map
communities home adv search contact us help
  Search Results
      New Search     
Search Results Found 231 items matching the query.

Items 1-200 of 231
Page
of 2
 

Current Query:
 
Description
10 Security Domains   AHIMA
Dougherty, Michelle
AHIMA Practice Brief, AHIMA Journal
2/2/04
This practice brief identifies the ten security domains that provide the foundation of security principles and practices, and provides a highlight of each domain's key principles.

2004 HIPAA Privacy & Security Compliance Survey   AHIMA
AHIMA
AHIMA
4/12/04
The results of a survey conducted by AHIMA to assess the current state of HIPAA privacy within the healthcare industry. These results are being released in conjunction with the first annual National Health Information Privacy and Security Week.

2008 HIMSS Security Survey   External
Healthcare Information and Management Systems Society
external web site
10/28/08
This report provides the results of a survey of IT and security professionals addressing security environments in healthcare organizations, including access to patient data, tracking and audit logs, network security, and medical identity theft.

2009 HIMSS Security Survey   External
Healthcare Information and Management Systems Society
external web site
11/3/09
This study addressed security enviroments, including access to patient data, access tracking and audit logs, and medical identity theft, as well as preparedness and approaches for meeting new privacy and security requirements contained in ARRA.

Access: the Missing HIM Practice Element (Resolution)   AHIMA
AHIMA House of Delegates
AHIMA Journal, AHIMA HoD Resolution
1/2/98
Resolution approved by the 1997 AHIMA House of Delegates October 19, 1997

Accounting and Tracking Disclosures of Protected Health Information   AHIMA
Dougherty, Michelle
AHIMA Practice Brief, AHIMA Journal
11/2/01
Addressing California’s New Privacy Laws: One Organization’s Strategy to Handle Stringent Breach Notification Laws   AHIMA
Birnbaum, Cassi L
AHIMA Journal column
4/2/09
Two new California laws hold providers, health plans, and individuals accountable for unauthorized access, use, or disclosure of medical information. This article describes how one hospital developed a strategy to deal with the laws' requirements.

Advocating for Unique Healthcare Identification (Resolution)   AHIMA
AHIMA House of Delegates
AHIMA Journal, AHIMA HoD Resolution
1/2/98
Resolution approved by the 1997 AHIMA House of Delegates October 19, 1997

AHIMA Comments on Breach Guidance   AHIMA
Rode, Dan
AHIMA Testimony/Comments, AHIMA Policy & Govt Relations
5/19/09
AHIMA Comments to FTC on Healthcare Breach Notification Rulemaking   AHIMA
Rode, Dan
AHIMA Testimony/Comments, AHIMA Policy & Govt Relations
5/29/09
AHIMA Written and Oral Testimony at the NCVHS Privacy, Confidentiality, and Security Subcommittee Hearing on Personal Health Records   AHIMA
Mon, Donald T.
AHIMA Testimony/Comments
5/20/09
Another Layer of Regulations: Research Under HIPAA (HIPAA on the Job series)   AHIMA
Amatayakul, Margret
AHIMA Journal
1/2/03
HIPAA presents special challenges to providers who perform research. In this article, we'll take a closer look at the actions required for use of protected health information (PHI) in research.

Assessing Privacy Risk in Outsourcing   AHIMA
Davino, Margaret
AHIMA Journal article
3/2/04
Healthcare providers can outsource transcription, but they can't outsource their obligation to safeguard privacy. Here's how to minimize risk.

Assessment of HIPAA Security Preparedness: Most Health Care Organizations Remain Noncompliant   External
URAC
external web site
1/2/04
In this report, URAC highlights the central challenges confronting covered entities and other organizations as they assess and upgrade their security programs.

Authorization to Disclose Information to the Social Security Administration (SSA)   Government
U.S. Social Security Administration
U.S. Government
4/2/09
This general and special authorization to disclose was developed to comply with the provisions regarding disclosure of medical, educational, and other information under HIPAA, FERPA, and State law.

Basics of Risk Analysis and Risk Management   Government
U.S. Centers for Medicare & Medicaid Services
U.S. Government
8/18/05
This paper, the sixth in a series intended to give guidance on the HIPAA security rule, reviews pertinent security rule implementation specifications and the basic concepts of risk analysis and management, and general steps to conduct assessments.

Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research   External
Nass, Sheryl J.; Levit, Laura A.; Gostin, Lawrence O.
external web site, Institute of Medicine, National Academies Press
1/9/09
In this report, the IOM's Committee on Health Research and the Privacy of Health Information concludes that the HIPAA Privacy Rule does not protect privacy as well as it should, and impedes important health research.

Breach Notification for Unsecured Protected Health Information; Interim Final Rule   Government
U.S. Dept. of Health and Human Services. Office of the Secretary.
U.S. Government, Federal Register
8/24/09
The Department of Health and Human Services (HHS) issued this interim final rule with a request for comments to require notification of breaches of unsecured protected health information.

Breach Notification Involving Protected Health Information   AHIMA
Adler, Peter
AHIMA Blog Post
4/15/09
Special series of AHIMA blog posts in conjunction with Health Information Privacy and Security Week

Breaches of Confidential Health Information   External
Connecting for Health
External - used with permission, Connecting for Health
4/6/06
This document is part of The Connecting for Health Common Framework, which is available in full and in its most current version here. The Common Framework will be revised and expanded over time.

California’s Privacy Pileup
: New State Laws Meet Even Newer Federal Regulations
   AHIMA
Dimick, Chris
AHIMA Journal article
8/2/09
In California, teasing apart state and federal breach notification laws highlights the challenges organizations everywhere face in determining their responsibilities under ARRA’s new privacy regulations.

Checklist For Disclosures To Law Enforcement Officers   AHIMA
Brandt, Mary D.
Sample Form, AHIMA Audio Seminar
6/14/05
Civil Money Penalties: Procedures for Investigations, Imposition of Penalties, and Hearings--Extension of Expiration Date   Government
U.S. Department of Health and Human Services
Federal Register, U.S. Government
9/15/04
This regulatory action extends the expiration date one year to avoid the disruption of ongoing HIPAA enforcement actions while HHS proceeds with rulemaking to develop a more comprehensive enforcement rule.

