HIPAA 101 for the Private Practitioner

2017 ◽  
pp. 477-491
Author(s):  
Lorna Hecker
Keyword(s):  
Risk Assessment ◽  
Health Insurance ◽  
Health Information ◽  
Private Practitioner ◽  
Protected Health Information ◽  
Security Risk ◽  
Hitech Act ◽  
Security Risk Assessment ◽  
Definition Of ◽  
Security Regulations

This chapter introduces basic requirements of the Health Insurance Portability and Accountability Act (HIPAA), including privacy regulations applicable to HIPAA-covered entities and security regulations applicable to both HIPAA-covered entities and business associates. The privacy regulations covered in this chapter include the definition of psychotherapy notes under HIPAA regulations, the “minimum necessary” requirement, HIPAA authorizations, personal representatives, and the need for an accounting of certain disclosures of client’s protected health information. Also explored is the interaction and state law and HIPAA regulations, especially in relation to the practitioner’s Notice of Privacy Practices. The security regulation’s administrative, physical, and technical safeguards are discussed, including an introduction to the HIPAA required security risk assessment. Also explained is the breach notification law that was enacted through the 2009 Health Information Economic and Clinical Health (HITECH) Act.

scholarly journals A new lightweight method for security risk assessment based on fuzzy cognitive maps

2014 ◽  
Vol 24 (1) ◽  
pp. 213-225 ◽  
Author(s):  
Piotr Szwed ◽  
Paweł Skrzyński
Keyword(s):  
Risk Assessment ◽  
Data Storage ◽  
Low Cost ◽  
Cognitive Maps ◽  
Assessment Method ◽  
Lessons Learned ◽  
Fuzzy Cognitive Maps ◽  
Software Systems ◽  
Security Risk ◽  
Security Risk Assessment

Abstract For contemporary software systems, security is considered to be a key quality factor and the analysis of IT security risk becomes an indispensable stage during software deployment. However, performing risk assessment according to methodologies and standards issued for the public sector or large institutions can be too costly and time consuming. Current business practice tends to circumvent risk assessment by defining sets of standard safeguards and applying them to all developed systems. This leads to a substantial gap: threats are not re-evaluated for particular systems and the selection of security functions is not based on risk models. This paper discusses a new lightweight risk assessment method aimed at filling this gap. In this proposal, Fuzzy Cognitive Maps (FCMs) are used to capture dependencies between assets, and FCM-based reasoning is performed to calculate risks. An application of the method is studied using an example of an e-health system providing remote telemonitoring, data storage and teleconsultation services. Lessons learned indicate that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on the effectiveness of the security system.

Sign in / Sign up

Export Citation Format

Share Document