Loading
×Sorry to interrupt
CSS Error
Refresh

Overview

HIPAA: A Guide to Health Care Privacy and Security Law, Third Edition

In today's health care industry, full compliance with HIPAA privacy law is a must. HIPAA is a federal law to which there are many aspects, and HIPAA laws and regulations carry significant penalties. In addition to the possibility of incurring HIPAA violations as a result of error on the part of a health care organization, there are individuals actively attempting to breach systems and access private data. Compliance with the HIPAA privacy act goes beyond filling out forms and following simple procedures. Proper preparedness can save an organization's very existence should it fall victim to a cyber attack or experience a major breach incident that places it in violation of federal privacy laws.


Sadly, new threats and active attacks that could put you in violation of HIPAA laws and regulations are multiplying by the day. To stay ahead of the risk that exists in this evolving environment, health care and health insurance organizations must prioritize preparedness, put in place proper HIPAA compliance strategies and invest in their HIPAA privacy and security compliance programs.


HIPAA: A Guide to Health Care Privacy and Security Law helps health care and health insurance organizations prepare today for tomorrow's threats. When it comes to HIPAA and health care, this is an essential resource, providing a better understanding of the most important topics including:

  • The HIPAA Privacy and Security Rules
  • Permitted uses and disclosures of PHI
  • Breach obligations and response
  • Preparation for an OCR investigation


Health care professionals and others who need a practical guide to HIPAA compliance strategies will find a comprehensive analysis of the regulations as well as up-to-date, real-world guidance that is not theoretical, but ready to be put in place today.


Providing practical compliance strategies is the core purpose of HIPAA: A Guide to Health Care Privacy and Security Law. This guide to HIPAA health care compliance contains:

  • A complete set of HIPAA Policies and Procedures, including Privacy Rule Policies and Security Rule Policies
  • Sample HHS/OCR data request sheets
  • Incident response forms
  • Sample template business associate agreements
  • A breach assessment form


In addition, this definitive HIPAA guide keeps you abreast of the latest developments and issues, including:

  • A new section on data localization requirements and data transfer restrictions
  • Updates to the OCR Enforcement table with the most recent cases from 2020 and 2021
  • Summary of recent updates to state consumer privacy laws, including the Virginia Consumer Data Protection Act
  • New discussion on digital health and privacy and data use trends as well as the impact the pandemic has had on the privacy landscape
  • Updated state-by-state guide to medical privacy statutes
  • A new section on information blocking and the impact on HIPAA-covered entities


Table Of Contents

About the Author

Preface

Acknowledgments

Chapter 1 DIGITAL HEALTH AND PRIVACY AND SECURITY OF HEALTH INFORMATION

  • Introduction to Digital Health
  • Contact Tracing and Data Protection Laws
  • Remote Employee Monitoring
  • Addressing Privacy Concerns Associated with Artificial Intelligence
  • HIPAA Basics
  • Privacy Risks of Electronic Information
  • Security Risks of Electronic Information
  • Baseline Privacy Protections
  • Baseline Security Protections

Chapter 2 THE ENABLING ACTS—HIPAA AND HITECH

  • Overview of HIPAA
  • Legislative Titles
  • Title II, Subtitle F: Administrative Simplification
  • Covered Entities
  • Type of Information Protected: Individually Identifiable Health Information
  • Adoption of Regulations and Compliance Dates
  • The HITECH Act
  • The Omnibus Rule
  • Genetic Information Nondiscrimination Act of 2008

Chapter 3 HIPAA PRIVACY RULE

  • Overview to Privacy Rule
  • Covered Entities
  • Business Associate Obligations and Further Classifications under HIPAA
  • Type of Information Covered: Protected Health Information
  • Use and Disclosure
  • Rights of Individuals
  • Individual's Access to PHI
  • Disposal of Protected Health Information
  • Administrative Regulations
  • Recommendations for Compliance
  • Privacy and Security Considerations in Transactions and Deals
  • Privacy Considerations in the Midst of a Pandemic

Chapter 4 HIPAA SECURITY RULE: ENSURING THE CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY OF EPHI

  • Introduction
  • HIPAA Security Rule
  • Security Beyond the Health Care Industry
  • How to Conduct a Security Risk Analysis
  • The Security Risk Assessment Tool
  • What to Do after the Risk Analysis
  • Policy and Procedure Development
  • A Practical Approach to Contingency Planning
  • The Audit/Evaluation Process
  • Hospital IT Management
  • HIPAA and Ransomware
  • Selecting and Implementing Security Solutions
  • Security Solutions and Technologies
  • Protecting and Securing Health Information When Using a Mobile Device
  • Data Management Systems

Chapter 5 THE BREACH NOTIFICATION RULE

  • Overview of the Breach Notification Rule
  • Recent Changes to States’ Data Breach Notification Statutes
  • Definitions (45 C.F.R.  164.402)
  • Notification to Individuals (45 C.F.R.  164.404)
  • Notification to the Media (45 C.F.R.  164.406)
  • Notification to the Secretary (45 C.F.R.  164.408)
  • Notification by a Business Associate (45 C.F.R.  164.410)
  • Law Enforcement Delay (45 C.F.R.  164.412)
  • Administrative Requirements and Burden of Proof (45 C.F.R.  164.414)
  • OCR HIPAA Settlements
  •  