Clarification of the Use of Telecommunications Relay Services   Government
U.S. Federal Communications Commission
U.S. Government, Federal Register
7/7/04
The FCC clarifies that the use of Telecommunications Relay Services to facilitate telephone calls between health care professionals and patients does not violate the HIPAA Privacy Rule.

Complete Medical Record in a Hybrid EHR Environment. Part II: Managing Access and Disclosure   AHIMA
AHIMA Task Force
AHIMA Practice Brief, AHIMA E-HIM Task Force Report
10/20/03
Complete Medical Record in a Hybrid EHR Environment. Part II: Managing Access and Disclosure   AHIMA
AHIMA Task Force
AHIMA E-HIM Task Force Report
10/20/03
Download the complete e-HIM Task Force Report, The Complete Medical Record in a Hybrid EHR Environment.

Complete Medical Record in a Hybrid EHR Environment. Part III: Authorship of and Printing the Health Record   AHIMA
AHIMA Task Force
AHIMA Practice Brief, AHIMA E-HIM Task Force Report
10/20/03
Complete Medical Record in a Hybrid EHR Environment. Part III: Authorship of and Printing the Health Record   AHIMA
AHIMA Task Force
AHIMA E-HIM Task Force Report
10/20/03
Download the complete e-HIM Task Force Report, The Complete Medical Record in a Hybrid EHR Environment.

Complying with the Privacy Rule during a Disaster-Part 2   AHIMA
Halpert, Aviva M
AHIMA Journal column
5/2/08
This article, second in two-part series, outlines how healthcare organizations should deal with management and privacy-related aspects of dealing with a disaster.

Complying with the Privacy Rule during a Disaster—Part 1: An Overview of Plan Development, Data Backup, and Recovery   AHIMA
Halpert, Aviva M.
AHIMA Journal column
4/2/08
This article, the first in a two-part series, outlines how healthcare organizations should deal with plan development, data back-up, and recovery during a disaster.

Comprehensive Privacy and Security: Critical for Health Information Technology   External
Center for Democracy & Technology
external web site
5/15/08
This paper calls for the adoption of a comprehensive privacy and security framework for protecting health data as information technology is increasingly used to support data exchange.

Computer Recycling: Are you Legally Prepared   AHIMA
Harford, Joseph P.
AHIMA Journal column
3/2/03
How do you know if your organization is legally positioned to handle disposal of computer equipment (computer monitors, hard drives, printers, copiers, etc.) and the patient information data contained on them? This article will address these concerns.

Confidentiality of Alcohol and Drug Abuse Patient Records Regulation and the HIPAA Privacy Rule: Implications for Alcohol and Substance Abuse Programs   Government
U.S. Substance Abuse and Mental Health Services Administration. Center for Substance Abuse Treatment
U.S. Government
6/4/04
This guidance applies to substance abuse treatment programs that are also covered entities as defined by the Privacy Rule. See also hipaa.samhsa.gov/Part2ComparisonCleared.htm.

Confidentiality of Medical Records: A Situation Analysis and AHIMA's Position   AHIMA
AHIMA
AHIMA Position Statement
Consent for Uses and Disclosures of Information (Updated)   AHIMA
Hjort, Beth
AHIMA Practice Brief
10/28/02
Contingency Planning Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology   Government
Swanson, Marianne, et al.
U.S. Government
12/2/01
This document provides instructions, recommendations, and considerations for government IT contingency planning, which refers to interim measures to recover IT services following an emergency or system disruption.

Data Theft and State Law: When Data Breaches Occur, 34 States Require Organizations to Speak Up   AHIMA
Wernick, Alan S.
AHIMA Journal article
11/2/06
Thirty-four states currently require that organizations notify individuals whose personal data have been exposed in a security breach. Healthcare entities should have policies and plans in place.

Defining and Disclosing the Designated Record Set and the Legal Health Record   AHIMA
Dougherty, Michelle; Washington, Lydia
AHIMA Practice Brief, AHIMA Journal
4/2/08
This practice brief identifies the purposes of the designated record set and the legal health record for healthcare organizations and provides guidelines for disclosing health records from each set.

Defining the Designated Record Set (AHIMA Practice Brief)   AHIMA
Hughes, Gwen
AHIMA Practice Brief, AHIMA Journal
1/2/03
Organizations struggle to decide what should and should not be considered their designated record set, which is defined and discussed in the HIPAA privacy rule. This article attempts to provide covered entities with additional guidance.

Defining the Personal Health Information Management Role   AHIMA
AHIMA Personal Health Record Practice Council
AHIMA Practice Brief, AHIMA Journal
6/2/08
The transition to patient-centric records challenges HIM professionals to realign their thinking about health information management. They must begin to consider their roles and responsibilities in the arena of personal health information management.

Developing Breach Notification Policies and Procedures: An Overview of Mitigation and Response Planning   AHIMA
Rhodes, Harry
AHIMA
8/24/09
A successful breach notification plan encompasses more than just a method for promptly notifying the victims of a security breach event. To be effective the breach notification process must be part of a comprehensive information security plan.

Dilemma of Psychotherapy Notes and HIPAA   AHIMA
Nicholson, Ruby
AHIMA Journal article
2/2/02
This article provides guidance on complying with the HIPAA privacy regulations for HIM professionals in behavioral health settings.

Does the Privacy Rule Hinder Patient Care?   AHIMA
Burrington-Brown, Jill
AHIMA Journal column
10/2/04
This "In Confidence" column examines the pitfalls covered entities may encounter in trying to balance strengthened patient privacy protection with improving provider access to information.

