HIPAA Guide: Security Compliance Training with Templates and Resources

Review the HIPAA Compliance book in Google Books. View HIPAA Book

Buy this HIPAA Book package

Table of Content of HIPAA Manual with PowerPoint.

Unit 1: HIPAA basics

     Topic A:     HIPAA introduction
     Topic B:      Administrative Simplification
     Topic C:     HIPAA penalties
     Topic D:     HIPAA-related organizations
     Topic E:     HIPAA terminology

Unit 2: Transactions & code sets overview

     Topic A:     Transactions

Unit 3: Transactions - ANSI X12 and NCPDP transaction types

     Topic A: ANSI ASC X12 standards

Unit 4: Code sets & national identifiers

     Topic A:      Code sets
     Topic B:     National health care identifiers

Unit 5: HIPAA and e-Health - Security and privacy requirements

     Topic A:      HIPAA, EHRs, and e-health
     Topic B:      Planning for privacy compliance
     Topic C:      Planning for security compliance
     Topic D:     Scenario: Possible framework for compliance

Unit 6: HIPAA Privacy Rule

     Topic A:      Introduction to the Privacy Rule

Unit 7: Privacy Rule - Organizational and individual relationships, rights, and responsibilities

     Topic A:      Organizational requirements and relationships
     Topic B:      Individual privacy rights

Unit 8: Privacy Rule - Notice of privacy practices

     Topic A:      Notice of Privacy Practices and Authorizations

Unit 9: Privacy Rule - Uses and disclosures of PHI

     Topic A:     Uses and disclosures: General
     Topic B:     Uses and disclosures: treatment, payment, and health care operations
     Topic C:     Uses and disclosures: Public purposes

Unit 10: Privacy Rule - Safeguards

     Topic A:     Safeguards

Unit 11: HIPAA Security Rule - Overview

    Topic A:     Scope of the HIPAA Security Rule
    Topic B:     Threats to business information
    Topic C:     Security terminology and categories
    Topic D:     Administrative safeguards
    Topic E:     Physical safeguards
    Topic F:      Technical safeguards
    Topic G:     Organizational requirements
    Topic H:     Policies and procedures, and documentation standards

Unit 12: HIPAA Security Rule - Threats and technology options

     Topic A:     Security threats
     Topic B:      Security technology options

Unit 13: Advanced administrative safeguards

     Topic A:      Security awareness and training
     Topic B:     Security incident procedures
     Topic C:     Contingency plans
     Topic D:     Evaluation
     Topic E:      Business Associate Contracts and other arrangements

Unit 14: Physical safeguards overview

     Topic A:     Privacy Rule physical safeguards

Unit 15: Advanced physical safeguards

     Topic A:      Requirements
     Topic B:      Facility access controls
     Topic C:      Workstation use and security
     Topic D:     Specific steps - Physical security implementation

Unit 16: Physical safeguards - Device and media management

     Topic A:     Device and media controls

Unit 17: General technical safeguards

     Topic A:     Requirements
     Topic B:      Access control
     Topic C:      Audit controls
     Topic D:      Integrity
     Topic E:      Person or entity authentication

Unit 18: Advanced technical safeguards

     Topic A:      Transmission security
     Topic B:      TCP/IP network infrastructure
     Topic C:      Firewall systems
     Topic D:     Virtual Private Networks (VPNs)
     Topic E:     Wireless transmission security
     Topic F:      Encryption
     Topic G:      Kerberos authentication
     Topic H:      Case study: Windows XP security

Unit 19: Digital signatures and certificates

     Topic A:      Requirements
     Topic B:      Digital signatures
     Topic C:      Digital certificates
     Topic D:      Public Key Infrastructure (PKI)

Unit 20: Security policy

     Topic A:      Threats, risk management, and policy
     Topic B:      ISO 17799 security standards
     Topic C:     Security policy considerations
     Topic D:      Sample security policy documents

Appendix A: HIPAA Security Rule

     Topic A:     HIPAA Security Rule standards

Appendix B: HIPAA Privacy Rule

     Topic A:     HIPAA Privacy Rule standards

Appendix C: Job role/unit matrix

     Topic A:      Job role matrix

COMPLIANCE RESOURCES:

Quick Reference HIPAA Course card:

HIPAA Overview Course card

The HIPAA Overview CourseCARD provides information on what covered entities need to know how to make their practices, health plans, and health care clearinghouses compliant with the HIPAA Administrative Simplification Rules. The card provides an overview of the four sets of standards that cover electronic transactions, identifiers, privacy, and security. The card also covers the compliance timeline, DSMOs and related organizations, and other key terms. It also provides a 16-step privacy solution and a 12-step security solution. The Top Productivity Tips and Solutions page provides steps to prepare an organization for HIPAA compliance, brief executives on the scope of HIPAA, prepare for the transaction standards, and to prepare for the national identifier standards.

HIPAA Security Templates in Resources CD

Following templates in Microsoft Word format are included in the CD

I. Policies on the Standards for Administrative Safeguards

• Security Management Process
• Risk Analysis
• Risk Management
• Sanction Policy
• Information System Activity Review
• Assigned Security Responsibility
• Workforce Security
• Authorization and/or Supervision
• Workforce Clearance Procedure
• Termination Procedures
• Information Access Management
• Access Authorization
• Access Establishment and Modification
• Security Awareness & Training
• Security Reminders
• Protection from Malicious Software
• Log-in Monitoring
• Password Management
• Security Incident Procedures
• Response and Reporting
• Contingency Plan
• Data Backup Plan
• Disaster Recovery Plan
• Emergency Mode Operation Plan
• Testing and Revision Procedure
• Applications and Data Criticality Analysis
• Evaluation
• Business Associate Contracts and Other Arrangements

  II. Policies on the Standards for Physical Safeguards

• Facility Access Controls
• Contingency Operations
• Facility Security Plan
• Access Control and Validation Procedures
• Maintenance Records
• Workstation Use
• Workstation Security
• Device and Media Controls
• Disposal
• Media Re-use
• Accountability
• Data Backup and Storage

  III. Policies on the Standards for Technical Safeguards

• Access Control
• Unique User Identification
• Emergency Access Procedure
• Automatic Logoff
• Encryption and Decryption
• Audit Controls
• Integrity
• Mechanism to Authenticate Electronic Protected Health Information
• Person or Entity Authentication
• Transmission Security
• Integrity Controls
• Encryption

  IV. Organizational Requirements

• Policies and Procedures
• Documentation
• Isolating Healthcare Clearinghouse Function
• Group Health Plan Requirements

HIPAA Security Contingency Plan Guides, Templates, Examples, Policy & Standards

Following HIPAA Security Contingency Plan Guides, Templates, Examples, Policy & Standards are included in the resource CD.

• Application Recovery Plan Development Guide
• Business Impact Analysis Policy
• Conducting a Business Impact Analysis Guide
• Conducting a Risk Assessment
• Contingency Planning Policy
• Data Backup Plan Development Guide
• Disaster Recovery Plan Development Guide
• Emergency Mode Operations Plan Development Guide
• Example Accounting Business Resumption Plan
• Example Application Recovery Plan Template
• Example Final RA Executive Management Report
• Example Risk Assessment Survey
• Example Short Version BIA
• Implementing Recovery Strategies
• Polices & Standards Instructions
• Risk Assessment Policy
• Short Version BIA Template
• Telecom Recovery Plan Development Guide
• Testing and Revision Program
• Training & Awareness Standard
• Types of Contingency Plans