Chapter 6 HIPAA AND STATE LAW—UNDERSTANDING AND PREPARING A PREEMPTION ANALYSIS

  • Introduction
  • HIPAA Preemption Requirements
  • Privacy Rule
  • State Law Preemption


 

Chapter 7 OVERVIEW OF FEDERAL PRIVACY LAWS

  • Introduction to Federal Privacy Laws
  • Scope of Regulated Entities
  • Conflict of Federal Requirements
  • Federal Privacy Protections

Chapter 8 OVERVIEW OF STATE PRIVACY LAWS

  • Introduction
  • State Information Privacy Requirements
  • Right of Access
  • Use and Disclosure
  • Penalties/Liability
  • Relationship to HIPAA Regulations
  • Recommendations for HIPAA Compliance
  • Regional Health Information Organizations
  • Appendix 8-A State-by-State Guide to Medical Privacy Statutes

Chapter 9 TRANSACTIONS, CODE SETS, AND UNIQUE IDENTIFIERS

  • Introduction
  • Standard Transaction Requirements
  • Standardized Code Set Requirements
  • National Provider Identifier
  • National Provider Identifier Contingency Plan
  • National Employer Identifier
  • Identified Transaction Standards Implementation Barriers
  • Claims Attachment Rules
  • Issues Related to the Codes
  • Appendix 9-A Guidance on Compliance with the HIPAA National Provider Identifier (NPI) Rule after the May 23, 2007 Implementation Deadline

Chapter 10 APPLICATION OF HIPAA REGULATIONS TO GENETIC INFORMATION

  • Overview
  • Background and Guidance Materials
  • Key Provisions of Gina Regarding the Application of HIPAA Regulations to Genetic Information
  • State Laws Regulating Genetic Privacy

Chapter 11 STATUS OF HIPAA REGULATIONS IMPLEMENTATION

  • Overview
  • Changing Landscape of Health Information
  • Implementation and Enforcement of HIPAA
  • Observations and Recommendations Regarding the Progress of HIPAA Implementation

Chapter 12 HIPAA ENFORCEMENT

  • OCR Enforcement Authority
  • HIPAA Enforcement Actions Taken by State Attorneys General
  • FTC Enforcement of Data Privacy and Security
  • DOJ Criminal Enforcement
  • Whistleblower and Retaliation Provisions
  • Private Right of Action
  • No Private Right of Action
  • Novel Defenses to HIPAA Violations

Chapter 13 GENERAL DATA PROTECTION REGULATION

  • General Data Protection Regulation Overview
  • GDPR and HIPAA—Similarities and Differences
  • Understanding GDPR Roles, Requirements, and Responsibilities
  • Data Localization and Data Transfer Restrictions
  • Forms and Checklists

Chapter 14 CONSUMER PRIVACY LAWS IN THE UNITED STATES—CALIFORNIA AND BEYOND

  • U.S. National Consumer Privacy Law
  • California Consumer Privacy Act
  • Virginia Consumer Data Protection Act

APPENDICES

PREFACE TO APPENDICES

Appendix A    HIPAA PRIVACY POLICIES AND PROCEDURES TEMPLATE

Appendix B   HIPAA BASICS TRAINING SLIDES

Appendix C    HIPAA FORMS

Appendix D   PRELIMINARY CHECKLIST

Appendix E    HIPAA BAA COMPLIANCE CHECKLIST

Appendix F    PRIVACY OFFICER DUTY CHECKLIST

Appendix G   CHECKLIST OF CERTAIN ORGANIZATIONAL REQUIREMENTS (PRELIMINARY)

Appendix H   TEMPLATE: HIPAA SECURITY RULE POLICIES AND PROCEDURES

Appendix I     USE OF COMPUTERS: DESKTOP, LAPTOP, TABLET, SMART PHONE POLICY

Appendix J     STATE BREACH NOTIFICATION LAWS

Appendix K    CLIENT TOOL: CONDUCTING RISK ASSESSMENTS

Appendix L    CLIENT TOOL: A RISK MANAGEMENT FRAMEWORK

Appendix M   PRIVACY AND DATA SECURITY IN M&A TRANSACTIONS

FAQs

Frequently Asked Questions answered in HIPAA: A Guide to Health Care Privacy and Security Law:

  • What is considered a breach of HIPAA?
  • What happens with a HIPAA violation?
  • What are the major things addressed in the HIPAA law?
  • What are the key steps to avoiding HIPAA violations and maintaining HIPAA compliance?
  • How can I ensure my organization has the proper strategies in place with regard to the HIPAA privacy rule?
  • What is considered protected health information?
  • How can we ensure that we have the tools and techniques in place to support our HIPAA training?
  • Which HIPAA form is the right one for this instance?


Loading
Product Detail