Research And Markets Research And Markets

Health Information Security: Hipaa

  • ID: 29575
  • March 2003
  • 100 pages
1 of 3

If you want to - Understand inside out the Hipaa Final Security Rule, - Know what health industry peers are doing, - Obtain in-depth explanations and examples for complex topics like risk analysis, role-based access control, and encryption, - Have policies, procedures, forms, checklists, and spreadsheets to help your compliance program, and - Know where to most cost effectively invest your limited dollars so as to maximize the compliance impact, - Then this book Health Information Security: Hipaa -- an authoritative, comprehensive, and incisive guide to the 2003 Security Rule -- is for you! then this book Health Information Security: Hipaa -- an authoritative, comprehensive, and incisive guide to the 2003 Security Rule -- is for you! Every specification for administrative, technical, and physical security is explained in detail.

Note: Product cover images may vary from those shown
2 of 3

1 SECURITY 1<BR>1.1 WORKFLOW 1<BR>1.2 LEVELS 1<BR>1.3 COMPUTER SECURITY POLICIES 2<BR>1.4 THE PROBLEM 3<BR>1.5 CULTURE 4<BR>1.5.1 Corporation 4<BR>1.5.2 Culture Challenge 5<BR>2 HIPAA’S SECURITY RULE 7<BR>2.1 ADMINISTRATIVE SIMPLIFICATION 7<BR>2.2 COVERED INFORMATION 7<BR>2.2.1 Covered Entities 7<BR>2.2.2 Information Protected 7<BR>2.3 SCHEDULE AND PENALTIES 8<BR>2.4 ADDRESSABLE 9<BR>2.5 PREEMPTION 10<BR>3 LIFE CYCLE 11<BR>3.1 AWARENESS 11<BR>3.2 GAP ANALYSIS 11<BR>3.2.1 Baseline 11<BR>3.2.2 Implementation 11<BR>3.2.3 GAO Manual 12<BR>3.2.4 EarlyView Tool 14<BR>3.3 RISK ANALYSIS 14<BR>3.3.1 Principles 14<BR>3.3.2 Example 15<BR>3.3.3 What the Rule Says 17<BR>3.4 INFORMATION SECURITY OFFICER 18<BR>3.5 TRAINING 19<BR>3.5.1 The Rule 19<BR>3.5.2 Content 19<BR>3.5.3 Methods 20<BR>3.6 QUALITY CONTROL 20<BR>3.6.1 ISO 9000 20<BR>3.6.2 The Rule 21<BR>3.7 CARILION AND CHILDREN’S 22<BR>4 ADMINISTRATIVE SAFEGUARDS 23<BR>4.1 MANAGEMENT AND AWARENESS 23<BR>4.2 WORKFORCE SECURITY 23<BR>4.2.1 Supervision and Clearance 24<BR>4.2.2 Termination 24<BR>4.3 INFORMATION ACCESS 24<BR>4.3.1 Regulation 24<BR>4.3.2 Access Examples 26<BR>4.4 INCIDENT PROCEDURES 27<BR>4.5 CONTINGENCY PLAN 27<BR>4.6 EVALUATION 28<BR>4.7 CASE STUDIES 28<BR>4.7.1 Kaiser Example 28<BR>4.7.2 Mayo Example 31<BR>4.7.3 Small Provider 33<BR>4.8 MATRIX 33<BR>5 TECHNICAL SAFEGUARDS 35<BR>5.1 ACCESS CONTROL 35<BR>5.2 AUDIT 36<BR>5.2.1 Extreme Case 36<BR>5.2.2 Not Needed 36<BR>5.3 INTEGRITY 37<BR>5.4 USER AUTHENTICATION 