HIPAA and the Security Rule are sources of law, but the Security Rule also acts as a source of information for security practices. A Guide to HIPAA Security and the Law bridges the gap between the law and security practices.

The Health Information Technology for Economic and Clinical Health Act, also called the HITECH Act, imposes additional security requirements. This book serves as a reference to a wide audience: healthcare and information security professionals implementing the HIPAA Security Rule and Breach Notification Rule, as well as attorneys and business professionals advising them. It is dedicated to healthcare professionals who struggle every day with meeting their obligations to provide care and services for patients and at the same time are seeking to protect the security of patients’ health information.

Unlike other books on HIPAA, the focus of this book is the HIPAA Security Rule, as modified by the HITECH Act and the HIPAA Final Omnibus Rule. This publication discusses the Security Rule’s role in the broader context of HIPAA, the HITECH Act, and their regulations. At the heart of this publication is a detailed section-by-section analysis of each provision in the Security Rule covering a security safeguard. This analysis explains the security topic and what organizations can do to comply. Also covered is the legal risks of noncompliance by describing the applicable enforcement mechanisms that apply, reporting on past enforcement actions, and describing the body of case law emerging from litigation relating to HIPAA/HITECH security.

The intended audience of this book is healthcare and information security professionals, lawyers specializing in these fields, administrators, compliance officers, chief information security officers, and security personnel.