Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Title Page
Copyright Page
About the Author
Dedication
Contents
Acknowledgments
Introduction
Part I: A Healthcare Organization and Information Risk Overview
Chapter 1: Healthcare: Organization, Technology, and Data
The Organization and Financing of Healthcare Delivery
Patients
Payers
Providers
Stakeholders
Healthcare Across the Globe
The Financial Components of Healthcare
Claims Processing
Payment Models
Medical Billing
Reimbursement
Technology Specific to Healthcare
Medical Devices
Information Technology Networks
Health Information Exchanges
Electronic Health Record
Personal Health Record
Terminology and Data Standards
Clinical Workflow
Coding
Data Interoperability and Exchange
The Foundation of Health Data Management
Information Flow and Life Cycle in the Healthcare Environments
Health Data Characterization
Legal Medical Record
Chapter Review
Review Questions
Answers
References
Chapter 2: Healthcare: People, Roles, and Third-Party Partners
Identifying Workforce Dynamics: Personnel, Professions, and Proficiency
Nurses
Physicians
Physician Assistants
Medical Technicians
Administration
Environmental Services
Healthcare Organizational Behavior
Third-Party Relationships
Vendors
Government as Third Party
Nongovernment Regulators
Public Health Reporting
Clinical Research
Health Records Management
Administering Third Parties
Chapter Review
Review Questions
Answers
References
Chapter 3: Healthcare Information Regulation
Applicable Regulations
Legal Issues
Cross-Jurisdictional Impact
Conforming Policies and Procedures with Regulatory Guidance
Policies
Procedures
Notable Policies and Procedures
Governance Frameworks to Manage Policies
Configuration Control Board
Information Management Council
Data Incident Response Team
Institutional Review Board
International Regulations and Controls
Organization for Economic Cooperation and Development Privacy Principles
Safe Harbor Agreement
EU Data Protection Directive
International Organization for Standardization
Generally Accepted Privacy Principles
Chapter Review
Review Questions
Answers
References
Chapter 4: Information Risk Decision Making
Using Risk Management to Make Decisions
Information Risk Compliance Frameworks
Measuring and Expressing Information Risk
National Institute of Standards and Technology
HITRUST
International Organization for Standardization
Common Criteria
Factor Analysis of Information Risk
Responses for Risk-Based Decision Making
Residual Risk Tolerance
Information Asset Protection Controls
Corrective Action Plans
Compensating Controls
Control Variance Documentation
Communication of Findings
Provisioning Third-Party Connectivity
Documenting Compliance
NIST HIPAA Security Toolkit Application
HIMSS Risk Assessment Toolkit
The Information Governance Toolkit
Chapter Review
Review Questions
Answers
References
Chapter 5: Third-Party Risk Management and Promoting Awareness
Managing the Risk of Third-Party Relationships
Purpose
Methodology
Types of Third-Party Arrangements
Third Parties in the Healthcare Operations Context
Tools to Manage Third-Party Risk
Service Level Agreements
Determining When Third-Party Assessment Is Required
Support of Third-Party Assessments and Audits
Promoting Information Protection Including Risk Management
Training
Internal Marketing
Security Awareness Program Essentials
Chapter Review
Review Questions
Answers
References
Chapter 6: Information Security and Privacy Events Management
Definitions
Timeline of Incident Activities
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-incident Activity
Incident Notification and Remediation Efforts
Preparation Phase
Detection and Analysis Phase
Containment, Eradication, and Recovery Phase
Post-incident Activity
Incidents Caused by Third Parties
Preparation Phase
Detection and Analysis Phase
Containment, Eradication, and Recovery Phase
Post-incident Activity
External Reporting Requirements
Law Enforcement
Data Authorities (EU)
Affected Individuals (Patients)
Media
Public Relations
Secretary Health and Human Services
Health Information Exchanges
International Breach Notification
Chapter Review
Review Questions
Answers
References
Part II: Healthcare Information Privacy and Security Management
Chapter 7: Information Privacy: Patient Rights and Healthcare Responsibilities
U.S. Approach to Privacy
European Approach to Privacy
Information Privacy Concepts and Terms
Consent
Choice
Notice
Collection Limitation
Disclosure Limitation
Retention of Data
Legitimate Purpose
Individual Participation
Complaints and Enforcement
Quality of Data
Accountability
Openness and Transparency
Designation of Privacy Officer
Promises and Obligations
Data Protection Governing Authority
Breach Notification
United States
European Union
Canada
Chapter Review
Questions
Answers
References
Chapter 8: Protecting Digital Health Information: Cybersecurity Fundamentals
Evolving Information Security to Cybersecurity
Information Security
Cybersecurity
The Guiding Principles of Security: Confidentiality, Integrity, Availability, and Accountability
Confidentiality
Integrity
Availability
Accountability
Shaping Information Security
Security Controls
Security Categorization
Defense-in-Depth
General Security Definitions
Access Control
Data Encryption
Training and Awareness
Logging and Monitoring
Vulnerability Management
Segregation of Duties
Least Privilege
Business Continuity
Data Retention and Destruction
Configuration or Change Management
Incident Response
Chapter Review
Questions
Answers
References
Chapter 9: Impact of Information Privacy and Security on Health IT
Ownership of Healthcare Information
United States (HIPAA)
European Union (DPD)
United Kingdom
Germany
The Relationship Between Privacy and Security
Dependency
Integration
Information Protection and Healthcare Technologies and Initiatives
Medical Devices
Cloud Computing
Mobile Device Management
Health Information Exchange
Implementation of Electronic Health Records
Data Breach Impact
Organization Reputation
Financial Impact
Medical and Financial Identity Theft
Patient Embarrassment
Special Categories of Sensitive Health Data
Chapter Review
Questions
Answers
References
Chapter 10: Workforce Competency in Healthcare
Cybersecurity Workforce
Global
United States
Healthcare Cybersecurity Workforce
Convergence of Skill Sets
Clinical Professions with New Cybersecurity Concerns
Government Initiatives
NICE
NHS Cyber Initiative
NH-ISAC
Competency Measures
Formal Education
Training
Credentials and Certifications
Professional Organizations
Internships
Chapter Review
Review Questions
Answers
References
Chapter 11: Administering Risk Management and Cybersecurity
The Attack
The Anatomy of a Cyberattack
Summary of the Attacks
Defense Against the Attacks: Art and Science
A Framework for the Process
Cybersecurity Framework (CSF)
Cyber Threat Vectors
External
Internal
Penetration Testing
Who Should Perform a Risk Assessment?
Controlling for Cyberattack
Protect
Access Control
Awareness and Training
Data Security
Information Protection Processes and Procedures
Maintenance
Protective Technology
Chapter Review
Questions
Answers
References
Index
← Prev
Back
Next →
← Prev
Back
Next →