HIPAA Security Implementation, Version 1.0

ISBN: 974372722
EAN: N/A

Year: 2003
Pages: 181

BUY ON AMAZON

Table of Contents
BackCover
HIPAA Security Implementation, Version 1.0
Preface
Introduction
KEY CONCEPTS
GENERAL REQUIREMENTS AND STRUCTURE
ADMINISTRATIVE SAFEGUARDS
PHYSICAL SAFEGUARDS
TECHNICAL SAFEGUARDS
DOCUMENTATION STANDARD
CONCLUSION
Chapter 1: HIPPA Past, Present, and Future
REFERENCES
Chapter 2: HIPAA In Plain English
2.1 ADMINISTRATION SIMPLIFICATION
2.2 HIPAA AND OTHER LAWS
2.3 COVERED ENTITIES
2.4 GUIDING PRINCIPALS FOR SECURITY RULE
2.5 IMPLEMENTATION GUIDELINES
2.6 SAFEGUARDS
2.7 ADMINISTRATIVE SAFEGUARDS
2.8 PHYSICAL SAFEGUARDS
2.9 TECHNICAL SAFEGUARDS
2.10 REQUIREMENTS
2.11 STEP-BY-STEP GUIDE
Chapter 3: Security Standards
3.2 ADMINISTRATIVE SAFEGUARDS GRID
3.3 PHYSICAL SAFEGUARDS GRID
3.4 TECHNICAL SAFEGUARDS GRID
Chapter 4: Overlaps Between Privacy and Security Rules
4.2 OVERLAPS AND INTERDEPENDENCIES
4.3 TRAINING AND AWARENESS
4.4 DETAILED REQUIREMENTS
4.5 APPROPRIATE AND REASONABLE SAFEGUARDS
4.6 MAPPING PHI DATAFLOW
4.7 PROTECTING APPROPRIATE DATA
4.8 ACCESS CONTROLS
4.9 RISK MANAGEMENT ASSESSMENT
4.10 ACCOUNTABILITY FOR IMPLEMENTATION OF THE FINAL RULES
4.11 THIRD-PARTY AGREEMENTS-BUSINESS ASSOCIATE CONTRACTS CHAIN OF TRUST AGREEMENTS
Chapter 5: Compliance and Enforcement
5.2 ENFORCEMENT JURISDICTION
5.3 PENALTIES
5.4 ENFORCEMENT RULE
5.5 BEST PRACTICES
Chapter 6: Gap Analysis
6.2 PROJECT METHODOLOGY AND APPROACH
6.3 STEP ONE: INFORMATION AUDIT
6.4 STEP TWO: ASSESSMENT
6.5 DOCUMENTATION, ANALYSIS AND RESULTS
6.6 SECURITY MANAGEMENT PROGRAM
6.7 SECURITY TRAINING AND AWARENESS
6.8 SYSTEM NETWORK TECHNICAL ARCHITECTURE
6.9 EVALUATION
6.10 SYSTEM NETWORK MANAGEMENT AND ADMINISTRATION
6.11 USER MANAGEMENT, SUPPORT, AND OUTREACH
Chapter 7: Justification
7.2 DEFINE YOUR COMPANIES ROLE AS IT PERTAINS TO HIPAA REGULATIONS
7.3 RULES TO WORK BY
7.4 DEFINING THE GOALS
7.5 IDENTIFYING THE EXISTING TOOLS
7.6 PICK YOUR SOLUTIONS
7.7 IDENTIFYING THE COST OF DOING NOTHING
7.8 PRESENTATION
Chapter 8: Developing the Project Plan
8.2 POSSIBLE PHASES OF THE HIPAA SECURITY RULE COMPLIANCE PROJECT
Chapter 9: Budgeting the Plan
9.2 CONSIDERATIONS FOR BUDGETING HIPAA PROJECTS
9.3 RESOURCES NEEDED
9.4 ASSESSING COSTS
9.5 WRITING THE BUDGET
9.6 SUMMARY
ON-LINE REFERENCES
FURTHER REFERENCES
Chapter 10: Risk Analysis and Risk Management
10.2 GOALS OF RISK ANALYSIS
10.3 QUALITATIVE AND QUANTITATIVE RISK ANALYSIS
10.4 TYPES OF RISK
10.5 SCOPE THE SUBJECT OF THE THREAT
10.6 A CLOSER LOOK AT QUALITATIVE RISK ANALYSIS
10.7 A CLOSER LOOK AT QUANTITATIVE RISK ANALYSIS
10.8 ENFORCING SAFEGUARDS WITH POLICIES
