| Reviewer |
|
xi | |
| Foreword |
|
xiii | |
|
|
| About the Authors |
|
xvii | |
| Introduction |
|
xxi | |
| Chapter 1 HIPAA, HITECH Act, and Breach Notification Overview |
|
1 | (40) |
|
Building the Infrastructure |
|
|
4 | (5) |
|
|
|
9 | (6) |
|
Transactions and Code Sets |
|
|
9 | (2) |
|
|
|
11 | (2) |
|
|
|
13 | (2) |
|
|
|
15 | (1) |
|
Change in Focus: Administrative to Clinical Processes |
|
|
15 | (1) |
|
|
|
16 | (5) |
|
Final Rule Modification of Business Associate Definition |
|
|
17 | (4) |
|
|
|
21 | (4) |
|
Statutory Definition of Breach |
|
|
21 | (1) |
|
January 25, 2013, Final Rule Definition of Breach |
|
|
21 | (3) |
|
|
|
24 | (1) |
|
Breach Notification Requirements |
|
|
24 | (1) |
|
Guidance on Securing Protected Health Information |
|
|
25 | (2) |
|
|
|
27 | (4) |
|
Importance of Achieving Compliance |
|
|
31 | (10) |
| Chapter 2 Transactions and Code Sets |
|
41 | (44) |
|
Transaction Standards and Code Set Standards |
|
|
42 | (1) |
|
|
|
43 | (4) |
|
Need for Transaction and Code Set Modifications |
|
|
44 | (1) |
|
Health Care Claim Payment/Advice (835) |
|
|
45 | (1) |
|
Health Care Claim Status Request and Response (276/277) |
|
|
46 | (1) |
|
Benefits of Improvements to Transaction Standards |
|
|
47 | (1) |
|
HIPAA Transaction Standards: Final Rule |
|
|
47 | (8) |
|
|
|
55 | (18) |
|
Code Sets in the Physician's Office |
|
|
55 | (1) |
|
|
|
56 | (3) |
|
|
|
59 | (5) |
|
ICD-10-CM/PCS: Code Set Standards Modification |
|
|
64 | (9) |
|
What 5010 and ICD-10-CM Mean to Your Practice |
|
|
73 | (1) |
|
Health Insurance Reform: Administrative Simplification Transactions |
|
|
74 | (3) |
|
|
|
77 | (8) |
| Chapter 3 The Privacy Team |
|
85 | (62) |
|
What Changed in the HIPAA Omnibus Rule, and What Didn't Change? |
|
|
87 | (2) |
|
Step 1 Build the Foundation for Privacy Management |
|
|
89 | (15) |
|
Step 1A Identify a Privacy Official |
|
|
90 | (3) |
|
Step 1B Revisit Your Notice of Privacy Practices |
|
|
93 | (2) |
|
Step 1C Consistent with Other Documentation |
|
|
95 | (1) |
|
Step 1D Develop Policies and Procedures |
|
|
95 | (1) |
|
Step 1E Policies and Procedures |
|
|
96 | (1) |
|
|
|
97 | (2) |
|
|
|
99 | (1) |
|
|
|
100 | (1) |
|
Step 1I Refraining from Intimidating or Retaliatory Acts |
|
|
101 | (1) |
|
|
|
102 | (1) |
|
Step 1K Establish Minimum Necessary Limits for Use and Disclosures of Protected Health Information |
|
|
102 | (2) |
|
Step 2 Identify Permissions for Use and Disclosure of Protected Health Information |
|
|
104 | (11) |
|
Step 2A Required Disclosures |
|
|
106 | (1) |
|
Step 2B Permissible Disclosures: Treatment, Payment, and Health Care Operations |
|
|
107 | (1) |
|
Step 2C Permissible Disclosures: Another Covered Entity's Treatment, Payment, and Health Care Operations |
|
|
108 | (1) |
|
Step 2D Permissible Disclosures: Family, Friends, and Disaster Relief Agencies |
|
|
109 | (2) |
|
Step 2E Incidental Uses or Disclosures |
|
|
111 | (1) |
|
Step 2F Other Uses or Disclosures for Which Authorization Is Not Required |
|
|
111 | (1) |
|
Step 2G Uses and Disclosures of De-Identified Protected Health Information |
|
|
112 | (2) |
|
Step 2H Limited Data Set for Purposes of Research, Public Health, or Health Care Operations |
|
|
114 | (1) |
|
Step 3 Identify Uses and Disclosures That Require Authorizations |
|
|
115 | (5) |
|
Step 3A Uses and Disclosures That Require Authorizations |
