The Practical Guide to HIPAA Privacy and Security Compliance



Similar documents
PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA PRIVACY AND SECURITY AWARENESS

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

When HHS Calls, Will Your Plan Be HIPAA Compliant?

HIPAA Privacy Summary for Fully-insured Employer Groups

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

HIPAA Privacy Summary for Self-insured Employer Groups

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

MEDICAL OFFICE COMPLIANCE TOOLKIT. The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA

HIPAA CHECKLISTS DEVELOPING YOUR HIPAA DOCUMENTS PRACTICAL TOOLS AND RESOURCES. MASSACHUSETTS MEDICAL SOCIETY Getting Ready for

HIPAA Security Alert

New HIPAA regulations require action. Are you in compliance?

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

HIPAA Security Rule Compliance

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013

The HIPAA Audit Program

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

SCDA and SCDA Member Benefits Group

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

HIPAA Employee Training Guide. Revision Date: April 11, 2015

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

C.T. Hellmuth & Associates, Inc.

Privacy & Security Matters: Protecting Personal Data. Privacy & Security Project

HIPAA Security. 5 Security Standards: Organizational, Policies. Security Topics. and Procedures and Documentation Requirements

Health Information Privacy Refresher Training. March 2013

HIPAA Security. Jeanne Smythe, UNC-CH Jack McCoy, ECU Chad Bebout, UNC-CH Doug Brown, UNC-CH

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,

HIPAA and Mental Health Privacy:

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

HIPAA Information Security Overview

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Privacy Rule Policies

Visa Inc. HIPAA Privacy and Security Policies and Procedures

HIPAA Compliance Guide

The Second National HIPAA Summit

Richard Gadsden Information Security Office Office of the CIO Information Services

SECURITY RISK ASSESSMENT SUMMARY

HIPAA Privacy & Security Rules

Overview of the HIPAA Security Rule

HIPAA and HITECH Compliance for Cloud Applications

HIPAA Auditing Tool. Department: Site Location: Visit Date:

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10

HIPAA Compliance Guide

Introducing the NASW Updated Sample HIPAA Privacy Forms and Policies

BUSINESS ASSOCIATE AGREEMENT. Recitals

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03)

HIPAA Audit Risk Assessment - Risk Factors

How To Write A Health Care Security Rule For A University

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General

RUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information

Practices for Managing Information Protection & Storage

HIPAA Privacy Rule Primer for the College or University Administrator

HIPAA Compliance Review Analysis and Summary of Results

Sustainable Compliance: A System for Ongoing Audit Readiness

Healthcare Management Service Organization Accreditation Program (MSOAP)

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

CHIS, Inc. Privacy General Guidelines

Montclair State University. HIPAA Security Policy

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

Datto Compliance 101 1

Policies and Compliance Guide

8.03 Health Insurance Portability and Accountability Act (HIPAA)

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

Transcription:

The Practical Guide to HIPAA Privacy and Security Compliance By Kevin Beaver and Rebecca Herold Published by Auerbach Publications in December 2003 TABLE OF CONTENTS SECTION 1 HIPAA ESSENTIALS 1 Introduction to HIPAA How HIPAA Came to Be What HIPAA Covers Organizations that Must Comply with HIPAA Covered Entities What Does Healthcare Mean? What Are Covered Transactions? What Does Electronic Form Mean? Are You a Covered Healthcare Provider? Are You a Covered Healthcare Clearinghouse? Are You a Covered Entity Private Benefit Plan? Are You a Covered Government-Funded Health Plan Program? Hybrid Entities Business Associates Compliance Deadlines HIPAA Penalties and Enforcement Insight into the Electronic Transactions and Code Sets Rule Summary Chapter 1: Practical Checklist 2 Preparing for the HIPAA Changes Managing Change Creating the Mindset It s Up to You Chapter 2: Practical Checklist 3 HIPAA Cost Considerations Privacy Implementation Costs Page 1 of 10

Privacy Ongoing Maintenance Costs Costs Related to Providing Access to PHI Privacy Officer Costs Security Implementation Costs Security Ongoing Maintenance Costs Security Officer Costs Chapter 3: Practical Checklist 4 The Relationship between Security and Privacy Privacy Rule and Security Rule Overlaps Appropriate and Reasonable Safeguards Protecting Appropriate Information Mapping PHI Data Flows Access Control and Information Integrity Assigned Security and Privacy Accountability Policies and Procedures Business Associate Agreements Training and Awareness Contingency Plans Compliance Monitoring and Audit Sanctions Individual Rights Access and Amendment Uses and Disclosures Chapter 4: Practical Checklist Section 1: HIPAA Essentials Quiz SECTION 2 HIPAA PRIVACY RULE 5 HIPAA Privacy Rule Requirements Overview Uses and Disclosures General Rules for PHI Uses and Disclosures Uses and Disclosures: Organizational Requirements Uses and Disclosures: Consent for TPO Uses and Disclosures: Authorization Uses and Disclosures Requiring Opportunity for the Individual to Agree or Object Other Requirements Relating to Uses and Disclosures of PHI Limited Data Set Fundraising Underwriting Purposes Public Health Research Workers Compensation Incidental Uses and Disclosures Page 2 of 10