Draft Model Personal Health Record (PHR) Privacy Notice & Facts-At-A-Glance   Government
U.S. Dept of Health and Human Services
U.S. Government
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

Due Diligence in Moderation: Disclosing PHI (HIPAA on the Job)   AHIMA
Amatayakul, Margret
AHIMA Journal
9/2/03
a road map for creating a framework that provides reasonable assurances to those who must apply professional judgment in making disclosures to personal representatives, those involved in a patient's care, and other covered entities

E-mail as a Provider-Patient Electronic Communication Medium and Its Impact on the Electronic Record   AHIMA
AHIMA Task Force
AHIMA Practice Brief, AHIMA E-HIM Task Force Report
10/20/03
E-mail as a Provider-Patient Electronic Communication Medium and Its Impact on the Electronic Record   AHIMA
AHIMA Task Force
AHIMA E-HIM Task Force Report
10/20/03
Download the complete e-HIM Task Force Report, E-mail as a Provider-Patient Electronic Communication Medium and Its Impact on the Electronic Health Record.

EHR: Benefits for Privacy and Security   AHIMA
AHIMA Professional Practice Team
HIP&S Week, AHIMA Presentation
2/2/05
This presentation focuses on key benefits regarding privacy and security of the electronic health record and discuss best practices in maintaining the privacy and security of patient information.

EHR: Benefits for Privacy and Security   AHIMA
AHIMA Professional Practice Team
HIP&S Week, AHIMA Presentation
2/2/05
Download Powerpoint presentation

Electronic Record, Electronic Security   AHIMA
Hagland, Mark
AHIMA Journal article
2/2/04
New technologies are enhancing the ability to protect patient information. But there's more to successful implementation than just what's inside the box.

Electronic Signature, Attestation, and Authorship (Updated)   AHIMA
AHIMA e-HIM Workgroup: Best Practices for Electronic Signature and Attestation
AHIMA Practice Brief, AHIMA E-HIM Task Force Report
11/2/09
This practice brief provides insight into the technology used to implement e-signatures, the related health IT standards, the regulatory environment, and recommendations on best practices.

Encouraging the Use of, and Rethinking Protections for De-Identified (and "Anonymized") Health Data   External
Center for Democracy & Technology
external web site
6/25/09
This paper argues for setting different levels of anonymization for different uses of data, requiring greater accountability for re-identification, and enforcing existing policies designed to place limits on the amount of data collected and retained.

Enhanced Protections for Uses of Health Data: a Stewardship Framework for ‘Secondary Uses’ of Electronically Collected and Transmitted Health Data   Government
National Committee on Vital and Health Statistics
U.S. Government
12/19/07
Report to the Secretary of the U.S. Department of Health and Human Services

Enhancing Protections for Uses of Health Data: a Stewardship Framework. Summary for Policy Makers   Government
National Committee on Vital and Health Statistics
U.S. Government
4/24/08
This summary, which slightly expands the Executive Summary of the December 2007 re¬port but makes no substantive changes to it, is intended for policy audiences and others with a stake in the uses of health data.

Facsimile Transmission of Health Information   AHIMA
Davis, Nancy, et al.
AHIMA Practice Brief, AHIMA Journal
8/15/06
This practice brief recommends periodic review of organizational fax policies and practices to ensure the best privacy protections are in place for exchange of protected health information.

Fair Credit Reporting Medical Information   Government
U.S. Department of the Treasury, Federal Reserve System, FDIC, National Credit Union Admin.
Federal Register, U.S. Government
4/28/04
Notice of proposed rulemaking.

Fighting Fraud with the Red Flags Rule: a How-To Guide for Business   Government
Federal Trade Commission
U.S. Government, external web site
4/7/09
FTC guidance for complying with the Red Flags Rule by the May 1, 2009 deadline

Following the Digital Trail: Weak Auditing Functions Spell Trouble for an Electronic Record   AHIMA
Rollins, Gina
AHIMA Journal article
3/2/06
Not all EHR products deliver strong audit and verification functions. A key HIM consideration is not always a key product feature.

Getting Information Rights Right: Identifying the Rights-related Issues in Health Information Exchange   AHIMA
Waller, Adele
AHIMA Journal article
11/2/06
To protect the information rights of both individuals and organizations, RHIOs must identify and address the issues from the outset.

Great PHRontier: Private Business Stakes a Claim in Personal Health Records   AHIMA
Dimick, Chris
AHIMA Journal article
6/2/08
Interoperability, privacy, security, consumer adoption, and provider acceptance are the rivers, mountains, and bears of the PHRontier. Success lies far down the trail. Only time will tell how far recent entrants will travel and who will survive.

Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements ... [of ARRA]   Government
U.S. Dept. of Health and Human Services. Office of the Secretary.
U.S. Government, Federal Register
4/27/09
guidance and request for information

Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) [DRAFT]   Government
McCallister, Erika; Grance, Tim; Scarfone, Karen
U.S. Government, National Institute of Standards and Technology
1/13/09
This report is intended to assist Federal organizations in identifying PII and determining what level of protection each instance of PII requires, based on the potential impact of a breach of the PII's confidentiality.

Handling Security Breaches Under HIPAA: a Legal Perspective   AHIMA
Gradle, Brian D.
In Confidence, Web extra
8/2/03
This article gives a brief discussion on the provisions of the HIPAA Privacy Rule are given followed by a series of information security breach scenarios with the appropriate privacy-rule-compliant responses.

Health Breach Notification Rule [interim proposed rule]   Government
U.S. Dept. of Health and Human Services. Office of the Secretary.
U.S. Government, Federal Register
4/20/09
Notice of proposed rulemaking; request for public comment.

Health Breach Notification Rule; Final Rule   Government
U.S. Federal Trade Commission
U.S. Government, Federal Register
8/25/09
This rule, issued by the FTC, requires vendors of personal health records and related entities to notify consumers when the security of their individually identifiable health information has been breached.

Health Data Access, Use, and Control   AHIMA
Burrington-Brown, Jill; Hjort, Beth; Washington, Lydia
AHIMA Practice Brief, AHIMA Journal, AHIMA E-HIM Task Force Report
5/2/07
The increasing use of electronic health data raises the industry's need to define stakeholder rights and responsibilities, and requires an increasing focus on the importance of data stewardship.

Health Information Security and Privacy Collaboration Toolkit   Government
HISPC
U.S. Government, RTI International, external web site
7/30/07
This toolkit, developed by the AHRQ and ONC joint-funded HISPC project, provides guidance for conducting organization-level assessments of business practices, policies, and State laws that govern the privacy and security of health information exchange.

