HCISPP Study Guide - Justin Rainey, Timothy Virtue

HCISPP Study Guide (eBook)

Justin Rainey, Timothy Virtue (Autoren)

eBook Download: PDF | EPUB

2014 | 1. Auflage
210 Seiten
Elsevier Science (Verlag)
978-0-12-802089-0 (ISBN)

The HCISPP certification is a globally-recognized, vendor-neutral exam for healthcare information security and privacy professionals, created and administered by ISC². The new HCISPP certification, focused on health care information security and privacy, is similar to the CISSP, but has only six domains and is narrowly targeted to the special demands of health care information security.

Tim Virtue and Justin Rainey have created the HCISPP Study Guide to walk you through all the material covered in the exam's Common Body of Knowledge. The six domains are covered completely and as concisely as possible with an eye to acing the exam. Each of the six domains has its own chapter that includes material to aid the test-taker in passing the exam, as well as a chapter devoted entirely to test-taking skills, sample exam questions, and everything you need to schedule a test and get certified. Put yourself on the forefront of health care information privacy and security with the HCISPP Study Guide and this valuable certification.

Provides the most complete and effective study guide to prepare you for passing the HCISSP exam - contains only what you need to pass the test, and no fluff!
Completely aligned with the six Common Body of Knowledge domains on the exam, walking you step by step through understanding each domain and successfully answering the exam questions.
Optimize your study guide with this straightforward approach - understand the key objectives and the way test questions are structured.

Tim Virtue (HCISPP, CISSP, CIPP/G, CISA, CCSK, CFE, CSM) is a global information security, privacy and risk management executive. Tim has extensive experience with publicly traded global corporations, privately held businesses, government agencies, and non-profit organizations of all types and sizes. Tim holds an Executive Master of Science in Information Systems Technology degree from George Washington University and a Bachelors of Science in Criminal Justice degree with a concentration in Security Management from Northeastern University.
He currently serves as the Chief Information Security Officer (CISO) for Texas.gov.

The HCISPP certification is a globally-recognized, vendor-neutral exam for healthcare information security and privacy professionals, created and administered by ISC2. The new HCISPP certification, focused on health care information security and privacy, is similar to the CISSP, but has only six domains and is narrowly targeted to the special demands of health care information security. Tim Virtue and Justin Rainey have created the HCISPP Study Guide to walk you through all the material covered in the exam's Common Body of Knowledge. The six domains are covered completely and as concisely as possible with an eye to acing the exam. Each of the six domains has its own chapter that includes material to aid the test-taker in passing the exam, as well as a chapter devoted entirely to test-taking skills, sample exam questions, and everything you need to schedule a test and get certified. Put yourself on the forefront of health care information privacy and security with the HCISPP Study Guide and this valuable certification. Provides the most complete and effective study guide to prepare you for passing the HCISPP exam - contains only what you need to pass the test, and no fluff! Completely aligned with the six Common Body of Knowledge domains on the exam, walking you step by step through understanding each domain and successfully answering the exam questions. Optimize your study guide with this straightforward approach - understand the key objectives and the way test questions are structured.

Chapter 3

Regulatory Environment

Abstract

This chapter discusses the fundamental legal and regulatory requirements that govern healthcare information. It will also review the importance of policies and procedures used by the organization when protecting healthcare information during data exchange.

Keywords

Data breach regulations

HIPAA

HITECH Act

Information flow

Policies

Procedures

Standards

Compensating controls

Residual risk

Code of Ethics

This chapter will help candidates

Understand the legal and regulatory environment for health information

Understand healthcare-related security and privacy frameworks

Understand regulatory requirements and controls

Understand code of conduct and ethics in a healthcare information environment

Legal issues that pertain to information security and privacy for healthcare organizations

Under the wide array of legal issues, healthcare organizations face several challenges around information security and privacy. In addition to there being high-level governance frameworks, many of the specific security and privacy requirements impact the operations of healthcare organizations. Although all healthcare organization employees have the responsibility for properly safeguarding healthcare information, security, and privacy, professionals are at the forefront of compliance with legal and regulatory requirements associated with healthcare delivery.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

In the United States, one of the most important healthcare laws is HIPAA. According to the Office for Civil Rights, “The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the HIPAA Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecured protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.” Although HIPAA contains several legislative mandates, the most relevant section to information security is the Administrative Simplification section. This section includes the standards for privacy, security, and enforcement. Figure 3.1 shows the relationship between the various elements of HIPAA.