Minimum Necessary Reasonable Reliance De-Identification Business Associates Marketing Notice of Privacy Practices for PHI Individual Rights to Request Privacy Protection for PHI Individual Access to PHI Amendment of PHI Accounting Disclosures of PHI PHI Restrictions Requests Administrative Requirements Privacy Officer Training Safeguards Complaints Sanctions Mitigation Refraining from Intimidating or Retaliatory Acts Waiver of Rights Policies and Procedures Documentation Personal Representatives Minors Some Points from HHS Regarding Personal Representatives and Minors Transition Provisions Compliance Dates and Penalties Looking Forward Chapter 5 Practical Checklist 6 Performing a Privacy Rule Gap Analysis and Risk Analysis Gap Analysis and Risk Analysis Chapter 6: Practical Checklist 7 Writing Effective Privacy Policies Notice of Privacy Practices Example NPP Header Content of the Notice Layered Notices Before You Post or Distribute Your Notice Example Notice Organizational Privacy Policies Chapter 7: Practical Checklist 8 State Preemption What Is Contrary? Page 3 of 10

Exceptions to Preemption Preemption Analysis Framework for Analyzing HIPAA Preemption Issues Chapter 8: Practical Checklist 9 Crafting a Privacy Implementation Plan Some Points to Keep in Mind Chapter 9: Practical Checklist 10 Privacy Rule Compliance Checklist A. Prohibited Disclosures B. Disclosures Requiring Opportunity to Agree or Object C. Disclosures for treatment, payment, and operations (TPO) D. Disclosures Requiring Authorization E. Minimum Necessary Disclosure F. Notice G. Access H. Amendment I. Personal Representatives J. Confidential Communications Channels K. Accounting of Disclosures L. Complaint Process M. Prohibited Activities N. Safeguards O. Training P. Authentication Q. Mitigation R. Mandatory Documentation S. Demonstrating Compliance T. Business Associate Agreements U. Disclosures for Research, Marketing, and Fundraising V. Hybrid Entities W. Group Health Plans X. Healthcare Clearinghouses Y. Public Interest Disclosures Z. De-Identified Data Disclosures AA. Organized Healthcare Arrangements Section 2: HIPAA Privacy Rule Quiz SECTION 3 HIPAA SECURITY RULE 11 Security Rule Requirements Overview Introduction to the Security Rule What s New in the Final Security Rule Key Terms Referenced in the Security Rule Page 4 of 10

General Rules for Security Rule Compliance Required vs. Addressable Insight into the Security Rule Other Organizational Requirements Reasons to Get Started on Security Rule Initiatives Chapter 11: Practical Checklist 12 Performing a Security Rule Risk Analysis Risk Analysis Requirements According to HIPAA Risk Analysis Essentials Stepping through the Process Calculating Risk Managing Risks Going Forward Chapter 12: Practical Checklist 13 Writing Effective Information Security Policies Introduction to Security Policies Critical Elements of Security Policies Sample Security Policy Framework Security Policies You May Need for HIPAA Security Rule Compliance Managing Your Security Policies Chapter 13: Practical Checklist 14 Crafting a Security Implementation Plan Some Points to Keep In Mind Chapter 14: Practical Checklist 15 Security Rule Compliance Checklist Administrative Safeguard Requirements A. Security Management Process B. Assigned Security Responsibility C. Workforce Security D. Information Access Management E. Security Awareness and Training F. Security Incident Procedures G. Contingency Plan H. Evaluation I. Business Associate Contracts and Other Arrangement Physical Safeguard Requirements J. Facility Access Controls K. Workstation Use L. Workstation Security M. Device and Media Controls Page 5 of 10

Technical Safeguard Requirements N. Access Control O. Audit Controls P. Integrity Q. Transmission Security Section 3: HIPAA Security Rule Quiz SECTION 4 COVERED ENTITY ISSUES 16 Healthcare Provider Issues Privacy Notices Fees for Record Review Mitigation Measures Fax Use Sign-In Sheets Patient Charts Business Associates Authorizations Marketing Healthcare Provider Marketing Checklist Fundraising Chapter 16: Practical Checklist 17 Healthcare Clearinghouse Issues Requirements Transactions Financial Institutions Chapter 17: Practical Checklist 18 Health Plan Issues What Is a Health Plan? What Is a Small Health Plan? Health Plan Requirements Marketing Issues A Health Plan Marketing Checklist Notice of Privacy Practices A Health Plan Notice of Privacy Practices Checklist Types of Insurance Plans Excluded from HIPAA Communications Government and Law Enforcement Government Departments Government Enforcement Debt Collection Agencies Law Enforcement Page 6 of 10

