AMC Guidelines

Websuche.info die frische Suchmaschine alteredrealitycc derkach private Krankenversicherung Autoversicherung KFZ Versicherung Lebensversicherung KFZ Versicherungsvergleich Autoversicherungen KFZ Versicherungen Lebensversicherungen Horoskop Horoskope Eintrag bbsnet Reisen Urlaub Baufinanzierung Hausfinanzierung Immobilienfinanzierung Erotik Hallenbau creative-lizzy Last Minute Algarve Ferienhaus Portugal Werbemittel Werbeartikel Viking Buerobedarf Bueroartikel Bueromaterial Kalender Drucker Druckerpatronen Tintenpatronen HP Drucker Werbeartikel Werbemittel Bueromoebel Kopierer Krankenversicherungsvergleich Werbeartikel Werbemittel Kreditvergleich

tableofcontents.htm start.htm securitysectiontwo.htm securitysectionthree.htm securitysectionone.htm securitycategories.htm references.htm privacysectiontwo.htm privacysectionthree.htm privacysectionone.htm privacysectionfour.htm privacysectionfive.htm privacycategories.htm jobdescriptions.htm introduction.htm index.htm hipaatrifold.htm hipaasuppliment.htm hipaaresources.htm hipaaexecsummary.htm guidelinesorganization.htm generalpolicyguidelines.htm generalcategories.htm definitions.htm contractsandpolicies.htm contact.htm amchipaasecurityandprivacyguidelines.htm acronyms.htm acknowledgements.htm

Page 1

AMC/HIPAA Workgroup

AMC Guidelines

This document provides a summary of the requirements of the HIPAA security and privacy

regulations, with advice to the reader on how to address those requirements. The document's

structure has been designed to make it easy to relate the material in this document to the text of

the HIPAA security and privacy regulations.

Organization of the Guidelines

The document starts with specific information about addressing the detailed requirements of the

HIPAA security and privacy regulations where those regulations are clear and specific. It then

moves on to cover areas in which some interpretation of the regulations' requirements is

necessary. It concludes with a treatment of broader organizational implications of HIPAA

security and privacy compliance; this portion of the document covers issues that the regulations

raise but for which they provide neither specific requirements nor clear guidance.

The Security sections discuss provisions of the HIPAA Security Regulations:

Security Section One discusses what a covered entity needs to do to address the security

administration requirements.

Security Section Two discusses what a covered entity needs to do to address the technical

security services and mechanisms requirements.

The Privacy sections discuss provisions of the HIPAA Privacy Regulations:

Privacy Section One discusses the definition of a covered entity and the application of the

regulations to different types of covered entities.

Privacy Section Two discusses consent and authorization requirements.

Privacy Section Three discusses use and disclosure requirements.

Privacy Section Four discusses consumer control requirements.

Privacy Section Five discusses administrative requirements.

The General Section covers areas of the HIPAA regulation that require a covered entity to make

judgments about how the regulations' requirements apply to the organization (for example,

"minimum necessary disclosure," "scalability," and "reasonableness"). This Section also covers

broader organizational implications of compliance with the regulations (for example, how

HIPAA compliance might influence the structure of the organization, how HIPAA compliance

activities might relate to other similar activities, and what time and resources might be required

to achieve and maintain HIPAA compliance).

Page 2

AMC/HIPAA Workgroup

The Guideline points themselves are organized as follows:

Point Number, Point Name and Citation

X.## Name

§Citation

HIPAA Requirement

The full text of the HIPAA requirement, taken directly from the regulation. This may include

material from multiple portions of the regulations.

AMC Explanation of HIPAA Requirement

This narrative paragraph summarizes the top features of the requirement as seen from the

vantage point of an AMC, concentrating on the significance of the requirements in the AMC

environment.

Key Issues

Issues to consider before taking any proposed action.

Category I GuidelineAction must be taken to address these

Actions that are

mandatory

in order to address the HIPAA Security and Privacy regulations. The

list includes only those actions that, if not addressed, would place a covered entity in substantial

non-compliance with the requirement. Actions included in this item were included only with the

unanimous consent of all members of the AMC Security and Privacy Workgroup.

Category II GuidelineAction should be considered to address these

Actions that workgroup participants considered

helpful

in order to address the HIPAA Security

and Privacy regulations. Actions in this group are recommended by the AMC Security and

Privacy Workgroup but are not direct requirements of HIPAA.

Roadblocks

Any roadblocks to what must or should be done in order to implement the guidelines. The AMC

Security and Privacy Workgroup defines roadblocks as difficulties in implementing these

guidelines that come after the policy is put in place, e.g. AMC culture, program dollars, people,

etc. This definition distinguishes roadblocks from

issues,

which are concerns associated with

framing an AMC policy through the application of the guideline (and therefore come before the

policy). Funding issues and the problems associated with decentralization in AMCs are

universal roadblocks, so they have not been listed for individual guideline points unless there is a

specific point to be made.

Comments

Any comments to clarify or explain this point above or relate it to another.