|
|
115 | (4) |
|
Step 3B Psychotherapy Notes |
|
|
119 | (1) |
|
Step 4 Identify Personal Identity Authentication Issues |
|
|
120 | (2) |
|
Step 5 Update Your HIPAA Privacy Safeguards |
|
|
122 | (2) |
|
Step 6 Update New Patient Rights, Including Rights Provided in the HITECH Act |
|
|
124 | (9) |
|
Step 6A Right to Access Protected Health Information |
|
|
124 | (3) |
|
Step 6B Patient's Right to Request an Amendment to Content in Patient Record |
|
|
127 | (1) |
|
Step 6C Accounting of Disclosures |
|
|
128 | (2) |
|
Step 6D Confidential Communications Requirements |
|
|
130 | (1) |
|
Step 6E Right of an Individual to Request Restriction of Uses and Disclosures |
|
|
130 | (2) |
|
Step 6F Right to File a Complaint |
|
|
132 | (1) |
|
|
|
133 | (1) |
|
Step 7 Update Business Associate Contracts |
|
|
133 | (2) |
|
Step 8 Revise and Protect Fundraising and Marketing Activities |
|
|
135 | (1) |
|
Step 9 Train Your Staff on New Issues and Provide Refreshers on Privacy Policies and Procedures |
|
|
136 | (4) |
|
HIPAA Privacy Rule Training Requirements |
|
|
138 | (1) |
|
|
|
139 | (1) |
|
|
|
140 | (1) |
|
Step 10 Implement Your Plan and Evaluate Your Compliance Status |
|
|
140 | (1) |
|
|
|
141 | (6) |
| Chapter 4 HIPAA Security: Tougher, but with Safe Harbors |
|
147 | (56) |
|
About HIPAA's Security Rule |
|
|
148 | (4) |
|
|
|
150 | (1) |
|
|
|
150 | (1) |
|
|
|
151 | (1) |
|
Implementation Specifications |
|
|
151 | (1) |
|
|
|
152 | (1) |
|
Administrative Safeguard Standards and Implementation Specifications |
|
|
152 | (26) |
|
Security Management Process |
|
|
156 | (2) |
|
Assigned Security Responsibility |
|
|
158 | (2) |
|
|
|
160 | (2) |
|
Information Access Management |
|
|
162 | (3) |
|
Security Awareness and Training |
|
|
165 | (3) |
|
Security Incident Procedures |
|
|
168 | (4) |
|
|
|
172 | (3) |
|
|
|
175 | (1) |
|
Business Associate Contracts and Other Arrangements |
|
|
176 | (2) |
|
Physical Safeguard Standards and Implementation Specifications |
|
|
178 | (8) |
|
|
|
179 | (3) |
|
|
|
182 | (1) |
|
|
|
183 | (1) |
|
Device and Media Controls |
|
|
183 | (3) |
|
Technical Safeguard Standards and Implementation Specifications |
|
|
186 | (17) |
|
|
|
187 | (3) |
|
|
|
190 | (1) |
|
|
|
191 | (1) |
|
Person or Entity Authentication |
|
|
192 | (1) |
|
|
|
192 | (11) |
| Chapter 5 HIPAA Communications: Patient Engagement and Social Networking |
|
203 | (26) |
|
What Patients Want to Know About HIPAA |
|
|
204 | (2) |
|
Implementing an Internal and External Communications Plan |
|
|
206 | (3) |
|
Your HIPAA Communications Plan |
|
|
209 | (10) |
|
Electronic Communications and Health IT |
|
|
213 | (1) |
|
Develop and Deploy an External Communication Plan |
|
|
214 | (1) |
|
Build a Breach Response Plan Before You Need It |
|
|
214 | (3) |
|
Managing an Audit from OCR |
|
|
217 | (1) |
|
Audit Prevention Strategies |
|
|
218 | (1) |
|
|
|
219 | (5) |
|
|
|
220 | (2) |
|
|
|
222 | (2) |
|
|
|
224 | (5) |
| Appendix A HIPAA Forms |
|
229 | (58) |
|
HIPAA for Behavioral Health in an Electronic Environment |
|
|
273 | (14) |
| Appendix B Additions to HIPAA Training Program |
|
287 | (8) |
|
How OCR Enforces the HIPAA Privacy Rule |
|
|
291 | (2) |
|
What OCR Considers During Intake and Review of a Privacy Complaint |
|
|
293 | (2) |
| Appendix C Additional Resources |
|
295 | (2) |
| Glossary |
|
297 | (22) |
| Index |
|
319 | |
