The Complete Guide to Healthcare Privacy and Information Security Governance
Phyllis A. Patrick, MBA, FACHE, CHC
Foreword by Larry Ponemon, PhD
Healthcare reform, technological advancements, and regulatory requirements create privacy and information security challenges for those tasked with safeguarding confidential information.
The Complete Guide to Healthcare Privacy and Information Security Governance provides privacy and security officers with resources to develop, implement, and evolve effective information security and privacy programs that are accountable to patients, the community, colleagues, and regulators. Learn how to adopt a governance model that changes your organization’s privacy and information security culture from one focused only on regulatory requirements to one that values privacy and information security.
Privacy and information security professionals will use this resource to confidently carry out their responsibilities, which includes sharing essential information about privacy and information security with senior leaders and board members.
This book provides important information for senior leaders and trustees about their roles and responsibilities in overseeing information security and privacy programs. It also provides important information for healthcare managers, including compliance officers, safety officers, quality officers, and others who work with privacy and information security officers.
- Each chapter concludes with questions that facilitate review and evaluation of an organization’s privacy and information security programs
- The online Appendix includes:
- ”Policy Roadmap: Meeting HIPAA Omnibus Rule Requirements” provides Code of Federal Regulations citations to Omnibus Rule provisions, describes changes and additions, and lists affected departments and functions
- “Due Diligence Checklist: Security and Privacy Issues” facilitates the due diligence process when organizations are contemplating acquisition, consolidation, and integration strategies
- “Resources for Privacy and Information Security Professionals” provides links to valuable information about privacy and information security practices and program development, state security breach notification laws, privacy and information security frameworks and models, risk analysis and risk management, business associates and vendor relationships, National Institute of Standards and Technology, electronic health records and meaningful use, breach notification rule and risk analysis, data and information governance
- Links to important information about genetic privacy, mobile health and mobile devices, and cloud computing.
Table of Contents
Chapter 1: Introduction to Privacy and Information Security
Chapter 2: Evolution of Privacy and Information Security: From Regulation to Culture
Chapter 3: Risk Analysis and Risk Management
Chapter 4: A Paradigm: Privacy, Security, Quality, Safety
Chapter 5: Privacy and Information Security Governance
Chapter 6: Evaluating Privacy and Information Security Programs
Chapter 7: The Future of Healthcare Privacy and Information Security Programs
Who should read The Complete Guide to Healthcare Privacy and Information Security Governance?
- Privacy officers
- Security officers
- Board of directors/Board of trustees
- Health information management professionals
- Compliance officers
- Trustees/Board of directors
- Healthcare managers
- Information security officers
- Information technology professionals
- Medical staff leadership
- Quality officers
- Safety officers
- Senior leaders
Meet the Author
Phyllis A. Patrick, MBA, FACHE, CHC is the founder and president of Phyllis A. Patrick & Associates LLC, a consulting group that provides strategic planning, security, and privacy services to the healthcare industry. Clients include academic medical centers, community hospitals, physician groups, vendors and business associates, health information exchanges, and pharmaceutical companies.
Patrick, a fellow in the American College of Healthcare Executives, has held senior positions in privacy, security, and compliance at major academic medical centers in New York City. She was named the first information security officer at Mount Sinai Medical Center in Manhattan. As vice president and chief compliance officer at the Hospital for Special Surgery in Manhattan, she created and directed the organization’s compliance program, which included its privacy and security programs.
Larry Ponemon, PhD, is chairman and founder of the Ponemon Institute, a research think tank dedicated to advancing privacy, data protection, and information security practices.
Ponemon is considered a pioneer in privacy auditing and the RIM framework. Security Magazine has named Ponemon as one of the “Most Influential People for Security.”
Publication date June 2014.