Multi-State Issues Chapter 18: Practical Checklist 19 Employer Issues Small and Large Employers Small Employer Issues Health Benefits Enforcement and Penalties Organizational Requirements Employer Obligations as CEs Employer Obligations as Plan Sponsors Employer Organizational Requirements Health Information Medical Surveillance Workers Compensation HIPAA and Workers Compensation Checklist Training Resources Chapter 19: Practical Checklist 20 Business Associate Issues Is Your Organization a Business Associate? Business Associate Requirements What You Can Expect to See or Hear from Covered Entities Issues to Consider Moving Forward Chapter 20: Practical Checklist Section 4: Covered Entity Issues Quiz SECTION 5 HIPAA TECHNOLOGY CONSIDERATIONS 21 Building a HIPAA-Compliant Technology Infrastructure Overview Caution Areas of Technology to Focus On Looking Deeper into Specific Technologies Access Controls Antivirus and Malicious Code Protection Applications and Databases Data Backups and Storage Encryption Faxes Firewalls Page 7 of 10

Intrusion-Detection Systems Modems Operating Systems Personal Firewall/IDS Software Logging Passwords Messaging E-Mail Instant Messaging (IM) Remote Access/Virtual Private Networks Physical Security Mobile Computing Concerns Wireless Networks Technical Concerns Security Concerns What Can Be Done to Secure Wireless Networks? Personal Digital Assistants How Are the PDAs Used? PDA Risks Securing Health Information on PDAs Summary Chapter 21: Practical Checklist 22 Crafting Security Incident Procedures and Contingency Plans Handling Security Incidents Security Incident Procedure Essentials Response and Reporting (Required) Basics of Contingency Planning Data Backup Plan (Required) Emergency Mode Operation Plan (Required) Testing and Revision Procedure (Addressable) Applications and Data Criticality Analysis (Addressable) Moving Forward Chapter 22: Practical Checklist 23 Outsourcing Information Technology Services Reasons to Consider Outsourcing What Functions to Outsource What to Look for in Outsourcing Firms Questions to Ask Outsourcing Firms Common Outsourcing Mistakes Chapter 23: Practical Checklist Section V: HIPAA Technology Considerations Quiz SECTION 6 MANAGING ONGOING HIPAA COMPLIANCE Page 8 of 10

24 HIPAA Training, Education, and Awareness Creating an Effective Awareness Program Identify Awareness and Training Groups Training Specialized HIPAA Topics Training Delivery Methods Training Design and Development Design and Development Awareness Options Document Training and Awareness Activities Get Support Measure Effectiveness Chapter 24: Practical Checklist 25 Performing Ongoing HIPAA Compliance Reviews and Audits Privacy Issues Security Issues Making Audits Work Chapter 25: Practical Checklist Section VI: Managing Ongoing HIPAA Compliance Quiz SECTION 7 APPENDICES A. Case Studies Case 1: Healthcare Clearinghouse Case 2: Metropolitan Area Healthcare System Case Study Case 3: Small Physician s Office Case 4: Multi-State Health Insurance Plan B Sample Documents HIPAA Privacy Officer Job Description The Privacy Officer Role Sample Chief Privacy Officer (CPO) Job Description Goal Qualifications Roles and Responsibilities Sample HIPAA Security Officer Job Description Actions and Accountabilities General Skills and Experience Requirements Sample HIPAA Business Associate Agreement HIPAA Business Associate Agreement Recitals HIPAA Privacy and Security-Specific Policies Sample Privacy Policies Uses and Disclosures of Protected Health Information Page 9 of 10

Notice of Privacy Practices Restriction Requests Minimum Necessary Disclosure of Protected Health Information Access to Protected Health Information Access to Protected Health Information by the Individual Amendment of Incomplete or Incorrect Protected Health Information Disclosure Accounting Marketing Activities Prohibited Activities Business Associates Training and Awareness Sanctions Retention of Records Sample Security Policies Emergency Mode Operation Access Authorization to Systems Components Access Authorization Computer Systems Access Controls Internal Audits Checks Personnel Security: Visitor Escorts Security Configuration Management Computer Emergency Response Risk Assessments Contractor Termination Procedures Media Removal C HIPAA Resources D Answers to Chapter Quizzes Section 1: HIPAA Essentials Quiz Section 2: HIPAA Privacy Rule Quiz Section 3: HIPAA Security Rule Quiz Section 4: Covered Entity Issues Quiz Section 5: HIPAA Technology Considerations Quiz Section 6: Managing Ongoing HIPAA Compliance Quiz E HIPAA Glossary General and Miscellaneous Terms From the Regulatory Text 162.103 160.103 160.202 142.103 164.501 164.504 142.304 Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information