|
Public Law
104-191
The HIPAA Administrative
Simplification official web site.
Final Security Rule
HIPAA Glossary of Terms
WEDI's glossary of HIPAA Terms
Final Privacy Rule
HospitalConnect.Com HIPAA State-by-State Preemption Analysis Links
Final
TCS Rule [The General Administrative Requirements and Modifications to
Transactions and Code Set Standards for Electronic Transactions]
The Medicare
Prescription Drug, Improvement, and Modernization Act of 2003
[added a new category of covered entity to HIPAA Admin Simplification - the
Medicare-endorsed prescription drug card sponsor]
CMS HIPAA Resource
Central
X12N HIPAA Implementation
Guides
ANSI accredited standards
organization responsible for the bulk of HIPAA-adopted electronic data
interchange standards
ANSI accredited standards
organization responsible for HIPAA-adopted electronic data interchange standards
for retail pharmacy drugs and biologics
ANSI accredited standards
organization responsible for clinical data electronic data interchange
standards, including electronic healthcare claims attachments
Federal eGOV Health Information
Exchange Standards now includes LOINC to standardize
lab test orders and drug label section headers – also used in electronic
healthcare claims attachment request and response transctions
National Committee on Vital
and Health Statistics - the public advisory body to HHS
Designated Standards
Maintenance Organizations [X12, NCPDP, HL7, NUBC, NUCC,
ADA] whose materials are adopted for HIPAA
Free HIPAA
Presentations for Providers from CMS' Southern Consortium ACT Team
File complaints for TCS
HIPAA Compliance Calendar
OCR Website
Subscribe/Unsubscribe to OCR HIPAA Privacy Listserv
Covered Entity Determination Tool
How to file a
Privacy Complaint
OCR Guidance on Business Associates
OCR
provides a template Business Associate Contract
CDC/HHS
guidance on the HIPAA Privacy Rule
Use of other Languages
Compliance penalties
HHS recommended language for authorizations concerning research
HIPAA
Privacy Rule and how it might affect research
Health Privacy Project
Georgetown University Medical Center's HIPAA privacy policies, forms and more
Missouri Dept. of MH HIPAA Privacy and Security Policy
DHHS/CMS Disclosure Desk Reference for Call Centers June 25, 2004
Key issues facing employer sponsored group health plans in
meeting HIPAA privacy compliance requirements.
NIST
Password Guidance
Sans Security Project
TCS Gap
Assistance
AHA State Preemption
Ohio
Hospital Assoc "Regulation by Topic" Privacy & Security Rule
HIMSS/CPRI Security Toolkit free to all
HIPAA
Security Standards Compared to ISO/IEC 17799
HIPAA Presentation
Downloads From Past HIPAA Summit Conferences
GAO Report How
to Secure Federal Systems (Latest on Current Technologies)
NIST
Special Publications
NIST
DRAFT Special Publications
NIST SP 800-12 An Introduction to Computer Security: The NIST
Handbook
NIST SP 800-14 Generally Accepted Principles and Practices for
Securing Information Technology Systems
NIST SP 800-16 IT Security Training Role-and Performance-Based
Model Pt. 1 Document
NIST SP 800-16 Pt. 2 Appendix A-D
NIST SP 800-16 Pt. 3 Appendix E
NIST SP 800-18 Guide for Developing Security Plans for
Information Technology Systems
NIST SP 800-26 Security Self-Assessment Guide for Information
Technology Systems
NIST SP 800-27 Rev A Engineering Principles for Information
Technology Security (Baseline for Achieving Security)
DRAFT NIST SP 800-30 Rev A Risk Management Guide for Information
Technology Systems
NIST SP 800-34 Contingency Planning Guide for Information
Technology Systems
NIST SP 800-35 Guide to Information Technology Security Services
NIST SP 800-36 Guide to Selecting Information Security Products
NIST SP 800-37 Guide for the Security Certification and
Accreditation of Federal Information Systems
NIST SP 800-42 Guide on Network Security Testing
NIST SP 800-47Security Guide for Interconnecting Information
Technology Systems
NIST SP 800-63 Electronic Authentication Guideline
NIST SP 800-64 Security Considerations in the Information System
Development Life Cycle
NIST SP 800-61 Computer Security Incident Handling Guide
NIST SP 800-50 Building an Information Technology Security
Awareness and Training Program
DRAFT NIST SP 800-60 Guide for Mapping Types of information and
Information Systems to Security Categories Volume 1
DRAFT
NIST SP 800-60 Guide for Mapping Types of information and Information Systems to
Security Categories Volume 2
DRAFT NIST SP 800-53 Recommended Security Controls for Federal
Information Systems
NIST SP 800-55 Security Metrics for Information Technology
Systems
DRAFT
NIST SP 800-56 Recommendation on Key Establishment Schemes
DRAFT
NIST SP 800-57 Recommendation on Key Management
DRAFT NIST SP 800-58 Security Considerations for Voice Over IP
Systems
DRAFT NIST SP 800-65 Integrating IT Security into Capital
Planning and Investment Control Process
DRAFT NIST SP 800-66 NIST Resource Guide for Implementing HIPAA
DRAFT
NIST SP 800-68 Guidance for Securing Microsoft Windows XP Systems for IT
Professionals: A NIST Security Configuration Checklist
DRAFT NIST SP 800-74 Guidelines for PDA Forensics
FIPS 140-2
Security Requirements for Cryptographic Modules
FIPS
171 Key Management Using ANSI X9.17
FIPS Publication 199 Standards for Security Categorization of
Federal Information and Information Systems
Companion Guide
Repository
Department of Energy Certified VANS
Department of Defense Certified VANS
Checklist
providing an example of items that can be used to determine whether or not a
specific Value-Added-Network (VAN) service provider meets your business
requirements
Nebraska Information Technology Commission IT Security Plan and Program:
Policies, Procedures, System Configurations
FDA's "Guidance for Industry: Computerized Systems Used in
Clinical Trials" - provides security and electronic records guidance
Guidelines for Academic Medical Centers: Practical Strategies for Addressing
HIPAA Privacy and Security
NSA Guidance for Operating Systems Configuration Guides for
security baseline
OHRP guidance on the consent to bank tissue
Nebraska SNIP
Privacy Work Group put together a model HIPAA authorization form for attorneys
to use
From Victims to Murderers, PHI Disclosures to Law Enforcement Get
Very Fact-Specific
American Health Information
Management Association
[To
access a state-by-state medical record retention requirements matrix in pdf
select "HIM RESOURCES" on top banner. Select 'FORE Library: HIM Body of
Knowledge' from next screen. On the next page enter "Medical Record Retention"
in the Quick Search box]
Department of Labor requirements for FMLA Certification
AHIMA Practice Brief: Retention of Health Information
The
University of NC Institute of Government provides HIPAA Privacy implementation
support to NC local health departments, mental health authorities, emergency
medical services departments and local departments of social services agencies.
Subscribe/unsubscribe to listserv.
AHIMA Practice Brief: Defining the Designated Record Set
AHA HIPAA State Preemption Analysis
CMS HIPAA email box
askhipaa@cms.hhs.gov
CMS HIPAA Hot Line
1-866-282-0659
OCR email box
OCRPrivacy@hhs.gov
OCR HIPAA Help Line
1-866-627-7748 |