Health Information Security and Privacy Collaboration: Action and Implementation Manual   Government
Dimitropoulos, Linda
U.S. Government, RTI International
6/2/09
This manual serves as a guide to the use of the tools, materials, and processes developed as part of HISPC Phase III.

Health Information: First-Year Experiences under the Federal Privacy Rule   Government
U.S. Government Accountability Office
U.S. Government
9/3/04
This GAO report examines the experience of care providers, health plans and others in complying and dealing with the new federal privacy rule implemented under HIPAA.

Health Insurance Portability and Accountability Act Privacy Rule and Patient Access to Medical Records   External
Tossell, Beth, Stewart. Emily, Goldman, Janlori
AARP Public Policy Institute, external web site
2/15/06
The goal of this report is to detail the provisions of the Privacy Rule, which grants patients access to their medical records, and to discuss the ability of health care providers and health plans to share patient information electronically.

Health Insurance Reform: Security Standards; Final Rule   Government
U.S. Centers for Medicare & Medicaid Services
U.S. Government, Federal Register
2/20/03
Word version of Security Rule

Health IT Privacy and Security Toolkit   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
Compilation of the toolkit documents

Health Law Issues Raised by Hurricane Katrina   External
Vinson & Elkins L.L.P.
external web site
9/5/05
A special health law alert to provide information to assist those actively involved in addressing the displacement of patients in need of medical care.

Health Privacy: Regulation Enhances Protection of Patient Records but Raises Practical Concerns   Government
U.S. General Accounting Office
U.S. Government
2/8/01
Health Record Paradigm Shift: Consumer Health Informatics Status in the United States   AHIMA
Fox, Leslie Ann
IFHRO Congress, AHIMA Convention
10/15/04
This paper addresses a PHR vision and its potential for improving quality, safety, cost, and convenience of healthcare; current progress in implementing EHRs, integral to creating PHRs; and consumer needs that will create a new role for HIM professionals.

Healthcare Organizations Must Create Consistent Privacy and Security Practices   AHIMA
AHIMA House of Delegates
AHIMA HoD Resolution
10/12/08
Resolution approved by the AHIMA House of Delegates October 12, 2008

HIPAA Privacy and Security Training (Updated)   AHIMA
Hjort, Beth
AHIMA Practice Brief
11/21/03
HIPAA's privacy and training rules independently address training requirements. This practice brief offers guidelines to covered entities to aid in implementation and suggests the efficacy of combining privacy and security training efforts.

HIPAA Privacy Checklist   AHIMA
Hjort, Beth
AHIMA Practice Brief, AHIMA Journal
6/2/01
HIPAA Privacy Guidance. Business Associates   Government
U.S. Office for Civil Rights
U.S. Government
12/2/02
text of entire guidance available here.

HIPAA Privacy Guidance. Incidental Uses and Disclosures.   Government
U.S. Office for Civil Rights
U.S. Government
12/2/02
text of entire guidance available here.

HIPAA Privacy Guidance. Uses and Disclosures for Treatment, Payment, and Health Care Operations   Government
U.S. Office for Civil Rights
U.S. Government
12/2/02
text of entire guidance available here.

HIPAA Privacy Implementation Issues in Pennsylvania Healthcare Facilities   AHIMA
Firouzan, Patricia Anania, McKinnon, James
Perspectives in HIM 1:3
4/30/04
Research findings suggest that HIM professionals continue to be involved with many areas of the privacy rule, have taken on new responsibilities due to the rule, and have seen their level of importance within their facilities increased.

HIPAA Privacy Rule's Right of Access and Health Information Technology   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment: Introduction   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

HIPAA Privacy Rule and Public Health   Government
U.S. DHHS. Office of Inspector General, U.S. DHHS. Centers for Disease Control
U.S. Government
4/11/03
Guidance from CDC and the U.S. Department of Health and Human Services

HIPAA Privacy Rule and the Privacy and Security Framework: Accountablity Principle and FAQs   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

HIPAA Privacy Rule and the Privacy and Security Framework: Collection, Use, and Disclosure Principle and FAQs   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

HIPAA Privacy Rule and the Privacy and Security Framework: Correction Principle and FAQs   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

HIPAA Privacy Rule and the Privacy and Security Framework: Individual Choice Principle and FAQs   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

HIPAA Privacy Rule and the Privacy and Security Framework: Openness and Transparency Principle and FAQs   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

HIPAA Privacy Rule and the Privacy and Security Framework: Safeguards Principle and FAQs   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

HIPAA Privacy Rule: Disclosures for Emergency Preparedness - A Decision Tool [External]   Government
U.S. Dept. of Health and Human Services. Office for Civil Rights
U.S. Government
6/27/06
This is an interactive decision application to help emergency preparedness and recovery planners determine how to use health information about people with disabilities and others in emergency planning efforts.

HIPAA Reins in Shadow Charts, Independent Databases (HIPAA on the Job)   AHIMA
Amatayakul, Margret
AHIMA Journal
10/2/03
This article discusses how the HIPAA Privacy and Security standards provide the opportunity to rein in problems associated with shadow charts and independent databases.

HIPAA Security Guidance   Government
U.S. Centers for Medicare & Medicaid Services
U.S. Government
1/3/07
This document is intended to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of Electronic Protected Health Information (EPHI).

HIPAA Security Overview   AHIMA
Quinsey, Carol Ann
AHIMA Practice Brief, AHIMA Journal
4/2/04
This practice brief provides a succinct overview of the security rule, along with some of the background and basic concepts needed to understand it. Skills HIM professionals have that may aid in implementing the rule in their organizations are outlined.

HIPAA Security: Don't Disband the Committee Just Yet   AHIMA
Brown, Stephen C.
AHIMA Journal column
5/2/05
This "In Confidence" column addresses some steps you can take to keep your compliance with the HIPAA Security Standards current.

Homeland Security and HIM (AHIMA Practice Brief)   AHIMA

AHIMA Practice Brief, AHIMA Journal
6/2/04
This practice brief provides a brief analysis of the Homeland Security and Patriot Acts, background about mandatory reporting of health information, and an overview of syndromic reporting, as well as practical advice for responding to requests for PHI.

