Guide to HIPAA Security and the LawAmerican Bar Association, 2007 - 324 lappuses This publication discusses the HIPAA Security Rule's role in the broader context of HIPAA and its other regulations, and provides useful guidance for implementing HIPAA security. At the heart of this publication is a detailed section-by-section analysis of each security topic covered in the Security Rule. This publication also covers the risks of non-compliance by describing the applicable enforcement mechanisms that apply and the prospects for litigation relating to HIPAA security. |
No grāmatas satura
1.–5. rezultāts no 53.
viii. lappuse
Atvainojiet, šīs lappuses saturs ir ierobežots..
Atvainojiet, šīs lappuses saturs ir ierobežots..
26. lappuse
Atvainojiet, šīs lappuses saturs ir ierobežots..
Atvainojiet, šīs lappuses saturs ir ierobežots..
87. lappuse
Atvainojiet, šīs lappuses saturs ir ierobežots..
Atvainojiet, šīs lappuses saturs ir ierobežots..
108. lappuse
Atvainojiet, šīs lappuses saturs ir ierobežots..
Atvainojiet, šīs lappuses saturs ir ierobežots..
113. lappuse
Atvainojiet, šīs lappuses saturs ir ierobežots..
Atvainojiet, šīs lappuses saturs ir ierobežots..
Saturs
Introduction | 1 |
Background and History of HIPAA | 5 |
HIPAA Privacy and Security | 9 |
B HIPAA STATUTORY REQUIREMENT FOR SECURITY | 10 |
C SECURITY REQUIREMENTS IN THE PRIVACY RULE | 12 |
Scope and Applicability of the Security Rule | 13 |
B ENTITIES REGULATED BY THE SECURITY RULE | 16 |
1 Business Associates and Business Associate Contracts Governmental Interagency Arrangements | 18 |
4 Device and Media Controls Section 164310d | 72 |
b Device and Media Controls Implementation Specifications Section 164310d2 | 73 |
ii Media ReUse Required Section 164310d2H | 74 |
iv Data backup and storage Addressable Section 164310d2iv | 75 |
D TECHNICAL SAFEGUARDS SECTION 164312 | 76 |
1 Access Control Safeguards Section 164312a | 77 |
b Access Control Implementation Specifications Section 164312a2 | 79 |
iiiAutomatic Logoff Addressable Section 164312a2iii | 80 |
2 Health Plan Sponsors | 20 |
3 Hybrid Entities and Health Care Components | 21 |
4 Affiliated Covered Entities | 22 |
5 Organized Health Care Arrangements | 23 |
The Security Rule | 25 |
B ADMINISTRATIVE SAFEGUARDS SECTION 164308 | 27 |
1 Security Management Process Standard Section 164308a1i | 29 |
b Risk Management Required Section 164308a1iiB | 34 |
c Sanction Policy Required Section 164308a1iiC | 36 |
2 Assigned Security Responsibility Standard Section 164308a2 | 37 |
3 Workforce Security Standard Section 164308a3i | 38 |
b Workforce Clearance Procedure Addressable Section 164308a3iiB | 39 |
c Termination Procedures Addressable Section 164308a3iiC | 40 |
4 Information Access Management Standard Section 164308a4i | 41 |
b Access Authorization Addressable Section 164308a4iiB | 42 |
c Access Establishment and Modification Addressable Section 164308a4iiC | 43 |
5 Security Awareness and Training Standard Section 164308a5i | 44 |
b Protection from Malicious Software Addressable Section 164308a5iiB | 45 |
c Login Monitoring Addressable Section 164308a5iiC | 46 |
6 Security Incident Procedures and Responses Section 164308a6 | 47 |
b Response and Reporting Required Section 164308a6H | 49 |
7 Contingency Plan Standard Section 164308a7i | 50 |
a Data Backup Plan Required Section 164308a7iiA | 51 |
b Disaster Recovery Plan Required Section 164308a7iiB | 52 |
d Testing and Revision Procedures Addressable Section 164308a7iiD | 54 |
e Applications and Data Criticality Analysis Addressable Section 164308a7iiE | 55 |
