The HIPAA Program Reference HandbookManagement and IT professionals in the healthcare arena face the fear of the unknown: they fear that their massive efforts to comply with HIPAA requirements may not be enough, because they still do not know how compliance will be tested and measured. No one has been able to clearly explain to them the ramifications of HIPAA. Until now. |
Other editions - View all
Common terms and phrases
accepted access control Accountability Actions activities administrative Agreement application appropriate areas Association audit authorized CISSP claims code set communication compliance comply confidentiality continuity controls cost covered entity created defined designed determine documented effective electronic employees ensure environment Establish example facilities Federal final formal functions health plan healthcare HIPAA security rule identify implementation specification important individual industry information security Information Systems integrity issues maintain means measures necessary Office operations organization passwords patient performed period personnel physical policies practices present privacy rule procedures protected health information questions reasonable records regulations reporting requirements responsible risk risk analysis role safeguards standards steps technical testing tool transaction understand users vendors vulnerabilities
Popular passages
Page 279 - where compliance with both federal and state regulations is a physical impossibility..., " Florida Lime & Avocado Growers, Inc. v. Paul, 373 US 132, 142-143 (1963), or where the state " law stands as an obstacle to the accomplishment and execution of the full purposes and objectives of Congress.
Page 216 - Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.
Page 148 - A covered entity must reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the standards, implementation specifications or other requirements of this s uh part.
Page 89 - For example, under the information access management standard, an access establishment and modification implementation specification reads: "implement policies and procedures that, based upon the entity's access authorization policies, establish, document, review, and modify a user's right of access to a workstation, transaction, program, or process" (45 CFR 164.308(a)(4)(ii)(c)).
Page 21 - Implement procedures to control and validate a person's access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision.
Page 277 - An employee welfare benefit plan or any other arrangement that is established or maintained for the purpose of offering or providing health benefits to the employees of two or more employers...
Page 22 - Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access electronic PHI. Workstation security. Implement physical safeguards for all workstations that access electronic PHI to restrict access to authorized users.
Page 285 - ... and (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the...
Page 283 - Disclosure: Means the release, transfer, provision of access to, or divulging in any other manner of information outside the entity holding the information.
Page 279 - An agreement related to the exchange of information in electronic transactions, whether the agreement is distinct or part of a larger agreement, between each party to the agreement. (For example, a trading partner agreement may specify, among other things, the duties and responsibilities of each party to the agreement in conducting a standard transaction.) Transaction: The transmission of information between two parties to carry out financial or administrative activities related to health care.