HIPAA: A Guide to Health Care Privacy and Security Law, 3rd Edition

About the Author

Preface

Acknowledgments

Chapter 1 DIGITAL HEALTH AND PRIVACY AND SECURITY OF HEALTH INFORMATION

• Introduction to Digital Health
• Contact Tracing and Data Protection Laws
• Remote Employee Monitoring
• Addressing Privacy Concerns Associated with Artificial Intelligence
• HIPAA Basics
• Privacy Risks of Electronic Information
• Security Risks of Electronic Information
• Baseline Privacy Protections
• Baseline Security Protections

Chapter 2 THE ENABLING ACTS—HIPAA AND HITECH

• Overview of HIPAA
• Legislative Titles
• Title II, Subtitle F: Administrative Simplification
• Covered Entities
• Type of Information Protected: Individually Identifiable Health Information
• Adoption of Regulations and Compliance Dates
• The HITECH Act
• The Omnibus Rule
• Genetic Information Nondiscrimination Act of 2008

Chapter 3 HIPAA PRIVACY RULE

• Overview to Privacy Rule
• Covered Entities
• Business Associate Obligations and Further Classifications under HIPAA
• Type of Information Covered: Protected Health Information
• Use and Disclosure
• Rights of Individuals
• Individual's Access to PHI
• Disposal of Protected Health Information
• Administrative Regulations
• Recommendations for Compliance
• Privacy and Security Considerations in Transactions and Deals
• Privacy Considerations in the Midst of a Pandemic

Chapter 4 HIPAA SECURITY RULE: ENSURING THE CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY OF EPHI

• Introduction
• HIPAA Security Rule
• Security Beyond the Health Care Industry
• How to Conduct a Security Risk Analysis
• The Security Risk Assessment Tool
• What to Do after the Risk Analysis
• Policy and Procedure Development
• A Practical Approach to Contingency Planning
• The Audit/Evaluation Process
• Hospital IT Management
• HIPAA and Ransomware
• Selecting and Implementing Security Solutions
• Security Solutions and Technologies
• Protecting and Securing Health Information When Using a Mobile Device
• Data Management Systems

Chapter 5 THE BREACH NOTIFICATION RULE

• Overview of the Breach Notification Rule
• Recent Changes to States’ Data Breach Notification Statutes
• Definitions (45 C.F.R.  164.402)
• Notification to Individuals (45 C.F.R.  164.404)
• Notification to the Media (45 C.F.R.  164.406)
• Notification to the Secretary (45 C.F.R.  164.408)
• Notification by a Business Associate (45 C.F.R.  164.410)
• Law Enforcement Delay (45 C.F.R.  164.412)
• Administrative Requirements and Burden of Proof (45 C.F.R.  164.414)
• OCR HIPAA Settlements
•  

Chapter 6 HIPAA AND STATE LAW—UNDERSTANDING AND PREPARING A PREEMPTION ANALYSIS

• Introduction
• HIPAA Preemption Requirements
• Privacy Rule
• State Law Preemption

Chapter 7 OVERVIEW OF FEDERAL PRIVACY LAWS

• Introduction to Federal Privacy Laws
• Scope of Regulated Entities
• Conflict of Federal Requirements
• Federal Privacy Protections

Chapter 8 OVERVIEW OF STATE PRIVACY LAWS

• Introduction
• State Information Privacy Requirements
• Right of Access
• Use and Disclosure
• Penalties/Liability
• Relationship to HIPAA Regulations
• Recommendations for HIPAA Compliance
• Regional Health Information Organizations
• Appendix 8-A State-by-State Guide to Medical Privacy Statutes

Chapter 9 TRANSACTIONS, CODE SETS, AND UNIQUE IDENTIFIERS

• Introduction
• Standard Transaction Requirements
• Standardized Code Set Requirements
• National Provider Identifier
• National Provider Identifier Contingency Plan
• National Employer Identifier
• Identified Transaction Standards Implementation Barriers
• Claims Attachment Rules
• Issues Related to the Codes
• Appendix 9-A Guidance on Compliance with the HIPAA National Provider Identifier (NPI) Rule after the May 23, 2007 Implementation Deadline

Chapter 10 APPLICATION OF HIPAA REGULATIONS TO GENETIC INFORMATION

• Overview
• Background and Guidance Materials
• Key Provisions of Gina Regarding the Application of HIPAA Regulations to Genetic Information
• State Laws Regulating Genetic Privacy

Chapter 11 STATUS OF HIPAA REGULATIONS IMPLEMENTATION

• Overview
• Changing Landscape of Health Information
• Implementation and Enforcement of HIPAA
• Observations and Recommendations Regarding the Progress of HIPAA Implementation

Chapter 12 HIPAA ENFORCEMENT

• OCR Enforcement Authority
• HIPAA Enforcement Actions Taken by State Attorneys General
• FTC Enforcement of Data Privacy and Security
• DOJ Criminal Enforcement
• Whistleblower and Retaliation Provisions
• Private Right of Action
• No Private Right of Action
• Novel Defenses to HIPAA Violations

Chapter 13 GENERAL DATA PROTECTION REGULATION

• General Data Protection Regulation Overview
• GDPR and HIPAA—Similarities and Differences
• Understanding GDPR Roles, Requirements, and Responsibilities
• Data Localization and Data Transfer Restrictions
• Forms and Checklists

Chapter 14 CONSUMER PRIVACY LAWS IN THE UNITED STATES—CALIFORNIA AND BEYOND

• U.S. National Consumer Privacy Law
• California Consumer Privacy Act
• Virginia Consumer Data Protection Act

APPENDICES

PREFACE TO APPENDICES

Appendix A    HIPAA PRIVACY POLICIES AND PROCEDURES TEMPLATE

Appendix B   HIPAA BASICS TRAINING SLIDES

Appendix C    HIPAA FORMS

Appendix D   PRELIMINARY CHECKLIST

Appendix E    HIPAA BAA COMPLIANCE CHECKLIST

Appendix F    PRIVACY OFFICER DUTY CHECKLIST

Appendix G   CHECKLIST OF CERTAIN ORGANIZATIONAL REQUIREMENTS (PRELIMINARY)

Appendix H   TEMPLATE: HIPAA SECURITY RULE POLICIES AND PROCEDURES

Appendix I     USE OF COMPUTERS: DESKTOP, LAPTOP, TABLET, SMART PHONE POLICY

Appendix J     STATE BREACH NOTIFICATION LAWS

Appendix K    CLIENT TOOL: CONDUCTING RISK ASSESSMENTS

Appendix L    CLIENT TOOL: A RISK MANAGEMENT FRAMEWORK

Appendix M   PRIVACY AND DATA SECURITY IN M&A TRANSACTIONS

Frequently Asked Questions answered in HIPAA: A Guide to Health Care Privacy and Security Law:

• What is considered a breach of HIPAA?
• What happens with a HIPAA violation?
• What are the major things addressed in the HIPAA law?
• What are the key steps to avoiding HIPAA violations and maintaining HIPAA compliance?
• How can I ensure my organization has the proper strategies in place with regard to the HIPAA privacy rule?
• What is considered protected health information?
• How can we ensure that we have the tools and techniques in place to support our HIPAA training?
• Which HIPAA form is the right one for this instance?