Chapter 1. Introduction: The Long-Awaited Manual
Chapter 2. Waking the Sleeping Giant: A Brief History of Healthcare IT
Chapter 3. It's Not Just HIPAA: Legislating Privacy and Security
Chapter 4. Assembling the Team: Bringing the Right Human Resources to the Table
Chapter 5. Sifting Through the Wreckage: The Security Audit
Chapter 6. Review Your Policies and Develop a Plan: Strategies for Success
Chapter 7. Identity and Access Management: Know Your User Base
Chapter 8. Application Design: Maximum Efficiency or Minimum Necessary?
Chapter 9. Access Validation Process
Chapter 10. Physical and Environmental Safeguards: Security Beyond the Ones and Zeros
Chapter 11. Systemwide and Client-Based Security Configuration: Making Sure All the Pieces Fit Together
Chapter 12. Safeguarding Patient Data from Prying Eyes: Knowing Where Your PHI Resides
Chapter 13. People, the Most Crucial Element: Training the Masses to Respect the System
Chapter 14. Business Associates: The Human Resources Just Beyond Your Reach
Chapter 15. Security Project vs. Operational Support
Chapter 16. Putting the Plan in Place: Ongoing Maintenance and Life after the Security Project
Appendix A. Sample Business Associate Agreement
Appendix B. Sample Rules of Behavior for Privileged User Accounts
Appendix C. Breach Notification Process
Über den Autor
Bernard Peter Robichau is the owner and chief security consultant at Category 3 Partners, LLC, on contract with a large academic medical system in the mid-Atlantic. He is a Certified Professional in Health Information Management Systems, an Epic Certified Security Coordinator, and a Project Management Professional credential holder. He has nearly two decades of experience in the IT field with an emphasis on information security. Robichau has served as a security officer in the public sector and as a member on various information security advisory committees. He has presented on the topic of information security in public forums. For information related to this book, see its dedicated site at robichau.com.
The purpose of this book is to guide technical and administrative staff working in healthcare through the process of building secure, regulatory-compliant systems and processes that will assure patient confidentiality while avoiding costly penalties.