Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Title Page
Copyright Page
Dedication
About the Author
Contents at a Glance
Contents
Acknowledgments
Introduction
Chapter 1 Healthcare Industry
Types of Organizations in the Healthcare Sector
Patients
Providers
Healthcare Clearinghouse
Healthcare Organizational Behavior
Health Insurance
Healthcare Across the Globe
United States
Canada
United Kingdom
European Union
Japan
Stakeholders
Coding and Classification Systems and Standards
Diagnosis-Related Group (DRG)
International Classification of Diseases (ICD)
Systematized Nomenclature of Medicine Clinical Terms (SNOMED CT)
Additional Coding Systems
Revenue Cycle
Claims Processing and Third-Party Payers
Payment Models
The US Evolving Payment Model
Medical Billing
Transaction Standards
Reimbursement
Workflow Management
Clinical Workflow
Business Process Reengineering (BPR)
Value Stream Mapping (VSM)
Regulatory Environment
Patient Rights
Patient Care and Safety
Public Health Reporting
Clinical Research
Good Clinical Research Practice (GCP)
De-identification of Patient Information
Healthcare Records Management
Record Retention
Destruction of Patient Health Information
Access Control
Authentication, Authorization, and Accounting (AAA)
Third-Party Relationships
Vendors
Regulators
Other Third-Party Relationships
Administering Third Parties
Understand Foundational Health Data Management
Managing Information Flow and Lifecycle in Healthcare Environments
Data Lifecycle Management (DLM)
Health Data Characterization
Data Interoperability and Exchange
Health Level 7 (HL7)
Integrating the Healthcare Enterprise (IHE)
Digital Imaging and Communications in Medicine (DICOM)
Legal Medical Record
Chapter Review
Questions
Answers
References
Chapter 2 Information Governance in Healthcare
Security Governance
Board of Directors
Information Security Program
Information Security Steering Committee
Configuration Control Board
Information Management Council
Risk Management Steering Committee
Data Incident Response Team
Privacy Governance
Generally Accepted Privacy Principles
Data Governance Committee
Audit Committee (Board of Directors)
Institutional Review Board
Information Governance Roles and Responsibilities
Chief Information Security Officer
Chief Privacy Officer
Chief Data Officer
Information System Owner
Data Owner
Data Steward
Data Controller
Data Processor
Data Custodian
End User
Information Security and Privacy Policies and Procedures
Policies
Procedures
Notable Policies and Procedures
Sanction Policy
Configuration Management Plan
Code of Conduct or Ethics in a Healthcare Information Environment
Organizational Codes of Conduct in Healthcare
Organizational Codes of Ethics in Healthcare
(ISC)2 Code of Ethics
Chapter Review
Questions
Answers
References
Chapter 3 Information Technologies in Healthcare
Fostering Privacy and Security with HIT
Increased Exposure Affecting the Threat Landscape
Internal Threats to HIT Privacy and Security
External Threats to HIT Privacy and Security
Oversight and Regulatory Challenges
HIPAA and HIT
GDPR and HIT
Interoperability
Software and System Development
Levels of Interoperability
Medicare Access and CHIP Reauthorization Act of 2015
Information Technologies
Electronic Health Records
Internet of Medical Things
Medical Devices
Cloud Computing
Mobile Device Management
Health Information Exchange
Data Lifecycle Management
Phase 1: Create
Phase 2: Store
Phase 3: Use
Phase 4: Archive
Phase 5: Destroy
Third-Party Connectivity
Trust Models for Third-Party Interconnections
Technical Standards: Physical, Logical, Network Connectivity
Connection Agreements
Chapter Review
Questions
Answers
References
Chapter 4 Regulatory and Standards Environment
Identify Regulatory Requirements
Legal Issues Regarding Information Security and Privacy
Data Breach Regulations
Protected Personal and Health Information
Jurisdiction Implications
Data Subjects
Data Owners
Data Steward
Data Controller
Data Custodians
Data Processor
Research
Recognize Regulations and Controls of Various Countries
Treaties
Laws and Regulations
Understand Compliance Frameworks
Privacy Frameworks
Security Frameworks
Chapter Review
Questions
Answers
References
