Healthcare Information Privacy and Security
Regulatory Compliance and Data Security in the Age of Electronic Health Records
(Sprache: Englisch)
Healthcare IT is the growth industry right now, and the need for guidance in regard to privacy and security is huge. Why? With new federal incentives and penalties tied to the HITECH Act, HIPAA, and the implementation of Electronic Health Record (EHR)...
Voraussichtlich lieferbar in 3 Tag(en)
versandkostenfrei
Buch (Kartoniert)
82.49 €
- Lastschrift, Kreditkarte, Paypal, Rechnung
- Kostenlose Rücksendung
- Ratenzahlung möglich
Produktdetails
Produktinformationen zu „Healthcare Information Privacy and Security “
Klappentext zu „Healthcare Information Privacy and Security “
Healthcare IT is the growth industry right now, and the need for guidance in regard to privacy and security is huge. Why? With new federal incentives and penalties tied to the HITECH Act, HIPAA, and the implementation of Electronic Health Record (EHR) systems, medical practices and healthcare systems are implementing new software at breakneck speed. Yet privacy and security considerations are often an afterthought, putting healthcare organizations at risk of fines and damage to their reputations. Healthcare Information Privacy and Security: Regulatory Compliance and Data Security in the Age of Electronic Health Records outlines the new regulatory regime, and it also provides IT professionals with the processes and protocols, standards, and governance tools they need to maintain a secure and legal environment for data and records. It's a concrete resource that will help you understand the issues affecting the law and regulatory compliance, privacy, and security in the enterprise.
As healthcare IT security expert Bernard Peter Robichau II shows, the success of a privacy and security initiative lies not just in proper planning but also in identifying who will own the implementation and maintain technologies and processes. From executive sponsors to system analysts and administrators, a properly designed security program requires that that the right people are assigned to the right tasks and have the tools they need. Robichau explains how to design and implement that program with an eye toward long-term success. Putting processes and systems in place is, of course, only the start. Robichau also shows how to manage your security program and maintain operational support including ongoing maintenance and policy updates. (Because regulations never sleep!)
This book will help you devise solutions that include:
... mehr
- Identity and access management systems
- Proper application design
- Physical andenvironmental safeguards
- Systemwide and client-based security configurations
- Safeguards for patient data
- Training and auditing procedures
- Governance and policy administration
... weniger
Inhaltsverzeichnis zu „Healthcare Information Privacy and Security “
Introduction: The Long-Awaited ManualIn a world of data breaches and lawsuits, where regulations abound and consumer rights reign supreme, we should expect that the topic of electronic patient data security (and who has access to what) would be well documented, but it isn’t. New laws are forcing healthcare providers to abandon paper charts for electronic ones, and each organization is left to interpret tangled mass of regulations in a vacuum. This book will help the healthcare professional understand what’s at stake, and then to build a worthy security program.
Part I: The Evolution of a Monster
Chapter 1: Waking the Sleeping Dinosaur
Historically, technology professionals who wanted to work with cutting edge technologies flocked to Internet startups, telecoms, or social media. Nobody in their right mind would aspire to work in healthcare, which was notoriously behind the times in the world of technology. In 2009, a law called the HITECH Act (Health Information Technology for Economic and Clinical Health Act) emerged in the wake of the 2008 financial crisis and thrust healthcare IT into the spotlight, and it forced the lagging industry to deal with modern technologies head on or face financial penalties. This chapter explains the changes and what IT pros and administrators in healthcare will need to do as a result.
Chapter 2: It’s Not Just HIPAA
Healthcare privacy and security is often equated with an act that predates the HITECH Act, namely HIPAA (Health Insurance Portability and Accountability Act). While this piece of legislation from 1996 impacts privacy and security in healthcare, it is just part of the picture. Deployed technologies must consider not only regulatory compliance, but also legal and security considerations as well. This chapter outlines HIPAA’s ramifications and how they fit into the overall regulatory picture.
Part II: Divide and Conquer - Defining Ownership to
... mehr
Develop Solutions
Chapter 3: Assembling the Team
You will need to bring all of the right people to the table. No security program can exist without the support of key stakeholders and users - from executives to administrators. Once your team is assembled, and you know what you are dealing with, you can begin the work of implementing solutions. This chapter helps you assemble a crack team and ensure each person is in the right job.
Chapter 4: Sifting Through the Wreckage - The Security Audit
Quite often, in an effort to comply with regulations, a single person is charged with the task of “implementing a privacy and security program” in the enterprise. This is a good start since someone needs to take charge of the issues at hand, but without an accurate picture of current processes, it is virtually impossible to correct deficiencies. This chapter steps you through the audit procedure so you know exactly where you and your organization stand.
