eBook - ePub
Information Security Management Handbook, Volume 6
Harold F. Tipton, Micki Krause Nozaki, Harold F. Tipton, Micki Krause Nozaki
This is a test
Share book
- 504 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Information Security Management Handbook, Volume 6
Harold F. Tipton, Micki Krause Nozaki, Harold F. Tipton, Micki Krause Nozaki
Book details
Book preview
Table of contents
Citations
About This Book
Updated annually, the Information Security Management Handbook, Sixth Edition, Volume 6 is the most comprehensive and up-to-date reference available on information security and assurance. Bringing together the knowledge, skills, techniques, and tools required of IT security professionals, it facilitates the up-to-date understanding required to stay
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Information Security Management Handbook, Volume 6 an online PDF/ePUB?
Yes, you can access Information Security Management Handbook, Volume 6 by Harold F. Tipton, Micki Krause Nozaki, Harold F. Tipton, Micki Krause Nozaki in PDF and/or ePUB format, as well as other popular books in Business & Gestione. We have over one million books available in our catalogue for you to explore.
Chapter 1
What Business Associates Need to Know about Protected Health Information under HIPAA and HITECH
Rebecca Herold
Introduction
Before launching into a discussion of protected health information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA), it is first important to have a basic understanding of HIPAA, and also why HIPAA even exists. This chapter first provides a high-level description of HIPAA and the subsequent Health Information Technology for Economic and Clinical Health Act (HITECH Act) to provide readers with the necessary background information to help better understand the term PHI. The chapter then describes certain specific types of information considered to be PHI, other situations where other information may be considered to be PHI, and then situations when these same information items do not fall under the definition of PHI. The chapter concludes with a set of recommendations for defining and protecting PHI within covered entities (CEs) and business associates (BAs), as they are defined within HIPAA and the HITECH Act.
HIPAA Overview
In todayâs high-tech and increasingly online all the time, network-connected world, depending on locking file cabinets, passwords, and encryption alone to protect health information is not realistic. In addition to technology challenges, the laws that exist to protect patient information are a hodgepodge patchwork and greatly diverse under growing numbers of state, federal, and international laws and regulations. Before the dawning of the twenty-first century, patientsâ health information could be distributed without notice for almost any reason, including those not even related to healthcare or medical treatments. For example, such health information could be passed from an insurer to a lender, who subsequently could deny the individualâs application for a mortgage or a loan. The health information could even be sent to an individualâs employer, who could then consider it for making personnel decisions.
By enacting HIPAA, Congress mandated that organizations must take specific actions to protect individually identifiable health information. HIPAA contains an important section called Administrative Simplification. The provisions of this section are intended to reduce the costs and administrative burdens of healthcare by standardizing many administrative and financial forms and transactions. Administrative Simplification includes the Privacy Rule and Security Rule subsections that mandate standards for safeguarding, physical storage and maintenance, transmission, and access of PHI. The privacy requirements are collectively referred to as the Privacy Rule, and the security, or safeguard, requirements are collectively referred to as the Security Rule.
The Privacy Rule was passed on 14 April 2001, and updated on 14 August 2002, with compliance required by most health plans, healthcare providers, and healthcare clearing houses, collectively referenced as CEs, by 14 April 2003. Those entities that do not comply with these regulations are subject to severe civil and criminal penalties.
The Privacy Rule has requirements to safeguard PHI by
The Security Rule came into effect in 2005 and can be characterized as being many things, including:
It is important for CEs and BAs to understand that the Security Rule is not
The overall goals of the Security Rule revolve around the confidentiality, integrity, and availability of electronic PHI. These terms are defined as
When the proper policies, procedures, and technologies are in place, PHI can be reasonably protected against known threats and vulnerabilities. This will allow entities to protect against unauthorized uses and disclosures of PHI, a primary consideration of the HIPAA.
HITECH Overview
The HITECH Act is part of President Obamaâs $787 billion stimulus package, known as the American Recovery and Reinvestment Act (ARRA) of 2009, which was signed into law on 17 February 2009. The HITECH Act was designed to help fulfill a promise that President Obama made in a speech on 8 January 2009, at George Mason University:*
To improve the quality of our health care while lowering its costs, we will make the immediate investments necessary to ensure that, within five years, all of Americaâs medical records are computerized. This will cut waste, eliminate red tape and reduce the need to repeat expensive medical testsâŚ. But it just wonât save billions of dollars and thousands of jobs; it will save lives by reducing the deadly but preventable medical errors that pervade our health-care system.
There are significant additional requirements to the HIPAA as a result of the HITECH Act. The bulk of all the original HIPAA Security Rule and Privacy Rule requirements are still valid and should still be followed. It would be dangerous not to do so, not only from a compliance perspective, but also from an information security, privacy, and risk management point of view. The HITECH Act did not replace all the HIPAA requirements. Generally, the HITECH Act augmented the HIPAA and expanded its requirements primarily by