HIPAA Plain & Simple: A Healthcare Professionals Guide to Achieve HIPAA and Hitech Compliance
, by Hartley, Carolyn P.
- ISBN: 9781603592055 | 1603592059
- Cover: Paperback
- Copyright: 9/1/2010
The initial HIPAA privacy, security, and e-transactions regulations have been expanded to more broadly impact virtually all health care providers, insurers, business associates, and consumers. These entities must now adopt stringent privacy, security, and breach notification processes to comply with these regulations and those of the new HITECH Act that aim to secure electronic exchange for patient protected health information (PHI).
| Forewords | p. xi |
| About the Authors | p. xvii |
| Introduction | p. xix |
| HIPAA, HITECH, and Breach Notification Overview | p. 1 |
| Building the Infrastructure | p. 4 |
| Four Sets of Standards | p. 8 |
| Transactions and Code Sets | p. 8 |
| Privacy Standards | p. 10 |
| Security Standards | p. 12 |
| Identifiers | p. 14 |
| Change in Focus: Administrative to Clinical Processes | p. 15 |
| The HITECH Act | p. 16 |
| Security Rule and Business Associates | p. 17 |
| Costs Related to Breach | p. 19 |
| Breach Notification | p. 20 |
| Guidance on Securing Protected Health Information | p. 23 |
| Enforcement | p. 26 |
| Getting Started | p. 27 |
| Transactions and Code Sets | p. 31 |
| Transaction Standards | p. 32 |
| Need for Transaction and Code Set Modifications | p. 34 |
| Health Care Claim Payment/Advice (835) | p. 36 |
| Health Care Claim Status Request and Response (276/277) | p. 38 |
| HIPAA Transaction Standards: Final Rule | p. 40 |
| Effective Dates of Final Rule | p. 40 |
| Compliance Dates for Final Rule | p. 49 |
| Testing Requirements and Dates in Final Rule | p. 50 |
| An Overview of Code Sets | p. 51 |
| Code Sets in the Physician's Office | p. 52 |
| Code Set Categories | p. 53 |
| Medical Data Code Sets | p. 53 |
| Nonmedical Data Code Sets | p. 56 |
| How to Read Code Sets | p. 56 |
| ICD-10: Code Set Standards Modification | p. 61 |
| What 5010 and ICD-10-CM Mean to Your Practice | p. 69 |
| Impact of Health Insurance Reform on Administrative Simplification Transactions | p. 70 |
| The Privacy Team | p. 75 |
| Build the Foundation for Privacy Management | p. 77 |
| Identify a Privacy Official | p. 77 |
| Personnel Designations (Privacy Official) | p. 78 |
| Designate a Privacy Team | p. 80 |
| Develop a Budget and Time-and-Task Chart | p. 80 |
| Revisit Your Notice of Privacy Practices | p. 81 |
| Consistent with Other Documentation | p. 82 |
| Develop Policies and Procedures | p. 82 |
| Documentation | p. 83 |
| Training | p. 84 |
| Sanctions | p. 86 |
| Mitigation | p. 86 |
| Refraining from Intimidating or Retaliatory Acts | p. 88 |
| Waiver of Rights | p. 89 |
| Establish Minimum Necessary Limits for Use and Disclosures of PHI | p. 89 |
| Identify Permissions for Use and Disclosure of Protected Health Information (PH1) | p. 90 |
| Required Disclosures | p. 92 |
| Permissible Disclosures: Treatment Payment and Health Care Operations | p. 94 |
| Permissible Disclosures: Another Covered Entity's Treatment, Payment, and Health Care Operations | p. 95 |
| Permitted Disclosures: Family, Friends, and Disaster Relief Agencies | p. 96 |
| Incidental Uses or Disclosures | p. 98 |
| Other Uses or Disclosures in Which Authorization is Not Required | p. 99 |
| Uses and Disclosures of De-Identified Protected Health Information | p. 100 |
| Limited Data Set for Purposes of Research, Public Health, or Health Care Operations | p. 101 |
| Identify Uses and Disclosures that Require Authorizations | p. 103 |
| Identify Uses and Disclosures that Require Authorizations | p. 103 |
| Psychotherapy Notes | p. 107 |
| Identify Protected Health Information (PHI) Special Permissions | p. 108 |
| Update Your HIPAA Privacy Safeguards | p. 110 |
| Update New Patient Rights, Including Rights Provided in the HITECH Act | p. 112 |
| Right to Access Protected Health Information (PHI) | p. 112 |
| Patient's Right to Request an Amendment to Content in Patient Record | p. 115 |
| Accounting of Disclosures | p. 117 |
| Confidential Communications Requirements | p. 119 |
| Right of an Individual to Request Restriction of Uses and Disclosures | p. 119 |
| Right to File a Complaint | p. 121 |
| Disclosures to Business Associates | p. 122 |
