The Practical Guide to HIPAA Privacy and Security Compliance

Posted on by Ben Rothke

From an information security perspective, there is nothing overly onerous with the HIPAA security and privacy requirements. But like all regulations, the devil is in the details. While HIPAA is meant to protect large-scale disclosure of patient data, some of it includes absurd requirements such as ensuring white-boards in hospital wards don’t have full patient information and that intravenous bags have tags over the patient names.

In The Practical Guide to HIPAA Privacy and Security Compliance, authors Rebecca Herold and Kevin Beaver (full disclosure: Rebecca and Kevin are friends of mine) have created a most useful reference that will provide the reader with a great reference to assist with both their understanding of HIPAA, and their HIPAA compliance endeavors.

The first edition of the book came out in 2003. This second edition fills in the many gaps in the previous 12 years, which saw significant changes to both the regulation and the industry.

The book details the many updates to HIPAA, including the security rule, HITECH Act, 2013 Omnibus Rule, and a number of rules pending.

As noted in the title, the book is highly practical with many charts and tables detailing specifically what needs to be done for HIPAA compliance. Specific examples include numerous decision charts, a state by state detailed list of websites for data breach notification, and much more.

A prime advantage of the book is that it takes a practical and real-world approach to HIPAA compliance, rather than simply regurgitating the already publicly available HIPAA regulation. The authors have many years of applied experience in the topics, and show the reader how to achieve HIPAA compliance, all without technical jargon.

The only thing that is missing from the book is a companion web site or CD-ROM where all of the helpful charts and tables could be downloaded or accessed.

Those who are tasked with HIPAA compliance, or anyone who needs a single-source reference to all of the core details around HIPAA compliance will find The Practical Guide to HIPAA Privacy and Security Compliance to be an invaluable resource.

Ben Rothke

Senior Information Security Manager, Tapad

risk management data security

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs