Chapter 14

Regulatory Compliance for the Health-Care Sector

Chapter Objectives

After reading this chapter and completing the exercises, you will be able to do the following:

  • Explain health-care–related information cybersecurity regulatory compliance requirements.

  • Understand the components of a HIPAA/HITECH-compliant cybersecurity program.

  • Prepare for a regulatory audit.

  • Know how to respond to an ePHI security incident.

  • Write HIPAA-related policies and procedures.

  • Understand the HIPAA compliance enforcement process.

The genesis of health-care security–related legislation is the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Public Law 104-191). The original intent of the HIPAA regulation was to simplify and standardize ...

Get Developing Cybersecurity Programs and Policies, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.