10.9 RISK OPTIONS
10.10 CHAPTER STEP-BY-STEP SUMMARY
ACRONYMS
REFERENCES
Chapter 11: Administrative and Documentation Safeguards
11.2 HIPAA SECURITY-ADMINISTRATIVE SAFEGUARDS
11.3 STANDARD: SECURITY MANAGEMENT PROCESS
11.4 STANDARD: ASSIGNED SECURITY RESPONSIBILITY
11.5 STANDARD: WORKFORCE SECURITY
11.6 STANDARD: INFORMATION ACCESS MANAGEMENT
11.7 STANDARD: SECURITY AWARENESS TRAINING
11.8 STANDARD: SECURITY INCIDENT PROCEDURES
11.9 STANDARD: CONTINGENCY PLAN
11.10 STANDARD: SECURITY EVALUATION
11.11 STANDARD: BUSINESS ASSOCIATE CONTRACTS AND OTHER ARRANGEMENTS
Chapter 12: Physical Safeguards
12.2 FACILITY ACCESS CONTROLS
12.3 WORKSTATION USE
12.4 WORKSTATION SECURITY
12.5 DEVICE AND MEDIA CONTROLS
12.6 SUMMARY
Chapter 13: Technical Safeguards
13.1 OVERVIEW OF AVAILABLE MECHANISMS
13.2 REQUIRED VS. ADDRESSABLE SPECIFICATIONS
13.3 IMPLEMENTING ACCESS CONTROL MECHANISMS ( 164.312(A)(1))
13.4 IMPLEMENTING AUDIT MECHANISMS ( 164.312(B))
13.5 IMPLEMENTING INTEGRITY CONTROL MECHANISMS ( 164.312(C)(1))
13.6 IMPLEMENTING AUTHENTICATION CONTROL MECHANISMS (164.312(D))
13.7 IMPLEMENTING TRANSMISSION SECURITY MECHANISMS (164.312(E)(1))
13.8 PERIMETER SECURITY
13.9 SPECIAL CONSIDERATION FOR SMALL OFFICES
Chapter 14: HIPAA Audit
14.2 HIPAA EVALUATION OR AUDIT
14.3 ENGAGEMENT OF THE AUDITOR
14.4 PREPARING FOR THE AUDIT
14.5 THE AUDIT PROCESS
14.6 CONCLUDING THE AUDIT
Chapter 15: Continuing Compliance-Maintaining Security Best Practices for the Future
15.2 SECURITY POLICY
15.3 SECURITY ORGANIZATION
15.4 SYSTEM DEVELOPMENT, ACCREDITATION AND CERTIFICATION
15.5 FRAMEWORK FOR SECURITY FEEDBACK
15.6 ASSESSING INFORMATION SECURITY VULNERABILITIES IN THE ENTERPRISE
15.7 PLANNING FOR IMPLEMENTATION or A VMP
15.8 VMP COMPONENTS
15.9 EFFECTIVE APPLICATIONS OF ENTERPRISE PATCH MANAGEMENT
15.10 USER TRAINING
15.11 SUMMARY
ON-LINE REFERENCES
FURTHER REFERENCES
Appendices
Glossary
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Appendix A: HIPAA Timelines
Appendix B: HIPAA U.S. Code CFR
SEC. 164.302: APPLICABILITY.
SEC. 164.304: DEFINITIONS.
SEC. 164.306: SECURITY STANDARDS: GENERAL RULES.
SEC. 164.308: ADMINISTRATIVE SAFEGUARDS.
SEC. 164.310: PHYSICAL SAFEGUARDS.
SEC. 164.312: TECHNICAL SAFEGUARDS.
SEC. 164.314: ORGANIZATIONAL REQUIREMENTS.
SEC. 164.316: POLICIES AND PROCEDURES AND DOCUMENTATION REQUIREMENTS.
SEC. 164.318: COMPLIANCE DATES FOR THE INITIAL IMPLEMENTATION OF THE SECURITY STANDARDS.
Appendix C: Recommended Hardware Configurations
ROUTERS
FIREWALLS
VPNs
WINDOWS-BASED WEB SERVERS
WINDOWS-BASED MAIL SERVERS
WIRELESS ACCESS POINTS
MODEMS
CONCLUSION
REFERENCES:
List of Figures
List of Tables