| Revise and Protect Marketing Activities | p. 124 |
| Train Your Staff on New Issues and Provide Refreshers for Privacy Policies and Procedures | p. 126 |
| Implement Your Plan and Evaluate Your Compliance Status | p. 130 |
| HIPAA Security: Tougher, but with Safe Harbors | p. 133 |
| About HIPAA's Security Rule | p. 134 |
| General Rules | p. 136 |
| Security Standards and Implementation Specifications Overview | p. 139 |
| Administrative Safeguard Standards and Implementation Specifications | p. 143 |
| Security Management Process | p. 143 |
| Risk Analysis | p. 144 |
| Risk Management | p. 144 |
| Sanction Policy | p. 145 |
| Information System Activity Review | p. 145 |
| Assigned Security Responsibility | p. 146 |
| Workforce Security | p. 147 |
| Authorization and/or Supervision | p. 148 |
| Workforce Clearance Procedure | p. 149 |
| Termination Procedures | p. 149 |
| Information Access Management | p. 150 |
| Isolating Health Care Clearinghouse Functions | p. 150 |
| Access Authorization | p. 151 |
| Access Establishment and Modification | p. 152 |
| Security Awareness and Training | p. 152 |
| Security Reminders | p. 155 |
| Protection from Malicious Software | p. 155 |
| Log-in Monitoring | p. 156 |
| Password Management | p. 156 |
| Security Incident Procedures | p. 157 |
| Response and Reporting | p. 157 |
| Contingency Plan | p. 158 |
| Data Backup Plan | p. 161 |
| Disaster Recovery Plan | p. 161 |
| Emergency Mode Operation Plan | p. 162 |
| Testing and Revision Procedures | p. 163 |
| Applications and Data Criticality Analysis | p. 163 |
| Evaluation | p. 164 |
| Business Associate Contracts and Other Arrangements | p. 166 |
| Written Contract or Other Arrangement | p. 167 |
| Physical Safeguard Standards and Implementation Specifications | p. 168 |
| Facility Access Controls | p. 168 |
| Contingency Operations | p. 168 |
| Facility Security Plan | p. 169 |
| Access Control and Validation Procedures | p. 170 |
| Maintenance Records | p. 171 |
| Workstation Use | p. 171 |
| Workstation Security | p. 172 |
| Device and Media Controls | p. 173 |
| Disposal | p. 174 |
| Media Re-use | p. 174 |
| Accountability | p. 175 |
| Data Backup and Storage | p. 176 |
| Technical Safeguard Standards and Implementation Specifications | p. 176 |
| Access Control | p. 177 |
| Unique User Identification | p. 177 |
| Emergency Access Procedure | p. 177 |
| Automatic Log-off | p. 178 |
| Encryption and Decryption | p. 179 |
| Audit Controls | p. 181 |
| Integrity | p. 182 |
| Mechanism to Authenticate Electronic Protected Health Information | p. 183 |
| Person or Entity Authentication | p. 183 |
| Transmission Security | p. 184 |
| Integrity Controls | p. 185 |
| Encryption | p. 185 |
| Communication, Training, and Social Networking Media | p. 187 |
| Why Talk About Communications in a HIPAA Book? | p. 188 |
| What HIPAA Says About Oral and Written Communication | p. 188 |
| Oral Communications in the Medical Office | p. 188 |
| Communication and Social Networking | p. 190 |
| Incidental Uses and Disclosures | p. 191 |
| How the Staff Can Confidently Deal With HIPAA | p. 192 |
| What Patients Want to Know About HIPAA | p. 194 |
| Customize Your Internal and External Communications Plan | p. 196 |
| Develop an External Communications Plan | p. 198 |
| HIPAA Crisis Communications Management | p. 200 |
| HIPAA Forms | p. 205 |
| Privacy Official Job Responsibilities | p. 206 |
| Management Advisor | p. 206 |
| Human Resources and Training | p. 207 |
| Risk Management | p. 207 |
| Business Associates | p. 207 |
| Patient Rights | p. 207 |
| Complaint Management | p. 207 |
| Qualifications | p. 207 |
| Otherwise Permitted Uses and Disclosures (45 CFR 164.512) | p. 235 |
| Communicating with a Patient's Family, Friends, or Others Involved in the Patient's Care | p. 239 |
| Common Questions About HIPAA | p. 240 |
| Sample 12-Month Privacy and Security Refresher Training Sessions | p. 247 |
| Additional Resources | p. 251 |
| Glossary Definitions | p. 291 |
| Index | p. 309 |
| Table of Contents provided by Ingram. All Rights Reserved. |
What is included with this book?
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.
Please wait while the item is added to your bag...
×
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.