About the Author
Preface
Acknowledgments
Chapter 1 DIGITAL HEALTH AND PRIVACY AND SECURITY OF HEALTH INFORMATION
- Introduction to Digital Health
- Contact Tracing and Data Protection Laws
- Remote Employee Monitoring
- Addressing Privacy Concerns Associated with Artificial Intelligence
- HIPAA Basics
- Privacy Risks of Electronic Information
- Security Risks of Electronic Information
- Baseline Privacy Protections
- Baseline Security Protections
Chapter 2 THE ENABLING ACTS—HIPAA AND HITECH
- Overview of HIPAA
- Legislative Titles
- Title II, Subtitle F: Administrative Simplification
- Covered Entities
- Type of Information Protected: Individually Identifiable Health Information
- Adoption of Regulations and Compliance Dates
- The HITECH Act
- The Omnibus Rule
- Genetic Information Nondiscrimination Act of 2008
Chapter 3 HIPAA PRIVACY RULE
- Overview to Privacy Rule
- Covered Entities
- Business Associate Obligations and Further Classifications under HIPAA
- Type of Information Covered: Protected Health Information
- Use and Disclosure
- Rights of Individuals
- Individual's Access to PHI
- Disposal of Protected Health Information
- Administrative Regulations
- Recommendations for Compliance
- Privacy and Security Considerations in Transactions and Deals
- Privacy Considerations in the Midst of a Pandemic
Chapter 4 HIPAA SECURITY RULE: ENSURING THE CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY OF EPHI
- Introduction
- HIPAA Security Rule
- Security Beyond the Health Care Industry
- How to Conduct a Security Risk Analysis
- The Security Risk Assessment Tool
- What to Do after the Risk Analysis
- Policy and Procedure Development
- A Practical Approach to Contingency Planning
- The Audit/Evaluation Process
- Hospital IT Management
- HIPAA and Ransomware
- Selecting and Implementing Security Solutions
- Security Solutions and Technologies
- Protecting and Securing Health Information When Using a Mobile Device
- Data Management Systems
Chapter 5 THE BREACH NOTIFICATION RULE
- Overview of the Breach Notification Rule
- Recent Changes to States’ Data Breach Notification Statutes
- Definitions (45 C.F.R. 164.402)
- Notification to Individuals (45 C.F.R. 164.404)
- Notification to the Media (45 C.F.R. 164.406)
- Notification to the Secretary (45 C.F.R. 164.408)
- Notification by a Business Associate (45 C.F.R. 164.410)
- Law Enforcement Delay (45 C.F.R. 164.412)
- Administrative Requirements and Burden of Proof (45 C.F.R. 164.414)
- OCR HIPAA Settlements
-
Chapter 6 HIPAA AND STATE LAW—UNDERSTANDING AND PREPARING A PREEMPTION ANALYSIS
- Introduction
- HIPAA Preemption Requirements
- Privacy Rule
- State Law Preemption
Chapter 7 OVERVIEW OF FEDERAL PRIVACY LAWS
- Introduction to Federal Privacy Laws
- Scope of Regulated Entities
- Conflict of Federal Requirements
- Federal Privacy Protections
Chapter 8 OVERVIEW OF STATE PRIVACY LAWS
- Introduction
- State Information Privacy Requirements
- Right of Access
- Use and Disclosure
- Penalties/Liability
- Relationship to HIPAA Regulations
- Recommendations for HIPAA Compliance
- Regional Health Information Organizations
- Appendix 8-A State-by-State Guide to Medical Privacy Statutes
Chapter 9 TRANSACTIONS, CODE SETS, AND UNIQUE IDENTIFIERS
- Introduction
- Standard Transaction Requirements
- Standardized Code Set Requirements
- National Provider Identifier
- National Provider Identifier Contingency Plan
- National Employer Identifier
- Identified Transaction Standards Implementation Barriers
- Claims Attachment Rules
- Issues Related to the Codes
- Appendix 9-A Guidance on Compliance with the HIPAA National Provider Identifier (NPI) Rule after the May 23, 2007 Implementation Deadline
Chapter 10 APPLICATION OF HIPAA REGULATIONS TO GENETIC INFORMATION
- Overview
- Background and Guidance Materials
- Key Provisions of Gina Regarding the Application of HIPAA Regulations to Genetic Information
- State Laws Regulating Genetic Privacy
Chapter 11 STATUS OF HIPAA REGULATIONS IMPLEMENTATION
- Overview
- Changing Landscape of Health Information
- Implementation and Enforcement of HIPAA
- Observations and Recommendations Regarding the Progress of HIPAA Implementation
Chapter 12 HIPAA ENFORCEMENT
- OCR Enforcement Authority
- HIPAA Enforcement Actions Taken by State Attorneys General
- FTC Enforcement of Data Privacy and Security
- DOJ Criminal Enforcement
- Whistleblower and Retaliation Provisions
- Private Right of Action
- No Private Right of Action
- Novel Defenses to HIPAA Violations
Chapter 13 GENERAL DATA PROTECTION REGULATION
- General Data Protection Regulation Overview
- GDPR and HIPAA—Similarities and Differences
- Understanding GDPR Roles, Requirements, and Responsibilities
- Data Localization and Data Transfer Restrictions
- Forms and Checklists
Chapter 14 CONSUMER PRIVACY LAWS IN THE UNITED STATES—CALIFORNIA AND BEYOND
- U.S. National Consumer Privacy Law
- California Consumer Privacy Act
- Virginia Consumer Data Protection Act
APPENDICES
PREFACE TO APPENDICES
Appendix A HIPAA PRIVACY POLICIES AND PROCEDURES TEMPLATE
Appendix B HIPAA BASICS TRAINING SLIDES
Appendix C HIPAA FORMS
Appendix D PRELIMINARY CHECKLIST
Appendix E HIPAA BAA COMPLIANCE CHECKLIST
Appendix F PRIVACY OFFICER DUTY CHECKLIST
Appendix G CHECKLIST OF CERTAIN ORGANIZATIONAL REQUIREMENTS (PRELIMINARY)
Appendix H TEMPLATE: HIPAA SECURITY RULE POLICIES AND PROCEDURES
Appendix I USE OF COMPUTERS: DESKTOP, LAPTOP, TABLET, SMART PHONE POLICY
Appendix J STATE BREACH NOTIFICATION LAWS
Appendix K CLIENT TOOL: CONDUCTING RISK ASSESSMENTS
Appendix L CLIENT TOOL: A RISK MANAGEMENT FRAMEWORK
Appendix M PRIVACY AND DATA SECURITY IN M&A TRANSACTIONS
