Chapter 1. Introduction: The Long-Awaited Manual Chapter 2. Waking the Sleeping Giant: A Brief History of Healthcare ITChapter 3. It's Not Just HIPAA: Legislating Privacy and SecurityChapter 4. Assembling the Team: Bringing the Right Human Resources to the TableChapter 5. Sifting Through the Wreckage: The Security Audit Chapter 6. Review Your Policies and Develop a Plan: Strategies for SuccessChapter 7. Identity and Access Management: Know Your User BaseChapter 8. Application Design: Maximum Efficiency or Minimum Necessary?Chapter 9. Access Validation ProcessChapter 10. Physical and Environmental Safeguards: Security Beyond the Ones and ZerosChapter 11. Systemwide and Client-Based Security Configuration: Making Sure All the Pieces Fit Together Chapter 12. Safeguarding Patient Data from Prying Eyes: Knowing Where Your PHI ResidesChapter 13. People, the Most Crucial Element: Training the Masses to Respect the SystemChapter 14. Business Associates: The Human Resources Just Beyond Your ReachChapter 15. Security Project vs. Operational Support Chapter 16. Putting the Plan in Place: Ongoing Maintenance and Life after the Security ProjectAppendix A. Sample Business Associate AgreementAppendix B. Sample Rules of Behavior for Privileged User AccountsAppendix C. Breach Notification Process
Bernard Peter Robichau is the owner and chief security consultant at Category 3 Partners, LLC, on contract with a large academic medical system in the mid-Atlantic. He is a Certified Professional in Health Information Management Systems, an Epic Certified Security Coordinator, and a Project Management Professional credential holder. He has nearly two decades of experience in the IT field with an emphasis on information security. Robichau has served as a security officer in the public sector and as a member on various information security advisory committees. He has presented on the topic of information security in public forums. For information related to this book, see its dedicated site at robichau.com.