HIPAA@IT Essentials: Health Information Transactions, Privacy, and Security

People need to understand the information systems ramifications of the Health Insurance Portability and Accountability Act (HIPAA). They are eager to get unbiased and comprehensive information about what HIPAA means for them. This book, HIPAA@IT Essentials addresses that need. Content: This book is organized into the following three main chapters: 1. Transactions and Codes, 2. Privacy, and 3. Security. The Transactions and Codes Chapter relates to exchanges between healthcare providers and payers. The Chapter covers transactions, code sets, identifiers, and impact. The Privacy Chapter focuses on the relationship between patients and the healthcare system, and the chapter addresses consent and authorize, access and amend, administration, other regulations, and impact. The Security Chapter explains how to keep information safe and covers: compliance life cycle, real-world security policy; computer security models; and technical security mechanisms. The healthcare providers and payers have agreed that standardization of the transactions between them would be helpful. Standards for transactions and code sets are vital to efficient and effective communication among healthcare organizations. The impact should be higher quality at less cost. Privacy relates to power. When one person has another person's private information, that other person loses some control. This power perspective sheds light on the intense conflict that surrounds privacy discussions. The Privacy Rule gives the patient strong rights over his or her information. The Security Chapter describes how organizations address the proposed Security Rule. Workflow management is vital to healthcare organizations and when done properly gives security as a derivative. Therefore, organizations should see the proposed Security Rule as a challenge to improve their workflow. The reader is assured that the author will watch for any changes in law or regulation. When a significant change occurs, such as a Final Rule is issued (or withdrawn), the author will make available updated information. Audience and Related Work Anyone working in or around healthcare could benefit by reading this book. The targeted audience is people in healthcare organizations that have some information systems responsibility. More particularly, managers in hospitals and information systems consultants have responsibilities that require them to know the content of this book. The book also serves many others, such as nurses or radiologists within the provider community, information systems staff within an insurance company, and salespeople in consulting firms or lawyers. A company might use the books to help persuade staff about the relevance of HIPAA to a company's information policies and tools. The material assumes no particular background of the audience as regards information systems or healthcare. However, maturity is assumed in terms of understanding both healthcare and information systems.