Figure 3.1 Elements of HIPAA.

Select elements and definitions

As stated earlier, HIPAA has several elements and covers a number of issues that healthcare organizations must comply with. However, for exam preparation purposes we would like to highlight some select elements and definitions from HIPAA. According to the HIPAA, Public Law 104-191 (August 21, 1996), Subtitle F Administrative Simplification, Part C, Section 1171, the term “health information” means any information, whether oral or recorded in any form or medium, that:

1. Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

2. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and:

1. Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

a. That identifies the individual; or

b. With respect to which there is a reasonable basis to believe the information can be used to identify the individual.

Additionally, protected health information is defined by 45 CFR 160.103, and, as defined, is referenced in Section 13400 of Subtitle D (“Privacy”) of the Health Information Technology for Economic and Clinical Health Act (HITECH Act).

“Protected health information means individually identifiable health information [defined above]:

(1) Except as provided in paragraph

(2) of this definition, that is:

(i) Transmitted by electronic media;

(ii) Maintained in electronic media; or

(iii) Transmitted or maintained in any other form or medium.

(2) Protected health information excludes individually identifiable health information in:

(i) Education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;

(ii) Records described at 20 U.S.C. 1232g(a)(4)(B)(iv); and

(iii) Employment records held by a covered entity in its role as employer.”

The American Recovery and Reinvestment Act (ARRA) of 2009

The ARRA of 2009 was enacted to provide stimulus and recovery mechanisms in response to the great recession. Although there are many elements to ARRA, most of which are outside the scope of this book, we focus our discussions on select healthcare domains, specifically the HITECH Act and amendments to HIPAA.

The most significant changes to HIPAA now include:

The final Breach Notification Rule

Updates to business associate responsibilities

Expansion of the penalty consequences

Investigative authority for potential violations to the Attorney General of each state

With these changes to HIPAA, healthcare organizations were required to expand and enforce their own privacy and security structures as well as expand the controls to their business relationships and partners with whom they share healthcare information.

According to the Office for Civil Rights, “The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.” Figure 3.2 demonstrates the relationship between HITECH Act and HIPAA privacy and security rules. Specifically, they work together to ensure privacy and security concerns are properly addressed as healthcare organizations adopt and extend the meaningful use of health information technology (IT).

Figure 3.2 Relationship between HITECH and HIPAA.

International standards

When looking outside of U.S. boundaries, many international healthcare organizations face similar legal and regulatory challenges. Several countries are developing or adhering to regulations that require the protection of personally identifiable information used by healthcare organizations. Some of the more common laws and regulations include:

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) – Sets out ground rules for how private sector organizations may collect, use, or disclose personal information in the course of commercial activities.

European Commission Data Protection Legislation – Various legislation, documents, and guidance on the protection of personal data within the European Union.

UK Data Protection Act 1998 – Controls how organizations, businesses, or the government uses your personal information.

A culture of privacy and security

It is important to remember that employees take their cues from the organization’s senior leadership. When senior leaders place importance on proactive security and privacy programs, healthcare organizations can properly safeguard the personal health information (PHI) entrusted to them by the patients they serve. This “tone at the top” not only enables the right attitude when delivering patient care services but also ensures that privacy and security professionals have the resources they need. Although it is important to remember that every employee at a healthcare organization is responsible for safeguarding PHI, privacy and security professionals are charged with the protection of PHI on a daily basis. Although there can be subtle differences between the specific...

Erscheint lt. Verlag	18.12.2014
Sprache	englisch
Themenwelt	Informatik ► Netzwerke ► Sicherheit / Firewall
	Informatik ► Office Programme ► Outlook
	Medizin / Pharmazie ► Gesundheitswesen
ISBN-10	0-12-802089-X / 012802089X
ISBN-13	978-0-12-802089-0 / 9780128020890

Haben Sie eine Frage zum Produkt?

PDF (Adobe DRM)
Größe: 6,2 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

EPUB (Adobe DRM)
Größe: 5,2 MB

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.