HIPAA Security Implementation, Version 1.0
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
EAN: N/A
Year: 2003
Pages: 181
Pages: 181
- Table of Contents
- BackCover
- HIPAA Security Implementation, Version 1.0
- Preface
- Introduction
- KEY CONCEPTS
- GENERAL REQUIREMENTS AND STRUCTURE
- ADMINISTRATIVE SAFEGUARDS
- PHYSICAL SAFEGUARDS
- TECHNICAL SAFEGUARDS
- DOCUMENTATION STANDARD
- CONCLUSION
- Chapter 1: HIPPA Past, Present, and Future
- REFERENCES
- Chapter 2: HIPAA In Plain English
- 2.1 ADMINISTRATION SIMPLIFICATION
- 2.2 HIPAA AND OTHER LAWS
- 2.3 COVERED ENTITIES
- 2.4 GUIDING PRINCIPALS FOR SECURITY RULE
- 2.5 IMPLEMENTATION GUIDELINES
- 2.6 SAFEGUARDS
- 2.7 ADMINISTRATIVE SAFEGUARDS
- 2.8 PHYSICAL SAFEGUARDS
- 2.9 TECHNICAL SAFEGUARDS
- 2.10 REQUIREMENTS
- 2.11 STEP-BY-STEP GUIDE
- Chapter 3: Security Standards
- 3.2 ADMINISTRATIVE SAFEGUARDS GRID
- 3.3 PHYSICAL SAFEGUARDS GRID
- 3.4 TECHNICAL SAFEGUARDS GRID
- Chapter 4: Overlaps Between Privacy and Security Rules
- 4.2 OVERLAPS AND INTERDEPENDENCIES
- 4.3 TRAINING AND AWARENESS
- 4.4 DETAILED REQUIREMENTS
- 4.5 APPROPRIATE AND REASONABLE SAFEGUARDS
- 4.6 MAPPING PHI DATAFLOW
- 4.7 PROTECTING APPROPRIATE DATA
- 4.8 ACCESS CONTROLS
- 4.9 RISK MANAGEMENT ASSESSMENT
- 4.10 ACCOUNTABILITY FOR IMPLEMENTATION OF THE FINAL RULES
- 4.11 THIRD-PARTY AGREEMENTS-BUSINESS ASSOCIATE CONTRACTS CHAIN OF TRUST AGREEMENTS
- Chapter 5: Compliance and Enforcement
- 5.2 ENFORCEMENT JURISDICTION
- 5.3 PENALTIES
- 5.4 ENFORCEMENT RULE
- 5.5 BEST PRACTICES
- Chapter 6: Gap Analysis
- 6.2 PROJECT METHODOLOGY AND APPROACH
- 6.3 STEP ONE: INFORMATION AUDIT
- 6.4 STEP TWO: ASSESSMENT
- 6.5 DOCUMENTATION, ANALYSIS AND RESULTS
- 6.6 SECURITY MANAGEMENT PROGRAM
- 6.7 SECURITY TRAINING AND AWARENESS
- 6.8 SYSTEM NETWORK TECHNICAL ARCHITECTURE
- 6.9 EVALUATION
- 6.10 SYSTEM NETWORK MANAGEMENT AND ADMINISTRATION
- 6.11 USER MANAGEMENT, SUPPORT, AND OUTREACH
- Chapter 7: Justification
- 7.2 DEFINE YOUR COMPANIES ROLE AS IT PERTAINS TO HIPAA REGULATIONS
- 7.3 RULES TO WORK BY
- 7.4 DEFINING THE GOALS
- 7.5 IDENTIFYING THE EXISTING TOOLS
- 7.6 PICK YOUR SOLUTIONS
- 7.7 IDENTIFYING THE COST OF DOING NOTHING
- 7.8 PRESENTATION
- Chapter 8: Developing the Project Plan
- 8.2 POSSIBLE PHASES OF THE HIPAA SECURITY RULE COMPLIANCE PROJECT
- Chapter 9: Budgeting the Plan
- 9.2 CONSIDERATIONS FOR BUDGETING HIPAA PROJECTS
- 9.3 RESOURCES NEEDED
- 9.4 ASSESSING COSTS
- 9.5 WRITING THE BUDGET
- 9.6 SUMMARY
- ON-LINE REFERENCES
- FURTHER REFERENCES
- Chapter 10: Risk Analysis and Risk Management
- 10.2 GOALS OF RISK ANALYSIS
- 10.3 QUALITATIVE AND QUANTITATIVE RISK ANALYSIS
- 10.4 TYPES OF RISK
- 10.5 SCOPE THE SUBJECT OF THE THREAT
- 10.6 A CLOSER LOOK AT QUALITATIVE RISK ANALYSIS
- 10.7 A CLOSER LOOK AT QUANTITATIVE RISK ANALYSIS
- 10.8 ENFORCING SAFEGUARDS WITH POLICIES
- 10.9 RISK OPTIONS
