RISK ANALYSIS, RISK MANAGEMENT, AND A SANCTION POLICY ARE THE FOUNDATION OF SECURITY MANAGEMENT
VULNERABILITY TESTING IS REQUIRED
HOW FREQUENTLY DO I NEED TO PERFORM VULNERABILITY TESTING?
IN CONCLUSION
REFERENCES
Chapter 9 LEGALITIES AND PLANNING: THE STAKE IS IN THE GROUND
INTRODUCTION
TAKE MY ADVICE AT YOUR OWN RISK
HIPAA RULES
HIPAA AND DUE DILIGENCE
PENALTIES AND LIABILITY
WHAT IS COMPLIANCE?
PLANNING SECURITY COMPLIANCE?
What Can Be Done?
CERTIFICATION OF COMPLIANCE
OTHER LEGISLATIONÌS POTENTIAL IMPACT
Sarbanes Oxley Act (SOX)
Corporate Information Security Accountability Act
California's SB1386
Future
CONCLUSION
Part IV TRANSACTION AND INTERACTIONS
Chapter 10 HIPAA FROM THE PATIENT’S POINT OF VIEW
INTRODUCTION
OVERVIEW OF HIPAA INSURABILITY PROTECTIONS
Understand the Various Types of Health Coverage
Types of Coverage
Eligibility for HIPAA Protections
When the Employee Is Hired for a New Job
When an Employee Leaves a Job or Otherwise Loses Group Health Plan Coverage
Determine the Impact of Any Preexisting Condition
Eligibility to Minimize the Length of the Preexisting Condition Exclusion
Know the State's Law on Coverage
Understand Other Coverage Protections
Special Enrollment Rights to Other Group Coverage
OVERVIEW OF HIPAA PRIVACY AND SECURITY RULES
The Privacy Rule
The Security Rule
Electronic Transactions
1. Patient is registered by the admitting clerk into the hospitalÌs information database.
2. The admitting clerk prints the most recent health information about the patient on the emergency department printer.
3. The admitting clerk enters the patient into the hospitalÌs health information system ( HIS) and the emergency department tracking system, which displays his status on secured monitors.
4. The physician, after examining the patient, orders laboratory testing from the emergency department terminal.
5. Emergency department software identifies the patient as qualifying for a research study. The research coordinator is notified and arrives in the department to obtain the patientÌs informed consent.
6. While in the emergency department, hospital accounting contacts the patientÌs insurance company online. The insurance company requests additional information to confirm eligibility.
7. After the patient has been treated and released, the hospital patient accounting office submits a bill to the patientÌs insurance company.
INFORMATICS TECHNOLOGIES IN HEALTHCARE
CONCLUSION
REFERENCES
Chapter 11 INTEROPERABILITY AND BUSINESS CONTINUITY INVOLVING HIPAA EDI TRANSACTIONS
INTRODUCTION
STRATEGY
COMPLIANCE EDIT TESTING
CASE STUDIES
CONCLUSION
Chapter 12 THE ROLE OF DHHS, CMS, OCR, AND OHS
INTRODUCTION
DEPARTMENT OF HEALTH AND HUMAN SERVICES HAS A LARGE JOB
DHHS HIPAA RESPONSIBILITIES
Administrative Simplification Rule-Making Process
Office of Civil Rights
The Privacy Rule Complaint Process
Centers for Medicare and Medicaid Services (CMS) Organization
CMS and HIPAA
CMS Transaction and Code Set Enforcement Approach
CMS Office of HIPAA Standards (OHS)
CMS Security Standard Approach
National Health Information Infrastructure
CONCLUSION: DHHS AND THE REST OF US
REFERENCES
Part V SECURITY, PRIVACY, AND CONTINUITY
Chapter 13 THE HIPAA SECURITY RISK ANALYSIS
INTRODUCTION
WHAT IS RISK ANALYSIS?
