Privacy and Health: HIPAA 2003 [Paperback]

Roy Rada (Author)

Book Description

Publication Date: September 29, 2002

Privacy relates to power. When one person has the private information of another, that other person loses some control. This power perspective sheds light on the intense conflict that surrounds the flow of health information. Recent Federal regulation mandates certain behaviors by healthcare entities as regard the flow of health information. This book describes how healthcare entities are complying with those regulations.

The Privacy Rule gives the patient strong rights over his or her information and requires healthcare entities to reassess their ways of communicating and to institute systematic privacy controls.

This book begins with an explanation of the privacy problem and then has four main parts:

1. Rule,
2. Implement,
3. Manuals, and
4. Government.

Part I. Rule describes the content of the Privacy Rule:

* The Context chapter explains the evolution of the Privacy Rule, to whom it applies, and enforcement.

* The Patient-Entity chapter presents the relationship between the patient and entity (such as authorization and opportunity to object).

* The Entity describes what happens inside an entity. (such as the minimum necessary standard and privacy officer).

Part II. Implement includes chapters entitled Costs, Life Cycle, and De-identification. The Costs chapter examines the costs of compliance for every provision of the Rule. The costs of the privacy official and the minimum necessary standard are the largest budget items. The chapter provides a road map to implementation by delineating each role involved in each compliance activity and the likely amount of time required for that role to perform its privacy function. The costs of compliance for large versus small hospitals are also examined. Shockingly, the cost per bed for small hospitals is an order of magnitude greater than for large hospitals. One implication is that small hospitals are behaving like large hospitals as regards compliance but should scale their efforts downward so as to reach a more manageable level of cost in achieving compliance.

The Life Cycle chapter first reviews the nature of compliance in an entity and then illustrates the compliance activities at several healthcare entities.

The De-identification chapter describes the Safe Harbor Method and statistical methods for converting protected health information into information that can be freely shared with anyone anytime.

Part III. Manuals has chapters entitled Small Entity, Large Entity Tools, and Large Entity Forms. The Small Entity chapter includes an entire compliance manual for a small healthcare entity. That manual is entitled HIPAA in 24 Hours because implementing compliance can be completely handled with 24 hours of staff time. Compliance for the small entity can be simple. The chapter Large Entity Tools examines software tools used to support privacy compliance. The chapter Large Entity Forms presents forms for a large entity. Generally, the components of the manual for the large entity are larger than their analogs for the small entity. For example, the Notice of Privacy Practices for the small entity is one page, but the Notice for the large entity is several pages.

The final Part IV. Government has a chapter on Politics and another on Other Regulations. The Chapter Other Regulations looks at other federal and state laws that affect privacy and relates them to the HIPAA Privacy Rule. The Politics chapter begins with a section entitled Self-Governance which calls on entities of a type (particularly small entities) to work together to define the common practice for that entity type. The point is that enforcement of a compliance regulation in healthcare is likely to lean heavily on peer practices. If healthcare peers reach a consensus on acceptable compliance behavior, then they will have proactively determined how they will be judged in court. The Politics chapter also examines the national lobbying that occurs for changes to the Privacy Rule. This lobbying is bound to continue. The best one can to do deal with this is to understand what the basics and to monitor the lobbying.

Editorial Reviews

About the Author

The author Roy Rada earned a Ph.D. in Computer Science and a M.D. in Medicine.

He is a Professor of Health Care Information Systems at the University of Maryland Baltimore County. Previously, he was Boeing Distinguished Professor of Software Engineering at Washington State University and Editor of Index Medicus at the National Library of Medicine. He has authored 200 journal articles and 10 books and is the founding Chair of the Health Information and Management Systems Society HIPAA Special Interest Group. His book HIPAA@IT Essentials has been the best-seller of HIPAA books at Amazon.

Product Details

• Paperback: 218 pages
• Publisher: HIPAA-IT LLC; [Chicago, Ill.] Healthcare Information and Management Systems Society (September 29, 2002)
• Language: English
• ISBN-10: 1901857182
• ISBN-13: 978-1901857184
• Product Dimensions: 10.8 x 8.3 x 0.5 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 5.0 out of 5 stars  See all reviews (2 customer reviews)
• Amazon Best Sellers Rank: #7,890,001 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

8 of 8 people found the following review helpful:

5.0 out of 5 stars A must-see book for HIPAA compliance professionals, November 26, 2002

By 

"xueguangma" (USA) - See all my reviews

This review is from: Privacy and Health: HIPAA 2003 (Paperback)

After browsing HIPAA books in the bookstore, I found no others books dealing with HIPAA Privacy Rule compliance as understandable as Rada's "Privacy and Health, HIPAA 2003". This book provides the reader with all of the required fundamentals of HIPAA Privacy Rule compliance.

Chapter 1 explains the Privacy Rule from its history to its current status. Chapters 2 through 4 interpret the Rule. I found Chapter 4 especially useful for its insight on the issue of workflow and administration.

Chapter 5 compares compliance costs among different sized organizations. One section describes the disproportionate burden on small entities to comply with the Privacy Rule. Chapter 6 includes a compilation of case studies of different sized entities. The task list for compliance given in this chapter is especially useful. Chapter 7 explains and compares de-identification methods and points to future trends in de-identification.

Chapters 8 and 9 show a road map to implement compliance with the Privacy Rule from the point of view of organization size. Certainly large entities would have more forms to complete and more areas to take care of than small entities. Detailed guidelines are given for small entities, and I like this cram-version strategy and believe many professionals who are short of time would love it too.

Chapter 11 emphasizes that covered entities should work together to share 'standards of care', and Chapter 12 presents state and federal privacy-related laws and regulations.

To summarize, this book is helpful to those who are new to HIPAA compliance and can also serve as a desktop reference book to those responsible for privacy compliance. Whether the reader is doing awareness, analysis, implementation, or audit, the reader should find that useful insights derive from a thorough reading of the book.

5.0 out of 5 stars A must-see book for HIPAA compliance professionals, November 26, 2002

By 

"xueguangma" (USA) - See all my reviews

This review is from: Privacy and Health: HIPAA 2003 (Paperback)

After browsing HIPAA books in the bookstore, I found no others books dealing with HIPAA Privacy Rule compliance as understandable as Rada's "Privacy and Health, HIPAA 2003". This book provides the reader with all of the required fundamentals of HIPAA Privacy Rule compliance.

Chapter 1 explains the Privacy Rule from its history to its current status. Chapters 2 through 4 interpret the Rule. I found Chapter 4 especially useful for its insight on the issue of workflow and administration.

Chapter 5 compares compliance costs among different sized organizations. One section describes the disproportionate burden on small entities to comply with the Privacy Rule. Chapter 6 includes a compilation of case studies of different sized entities. The task list for compliance given in this chapter is especially useful. Chapter 7 explains and compares de-identification methods and points to future trends in de-identification.

Chapters 8 and 9 show a road map to implement compliance with the Privacy Rule from the point of view of organization size. Certainly large entities would have more forms to complete and more areas to take care of than small entities. Detailed guidelines are given for small entities, and I like this cram-version strategy and believe many professionals who are short of time would love it too.

Chapter 11 emphasizes that covered entities should work together to share 'standards of care', and Chapter 12 presents state and federal privacy-related laws and regulations.

To summarize, this book is helpful to those who are new to HIPAA compliance and can also serve as a desktop reference book to those responsible for privacy compliance. Whether the reader is doing awareness, analysis, implementation, or audit, the reader should find that useful insights derive from a thorough reading of the book.