Skip to main content
main-content

Über dieses Buch

Healthcare IT is the growth industry right now, and the need for guidance in regard to privacy and security is huge. Why? With new federal incentives and penalties tied to the HITECH Act, HIPAA, and the implementation of Electronic Health Record (EHR) systems, medical practices and healthcare systems are implementing new software at breakneck speed. Yet privacy and security considerations are often an afterthought, putting healthcare organizations at risk of fines and damage to their reputations.

Healthcare Information Privacy and Security: Regulatory Compliance and Data Security in the Age of Electronic Health Records outlines the new regulatory regime, and it also provides IT professionals with the processes and protocols, standards, and governance tools they need to maintain a secure and legal environment for data and records. It’s a concrete resource that will help you understand the issues affecting the law and regulatory compliance, privacy, and security in the enterprise.

As healthcare IT security expert Bernard Peter Robichau II shows, the success of a privacy and security initiative lies not just in proper planning but also in identifying who will own the implementation and maintain technologies and processes. From executive sponsors to system analysts and administrators, a properly designed security program requires that that the right people are assigned to the right tasks and have the tools they need. Robichau explains how to design and implement that program with an eye toward long-term success. Putting processes and systems in place is, of course, only the start. Robichau also shows how to manage your security program and maintain operational support including ongoing maintenance and policy updates. (Because regulations never sleep!)

This book will help you devise solutions that include:

Identity and access management systems Proper application design Physical and environmental safeguards Systemwide and client-based security configurations Safeguards for patient data Training and auditing procedures Governance and policy administration Healthcare Information Privacy and Security is the definitive guide to help you through the process of maintaining privacy and security in the healthcare industry. It will help you keep health information safe, and it will help keep your organization—whether local clinic or major hospital system—on the right side of the law.

Inhaltsverzeichnis

Frontmatter

Chapter 1. Introduction

The Long-Awaited Manual
Abstract
■■■
Bernard Peter Robichau

The Evolution of a Monster

Frontmatter

Chapter 2. Waking the Sleeping Giant

A Brief History of Healthcare IT
Abstract
■■■
Bernard Peter Robichau

Chapter 3. It’s Not Just HIPAA

Legislating Privacy and Security
Abstract
■■■
Bernard Peter Robichau

Divide and Conquer: Defining Ownership to Develop Solutions

Frontmatter

Chapter 4. Assembling the Team

Bringing the Right Human Resources to the Table
Abstract
■■■
Bernard Peter Robichau

Chapter 5. Sifting through the Wreckage

The Security Audit
Abstract
■■■
Bernard Peter Robichau

Chapter 6. Review Your Policies and Develop a Plan

Strategies for Success
Abstract
■■■
Bernard Peter Robichau

Sustainable Solutions

Frontmatter

Chapter 7. Identity and Access Management

Know Your User Base
Abstract
■■■
Bernard Peter Robichau

Chapter 8. Application Design

Maximum Efficiency or Minimum Necessary?
Abstract
■■■
Bernard Peter Robichau

Chapter 9. Access Validation Process

An Approach to Validating Access and Receiving Stakeholder Signoff
Abstract
When you get to the point of validating access for your user types or roles, it is helpful to have a process in place that can be repeated for each of your templates (in Epic speak), profiles (in Meditech speak), or whatever role-based standards of access you might need your stakeholders to sign off on.
Bernard Peter Robichau

Chapter 10. Physical and Environmental Safeguards

Security beyond the Ones and Zeros
Abstract
■■■
Bernard Peter Robichau

Chapter 11. Systemwide and Client-Based Security

Making Sure All of the Pieces Fit Together
Abstract
■■■
Bernard Peter Robichau

Chapter 12. Safeguarding Patient Data from Prying Eyes

Knowing Where Your PHI Resides
Abstract
■■■
Bernard Peter Robichau

From Project to Program: Transitioning to a Sustainable Support Model

Frontmatter

Chapter 13. People, the Most Crucial Element

Training the Masses to Respect the System
Abstract
■■■
Bernard Peter Robichau

Chapter 14. Business Associates

The Human Resources Just Beyond Your Reach
Abstract
■■■
Bernard Peter Robichau

Chapter 15. Security Project versus Operational Support

Making the Transition
Abstract
■■■
Bernard Peter Robichau

Chapter 16. Putting the Plan in Place

Ongoing Maintenance and Life after the Security Project
Abstract
■■■
Bernard Peter Robichau

Appendices

Frontmatter

Appendix A. Sample Business Associate Agreement

Abstract
A “business associate” is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. A “business associate” also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate. The HIPAA Rules generally require that covered entities and business associates enter into contracts with their business associates to ensure that the business associates will appropriately safeguard protected health information. The business associate contract also serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate. A business associate may use or disclose protected health information only as permitted or required by its business associate contract or as required by law. A business associate is directly liable under the HIPAA Rules and subject to civil and, in some cases, criminal penalties for making uses and disclosures of protected health information that are not authorized by its contract or required by law. A business associate also is directly liable and subject to civil penalties for failing to safeguard electronic protected health information in accordance with the HIPAA Security Rule.
Bernard Peter Robichau

Appendix B. Sample Rules of Behavior for Privileged User Accounts

Abstract
I understand that as a Privileged User, I must not:
Bernard Peter Robichau

Appendix C. Breach Notification Process

Abstract
A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of protected health information (PHI) such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.
Bernard Peter Robichau

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise