Healthcare Information Security and Privacy

Healthcare Information Security and Privacy

by Sean Murphy
Released January 2015
Publisher(s): McGraw-Hill
ISBN: 9780071831826

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Secure and protect sensitive personal patient healthcare information

Written by a healthcare information security and privacy expert, this definitive resource fully addresses security and privacy controls for patient healthcare information. Healthcare Information Security and Privacy introduces you to the realm of healthcare and patient health records with a complete overview of healthcare organization, technology, data, occupations, roles, and third parties.

Learn best practices for healthcare information security and privacy with coverage of information governance, risk assessment and management, and incident response. Written for a global audience, this comprehensive guide covers U.S. laws and regulations as well as those within the European Union, Switzerland, and Canada.

Healthcare Information and Security and Privacy covers:

  • Healthcare industry
  • Regulatory environment
  • Privacy and security in healthcare
  • Information governance
  • Risk assessment and management
    •

    Table of contents

    1. Cover
    2. Title Page
    3. Copyright Page
    4. About the Author
    5. Dedication
    6. Contents
    7. Acknowledgments
    8. Introduction
    9. Part I: A Healthcare Organization and Information Risk Overview
      1. Chapter 1: Healthcare: Organization, Technology, and Data
        1. The Organization and Financing of Healthcare Delivery
          1. Patients
          2. Payers
          3. Providers
          4. Stakeholders
          5. Healthcare Across the Globe
        2. The Financial Components of Healthcare
          1. Claims Processing
          2. Payment Models
          3. Medical Billing
          4. Reimbursement
        3. Technology Specific to Healthcare
          1. Medical Devices
          2. Information Technology Networks
          3. Health Information Exchanges
          4. Electronic Health Record
          5. Personal Health Record
        4. Terminology and Data Standards
          1. Clinical Workflow
          2. Coding
          3. Data Interoperability and Exchange
        5. The Foundation of Health Data Management
          1. Information Flow and Life Cycle in the Healthcare Environments
          2. Health Data Characterization
          3. Legal Medical Record
        6. Chapter Review
          1. Review Questions
          2. Answers
        7. References
      2. Chapter 2: Healthcare: People, Roles, and Third-Party Partners
        1. Identifying Workforce Dynamics: Personnel, Professions, and Proficiency
          1. Nurses
          2. Physicians
          3. Physician Assistants
          4. Medical Technicians
          5. Administration
          6. Environmental Services
          7. Healthcare Organizational Behavior
        2. Third-Party Relationships
          1. Vendors
          2. Government as Third Party
          3. Nongovernment Regulators
          4. Public Health Reporting
          5. Clinical Research
          6. Health Records Management
          7. Administering Third Parties
        3. Chapter Review
          1. Review Questions
          2. Answers
        4. References
      3. Chapter 3: Healthcare Information Regulation
        1. Applicable Regulations
          1. Legal Issues
          2. Cross-Jurisdictional Impact
        2. Conforming Policies and Procedures with Regulatory Guidance
          1. Policies
          2. Procedures
          3. Notable Policies and Procedures
        3. Governance Frameworks to Manage Policies
          1. Configuration Control Board
          2. Information Management Council
          3. Data Incident Response Team
          4. Institutional Review Board
        4. International Regulations and Controls
          1. Organization for Economic Cooperation and Development Privacy Principles
          2. Safe Harbor Agreement
          3. EU Data Protection Directive
          4. International Organization for Standardization
          5. Generally Accepted Privacy Principles
        5. Chapter Review
          1. Review Questions
          2. Answers
        6. References
      4. Chapter 4: Information Risk Decision Making
        1. Using Risk Management to Make Decisions
        2. Information Risk Compliance Frameworks
          1. Measuring and Expressing Information Risk
          2. National Institute of Standards and Technology
          3. HITRUST
          4. International Organization for Standardization
          5. Common Criteria
          6. Factor Analysis of Information Risk
        3. Responses for Risk-Based Decision Making
          1. Residual Risk Tolerance
          2. Information Asset Protection Controls
          3. Corrective Action Plans
          4. Compensating Controls
          5. Control Variance Documentation
        4. Communication of Findings
        5. Provisioning Third-Party Connectivity
        6. Documenting Compliance
          1. NIST HIPAA Security Toolkit Application
          2. HIMSS Risk Assessment Toolkit
          3. The Information Governance Toolkit
        7. Chapter Review
          1. Review Questions
          2. Answers
        8. References
      5. Chapter 5: Third-Party Risk Management and Promoting Awareness
        1. Managing the Risk of Third-Party Relationships
          1. Purpose
          2. Methodology
          3. Types of Third-Party Arrangements
          4. Third Parties in the Healthcare Operations Context
          5. Tools to Manage Third-Party Risk
          6. Service Level Agreements
          7. Determining When Third-Party Assessment Is Required
          8. Support of Third-Party Assessments and Audits
        2. Promoting Information Protection Including Risk Management
          1. Training
          2. Internal Marketing
          3. Security Awareness Program Essentials