Chapter 5 Privacy and Security in Healthcare
Guiding Principles of Information Security: Confidentiality, Integrity, and Availability
Confidentiality
Integrity
Availability
Accountability
Understanding Security Concepts
Identity and Access Management
Access Control
Training and Awareness
Logging and Monitoring
Vulnerability Management
Segregation of Duties
Least Privilege (Need to Know)
Business Continuity
Disaster Recovery
System Backup and Recovery
Configuration, or Change Management
Incident Response
Understanding Privacy Concepts
US Approach to Privacy
European Approach to Privacy
Consent
Choice
Limited Collection
Legitimate Purpose
Purpose Specification
Disclosure Limitation
Transfer to Third Parties (or Countries)
Transborder Concerns
Access Limitation
Accuracy
Completeness
Quality
Management
Privacy Officer
Supervisory Authority
Processing Authorization
Accountability
Training and Awareness
Openness and Transparency
Proportionality
Use and Disclosure
Access
Individual Participation
Notice
Events, Incidents, and Breaches
The Relationship Between Privacy and Security
Dependency
Integration
Ownership of Healthcare Information
Understand Sensitive Data and Handling
Sensitivity Mitigation
Categories of Sensitive Data
Chapter Review
Questions
Answers
References
Chapter 6 Risk Management and Risk Assessment
Understand Enterprise Risk Management
Measuring and Expressing Information Risk
Identifying Information Assets
Asset Valuation Methods
Risk Components
Employing Security Controls
Assessing Residual Risk
Understand Information Risk Management Framework
NIST Risk Management Framework (RMF)
International Organization for Standardization
Centers for Medicare and Medicaid Services
Understand Risk Management Process
Quantitative vs. Qualitative Approaches
Intent
Information Lifecycle and Continuous Monitoring
Tools, Resources, and Techniques
Desired Outcomes
Role of Internal and External Audit and Assessment
Identify Control Assessment Procedures Using Organization Risk Frameworks
Participate in Risk Assessment According to Your Role
Information Gathering
Risk Assessment Estimated Timeline
Gap Analysis
Mitigating Actions
Communications and Reporting
Understand Risk Response
Use Controls to Remediate Risk
Administrative Controls
Physical Controls
Technical Controls
Participate in Continuous Monitoring
Chapter Review
Questions
Answers
References
Chapter 7 Third-Party Risk Management
Understand the Definition of Third Parties in the Healthcare Context
Maintain a List of Third-Party Organizations
Third-Party Role and Relationship with the Organization
Outsourcing
Third-Party Risk in the Cloud
Third-Party Risk in Data Disposition
Third-Party Risk in Nonmedical Devices
Health Information Use: Processing, Storage, Transmission
International Regulations for Data Transfer to Third Parties
Unauthorized Disclosure of Data Transferred to Third Parties
Apply Management Standards and Practices for Engaging Third Parties
Relationship Management
Determine When a Third-Party Assessment Is Required
Organizational Standards
Triggers of a Third-Party Assessment
Support Third-Party Assessments and Audits
Information Asset Protection Controls
Compliance with Information Asset Protection Controls
Communication of Results
Participate in Third-Party Remediation Efforts
Respond to Notifications of Security/Privacy Events
Internal Processes for Incident Response
Relationship Between Organization and Third-Party Incident Response
Breach Recognition, Notification, and Initial Response
Respond to Third-Party Requests Regarding Privacy/Security Events
Law Enforcement
EU Data Authorities
Affected Individuals
Media
Public Relations
Health Information Exchanges
Organizational Breach Notification Rules
Organizational Information Dissemination Policies and Standards
Risk Assessment Activities
Chain of Custody Principles
Promote Awareness of Third-Party Requirements
Information Flow Mapping and Scope
Data Sensitivity and Classification
Privacy and Security Requirements
Risks Associated with Third Parties
Chapter Review
Questions
Answers
References
Appendix About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Technical Support
Glossary
Index
← Prev
Back
Next →
← Prev
Back
Next →