9 Imposing Security Requirements on Business Associates Section 164308b | 58 |
b Exceptions to the Business Associate Standard Section 164308b2 | 59 |
c Violations of the Standard Section 164308b3 | 60 |
10 Conclusion Regarding Administrative Safeguards | 61 |
C PHYSICAL SAFEGUARDS SECTION 164310 | 62 |
1 Facility Access Section 164310a | 63 |
b Facility Access Controls Implementation Specifications Section 164310a2 | 66 |
ii Facility Security Planning Addressable Section 164310a2ii | 67 |
iiiAccess Control and Validation Addressable Section 164310a2iii | 68 |
iv Maintenance Records Addressable Section 164310a2iv | 69 |
2 Workstation Use Standard Section 164310b | 70 |
3 Workstation Security Standard Section 164310c | 71 |
2 Audit Controls Standard Section 164312b | 81 |
Mechanism to Authenticate Electronic Protected Health Information Addressable Section 164312c2 | 83 |
5 Transmission Security Section 164312e | 86 |
b Transmission Security Implementation Specifications Section 164312e2 | 87 |
6 Conclusion Regarding Technical Safeguards | 88 |
E POLICIES PROCEDURES AND DOCUMENTATION SECTION 164316 | 89 |
2 Documentation Section 164316b | 91 |
b Documentation Implementation Specifications Section 164316b2 | 92 |
Implementation | 95 |
B THE STATE OF COMPLIANCE | 96 |
Enforcement | 101 |
A NO CUMULATIVE CIVIL AND CRIMINAL PENALTIES | 102 |
C CRIMINAL VIOLATIONS | 104 |
D PRIVATE RIGHT OF ACTION | 107 |
E FINAL RULE FOR THE IMPOSITION OF CIVIL MONEY PENALTIES | 108 |
1 Regulatory Background | 109 |
3 Comparing the Final Enforcement Rule with Prior Drafts | 111 |
5 Investigations and Compliance Review under the Enforcement Rule | 112 |
a Investigational Subpoenas | 113 |
c Affirmative Defenses | 114 |
d Secretarial Action Regarding Complaints and Compliance Reviews | 115 |
e Notice of Proposed Determination | 116 |
6 Hearing before Administrative Law Judge | 117 |
c Hearing and Decision | 118 |
7 Appeal of the Administrative Law Judges Decision | 120 |
8 Civil Money Penalties | 122 |
b Amount of Civil Money Penalties | 123 |
c Violation of an Identical Requirement or Prohibition | 124 |
e Collection of the Penalty | 125 |
f Waiver and Settlement | 126 |
Liability and Litigation | 127 |
B RISK MANAGEMENT | 133 |
Conclusion | 137 |
HIPAA Administrative Simplification Provisions | 139 |
HIPAA Security and Privacy Regulations | 163 |
HIPAA Security Resources on the Internet | 309 |
313 | |
Citi izdevumi - Skatīt visu
Bieži izmantoti vārdi un frāzes
access control activities administrative law judge affirmative defenses amendment applicable assessment authorization business associate contract civil money penalty compliance comply covered entity covered health created or received determine disclose protected health disclosure of protected documentation electronic protected health ensure entity may disclose Entity's ered entity facility Final Enforcement Rule group health plan health care clearinghouse health care component health care provider health insurance issuer hearing HIPAA Security identifiable health information Implementation specifications individual's individually identifiable health information security information systems mation ment notice party permitted person personnel plan sponsor policies and procedures Privacy Rule protected health information purpose reasonable and appropriate record regulations request required by paragraph responsible Secretary security incident Security Rule Social Security Act subchapter subpart subpoena tected health information threats tion transactions unauthorized United States Code vidual violation workforce workstation