        3. Chapter Review
          1. Review Questions
          2. Answers
        4. References
      6. Chapter 6: Information Security and Privacy Events Management
        1. Definitions
        2. Timeline of Incident Activities
          1. Preparation
          2. Detection and Analysis
          3. Containment, Eradication, and Recovery
          4. Post-incident Activity
        3. Incident Notification and Remediation Efforts
          1. Preparation Phase
          2. Detection and Analysis Phase
          3. Containment, Eradication, and Recovery Phase
          4. Post-incident Activity
        4. Incidents Caused by Third Parties
          1. Preparation Phase
          2. Detection and Analysis Phase
          3. Containment, Eradication, and Recovery Phase
          4. Post-incident Activity
        5. External Reporting Requirements
          1. Law Enforcement
          2. Data Authorities (EU)
          3. Affected Individuals (Patients)
          4. Media
          5. Public Relations
          6. Secretary Health and Human Services
          7. Health Information Exchanges
        6. International Breach Notification
        7. Chapter Review
          1. Review Questions
          2. Answers
        8. References
    10. Part II: Healthcare Information Privacy and Security Management
      1. Chapter 7: Information Privacy: Patient Rights and Healthcare Responsibilities
        1. U.S. Approach to Privacy
        2. European Approach to Privacy
        3. Information Privacy Concepts and Terms
          1. Consent
          2. Choice
          3. Notice
          4. Collection Limitation
          5. Disclosure Limitation
          6. Retention of Data
          7. Legitimate Purpose
          8. Individual Participation
          9. Complaints and Enforcement
          10. Quality of Data
          11. Accountability
          12. Openness and Transparency
        4. Designation of Privacy Officer
        5. Promises and Obligations
        6. Data Protection Governing Authority
        7. Breach Notification
          1. United States
          2. European Union
          3. Canada
        8. Chapter Review
          1. Questions
          2. Answers
        9. References
      2. Chapter 8: Protecting Digital Health Information: Cybersecurity Fundamentals
        1. Evolving Information Security to Cybersecurity
          1. Information Security
          2. Cybersecurity
        2. The Guiding Principles of Security: Confidentiality, Integrity, Availability, and Accountability
          1. Confidentiality
          2. Integrity
          3. Availability
          4. Accountability
        3. Shaping Information Security
          1. Security Controls
          2. Security Categorization
          3. Defense-in-Depth
        4. General Security Definitions
          1. Access Control
          2. Data Encryption
          3. Training and Awareness
          4. Logging and Monitoring
          5. Vulnerability Management
          6. Segregation of Duties
          7. Least Privilege
          8. Business Continuity
          9. Data Retention and Destruction
          10. Configuration or Change Management
          11. Incident Response
        5. Chapter Review
          1. Questions
          2. Answers
        6. References
      3. Chapter 9: Impact of Information Privacy and Security on Health IT
        1. Ownership of Healthcare Information
          1. United States (HIPAA)
          2. European Union (DPD)
          3. United Kingdom
          4. Germany
        2. The Relationship Between Privacy and Security
          1. Dependency
          2. Integration
        3. Information Protection and Healthcare Technologies and Initiatives
          1. Medical Devices
          2. Cloud Computing
          3. Mobile Device Management
          4. Health Information Exchange
          5. Implementation of Electronic Health Records
        4. Data Breach Impact
          1. Organization Reputation
          2. Financial Impact
          3. Medical and Financial Identity Theft
          4. Patient Embarrassment
          5. Special Categories of Sensitive Health Data
        5. Chapter Review
          1. Questions
          2. Answers
        6. References
      4. Chapter 10: Workforce Competency in Healthcare
        1. Cybersecurity Workforce
          1. Global
          2. United States
          3. Healthcare Cybersecurity Workforce
          4. Convergence of Skill Sets
          5. Clinical Professions with New Cybersecurity Concerns
        2. Government Initiatives
          1. NICE
          2. NHS Cyber Initiative
          3. NH-ISAC
        3. Competency Measures
          1. Formal Education
          2. Training
          3. Credentials and Certifications
          4. Professional Organizations
          5. Internships
        4. Chapter Review
          1. Review Questions
          2. Answers
        5. References
      5. Chapter 11: Administering Risk Management and Cybersecurity
        1. The Attack
          1. The Anatomy of a Cyberattack
          2. Summary of the Attacks
        2. Defense Against the Attacks: Art and Science
          1. A Framework for the Process
          2. Cybersecurity Framework (CSF)
        3. Cyber Threat Vectors
          1. External
          2. Internal
          3. Penetration Testing
          4. Who Should Perform a Risk Assessment?
        4. Controlling for Cyberattack
        5. Protect
          1. Access Control
          2. Awareness and Training
          3. Data Security
          4. Information Protection Processes and Procedures
          5. Maintenance
          6. Protective Technology
        6. Chapter Review
          1. Questions
          2. Answers
        7. References
    11. Index

    Product information

    • Title: Healthcare Information Security and Privacy
    • Author(s): Sean Murphy
    • Release date: January 2015
    • Publisher(s): McGraw-Hill
    • ISBN: 9780071831826