Chapter 5: Reviewing Policies and Developing a Plan
Once you know what you are facing, and who is on your team, you can begin the task of identifying a broad plan to address the problems. Knowing what level of risk your organization is willing to accept, what sort of funding you can expect, and what kind of human and IT resources are at your disposal, will be essential to the process of developing a realistic plan of attack. This chapter helps you assess risk, budget realities, and your other resources to start working on your plan.
Part III: Sustainable Solutions
Chapter 6: Identity and Access Management
At the core of every security concern in the healthcare world is the question, “Who is accessing the data that we need to protect?” The most basic way to assure the integrity of access is to develop an identity and access management system (this can be automated, or as simple as a spreadsheet). Role-Based Access Control (RBAC) is the preferred method of controlling access in the enterprise. Without the most basic controls in place to assure that you know who is in your system, many other aspects of security are irrelevant. This chapter explains the identify and access system and how to implement one customized for your situation.
Chapter 7: Application Design
Assigning access to a “role” in the organization is only meaningful insofar as the application is designed appropriately. A cardinal rule in the HIPAA Privacy Rule from 1996 is the “Minimum Necessary Requirement.” (45 CFR 164.502(b), 164.514(d) While it might be simplest to deploy an EHR system broadly, where everything is accessible to all (and only used based on job function), the Minimum Necessary rule precludes broadly designed access as a viable option. This chapter explains how to design a system that reflects the law’s intent.
Chapter 9: Physical and Environmental Safeguards
The security of patient data is paramount, and sometimes software solutions to security concerns are the right answer. However, safeguards of patient data in a clinical environment can include environmental considerations including physical isolation and proximity badge access. This chapter covers current safeguarding practice and technology.
Chapter 10: Systemwide and Client Based Security Configuration
How your system behaves, and protects patient data, can be managed with settings that control the behavior of the computers and devices in your organization. Factoring all of these system settings into your security plan will ensure that you utilize all controls at your disposal, and help to assure that you don’t neglect a setting that creates a vulnerability that you did not know existed. This chapter provides an overview of systemwide security and how your plan can ensure the results you seek.
Chapter 11: Safeguarding Patient Data from Prying Eyes
The most basic task you must undertake in the process of safeguarding patient data is ensuring that the right people are looking at the right data for the right reasons. If you don’t consider all of the locations where your patient data resides, then your larger plan of data protection might not be as effective as you think it is. This chapter is all about how you can safeguard patient data.
Chapter 12: People - the Most Crucial Element in a Successful Security Program
With all of the technical safeguards in place, an organization can still be vulnerable to security risks if the people using the system are not properly educated and audited. Know your user base, and control for user-based risks with a proper educational program. This chapter shows how to keep your people in check while training them and auditing their practices going forward.
Part IV: From Project to Program - Transitioning to a Sustainable Support Model
Chapter 13: Security Project v. Operational Support
It is tempting to think that working through a laundry list of items to address will lead to a secure environment, but it is essential that a transition to operational support includes checks on the systems and processes implemented during your security project. A regular review of new regulations, changes in your environment, and the use of new technology is necessary if you want to ensure that the work of securing your organization is viable in the long-term. This chapter shows how to build awareness of changes (including new or enhanced regulations) into your governance and policy practices.
Chapter 14: Putting the Plan in Place - Ongoing Maintenance and Policy Updates
Now that you are armed with all of the tools that you need to begin putting a security program in place, how do you start? The answer will be different for each organization because each organization is different. What is important is making a plan, and implementing it to the extent that you are able. This chapte. The Evolution of a Monsterr is about the rubber meeting the road: Putting your plan into action and keeping it working as you intended.
Chapter 3: Assembling the Team
You will need to bring all of the right people to the table. No security program can exist without the support of key stakeholders and users - from executives to administrators. Once your team is assembled, and you know what you are dealing with, you can begin the work of implementing solutions. This chapter helps you assemble a crack team and ensure each person is in the right job.
Chapter 4: Sifting Through the Wreckage - The Security Audit
Quite often, in an effort to comply with regulations, a single person is charged with the task of “implementing a privacy and security program” in the enterprise. This is a good start since someone needs to take charge of the issues at hand, but without an accurate picture of current processes, it is virtually impossible to correct deficiencies. This chapter steps you through the audit procedure so you know exactly where you and your organization stand.
