Guide to HIPAA Security and the LawAmerican Bar Association, 2007 - 324 lappuses This publication discusses the HIPAA Security Rule's role in the broader context of HIPAA and its other regulations, and provides useful guidance for implementing HIPAA security. At the heart of this publication is a detailed section-by-section analysis of each security topic covered in the Security Rule. This publication also covers the risks of non-compliance by describing the applicable enforcement mechanisms that apply and the prospects for litigation relating to HIPAA security. |
Saturs
Introduction | 1 |
Background and History of HIPAA | 5 |
HIPAA Privacy and Security | 9 |
B HIPAA STATUTORY REQUIREMENT FOR SECURITY | 10 |
C SECURITY REQUIREMENTS IN THE PRIVACY RULE | 12 |
Scope and Applicability of the Security Rule | 13 |
B ENTITIES REGULATED BY THE SECURITY RULE | 16 |
1 Business Associates and Business Associate Contracts Governmental Interagency Arrangements | 18 |
4 Device and Media Controls Section 164310d | 72 |
b Device and Media Controls Implementation Specifications Section 164310d2 | 73 |
ii Media ReUse Required Section 164310d2H | 74 |
iv Data backup and storage Addressable Section 164310d2iv | 75 |
D TECHNICAL SAFEGUARDS SECTION 164312 | 76 |
1 Access Control Safeguards Section 164312a | 77 |
b Access Control Implementation Specifications Section 164312a2 | 79 |
iiiAutomatic Logoff Addressable Section 164312a2iii | 80 |
2 Health Plan Sponsors | 20 |
3 Hybrid Entities and Health Care Components | 21 |
4 Affiliated Covered Entities | 22 |
5 Organized Health Care Arrangements | 23 |
The Security Rule | 25 |
B ADMINISTRATIVE SAFEGUARDS SECTION 164308 | 27 |
1 Security Management Process Standard Section 164308a1i | 29 |
b Risk Management Required Section 164308a1iiB | 34 |
c Sanction Policy Required Section 164308a1iiC | 36 |
2 Assigned Security Responsibility Standard Section 164308a2 | 37 |
3 Workforce Security Standard Section 164308a3i | 38 |
b Workforce Clearance Procedure Addressable Section 164308a3iiB | 39 |
c Termination Procedures Addressable Section 164308a3iiC | 40 |
4 Information Access Management Standard Section 164308a4i | 41 |
b Access Authorization Addressable Section 164308a4iiB | 42 |
c Access Establishment and Modification Addressable Section 164308a4iiC | 43 |
5 Security Awareness and Training Standard Section 164308a5i | 44 |
b Protection from Malicious Software Addressable Section 164308a5iiB | 45 |
c Login Monitoring Addressable Section 164308a5iiC | 46 |
6 Security Incident Procedures and Responses Section 164308a6 | 47 |
b Response and Reporting Required Section 164308a6H | 49 |
7 Contingency Plan Standard Section 164308a7i | 50 |
a Data Backup Plan Required Section 164308a7iiA | 51 |
b Disaster Recovery Plan Required Section 164308a7iiB | 52 |
d Testing and Revision Procedures Addressable Section 164308a7iiD | 54 |
e Applications and Data Criticality Analysis Addressable Section 164308a7iiE | 55 |
9 Imposing Security Requirements on Business Associates Section 164308b | 58 |
b Exceptions to the Business Associate Standard Section 164308b2 | 59 |
c Violations of the Standard Section 164308b3 | 60 |
10 Conclusion Regarding Administrative Safeguards | 61 |
C PHYSICAL SAFEGUARDS SECTION 164310 | 62 |
1 Facility Access Section 164310a | 63 |
b Facility Access Controls Implementation Specifications Section 164310a2 | 66 |
ii Facility Security Planning Addressable Section 164310a2ii | 67 |
iiiAccess Control and Validation Addressable Section 164310a2iii | 68 |
iv Maintenance Records Addressable Section 164310a2iv | 69 |
2 Workstation Use Standard Section 164310b | 70 |
3 Workstation Security Standard Section 164310c | 71 |
2 Audit Controls Standard Section 164312b | 81 |
Mechanism to Authenticate Electronic Protected Health Information Addressable Section 164312c2 | 83 |
5 Transmission Security Section 164312e | 86 |
b Transmission Security Implementation Specifications Section 164312e2 | 87 |
6 Conclusion Regarding Technical Safeguards | 88 |
E POLICIES PROCEDURES AND DOCUMENTATION SECTION 164316 | 89 |
2 Documentation Section 164316b | 91 |
b Documentation Implementation Specifications Section 164316b2 | 92 |
Implementation | 95 |
B THE STATE OF COMPLIANCE | 96 |
Enforcement | 101 |
A NO CUMULATIVE CIVIL AND CRIMINAL PENALTIES | 102 |
C CRIMINAL VIOLATIONS | 104 |
D PRIVATE RIGHT OF ACTION | 107 |
E FINAL RULE FOR THE IMPOSITION OF CIVIL MONEY PENALTIES | 108 |
1 Regulatory Background | 109 |
3 Comparing the Final Enforcement Rule with Prior Drafts | 111 |
5 Investigations and Compliance Review under the Enforcement Rule | 112 |
a Investigational Subpoenas | 113 |
c Affirmative Defenses | 114 |
d Secretarial Action Regarding Complaints and Compliance Reviews | 115 |
e Notice of Proposed Determination | 116 |
6 Hearing before Administrative Law Judge | 117 |
c Hearing and Decision | 118 |
7 Appeal of the Administrative Law Judges Decision | 120 |
8 Civil Money Penalties | 122 |
b Amount of Civil Money Penalties | 123 |
c Violation of an Identical Requirement or Prohibition | 124 |
e Collection of the Penalty | 125 |
f Waiver and Settlement | 126 |
Liability and Litigation | 127 |
B RISK MANAGEMENT | 133 |
Conclusion | 137 |
HIPAA Administrative Simplification Provisions | 139 |
HIPAA Security and Privacy Regulations | 163 |
HIPAA Security Resources on the Internet | 309 |
| 313 | |
Citi izdevumi - Skatīt visu
Bieži izmantoti vārdi un frāzes
accordance accounting action activities addition administrative adopted agency amendment applicable appropriate assessment authorization benefits business associate changes civil money penalty compliance comply conduct contain contract covered entity created decision definition described designated determine disclosure documentation effective electronic electronic protected health enforcement ensure Entity's ePHI established evidence facility Final functions group health plan health care provider health plan hearing HIPAA identifiable Implementation specifications individual issue limited maintain means ment notice obtain official operations organization paragraph party period permitted person physical policies and procedures practices prevent proposed protected health information reasonable reasonable and appropriate received record regulations relating reporting request respect responsible risk safeguards Secretary Security Rule standard statement subpart technical threats tion transactions violation written
Bibliogrāfiskā informācija
| Nosaukums | Guide to HIPAA Security and the Law |
| Autors | Stephen S. Wu |
| Redaktors | Stephen S. Wu |
| Līdzstrādnieks | American Bar Association. Section of Science & Technology Law |
| Izdevums: | ilustrēts |
| Izdevējs | American Bar Association, 2007 |
| ISBN | 1590317483, 9781590317488 |
| Apjoms | 324 lappuses |
| Eksportēt avotu | BiBTeX EndNote RefMan |