The HIPAA Security Compliance- Getting Started Pack contains seven individual titles by industry expert Uday Ali Pabrai. These documents provide a framework for launching your HIPAA Security compliance initiatives. (These documents are available in electronic form only. No printed copies are available.) 1. HIPAA Security Rule: Administrative Requirements The Health Insurance Portability and Accountability Act of 1996 (HIPAA) security will be a pressing item for all covered entities to address. The compliance date for security is April 21, 2005. Larger organizations, such as those in the pharmacy industry as well as hospitals and state governments, have started to examine the requirements defined in the final Security Rule. This document establishes the core requirements for the final Security Rule, as well as addresses the impact of the HIPAA Privacy Rule on security and threats that enterprises face for electronic communication. Topics Addressed include the following: identifing the requirements of the HIPAA Security Rule’s design objectives and core categories (domains), describing key definitions and terminology emphasized in the final Security Rule, examining the full scope of the final HIPAA Security Rule implementation requirements for covered entities, analyzing the administrative requirements for covered entities associated with the Privacy Rule, and identifying threats to electronic Protected Health Information (e-PHI) communication over open networks such as the Internet. Pages 30+ 2. Seven Steps to HIPAA Security Compliance The HIPAA Security Rule identifies standards and implementation specifications that organizations have to meet to be in compliance. Organizations are beginning to consider steps to address HIPAA Security Rule requirements. The HIPAA Academy’s HIPAAShield methodology recommends seven specific steps that organizations focus on to launch HIPAA security-related initiatives. Beyond HIPAA. The HIPAAShield security methodology goes beyond the requirements of the HIPAA Security Rule to safeguard not just electronic Protected Health Information (PHI) but the organizations’ information assets as a whole. The methodology has also been influenced with the domains defined in the ISO 17799 and the BS 7799 security standards as well as the CobIT framework. The objective of this HIPAA Academy HIPAAShield Report is to provide detailed information to enable organizations to plan and organize key initiatives in order to meet compliance requirements. This is an invaluable reference guide that organizations may use to plan, organize and launch HIPAA Security activities. Pages: 30+ 3. HIPAA Security and Risk Analysis Risk analysis and information system activity review are required implementation specifications defined in the System Management Process standard in the HIPAA Security Rule. Business Impact Analysis (BIA) is a critical initial step in contingency planning. A BIA helps to identify and prioritize critical systems and components. Risk analysis and BIA are the initial activities that covered entities must launch to identify vulnerabilities as well as gaps related to compliance requirements. This document provides the blueprint you need to launch the security vulnerability assessment project as well as initiate the risk analysis, information system activity review and BIA processes. Topics addressed include: HIPAA Security Rule requirements for the risk analysis implementation specification, identifying vulnerability assessment tools to identify gaps in the security infrastructure, examining the Nessus product and how it may be used to identify security weaknesses, reviewing the Microsoft Baseline Security Analyzer product, and examining the importance of Business Impact Analysis (BIA) and its key components. Pages: 50+ 4. HIPAA Security and Role Based Access Control As more mission critical applications move on-line, covered entities are challenged to only provide access based on the user’s function within the organization. The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules require controlling access to information based on the user’s role within the organization. Access control is one of the three key security technology challenges facing organizations. The other two being authentication and security administration. The focus of this document is on access control, and in particular, the application of Role Based Access Control (RBAC) to meet the requirements of the final HIPAA Security Rule. Topics addressed include: the HIPAA Privacy Rule and Access Control, HIPAA Security Rule and Access Control, the Minimum Necessary Standard, Information Access Management, Types of Access Control, RBAC Solution Requirements, and Getting Started with RBAC. Pages 30+ 5. HIPAA Security & Contingency Planning Contingency planning is about a coordinated strategy that involves plans, procedures and technical measures to enable the recovery of systems, operations, and data after a disruption. The focus of this document is to review HIPAA Security Rule requirements for contingency planning. Based on the recommendations of the National Institute of Standards and Technology (NIST) we then identify the seven critical steps for the development of contingency plan solutions. This document provides the blueprint you need to launch contingency planning initiatives. Pages: 50+ 6. HIPAA Security & Authentication The focus of this document is on the HIPAA Security Rule requirement of person or entity authentication. Authentication is about verifying the identity of an individual or an entity. Digital identification is a major challenge of all businesses. This is especially true for the health care industry where we need to confirm the identity of the individual or entity accessing electronic Protected Health Information (e-PHI). In this document, we discuss the importance of strong authentication as a critical layer in establishing trusted digital identities. We then review several types of solutions to address the authentication requirement. These include Kerberos, tokens, smartcards, biometrics and digital certificates. We close the document with case studies based on RSA Security’s SecurID solution and ecfirst.com’s BioShield product. Topic addressed include: the Challenge of Digital Identities, HIPAA Security Rule and Authentication, core requirements for a password policy, understanding Kerberos authentication, examining token authentication, evaluating smartcard authentication, analyzing biometrics-based authentication, examining the role of digital certificates for authentication, and case studies of RSA Security’s SecurID and ecfirst.com’s BioShield solutions Pages: 50+ 7. Security Audit and HIPAA Evaluation An audit is a methodical examination and review of the defenses of the enterprise. The audit process itself must be based on the organization’s audit policy. Risk management and audit controls are essential elements of an organization’s security strategy. They provide the require information for a comprehensive evaluation of the organization’s compliance with the HIPAA Security Rule. Step 7 of the HIPAAShield Seven Steps to HIPAA Security ComplianceTM is about Evaluation. This document provides the blueprint you need to launch risk management, security audit and finally evaluation activities. The objective of this document is clear: to enable an organization to verify that it is compliant with all the requirements of the HIPAA Security Rule. Topics addressed in this publication include: examine HIPAA Security Rule requirements for risk management, audit controls and evaluation, examine the core elements of an organization’s audit policy, review the auditing capabilities of Microsoft’s Windows 2000 and Windows 2003 Server systems, and review the auditing capabilities of the Linux operating system. Document Details File size: 8300 KB File type: Adobe Acrobat (.pdf), Zipped (.zip) Delivery Method: Download *Please select the "No Shipment" delivery method when ordering this item to avoid shipping charges. CAPSRegular price: $209.65Sale price: $179.00 CAPS Now Available on CDNow you can order CAPS on a CD and it will be shipped to you based on shipping method selected. CAPSCDRegular price: $219.65Sale price: $189.00 *All orders placed after 12 p.m. CST Monday through Friday will process by next day, except for New Year's Day, Memorial Day, Independence Day, Labor Day, Thanksgiving Day, and Christmas Day. All other orders will process by next business day. *You are now on the HIPAA Academy e-Store site. To return to the home page of the HIPAA Academy Web-site, please click www.HIPAAacademy.Net.