Contents

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

Contents at a Glance

Acknowledgments

CONTENTS

Acknowledgments

Chapter 1 Healthcare Industry

Types of Organizations in the Healthcare Sector

Healthcare Clearinghouse

Healthcare Organizational Behavior

Health Insurance

Healthcare Across the Globe

Coding and Classification Systems and Standards

Diagnosis-Related Group (DRG)

International Classification of Diseases (ICD)

Systematized Nomenclature of Medicine Clinical Terms (SNOMED CT)

Additional Coding Systems

Claims Processing and Third-Party Payers

The US Evolving Payment Model

Medical Billing

Transaction Standards

Workflow Management

Clinical Workflow

Business Process Reengineering (BPR)

Value Stream Mapping (VSM)

Regulatory Environment

Patient Care and Safety

Public Health Reporting

Clinical Research

Good Clinical Research Practice (GCP)

De-identification of Patient Information

Healthcare Records Management

Record Retention

Destruction of Patient Health Information

Authentication, Authorization, and Accounting (AAA)

Third-Party Relationships

Other Third-Party Relationships

Administering Third Parties

Understand Foundational Health Data Management

Managing Information Flow and Lifecycle in Healthcare Environments

Data Lifecycle Management (DLM)

Health Data Characterization

Data Interoperability and Exchange

Health Level 7 (HL7)

Integrating the Healthcare Enterprise (IHE)

Digital Imaging and Communications in Medicine (DICOM)

Legal Medical Record

Chapter 2 Information Governance in Healthcare

Security Governance

Board of Directors

Information Security Program

Information Security Steering Committee

Configuration Control Board

Information Management Council

Risk Management Steering Committee

Data Incident Response Team

Privacy Governance

Generally Accepted Privacy Principles

Data Governance Committee

Audit Committee (Board of Directors)

Institutional Review Board

Information Governance Roles and Responsibilities

Chief Information Security Officer

Chief Privacy Officer

Chief Data Officer

Information System Owner

Data Controller

Information Security and Privacy Policies and Procedures

Notable Policies and Procedures

Sanction Policy

Configuration Management Plan

Code of Conduct or Ethics in a Healthcare Information Environment

Organizational Codes of Conduct in Healthcare

Organizational Codes of Ethics in Healthcare

(ISC)² Code of Ethics

Chapter 3 Information Technologies in Healthcare

Fostering Privacy and Security with HIT

Increased Exposure Affecting the Threat Landscape

Internal Threats to HIT Privacy and Security

External Threats to HIT Privacy and Security

Oversight and Regulatory Challenges

Interoperability

Software and System Development

Levels of Interoperability

Medicare Access and CHIP Reauthorization Act of 2015

Information Technologies

Electronic Health Records

Internet of Medical Things

Medical Devices

Cloud Computing

Mobile Device Management

Health Information Exchange

Data Lifecycle Management

Phase 1: Create

Phase 4: Archive

Phase 5: Destroy

Third-Party Connectivity

Trust Models for Third-Party Interconnections

Technical Standards: Physical, Logical, Network Connectivity

Connection Agreements

Chapter 4 Regulatory and Standards Environment

Identify Regulatory Requirements

Legal Issues Regarding Information Security and Privacy

Data Breach Regulations

Protected Personal and Health Information

Jurisdiction Implications

Data Controller

Data Custodians

Recognize Regulations and Controls of Various Countries

Laws and Regulations

Understand Compliance Frameworks

Privacy Frameworks

Security Frameworks

Chapter 5 Privacy and Security in Healthcare

Guiding Principles of Information Security: Confidentiality, Integrity, and Availability

Confidentiality

Understanding Security Concepts

Identity and Access Management

Training and Awareness

Logging and Monitoring

Vulnerability Management

Segregation of Duties

Least Privilege (Need to Know)

Business Continuity

Disaster Recovery

System Backup and Recovery

Configuration, or Change Management

Incident Response

Understanding Privacy Concepts

US Approach to Privacy

European Approach to Privacy

Limited Collection

Legitimate Purpose

Purpose Specification

Disclosure Limitation

Transfer to Third Parties (or Countries)

Transborder Concerns

Access Limitation

Privacy Officer

Supervisory Authority

Processing Authorization

Training and Awareness

Openness and Transparency

Proportionality

Use and Disclosure

Individual Participation

Events, Incidents, and Breaches

The Relationship Between Privacy and Security

Ownership of Healthcare Information

Understand Sensitive Data and Handling

Sensitivity Mitigation

Categories of Sensitive Data

Chapter 6 Risk Management and Risk Assessment

Understand Enterprise Risk Management

Measuring and Expressing Information Risk

Identifying Information Assets

Asset Valuation Methods

Risk Components

Employing Security Controls

Assessing Residual Risk

Understand Information Risk Management Framework

NIST Risk Management Framework (RMF)

International Organization for Standardization

Centers for Medicare and Medicaid Services

Understand Risk Management Process

Quantitative vs. Qualitative Approaches

Information Lifecycle and Continuous Monitoring

Tools, Resources, and Techniques

Desired Outcomes

Role of Internal and External Audit and Assessment

Identify Control Assessment Procedures Using Organization Risk Frameworks

Participate in Risk Assessment According to Your Role

Information Gathering

Risk Assessment Estimated Timeline

Mitigating Actions

Communications and Reporting

Understand Risk Response

Use Controls to Remediate Risk

Administrative Controls

Physical Controls

Technical Controls

Participate in Continuous Monitoring

Chapter 7 Third-Party Risk Management

Understand the Definition of Third Parties in the Healthcare Context

Maintain a List of Third-Party Organizations

Third-Party Role and Relationship with the Organization

Third-Party Risk in the Cloud

Third-Party Risk in Data Disposition

Third-Party Risk in Nonmedical Devices

Health Information Use: Processing, Storage, Transmission

International Regulations for Data Transfer to Third Parties

Unauthorized Disclosure of Data Transferred to Third Parties

Apply Management Standards and Practices for Engaging Third Parties

Relationship Management

Determine When a Third-Party Assessment Is Required

Organizational Standards

Triggers of a Third-Party Assessment

Support Third-Party Assessments and Audits

Information Asset Protection Controls

Compliance with Information Asset Protection Controls

Communication of Results

Participate in Third-Party Remediation Efforts

Respond to Notifications of Security/Privacy Events

Internal Processes for Incident Response

Relationship Between Organization and Third-Party Incident Response

Breach Recognition, Notification, and Initial Response

Respond to Third-Party Requests Regarding Privacy/Security Events

Law Enforcement

EU Data Authorities

Affected Individuals

Public Relations

Health Information Exchanges

Organizational Breach Notification Rules

Organizational Information Dissemination Policies and Standards

Risk Assessment Activities

Chain of Custody Principles

Promote Awareness of Third-Party Requirements

Information Flow Mapping and Scope

Data Sensitivity and Classification

Privacy and Security Requirements

Risks Associated with Third Parties

Appendix About the Online Content

System Requirements

Your Total Seminars Training Hub Account

Single User License Terms and Conditions

TotalTester Online

Technical Support

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

18.218.48.62