Homeland Security and HIM. Appendix A: Mandatory Reporting--Balancing Patients' Privacy Rights with Public Health Interests   AHIMA

Web extra, AHIMA Practice Brief attachment
6/2/04
This document is an appendix to the practice brief "Homeland Security and HIM," Journal of AHIMA vol. 76, no. 6 (2004).

Hurricane Katrina and the HIPAA Privacy Rule   External
Tovino, Stacey A.
external, Health Law Perspectives, Health Law & Policy Institute, University of Houston
9/5/05
This paper concludes that the Privacy Rule was not designed to interfere with the provision of health care or the coordination of disaster relief efforts.

Hurricane Katrina Bulletin: HIPAA Privacy and Disclosures in Emergency Situations   Government
U.S. DHHS. Office for Civil Rights
U.S. Government
9/2/05
This bulletin explains how the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients in receiving the care they need.

Hurricane Katrina Bulletin: HIPAA Privacy Rule Compliance Guidance and Enforcement Statement for Activities in Response to Hurricane Katrina   Government
U.S. DHHS. Office for Civil Rights
U.S. Government
9/9/05
This guidance shows how the HIPAA Privacy Rule applies to the gathering and providing of medical and prescription records for hurricane evacuees, and describes the Office for Civil Rights’ enforcement approach in light of these emergency circumstances.

Hurricane Katrina: HIPAA Privacy and Electronic Health Records of Evacuees   Government
Stevens, Gina Marie
U.S. Government, Congressional Research Service
1/23/07
This report discusses HHS' waiver of certain provisions of the HIPAA Privacy Rule in response to Hurricane Katrina, and the compliance and enforcement guidance with respect to the Privacy Rule issued by HHS.

Identity Theft and Fraud--the Impact on HIM Operations   AHIMA
Davis, Nancy, Lemery, Chrisann, Roberts, Kim
AHIMA Practice Brief, AHIMA Journal
4/2/05
This practice brief helps you understand the issues involved in identity theft, offers practical measures for your organization to prevent identity theft, respond to an identity theft event, or assist victims of identity theft.

Impact of Federal Stimulus Efforts on the Privacy and Security of Health Information in California   External
California HealthCare Foundation, Manatt Health Solutions, and Robert Mittman
external web site, California HealthCare Foundation
5/15/09
This issue brief discusses changes to the California health privacy environment in the wake of ARRA.

Implementing the Minimum Necessary Standard   AHIMA
Amatayakul, Margret, Brandt, Mary D., Dennis, Jill Callahan
AHIMA Practice Brief, AHIMA Journal
10/2/02
The challenge with implementing the minimum necessary standard, required by HIPAA's privacy rule, is defining what is reasonably necessary and determining how uses, disclosures, and requests will be managed in the non-automated and automated worlds.

Information Governance: a Framework for Handling Personal Information   AHIMA
Nicholson, Lorraine
IFHRO Congress, AHIMA Convention
10/15/04
This presentation will introduce the audience to the English National Health Service Information Authority's Information Governance Framework.

Information Security is for Everyone   AHIMA
AHIMA
AHIMA Presentation, HIT Week
7/12/03
Download Powerpoint presentation

Information Security: a Checklist for Healthcare Professionals   AHIMA
Carpenter, Jennifer E.
AHIMA Practice Brief
1/15/00
Information Security: an Overview   AHIMA
Quinsey, Carol Ann, Brandt, Mary D.
AHIMA Practice Brief
11/20/03
Information Security: Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains   Government
U.S. Government Accountability Office
U.S. Government
6/27/08
In this report, the GAO found that federal information may remain at increased risk of unauthorized disclosure, loss, and modification.

Integrating Privacy and Security: Coordination Benefits HIPAA Compliance Efforts   AHIMA
Adler, M. Peter
AHIMA Journal article
4/2/08
Privacy and security are meant to work in tandem—so why have they grown up apart? An organization that coordinates its compliance efforts can maximize resources and increase effectiveness.

Intrusion Detection FAQ   External
SANS (SysAdmin, Audit, Network, Security) Institute
external web site
6/12/03
"The Internet's most trusted site for vendor neutral intrusion detection information."

Is Your NPP Your Best Defense?   AHIMA
Lee, Michael R.
AHIMA Journal column
4/2/03
This article will discuss specific design and content requirements for the uses and disclosures section of your Notice of Privacy Practices to defend your organization's actions in the event of a privacy-related civil action.

IT Contingency Plan to Meet HIPAA Security Standards   AHIMA
Nutten, Sandra, Mansueti, Chris
AHIMA Journal article
2/2/04
HIPAA security standards require your organization to have a contingency plan. Here's the how-to for a plan that measures up.

IT Standards for PHRs: Are PHRs Ready for Standards? Are Standards Ready for PHRs?   AHIMA
Heubusch, Kevin
AHIMA Journal article
6/2/08
The personal health record market looks like a blur, but organizing around common technical standards will help PHRs gain traction with providers, payers, and consumers.

Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records   Government
U.S. Dept of Health and Human Services, U.S. Dept of Education
U.S. Government
11/27/08
The purpose of this guidance is to explain the relationship between FERPA and HIPAA Privacy Standards, and to address confusion on the part of school administrators, health care professionals, and others as to how these two laws apply to student records.

Journal Q&A (9/02)   AHIMA
AHIMA Professional Practice Team
AHIMA FAQ
9/2/02
What is a virtual shredder?

Journal Q&A (1/03)   AHIMA
AHIMA Professional Practice Team
AHIMA FAQ
1/2/03
Is faxing patient information legal under HIPAA?

Law Enforcement Request For Records   AHIMA
Brandt, Mary D.
Sample Form, AHIMA Audio Seminar
6/14/05
Laws and Regulations Governing the Disclosure of Health Information (Updated)   AHIMA
Hughes, Gwen
AHIMA Practice Brief, AHIMA Journal
11/13/02
An outline of the laws and regulations at both the federal and state level that govern the confidentiality of health information and recommendations for complying with them.

