HIPAA Security Made Simple

Bookmark and Share

HIPAA Security Made Simple, Second Edition

Product Code: HSMS2

Availability: In stock

Your Price:
Add Items to Cart

HIPAA Security Made Simple: Practical Compliance Advice for Covered Entities and Business Associates, Second Edition

Kate Borten, CISSP, CISM

Written by highly respected author Kate Borten, CISSP, CISM, this updated edition explains how the Omnibus Rule affects organizations that are subject to HIPAA. It will help facilities and business associates understand how they and their information security programs can remain in compliance with new and continuing regulatory requirements.

This second edition emphasizes that security is not a one-time project and reminds readers that they should already be performing risk assessments to comply with the HIPAA Security Rule. A new Introduction explains the significance of the HITECH Act and the  Omnibus Rule to covered entities and their business associates (BA). HITECH made BAs directly liable for Security Rule compliance, and the Omnibus Rule went further, revising the definition to include all downstream subcontractors with access to PHI. This closed a major loophole in privacy protection, significantly expanding the number of organizations deemed BAs and directly subject to HIPAA compliance and enforcement.

This book explains how HIPAA and the Omnibus Rule do the following:

  • Clarify the definition of BA, which now includes all downstream subcontractors with access to PHI
  • Clarify that covered entities and BAs must have ongoing programs to protect electronic PHI, including regular updates to security documentation
  • Revise and modernize the definition of electronic media to align it with the terminology used by the National Institute of Standards and Technology
  • Ensure that access termination procedures apply to all workforce members, not only to employees
  • Encourage encryption but not require it across the board

Table of Contents:

HITECH Act and Omnibus Rule Impact on Security

Chapter One
HIPAA Security Introduction and Overview        
What is HIPAA?                
How Security Fits In         
How to Use This Book

Layered Approach          
Some Pitfalls to Avoid   
Documentation Tips      

Chapter Two
HIPAA Security Rule: General Rules      

General Requirements 
Flexibility of Approach  
Implementation Specifications 

Chapter Three
HIPAA Security Rule: Administrative Safeguards               

Security Management Process 
Risk Analysis      
Traditional Risk Assessment Methodology
Risk Management          
Sanction Policy 
Information System Activity Review       
Assigned Security Responsibility              
Workforce Security        
Authorization and/or Supervision            
Workforce Clearance Procedure              
Termination Procedures              
Information Access Management           
Isolating Healthcare Clearinghouse Function
Access Authorization     
Access Establishment and Modification
Security Awareness and Training             
Security Reminders        
Protection From Malicious Software      
Login Monitoring             
Password Management               
Security Incident Procedures     
Response and Reporting             
Contingency Plan            
Data Backup Plan            
Disaster Recovery Plan 
Emergency Mode Operation Plan            
Testing and Revision Procedures             
Applications and Data Criticality Analysis               
Business Associate Contracts and Other Arrangements 
Written Contracts or Other Arrangements          

Chapter Four
HIPAA Security Rule: Physical Safeguards           

Facility Access Controls 
Contingency Operations              
Facility Security Plan      
Access Control and Validation Procedures
Maintenance Records   
Workstation Use             
Workstation Security       
Device and Media Controls         
Media Reuse    
Data Backup and Storage             

Chapter Five
HIPAA Security Rule: Technical Safeguards        

Access Control 
Unique User Identification         
Emergency Access Procedures 
Automatic Logoff            
Encryption and Decryption         
Audit Controls  
Mechanism to Authenticate Electronic Protected Health Information     
Transmission Security   
Integrity Controls            

Chapter Six
HIPAA Security Rule: Additional Organizational Requirements

Business Associate Contracts or Other Arrangements    
Business Associate Contracts With Subcontractors          
Requirements for Group Health Plans     
Policies and Procedures               
Time Limit          

Chapter Seven
HIPAA and the Security of Nonelectronic PHI   

Oral Disclosure of PHI    
Faxed Disclosure of PHI
Protecting Other Paper PHI        
A Clean Desk Policy        
Disposing of Paper and Other Nonelectronic Media Safely           
Administrative Controls               

HIPAA Security Rule Appendix A
Glossary of Common Security Terms
Security Resources

What’s New:

A new Introduction explains why the HITECH Act and the HIPAA Omnibus Rule are significant and why covered entities and business associates must understand an

Save money when you purchase multiple copies! Ask your customer service representative about money-saving discounts and bulk orders. Call toll free 800-650-6787 or email customerservice@hcpro.com.