- 10.10 CHAPTER STEP-BY-STEP SUMMARY
- ACRONYMS
- REFERENCES
- Chapter 11: Administrative and Documentation Safeguards
- 11.2 HIPAA SECURITY-ADMINISTRATIVE SAFEGUARDS
- 11.3 STANDARD: SECURITY MANAGEMENT PROCESS
- 11.4 STANDARD: ASSIGNED SECURITY RESPONSIBILITY
- 11.5 STANDARD: WORKFORCE SECURITY
- 11.6 STANDARD: INFORMATION ACCESS MANAGEMENT
- 11.7 STANDARD: SECURITY AWARENESS TRAINING
- 11.8 STANDARD: SECURITY INCIDENT PROCEDURES
- 11.9 STANDARD: CONTINGENCY PLAN
- 11.10 STANDARD: SECURITY EVALUATION
- 11.11 STANDARD: BUSINESS ASSOCIATE CONTRACTS AND OTHER ARRANGEMENTS
- Chapter 12: Physical Safeguards
- 12.2 FACILITY ACCESS CONTROLS
- 12.3 WORKSTATION USE
- 12.4 WORKSTATION SECURITY
- 12.5 DEVICE AND MEDIA CONTROLS
- 12.6 SUMMARY
- Chapter 13: Technical Safeguards
- 13.1 OVERVIEW OF AVAILABLE MECHANISMS
- 13.2 REQUIRED VS. ADDRESSABLE SPECIFICATIONS
- 13.3 IMPLEMENTING ACCESS CONTROL MECHANISMS ( 164.312(A)(1))
- 13.4 IMPLEMENTING AUDIT MECHANISMS ( 164.312(B))
- 13.5 IMPLEMENTING INTEGRITY CONTROL MECHANISMS ( 164.312(C)(1))
- 13.6 IMPLEMENTING AUTHENTICATION CONTROL MECHANISMS (164.312(D))
- 13.7 IMPLEMENTING TRANSMISSION SECURITY MECHANISMS (164.312(E)(1))
- 13.8 PERIMETER SECURITY
- 13.9 SPECIAL CONSIDERATION FOR SMALL OFFICES
- Chapter 14: HIPAA Audit
- 14.2 HIPAA EVALUATION OR AUDIT
- 14.3 ENGAGEMENT OF THE AUDITOR
- 14.4 PREPARING FOR THE AUDIT
- 14.5 THE AUDIT PROCESS
- 14.6 CONCLUDING THE AUDIT
- Chapter 15: Continuing Compliance-Maintaining Security Best Practices for the Future
- 15.2 SECURITY POLICY
- 15.3 SECURITY ORGANIZATION
- 15.4 SYSTEM DEVELOPMENT, ACCREDITATION AND CERTIFICATION
- 15.5 FRAMEWORK FOR SECURITY FEEDBACK
- 15.6 ASSESSING INFORMATION SECURITY VULNERABILITIES IN THE ENTERPRISE
- 15.7 PLANNING FOR IMPLEMENTATION or A VMP
- 15.8 VMP COMPONENTS
- 15.9 EFFECTIVE APPLICATIONS OF ENTERPRISE PATCH MANAGEMENT
- 15.10 USER TRAINING
- 15.11 SUMMARY
- ON-LINE REFERENCES
- FURTHER REFERENCES
- Appendices
- Glossary
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- Appendix A: HIPAA Timelines
- Appendix B: HIPAA U.S. Code CFR
- SEC. 164.302: APPLICABILITY.
- SEC. 164.304: DEFINITIONS.
- SEC. 164.306: SECURITY STANDARDS: GENERAL RULES.
- SEC. 164.308: ADMINISTRATIVE SAFEGUARDS.
- SEC. 164.310: PHYSICAL SAFEGUARDS.
- SEC. 164.312: TECHNICAL SAFEGUARDS.
- SEC. 164.314: ORGANIZATIONAL REQUIREMENTS.
- SEC. 164.316: POLICIES AND PROCEDURES AND DOCUMENTATION REQUIREMENTS.
- SEC. 164.318: COMPLIANCE DATES FOR THE INITIAL IMPLEMENTATION OF THE SECURITY STANDARDS.
- Appendix C: Recommended Hardware Configurations
- ROUTERS
- FIREWALLS
- VPNs
- WINDOWS-BASED WEB SERVERS
- WINDOWS-BASED MAIL SERVERS
- WIRELESS ACCESS POINTS
- MODEMS
- CONCLUSION
- REFERENCES:
- List of Figures
- List of Tables
HIPAA Security Implementation, Version 1.0
ISBN: 974372722
EAN: N/A
EAN: N/A
Year: 2003
Pages: 181
Pages: 181