Leading the HIPAA Privacy Risk Assessment   AHIMA
Callahan-Dennis, Jill
AHIMA Convention
10/10/01
PDF

Letter to the Secretary: Recommendations regarding Privacy and Confidentiality in the Nationwide Health Information Network   Government
National Committee on Vital and Health Statistics
U.S. Government
6/22/06
A report and recommendations from NCVHS

Managing Audit Trails   AHIMA
Nunn, Sandra
AHIMA Journal column
9/2/09
Audit trails are records with retention requirements, and must be included when managing EHR content. Legal and compliance needs drive audit trail management, but IT departments face challenges in storing these large volumes of data.

Managing Health Information Relating to Infection with HIV   AHIMA
Carpenter, Jennifer E.
AHIMA Practice Brief
5/15/99
Managing the Security of Information (Resolution 1997 House of Delegates)   AHIMA
AHIMA Information Security Task Force
AHIMA Journal, AHIMA HoD Resolution
1/2/98
Resolution approved by the 1997 AHIMA House of Delegates October 19, 1997

Marketing Privacy: HIPAA's New Sales Pitch   AHIMA
Rhodes, Harry
AHIMA Convention
10/10/01
PDF

Medical Records Copying Charges   External
Lamb, Thomas J.
external web site, LambLawOffice.com
3/31/09
This web site, updated annually, outlines state statutes that control the amount doctors, hospitals, and other health care providers can charge a patient or a patient's attorney or law firm for copies of their medical records.

Mitigating Medical Identity Theft   AHIMA
AHIMA e-HIM Work Group on Medical Identity Theft
AHIMA Practice Brief, AHIMA Journal, AHIMA E-HIM Task Force Report
7/2/08
This practice brief explores medical identity theft, its ramifications, and how HIM professionals and others can work together to prevent, investigate, and mitigate the damages it causes.

Model Breach Notification Letter: Content and Format   AHIMA
AHIMA

8/24/09
Federal and state regulation establishes varying high-level content for notification letters. This model offers a compilation of suggested elements and format.

Model Contract for Health Information Exchange   External
Connecting for Health
External - used with permission, Connecting for Health
4/6/06
This document is part of The Connecting for Health Common Framework, which is available in full and in its most current version here. The Common Framework will be revised and expanded over time.

National Health Information Privacy and Security Week: Understanding the HIPAA Privacy and Security Rules   AHIMA
AHIMA
AHIMA Presentation, HIPS Week
4/12/04
Download Powerpoint presentation.

Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
This document lays out principles to establish a single, consistent approach for addressing privacy and security challenges related to electronic health information exchange.

Nationwide Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight   Government
U.S. Dept of Health and Human Services, Office of the Inspector General
U.S. Government
10/27/08
This report evaluates the effectiveness of CMS's oversight and enforcement of covered entities' implementation of the HIPAA Security Rule.

Notice of Privacy Practices   AHIMA
Hughes, Gwen
AHIMA Practice Brief, AHIMA Journal
11/13/02
This practice brief supplants information contained in earlier versions of the practice brief "Notice of Information Practices."

Notice to the Secretary of HHS of Breach of Unsecured Protected Health Information   Government
U.S. Dept. of Health and Human Services. Office for Civil Rights
U.S. Government
10/2/09
Notification form for reporting breaches of PHI. Online form available here.

Notification of Misuse or Breach   External
Connecting for Health
External - used with permission, Connecting for Health
6/25/08
This document is part of The Connecting for Health Common Framework for Networked Personal Health Information, which is available in full and in its most current version here.

On the Front Lines of Healthcare Privacy: an AHIMA Roundtable   AHIMA
AHIMA
HIP&S Week, AHIMA Report
4/9/07
On the eve of the 4th anniversary of implementation of the HIPAA privacy standards, AHIMA spoke with four privacy professionals about the changing privacy and security landscape and the role of privacy officer.

Parental Proxy Access via Web Portals: Ensuring Compliance and Quality Documentation   AHIMA
Green-Shook, Sheila
AHIMA Journal column
7/2/09
Organizations must address a number of issues before allowing parents to access their children’s medical records via Web portals.

Path to Security Breach Notification Regulation   AHIMA
Rhodes, Harry
AHIMA
8/24/09
An environmental scan of state security breach notification laws.

Patient-centered E-mail: Developing the Right Policies   AHIMA
Murphy, Gretchen
AHIMA Journal article
3/2/00
Patient-friendly Approach to the Record Amendment Process   AHIMA
Thieleman, William
AHIMA Journal article
5/2/02
HIPAA promises patients the right to access and amend their medical records, but HIM departments are responsible for making it happen.... The author offers ideas from experts on designing an access and amendment process.

Patient Access and Amendment to Health Records   AHIMA
Hughes, Gwen
AHIMA Practice Brief, AHIMA Journal
5/15/01
Patient Anonymity (Updated)   AHIMA
Rhodes, Harry B.
AHIMA Practice Brief, AHIMA Journal
5/15/01
Patient Photography, Videotaping, and Other Imaging (Updated)   AHIMA
Hjort, Beth, Brandt, Mary D., Carpenter, Jennifer
AHIMA Practice Brief, AHIMA Journal
6/2/01
Patient Privacy in the Era of Health Information Technology: Overview of the Issues   External
George Washington University School of Public Health and Public Services
external web site
2/15/09
PCASSO: A Model for Safe Use of the Internet in Healthcare   AHIMA
Baker, Dixie B.
AHIMA Journal article
3/2/00
Personal Health Records and the HIPAA Privacy Rule   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
Guidance from the OCR

Perspectives on Managing Regulations: HIPAA   AHIMA
Davis, Nancy, Lemery, Chrisann
AHIMA Convention
10/15/04
The privacy and security officers of WEA Trust and Ministry Health Care discuss how they devised plans for HIPAA mandate to be in compliance with the Privacy Rule and Security Rule.

PHRs and Physician Practices   AHIMA
Fahrenholz, Cheryl Gregg, Buck, Stacie L
AHIMA Practice Brief, AHIMA Journal
4/2/07
This practice brief outlines the issues physician practices encounter as patients increasingly utilize PHRs, and explores the decisions physician practices must make as they develop policies and procedures to support patients.

