Introduction to HIPAA and the Privacy and Security Rules | p. 1 |
Introduction | p. 2 |
What Is HIPAA? | p. 3 |
The Privacy and Security Rules | p. 7 |
Terminology | p. 8 |
General Terminology in Healthcare | p. 13 |
Significant Points | p. 14 |
Compliance Deadlines | p. 16 |
The Privacy and Security Rules and Healthcare Documentation | p. 21 |
Introduction | p. 22 |
What Does the Privacy Rule Really Do? | p. 23 |
What Does the Security Rule Really Do? | p. 23 |
Privacy for Protected Health Information Is the Goal! | p. 24 |
What Constitutes Protected Health Information? | p. 25 |
Who Must Comply and How Does Compliance Impact the Work Setting? | p. 25 |
State Laws | p. 26 |
Application of the Privacy Rule in Healthcare Documentation | p. 26 |
Policies and Procedures | p. 27 |
Training | p. 27 |
Use and Disclosure | p. 28 |
Minimally Necessary Information | p. 29 |
Access Control | p. 29 |
De-identified Information | p. 30 |
Confidentiality Agreements | p. 32 |
Computer Security | p. 32 |
Work Areas | p. 33 |
Transfer of Data | p. 33 |
Destruction of Hard Copy protected Health Information | p. 34 |
Use of the Fax | p. 34 |
Use of E-Mail | p. 36 |
Disaster Recovery | p. 37 |
Offsite Workers | p. 37 |
Storage and Retention | p. 38 |
Audit Trails | p. 39 |
Termination Procedures | p. 39 |
Recycling of Computers | p. 40 |
Access to PHI for Educational Purposes | p. 40 |
Vendors | p. 41 |
Breaches | p. 42 |
Complaints | p. 43 |
Penalties | p. 44 |
Enforcement | p. 46 |
HIPAA for the Independent Contractor | p. 46 |
Are You a Business Associate? | p. 47 |
General Requirements | p. 47 |
A Blueprint for Compliance with the Privacy Rule | p. 57 |
Introduction | p. 58 |
Where Do I Start? | p. 58 |
Gap Analysis Checklist | p. 59 |
Vendor Compliance Checklist | p. 63 |
Training Checklist | p. 63 |
What Policies Do I Need? | p. 65 |
Privacy Officer Policy | p. 66 |
Policy for the Use of Protected Health Information | p. 67 |
Policy for the Use of Protected Health Information in Quality Assurance and Educational Programs | p. 67 |
Training Policy | p. 69 |
Computer Security Policy | p. 69 |
Policy for Confidentiality Agreements | p. 73 |
Policy for Work Area Arrangements | p. 74 |
Access Policy for Digital Dictation Systems | p. 75 |
Policy for the Use of Hard Copy Protected Health Information | p. 76 |
Policy for Use of the Fax Machine | p. 77 |
E-Mail Policy | p. 78 |
Disaster Recovery Policy | p. 80 |
Policy for Offsite Workers | p. 81 |
Termination Policy | p. 84 |
Breaches and Sanctions Policies | p. 86 |
Complaint Policy | p. 87 |
Vendor Policy | p. 88 |
Policies for Business Associates | p. 88 |
Sample Contracts and Agreements | p. 90 |
Policy for Subcontractors | p. 99 |
Policy for Offshore Contractors | p. 99 |
A Word About Disclosures | p. 100 |
What About Indemnification? | p. 100 |
The Security Rule and Healthcare Documentation | p. 109 |
Introduction | p. 110 |
What Does the Security Rule Really Do? | p. 110 |
What Constitutes Protected Health Information? | p. 111 |
Who Must Comply and How Does Compliance Impact the Work Setting? | p. 112 |
State Laws | p. 112 |
Application of the Security Rule | p. 113 |
Administrative Safeguards | p. 113 |
Physical Safeguards | p. 121 |
Technical Safeguards | p. 125 |
Organizational Requirements | p. 127 |
Policies and Procedures and Documentation Requirements | p. 127 |
Penalties | p. 128 |
Enforcement | p. 129 |
HIPAA for the Independent Contractor | p. 130 |
Are You a Business Associate? | p. 130 |
A Blueprint for Compliance with the Security Rule | p. 137 |
Introduction | p. 138 |
Administrative Safeguards | p. 139 |
Security Management Process | p. 139 |
Assigned Security Responsibility | p. 145 |
Workforce Security | p. 146 |
Information Access Management | p. 148 |
Security Awareness and Training | p. 150 |
Security Incidents | p. 152 |
Contingency Plans | p. 155 |
Evaluation | p. 157 |
Business Associate Contracts and Other Arrangements | p. 158 |
Physical Safeguards | p. 162 |
Facility Access Control | p. 162 |
Workstation Use | p. 165 |
Workstation Security | p. 166 |
Device and Media Controls | p. 167 |
Technical Safeguards | p. 169 |
Access Control | p. 170 |
Audit Controls | p. 172 |
Integrity | p. 172 |
Person or Entity Authentication | p. 173 |
Transmission Security | p. 174 |
Organizational Requirements | p. 175 |
Business Associate Contracts and Other Arrangements | p. 175 |
Requirements for Group Health Plans | p. 176 |
Policies and Procedures and Documentation Requirements | p. 177 |
Policies and Procedures | p. 177 |
Documentation | p. 178 |
A Final Note on Security | p. 179 |
Frequently Asked Questions | p. 185 |
Industry Resources | p. 199 |
AAMT Paper on Special Considerations for Offsite Medical Transcriptionists | p. 205 |
Abbreviations and Acronyms | p. 211 |
Glossary | p. 213 |
Index | p. 219 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.