Guide to HIPAA Security and the Law

Front Cover
American Bar Association, 2007 - Law - 324 pages
1 Review
This publication discusses the HIPAA Security Rule's role in the broader context of HIPAA and its other regulations, and provides useful guidance for implementing HIPAA security. At the heart of this publication is a detailed section-by-section analysis of each security topic covered in the Security Rule. This publication also covers the risks of non-compliance by describing the applicable enforcement mechanisms that apply and the prospects for litigation relating to HIPAA security.
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Selected pages

Contents

Introduction
1
Background and History of HIPAA
5
HIPAA Privacy and Security
9
B HIPAA STATUTORY REQUIREMENT FOR SECURITY
10
C SECURITY REQUIREMENTS IN THE PRIVACY RULE
12
Scope and Applicability of the Security Rule
13
B ENTITIES REGULATED BY THE SECURITY RULE
16
1 Business Associates and Business Associate Contracts Governmental Interagency Arrangements
18
4 Device and Media Controls Section 164310d
72
b Device and Media Controls Implementation Specifications Section 164310d2
73
ii Media ReUse Required Section 164310d2H
74
iv Data backup and storage Addressable Section 164310d2iv
75
D TECHNICAL SAFEGUARDS SECTION 164312
76
1 Access Control Safeguards Section 164312a
77
b Access Control Implementation Specifications Section 164312a2
79
iiiAutomatic Logoff Addressable Section 164312a2iii
80

2 Health Plan Sponsors
20
3 Hybrid Entities and Health Care Components
21
4 Affiliated Covered Entities
22
5 Organized Health Care Arrangements
23
The Security Rule
25
B ADMINISTRATIVE SAFEGUARDS SECTION 164308
27
1 Security Management Process Standard Section 164308a1i
29
b Risk Management Required Section 164308a1iiB
34
c Sanction Policy Required Section 164308a1iiC
36
2 Assigned Security Responsibility Standard Section 164308a2
37
3 Workforce Security Standard Section 164308a3i
38
b Workforce Clearance Procedure Addressable Section 164308a3iiB
39
c Termination Procedures Addressable Section 164308a3iiC
40
4 Information Access Management Standard Section 164308a4i
41
b Access Authorization Addressable Section 164308a4iiB
42
c Access Establishment and Modification Addressable Section 164308a4iiC
43
5 Security Awareness and Training Standard Section 164308a5i
44
b Protection from Malicious Software Addressable Section 164308a5iiB
45
c Login Monitoring Addressable Section 164308a5iiC
46
6 Security Incident Procedures and Responses Section 164308a6
47
b Response and Reporting Required Section 164308a6H
49
7 Contingency Plan Standard Section 164308a7i
50
a Data Backup Plan Required Section 164308a7iiA
51
b Disaster Recovery Plan Required Section 164308a7iiB
52
d Testing and Revision Procedures Addressable Section 164308a7iiD
54
e Applications and Data Criticality Analysis Addressable Section 164308a7iiE
55
9 Imposing Security Requirements on Business Associates Section 164308b
58
b Exceptions to the Business Associate Standard Section 164308b2
59
c Violations of the Standard Section 164308b3
60
10 Conclusion Regarding Administrative Safeguards
61
C PHYSICAL SAFEGUARDS SECTION 164310
62
1 Facility Access Section 164310a
63
b Facility Access Controls Implementation Specifications Section 164310a2
66
ii Facility Security Planning Addressable Section 164310a2ii
67
iiiAccess Control and Validation Addressable Section 164310a2iii
68
iv Maintenance Records Addressable Section 164310a2iv
69
2 Workstation Use Standard Section 164310b
70
3 Workstation Security Standard Section 164310c
71
2 Audit Controls Standard Section 164312b
81
Mechanism to Authenticate Electronic Protected Health Information Addressable Section 164312c2
83
5 Transmission Security Section 164312e
86
b Transmission Security Implementation Specifications Section 164312e2
87
6 Conclusion Regarding Technical Safeguards
88
E POLICIES PROCEDURES AND DOCUMENTATION SECTION 164316
89
2 Documentation Section 164316b
91
b Documentation Implementation Specifications Section 164316b2
92
Implementation
95
B THE STATE OF COMPLIANCE
96
Enforcement
101
A NO CUMULATIVE CIVIL AND CRIMINAL PENALTIES
102
C CRIMINAL VIOLATIONS
104
D PRIVATE RIGHT OF ACTION
107
E FINAL RULE FOR THE IMPOSITION OF CIVIL MONEY PENALTIES
108
1 Regulatory Background
109
3 Comparing the Final Enforcement Rule with Prior Drafts
111
5 Investigations and Compliance Review under the Enforcement Rule
112
a Investigational Subpoenas
113
c Affirmative Defenses
114
d Secretarial Action Regarding Complaints and Compliance Reviews
115
e Notice of Proposed Determination
116
6 Hearing before Administrative Law Judge
117
c Hearing and Decision
118
7 Appeal of the Administrative Law Judges Decision
120
8 Civil Money Penalties
122
b Amount of Civil Money Penalties
123
c Violation of an Identical Requirement or Prohibition
124
e Collection of the Penalty
125
f Waiver and Settlement
126
Liability and Litigation
127
B RISK MANAGEMENT
133
Conclusion
137
HIPAA Administrative Simplification Provisions
139
HIPAA Security and Privacy Regulations
163
HIPAA Security Resources on the Internet
309
Index
313
Copyright

Other editions - View all

Common terms and phrases

Bibliographic information