THE "CLASSIC" METHOD OF RISK ANALYSIS
RISK ASSESSMENT METHODOLOGY
STEPS IN A RISK ASSESSMENT
THE VULNERABILITY ASSESSMENT
SURVEY QUESTIONS
THE TECHNICAL VULNERABILITY ASSESSMENT
VULNERABILITY ASSESSMENT RESULTS
ENROLLING THE ORGANIZATION IN RISK MANAGEMENT
THE COST BENEFIT - ESTABLISHING RETURN-ON-INVESTMENT ( ROI)
AUTOMATING THE PROCESS
SELECTING AN AUTOMATED RISK ASSESSMENT PACKAGE TO MEET THE RISK ANALYSIS REQUIREMENT OF THE HIPAA FINAL SECURITY RULE
RISK ASSESSMENT IS GOOD MANAGEMENT
THE FUTURE OF RISK ASSESSMENT
Chapter 14 HIPAA SECURITY COMPLIANCE: WHAT IT MEANS FOR DEVELOPERS, VENDORS, AND PURCHASERS
INTRODUCTION
HIPAA SECURITY RULE: WHAT SOFTWARE DEVELOPERS SHOULD KNOW
PHI-Related Software Development
Reasonably Anticipated Threat Protection
HIPAA SECURITY RULE: HOW VENDORS CAN HELP
Impact on System Vendors
Scalable Solutions
HIPAA SECURITY RULE: MAKING PRODUCT SELECTIONS
NOTE
BIBLIOGRAPHY
Chapter 15 ISSUES AND CONSIDERATIONS FOR BUSINESS CONTINUITY PLANNING UNDER HIPAA
INTRODUCTION
BCP BEST PRACTICES
STEP ONE: INITIATION
STEP TWO: BUSINESS IMPACT ANALYSIS
STEP THREE: BUSINESS CONTINUITY STRATEGIES
STEP FOUR: PLAN CONSTRUCTION
STEP FIVE: PLAN EXERCISE AND MAINTENANCE
CONCLUSION
VI APPENDICES
Appendix A
PART I: A HIPAA GLOSSARY
A
AAHomecare
Accredited Standards Committee (ASC)
ACG
ACH
ADA
ADG
Administrative Code Sets
Administrative Services Only (ASO)
Administrative Simplification (A/S)
AFEHCT
AHA
AHIMA
AMA
Ambulatory Payment Class (APC)
Amendment
Amendments and Corrections
American Association for Homecare (AAHomecare)
American Dental Association (ADA)
American Health Information Management Association (AHIMA)
American Hospital Association (AHA)
American Medical Association (AMA)
American Medical Informatics Association (AMIA)
American National Standards (ANS)
American National Standards Institute (ANSI)
American Society for Testing and Materials (ASTM)
AMIA
ANS
ANSI
APC
A/S, A.S., or AS
ASC
ASO
ASPIRE
Association for Electronic Health Care Transactions (AFEHCT)
ASTM
Automated Clearinghouse (ACH)
B
BA
BBA
BBRA
BCBSA
Biometric Identifier
Blue Cross and Blue Shield Association (BCBSA)
BP
Business Associate (BA)
Business Model
Business Partner (BP)
Business Relationships
C
Cabulance
CBO
CDC
CDT
CE
CEFACT
CEN
Centers for Disease Control and Prevention (CDC)
Center for Healthcare Information Management (CHIM)
CFR or C.F.R.
Chain of Trust (COT)
CHAMPUS
CHIM
CHIME
CHIP
Claim Adjustment Reason Codes
Claim Attachment
Claim Medicare Remark Codes
Claim Status Codes
Claim Status Category Codes
Clearinghouse
CLIA
Clinical Code Sets
CM
COB
Code Set
Code Set Maintaining Organization
College of Healthcare Information Management Executives (CHIME)
Comment
Common Control
Common Ownership
Compliance Date
Computer-Based Patient Record Institute (CPRI)ÛHealthcare Open Systems and Trials (HOST)
Contrary
Coordination of Benefits (COB)
CORF
Correction
Correctional Institution
COT
Covered Entity (CE)
Covered Function
CPRI-HOST
CPT
Cross-Over
Cross-Walk
Current Dental Terminology (CDT)
Current Procedural Terminology (CPT)
D
Data Aggregation
Data Condition
Data Content
Data Content Committee (DCC)
Data Council
Data Dictionary (DD)
Data Element
Data Interchange Standards Association (DISA)
Data Mapping
Data Model
Data-Related Concepts
Data Set
DCC
D-Codes
DD
DDE
DeCC
Dental Content Committee (DeCC)
Descriptor
Designated Code Set
Designated Data Content Committee or Designated DCC
Designated Record Set
Designated Standard
Designated Standard Maintenance Organization (DSMO)
DHHS
DICOM
Digital Imaging and Communications in Medicine (DICOM)