Physical Security and HIPAA: What You Need to Know Now   AHIMA
Ruano, Michael
In Confidence
12/2/03
This article is the final installment of a 10-part series that introduced the domains of information security and related them to federal HIPAA regulations.

Portable Computer Security (Updated)   AHIMA
Quinsey, Carol, Hughes, Gwen
AHIMA Practice Brief
6/15/03
This practice brief explores the increased risks to the security of patient information with portable computer use. Legal, regulatory, and accreditation standards are covered, with recommendations for minimizing the risks.

Practical Advice for Effective Policies, Procedures (HIPAA on the Job)   AHIMA
Amatayakul, Margret
AHIMA Journal
4/2/03
Policies need to be statements that provide managerial guidance and procedures need to be operational reflections of those policies. Here's how to create the most effective policies and procedures for your organization.

Preemption of the HIPAA Privacy Rule   AHIMA
Hughes, Gwen
AHIMA Practice Brief, AHIMA Journal
2/2/02
This practice brief explores what the privacy rule says about preemption, and provides a framework for making lawful preemption decisions.

PRISM: Privacy Toolkit for Public Health Professionals   External
Suarez, Walter G.; Hohner, Vicki
external web site, Public Health Data Standards Consortium
7/26/07
PRISM is an electronic tool to provide state and local government health programs, and public health departments in particular, with a convenient way to understand basic legal privacy requirements for identifiable health information use and disclosure.

Privacy and Security in Health Information Exchange   AHIMA
Carter, Patricia, et al.
AHIMA Practice Brief, AHIMA Journal
11/2/06
This practice brief outlines privacy and security issues related to developing and implementing a health information exchange.

Privacy and Security Solutions for Interoperable Health Information Exchange: Appendix A: State Summaries   Government

U.S. Government, RTI International
7/30/07
Privacy and Security Solutions for Interoperable Health Information Exchange: Impact Analysis   Government
Dimitropoulos, Linda
U.S. Government, RTI International
12/20/07
Privacy and Security Solutions for Interoperable Health Information Exchange: Nationwide Summary   Government
Dimitropoulos, Linda L.
U.S. Government, RTI International
7/30/07
This report presents an overview of the work conducted by 33 states and Puerto Rico concerning privacy and security solutions for interoperable health information exchange.

Privacy and Security Working Group: Report and Findings   External
Privacy and Security Working Group, Connecting for Health
External - used with permission, Connecting for Health
6/5/03
This report finds that, with conscious forethought and continuous care and attention, the use of information technology in healthcare can and should strengthen, not impair the security and privacy of personal health information.

Privacy and Your Health Information   Government
U.S. HHS. Office for Civil Rights
U.S. Government
8/17/04
This fact sheet provides a general overview of the Privacy Rule, explains rights individuals have over their health information, how information can be used and disclosed, and the steps covered entities are required to take to protect health information.

Privacy Officer   AHIMA
AHIMA
AHIMA Position Statement
2/15/01
Privacy, Security, and the Regional Health Information Organization   External
California HealthCare Foundation
external web site
6/2/07
"This study, based on a literature review, interviews, and an informal survey, examines some of the key issues that nine RHIOs encountered and their strategies for managing them."

Privacy: Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE   Government
U.S. Government Accountability Office
U.S. Government
9/5/06
This report focuses on privacy issues asociated with outsourcing services involving the use of personal health information in the administration of Medicare, Medicaid, and TRICARE.

Proof Is in the Policy   AHIMA
Walsh, Tom
AHIMA Journal article
2/2/04
Proving security compliance later requires establishing documentation now. HIM professionals have a valuable role to play.

Protecting Confidentiality in Healthcare Education Programs   AHIMA
Hjort, Beth
AHIMA Practice Brief, AHIMA Journal
9/2/03
This practice brief addresses HIPAA privacy and security rule interpretations related to educational program affiliations where students/trainees are exposed to PHI.

Protecting Patient Information After a Facility Closure (Updated)   AHIMA
Rhodes, Harry, Brandt, Mary D.
AHIMA Practice Brief
11/20/03
Providers must protect personal health information when healthcare facilities close or medical practices dissolve. This practice brief discusses factors that must be taken into consideration when creating procedures for disposition of patient records.

Provider-Patient E-Mail Security   AHIMA
Burrington-Brown, Jill, Hughes, Gwen
AHIMA Practice Brief
6/15/03
This practice brief explores the advantages and risks of e-mail communication between providers and patients, and discusses the legal, accreditation, and professional practice standards to be considered, with recommendations for providers and patients.

Purposes of Access to Assist in Determining Needed Work Force Training   AHIMA
AHIMA Staff
Sample Form, Web extra
10/23/02
Ready, Set, Assess! An Action Plan for Conducting a HIPAA Privacy Risk...   AHIMA
Apple, Gordon J., Brandt, Mary D.
AHIMA Journal article
6/2/01
Reassessing Your Security Practices in a Health IT Environment: a Guide for Small Health Care Practices   Government
U.S. DHHS. Office of the National Coordinator for HIT, Office for Civil Rights
U.S. Government, ONC, OCR
12/16/08
See also the Framework and the Health IT Privacy and Security Toolkit document compilation.

Recovery and Privacy: Why a Law about the Economy Is the Biggest Thing since HIPAA   AHIMA
Rode, Dan
AHIMA Journal article
5/2/09
When Congress passed the final stimulus bill in February, healthcare received more than just money. Among the billions were major new privacy and security requirements.

Redisclosure of Patient Health Information (Updated)   AHIMA
AHIMA
AHIMA Practice Brief
2/2/09
Guidelines for the proper redisclosure of health information created by another provider and made apart from one's designated record set exist at both the federal and state level. This practice brief discusses the guidelines and makes recommendations.

Regulations Governing Research   AHIMA
Burrington-Brown, Jill
AHIMA Practice Brief, AHIMA Journal
3/2/03
This practice brief covers the "common rule" regarding the protection of human subjects, institutional review boards, informed consent, HIPAA, and limited data sets. Includes recommendations for handling personal health information and research.

Release of Information for Marketing or Fund-raising Purposes (Updated)   AHIMA
Rhodes, Harry
AHIMA Practice Brief
10/25/02
Organizations must establish clear policies and procedures that address the use of individually identifiable patient health information for marketing and fund raising.

