From an information security perspective, there is nothing overly onerous with the HIPAA security and privacy requirements. But like all regulations, the devil is in the details. While HIPAA is meant to protect large-scale disclosure of patient data, some of it includes absurd requirements such as ensuring white-boards in hospital wards don’t have full patient information and that intravenous bags have tags over the patient names.
In The Practical Guide to HIPAA Privacy and Security Compliance, authors Rebecca Herold and Kevin Beaver (full disclosure: Rebecca and Kevin are friends of mine) have created a most useful reference that will provide the reader with a great reference to assist with both their understanding of HIPAA, and their HIPAA compliance endeavors.
The first edition of the book came out in 2003. This second edition fills in the many gaps in the previous 12 years, which saw significant changes to both the regulation and the industry.
The book details the many updates to HIPAA, including the security rule, HITECH Act, 2013 Omnibus Rule, and a number of rules pending.
As noted in the title, the book is highly practical with many charts and tables detailing specifically what needs to be done for HIPAA compliance. Specific examples include numerous decision charts, a state by state detailed list of websites for data breach notification, and much more.
A prime advantage of the book is that it takes a practical and real-world approach to HIPAA compliance, rather than simply regurgitating the already publicly available HIPAA regulation. The authors have many years of applied experience in the topics, and show the reader how to achieve HIPAA compliance, all without technical jargon.
The only thing that is missing from the book is a companion web site or CD-ROM where all of the helpful charts and tables could be downloaded or accessed.
Those who are tasked with HIPAA compliance, or anyone who needs a single-source reference to all of the core details around HIPAA compliance will find The Practical Guide to HIPAA Privacy and Security Compliance to be an invaluable resource.