authorizations Practical Checklist Health-Care Clearinghouse Issues Background Requirements Transactions Financial Institutions Conclusion Practical Checklist Health Plan Issues What Is a Health Plan? What Is a Small Health Plan? Health Plan Requirements Marketing Issues Notice of Privacy Practices Types of Insurance Plans Excluded from HIPAA Communications Government and Law Enforcement Practical Checklist Employer Issues Background "Small" and "Large" Employers Health Benefits Enforcement and Penalties Organizational Requirements Health Information Medical Surveillance Workers' Compensation Training Resources Conclusion Practical Checklist Business Associate Issues Is Your Organization a Business Associate? Business Associate Requirements What You Can Expect to See or Hear from Covered Entities Common Business Associate Weaknesses Issues to Consider Moving Forward Practical Checklist HIPAA TECHNOLOGY CONSIDERATIONS Building a HIPAA-Compliant Technology Infrastructure Overview Caution Areas of Technology to Focus On Looking Deeper into Specific Technologies Mobile Computing Additional Technology Considerations Conclusion Practical Checklist Crafting Security Incident Procedures and Contingency Plans Background Handling Security Incidents Security Incident Procedure Essentials Basics of Contingency Planning Moving Forward Practical Checklist Outsourcing Information Technology Services Background Reasons to Consider Outsourcing What Functions to Outsource What to Look For in Outsourcing Firms Common Outsourcing Mistakes Practical Checklist MANAGING ONGOING HIPAA COMPLIANCE HIPAA Training, Education, and Awareness Creating an Effective Awareness Program Identify Awareness and Training Groups Training Training Design and Development Awareness Options Document Training and Awareness Activities Get Support Measure Effectiveness Conclusion Practical Checklist Performing Ongoing HIPAA Compliance Reviews and Audits Background Ongoing Cost of Compliance Privacy Issues Security Issues Making Audits Work Practical Checklist APPENDICES Appendix A: Enforcement and Sanctions Appendix B: HIPAA Glossary Appendix C: Model Incident and Privacy Response Procedures Appendix D: HIPAA Resources References Further Reading Index