Chapter 5: Reviewing Policies and Developing a Plan
Once you know what you are facing, and who is on your team, you can begin the task of identifying a broad plan to address the problems. Knowing what level of risk your organization is willing to accept, what sort of funding you can expect, and what kind of human and IT resources are at your disposal, will be essential to the process of developing a realistic plan of attack. This chapter helps you assess risk, budget realities, and your other resources to start working on your plan.
Part III: Sustainable Solutions
Chapter 6: Identity and Access Management
At the core of every security concern in the healthcare world is the question, “Who is accessing the data that we need to protect?” The most basic way to assure the integrity of access is to develop an identity and access management system (this can be automated, or as simple as a spreadsheet). Role-Based Access Control (RBAC) is the preferred method of controlling access in the enterprise. Without the most basic controls in place to assure that you know who is in your system, many other aspects of security are irrelevant. This chapter explains the identify and access system and how to implement one customized for your situation.
Chapter 7: Application Design
Assigning access to a “role” in the organization is only meaningful insofar as the application is designed appropriately. A cardinal rule in the HIPAA Privacy Rule from 1996 is the “Minimum Necessary Requirement.” (45 CFR 164.502(b), 164.514(d) While it might be simplest to deploy an EHR system broadly, where everything is accessible to all (and only used based on job function), the Minimum Necessary rule precludes broadly designed access as a viable option. This chapter explains how to design a system that reflects the law’s intent.
Chapter 9: Physical and Environmental Safeguards
The security of patient data is paramount, and sometimes software solutions to security concerns are the right answer. However, safeguards of patient data in a clinical environment can include environmental considerations including physical isolation and proximity badge access. This chapter covers current safeguarding practice and technology.
Chapter 10: Systemwide and Client Based Security Configuration
How your system behaves, and protects patient data, can be managed with settings that control the behavior of the computers and devices in your organization. Factoring all of these system settings into your security plan will ensure that you utilize all controls at your disposal, and help to assure that you don’t neglect a setting that creates a vulnerability that you did not know existed. This chapter provides an overview of systemwide security and how your plan can ensure the results you seek.
Chapter 11: Safeguarding Patient Data from Prying Eyes
The most basic task you must undertake in the process of safeguarding patient data is ensuring that the right people are looking at the right data for the right reasons. If you don’t consider all of the locations where your patient data resides, then your larger plan of data protection might not be as effective as you think it is. This chapter is all about how you can safeguard patient data.
Chapter 12: People - the Most Crucial Element in a Successful Security Program
With all of the technical safeguards in place, an organization can still be vulnerable to security risks if the people using the system are not properly educated and audited. Know your user base, and control for user-based risks with a proper educational program. This chapter shows how to keep your people in check while training them and auditing their practices going forward.
Part IV: From Project to Program - Transitioning to a Sustainable Support Model
Chapter 13: Security Project v. Operational Support
It is tempting to think that working through a laundry list of items to address will lead to a secure environment, but it is essential that a transition to operational support includes checks on the systems and processes implemented during your security project. A regular review of new regulations, changes in your environment, and the use of new technology is necessary if you want to ensure that the work of securing your organization is viable in the long-term. This chapter shows how to build awareness of changes (including new or enhanced regulations) into your governance and policy practices.
Chapter 14: Putting the Plan in Place - Ongoing Maintenance and Policy Updates
Now that you are armed with all of the tools that you need to begin putting a security program in place, how do you start? The answer will be different for each organization because each organization is different. What is important is making a plan, and implementing it to the extent that you are able. This chapte. The Evolution of a Monsterr is about the rubber meeting the road: Putting your plan into action and keeping it working as you intended.
... weniger
Autoren-Porträt von Bernard Peter Robichau
Bernard Peter Robichau is the owner and chief security consultant at Category 3 Partners, LLC, on contract with a large academic medical system in the mid-Atlantic. He is a Certified Professional in Health Information Management Systems, an Epic Certified Security Coordinator, and a Project Management Professional credential holder. He has nearly two decades of experience in the IT field with an emphasis on information security. Robichau has served as a security officer in the public sector and as a member on various information security advisory committees. He has presented on the topic of information security in public forums. For information related to this book, see its dedicated site at robichau.com.
Bibliographische Angaben
- Autor: Bernard Peter Robichau
- 2014, 194 Seiten, Maße: 15,2 x 22,9 cm, Kartoniert (TB), Englisch
- Verlag: Springer, Berlin
- ISBN-10: 1430266767
- ISBN-13: 9781430266761
- Erscheinungsdatum: 14.06.2014
Sprache:
Englisch
Kommentar zu "Healthcare Information Privacy and Security"
Schreiben Sie einen Kommentar zu "Healthcare Information Privacy and Security".
Kommentar verfassen