Release of Information Reimbursement Laws and Regulations   AHIMA
Hjort, Beth
AHIMA Practice Brief
3/15/04
The distribution of health information may appear to be a simple task, but close analysis of the process reveals that many factors must be addressed to ensure that the release of information (ROI) is prompt, accurate, complete, and confidential.

Request, Uses, and Disclosures Data Collection Form   AHIMA
AHIMA Staff
Sample Form, Web extra
10/23/02
sample form developed for discussion purposes

Requests, Uses, and Disclosures for Evaluating Work Force Needs   AHIMA
AHIMA Staff
Sample Form, Web extra
10/23/02
Required Content for Authorizations to Disclose (Updated)   AHIMA
Hughes, Gwen
AHIMA Practice Brief
10/25/02
... explores the portion of the HIPAA privacy rule establishing standards for information disclosure including what constitutes a valid authorization, and also provides an overview of other federal and state laws and regulations regarding authorizations.

Research Repositories, Databases, and the HIPAA Privacy Rule   Government
U.S. Department of Health and Human Services
U.S. Government
1/12/04
downloaded from the DHHS web site

Rethinking Initial HIPAA Efforts (HIPAA on the Job)   AHIMA
Amatayakul, Margret
AHIMA Journal
11/2/03
This article will explore the current state of HIPAA privacy and security compliance, offer a risk-based approach to consolidating compliance efforts, and suggest an approach to achieving compliance through "piggybacking" on other IT initiatives.

Safeguards for Remote Access   AHIMA
AHIMA Privacy and Security Practice Council
AHIMA Journal column
7/2/07
Working from home has become a common practice as organizations try to maximize productivity. This article addresses the privacy and security implications of remote access and explores implementation of safeguards to protect personal health information.

Sample - Interview and Document Request for HIPAA Security Onsite Investigations and Compliance Reviews   Government
U.S. Centers for Medicare & Medicaid Services
U.S. Government
5/2/08
Guidance provided by CMS’s Office of E-Health Standards and Services on the type of information that might be requested in an onsite HIPAA Security investigation/compliance review.

Sample (Chief) Privacy Officer Job Description   AHIMA
AHIMA
AHIMA Journal, AHIMA Job Description
6/2/01
PDF

Sample Consent Agreement   AHIMA
AHIMA Staff
Sample Form
5/2/01
Sample Consent for Photography/Videotaping (for Media or Educational Purposes)   AHIMA
AHIMA
Sample Form
6/2/01
Sample Notice - Confidentiality of Alcohol and Drug Abuse Patient Records   Government
U.S. Office of Management and Budget
Sample Form, U.S. Government
10/1/00
Sample Notice of Health Information Practices   AHIMA
AHIMA
Sample Form
11/13/02
sample form developed for discussion purposes

Sanction Guidelines for Privacy and Security Breaches   AHIMA
AHIMA
AHIMA Practice Brief, AHIMA Journal
5/2/09
This practice brief offers recommendations for the internal application of sanctions related to information privacy and security breaches for healthcare organizations that manage or service protected or individually identifiable health information.

SANS' Information Security Reading Room   External
SANS (SysAdmin, Audit, Network, Security) Institute
external web site
6/12/03
Features over 1428 original computer security white papers in 72 different categories.

SANS (SysAdmin, Audit, Network, Security) Institute web site   External
SANS Institute
external web site
7/16/04
The SANS Institute is a cooperative research and education organization. See in particular the Security Glossary, FAQs on Intrusion Detection and the Security Reading Room.

SANS Glossary of Terms Used in Security and Intrusion Detection   External
SANS (SysAdmin, Audit, Network, Security) Institute
external web site
5/2/03
Glossary of computer security terms

SANS Security Policy Project   External
SANS (SysAdmin, Audit, Network, Security) Institute
external web site
6/12/03
Includes policy templates for twenty-four important security requirements. Also offers a primer for those new to policy development and specific guidance on policies related to legal requirements such as the HIPAA guidelines.

Securing Wireless Technology for Healthcare   AHIMA
Retterer, John, Casto, Brian
AHIMA Practice Brief, AHIMA Journal
5/2/04
This practice brief serves as a guideline to help ensure that healthcare organizations have exercised due diligence, and that risks pertaining to wireless networking are defined and addressed with respect to an organization's bottom line.

Security 101 for Covered Entities   Government
U.S. Centers for Medicare & Medicaid Services
U.S. Government
11/23/04
This paper, the first in a series intended to give guidance on the HIPAA security rule, provides background on the rule and its relationship to the HIPAA privacy rule.

Security Audits (Updated)   AHIMA
Hjort, Beth
AHIMA Practice Brief
11/21/03
Security audits must be performed to hold users of information systems accountable for their actions. This practice brief covers legal and regulatory requirements surrounding security audits, and offers guidelines and recommendations for performing them.

Security Breach Notification Chart   External
Perkins Coie
external web site
7/20/09
This chart provides current information on security breach notification legislation in U.S. states and territories.

Security in Numbers: SSNs and Identity Theft   Government
Federal Trade Commission
U.S. Government, external web site
12/2/08
This report examines the role of Social Security numbers in identity theft and contains recommendations for Congress, the FTC, and private organizations that collect and use SSNs. FTC recommendations on Social Security Number use in the private sector

Security Risk Analysis and Management: an Overview   AHIMA
Amatayakul, Margret
AHIMA Practice Brief, AHIMA Journal
10/2/03
This practice brief addresses HIPAA privacy and security rule interpretations related to educational program affiliations where students/trainees are exposed to PHI.

Security Standards: Administrative Safeguards   Government
U.S. Centers for Medicare & Medicaid Services
U.S. Government
11/23/04
This paper, the second in a series intended to give guidance on the HIPAA security rule, addresses administrative safeguards and their implementation specifications.

Security Standards: Implementation for the Small Provider   Government
U.S. Centers for Medicare & Medicaid Services
U.S. Government
12/10/07
This paper, the last in a series intended to give guidance on the HIPAA security rule, is intended to assist small health care providers with compliance.


Page
of 2