37<BR>5.5 TRANSMISSION 38<BR>5.6 ACCESS MODELS 39<BR>5.6.1 Labels 39<BR>5.6.2 Users and Roles 40<BR>5.6.3 Role Hierarchies 41<BR>5.7 CASE STUDIES 42<BR>5.7.1 Authentication 42<BR>5.7.2 Role-Based Software 43<BR>5.7.3 Small Provider 46<BR>5.7.4 Example Record Security 46<BR>5.8 WORKFLOW SYSTEMS 48<BR>6 ENCRYPTION 49<BR>6.1 TRUSTED COMPUTING BASE 49<BR>6.2 CRYPTOGRAPHY 50<BR>6.3 PUBLIC-KEY INFRASTRUCTURE 51<BR>6.3.1 Certificates 51<BR>6.3.2 Management 52<BR>6.3.3 Healthcare Enterprise Needs 52<BR>6.4 VIRTUAL PRIVATE NETWORKS 53<BR>6.5 ELECTRONIC SIGNATURES 54<BR>6.5.1 Purpose 54<BR>6.5.2 Laws 55<BR>6.5.3 Authentication 55<BR>6.6 EXAMPLE PKI 56<BR>6.6.1 History of CHIME-Trust 56<BR>6.6.2 Architecture 56<BR>6.6.3 Services 57<BR>6.6.4 Organizational Issues 58<BR>6.7 EXAMPLE INTERNET TRANSACTIONS 58<BR>7 ENTITY-TO-ENTITY 60<BR>7.1 BUSINESS ASSOCIATE 60<BR>7.1.1 Definition 60<BR>7.1.2 Business Associate Contracts 62<BR>7.1.3 Sample Contract 62<BR>7.1.4 Scalability 63<BR>7.2 HYBRID ENTITY 63<BR>7.2.1 Affiliated Entities 64<BR>8 PHYSICAL SAFEGUARDS 65<BR>8.1 FACILITY ACCESS 65<BR>8.1.1 Disaster Recovery and Repairs 65<BR>8.1.2 Facility Security and Access 65<BR>8.2 WORKSTATION 66<BR>8.3 DEVICE AND MEDIA CONTROLS 66<BR>8.4 EXAMPLES 67<BR>8.4.1 Small Provider 67<BR>8.4.2 Home Workers 67<BR>8.4.3 Kaiser Local Area Network 67<BR>8.4.4 Yale 68<BR>8.4.5 University of North Carolina 68<BR>9 FINANCIAL IMPACT 70<BR>9.1 DHHS ESTIMATES 70<BR>9.2 SCALING COSTS 70<BR>9.3 IMPLEMENTATION MODEL 71<BR>9.3.1 Construction 71<BR>9.3.2 Insights 72<BR>9.4 MAINTENANCE MODEL 74<BR>9.4.1 Administrative 74<BR>9.4.2 Technical and Physical 75<BR>9.5 OVERALL 75<BR>9.6 RISK ANALYSIS 75<BR>9.7 MINIMUM AND MAXIMUM COST 76<BR>9.7.1 Administrative 76<BR>9.7.2 Technical 80<BR>9.7.3 Physical 81<BR>9.8 CONCLUSION 82<BR>10 CONCLUSION 84<BR>10.1 OVERVIEW 84<BR>10.1.1 Life Cycle 84<BR>10.1.2 Administration 84<BR>10.1.3 Technology 85<BR>10.2 FUTURE 86<BR>10.2.1 Electronic Medical Records 86<BR>10.2.2 HIPAA-Compliant Technology? 86<BR>10.2.3 Vision 87<BR>10.2.4 Direction 87<BR>11 APPENDIX 89<BR>11.1 THE LAW 89<BR>11.2 SECURITY RULE 89<BR>11.2.1 Administrative Safeguards 89<BR>11.2.2 Physical Safeguards 91<BR>11.2.3 Technical Safeguards 91<BR>11.2.4 Organizational Requirements 91<BR>11.3 SECURITY MATRIX 93<BR>11.4 INFORMATION STEWARD POLICY 94<BR>11.5 COMPETENCY TEST 95<BR>12 REFERENCES 97<BR>13 INDEX OF TERMS 100<BR>

Note: Product cover images may vary from those shown
3 of 3
Note: Product cover images may vary from those shown