The Definitive Guide to Complying With the HIPAA/Hitech Privacy and Security Rules

The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules is a comprehensive manual to ensuring compliance with the implementation standards of the Privacy and Security Rules of HIPAA and provides recommendations based on other related regulations and industry best practices.

The book is designed to assist you in reviewing the accessibility of electronic protected health information (EPHI) to make certain that it is not altered or destroyed in an unauthorized manner, and that it is available as needed only by authorized individuals for authorized use. It can also help those entities that may not be covered by HIPAA regulations but want to assure their customers they are doing their due diligence to protect their personal and private information. Since HIPAA/HITECH rules generally apply to covered entities, business associates, and their subcontractors, these rules may soon become de facto standards for all companies to follow. Even if you aren’t required to comply at this time, you may soon fall within the HIPAA/HITECH purview. So, it is best to move your procedures in the right direction now.

The book covers administrative, physical, and technical safeguards; organizational requirements; and policies, procedures, and documentation requirements. It provides sample documents and directions on using the policies and procedures to establish proof of compliance. This is critical to help prepare entities for a HIPAA assessment or in the event of an HHS audit. Chief information officers and security officers who master the principles in this book can be confident they have taken the proper steps to protect their clients’ information and strengthen their security posture. This can provide a strategic advantage to their organization, demonstrating to clients that they not only care about their health and well-being, but are also vigilant about protecting their clients’ privacy.

John ("Jay") Trinckes, Jr., CISSP, CISM, CRISC, CEH, NSA-IAM/IEM, MCSE-NT, A+, is the chief information security officer (CISO) for Path Forward IT, a managed service provider of IT and security services for the healthcare industry. Jay has previously worked as a senior information security consultant and authored The Executive MBA in Information Security, published by CRC Press in 2009. Trinckes has developed enterprise-level information security management programs for multiple clients and conducted countless successful internal/external vulnerability/penetration assessments and other technical compliance audits. He has been instrumental in developing policies, procedures, audit plans, compliance assessments, business impact analyses, and business continuity and disaster recovery plans for many clients. He also conducts security awareness training and other presentations related to information security. He provides a unique perspective on compliance as a result of his previous work experience as an information security risk analyst, IT manager, system administrator, and law enforcement officer.