|
http://aspe.hhs.gov/admnsimp/pl104191.htm
|
|
Public Law 104-191
|
|
http://aspe.hhs.gov/admnsimp
|
|
The HIPAA Administrative Simplification official web site. It all starts here.
|
|
www.cms.hhs.gov/regulations/hipaa/cms0003-5/0049f-econ-ofr-2-12-03.pdf
|
|
Final Security Rule
|
|
www.cms.hhs.gov/glossary/default.asp?Letter=ALL&Audience=7
|
|
HIPAA Glossary of Terms
|
|
www.wedi.org/public/articles/hipaa_glossary.pdf
|
|
WEDI's glossary of HIPAA Terms
|
|
www.cms.hhs.gov/hipaa/hipaa2/regulations/privacy/default.asp
|
|
Final Privacy Rule
|
|
http://aspe.hhs.gov/admnsimp/final/txfinal.pdf
|
|
Final TCS Rule a.k.a.The General Administrative Requirements and Modifications to
transactions and Code Set Standards for Electronic transactions
|
|
http://www.cms.hhs.gov/medicarereform/
|
|
The Medicare Prescription Drug, Improvement, and Modernization Act of
2003 added a new category of covered entity to HIPAA Admin Simp - the
Medicare-endorsed prescription drug card sponsor
|
|
http://www.x12n.org/portal
|
|
ASC X12 Implementation Guide Request for Interpretation Web Interface - serves
as a free public repository of questions and responses from the HIPAA Implementation
Work Group Insurance Subcommittee (X12N). Gives visitors "access to the ASC
X12N experts" for those Implementation Guides (IG's) that have been adopted
for use under HIPAA.
|
|
http://www.fda.gov/ora/compliance_ref/part11/Default.htm
|
|
21 CFR part 11 Standards for Electronic Medical Records and Electronic Signature
|
|
http://www.cms.hhs.gov/hipaa/hipaa2
|
|
CMS HIPAA Resouce Central
|
|
www.wpc-edi.com/hipaa/
|
|
X12 Implementation Guides
|
|
www.x12.org
|
|
ANSI accredited standards organization responsible for the bulk of HIPAA-adopted
electronic data interchange standards.
|
|
www.ncpdp.org
|
|
ANSI accredited standards organization responsible for HIPAA-adopted electronic
data interchange standards for retail pharmacy drugs and biologics.
|
|
www.hl7.org
|
|
HL7 {Attachments Special Interest Group}
|
|
www.loinc.org
|
|
FEDERAL eGOV HEALTH INFORMATION EXCHANGE STANDARDS now includes LOINC to standardize
lab test orders and drug label section headers.
|
|
www.ncvhs.hhs.gov
|
|
National Committee on Vital and Health Statistics is the public advisory body to
HHS
|
|
www.hipaa-dsmo.org/crs
|
|
Collective name and coordinating body for the six Designated Standards Maintenance
Organizations [X12, NCPDP, HL7, NUBC, NUCC, ADA] whose materials are adopted for
HIPAA.
|
|
askhipaa@cms.hhs.gov
|
|
CMS HIPAA email box (Questions regarding HIPAA Security and TCS)
|
|
1-866-282-0659
|
|
Toll Free CMS HIPAA Hot Line (HIPAA Security and TCS)
|
|
1-877-326-1165
|
|
Toll Free CMS HIPAA FAX #
|
|
1-877-326-1166
|
|
Toll Free CMS HIPAA TTY #
|
|
http://www.eventstreams.com/cms/tm_001/
|
|
Free HIPAA Presentations for Providers from CMS' Sourther Consortium ACT Team
|
|
https://htct.hhs.gov
|
|
File complaints for TCS
|
|
www.hipaadvisory.com/regs/compliancecal.htm
|
|
HIPAA Compliance Calendar
|
|
www.hhs.gov/ocr/hipaa
|
|
OCR Website
|
|
OCRPrivacy@hhs.gov
|
|
OCR email box (HIPAA Privacy)
|
|
1-866-627-7748
|
|
OCR HIPAA Help Line (HIPAA Privacy)
|
|
http://list.nih.gov/cgi-bin/wa?SUBED1=ocr-privacy-list&A;=1
|
|
Subscribe/Unsubscribe to OCR HIPAA Privacy Listserv
|
|
http://www.cms.hhs.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp
|
|
Covered Entity Determination Tool
|
|
http://hhs.gov/ocr/privacyhowtofile.htm
|
|
How to file a Privacy Complaint
|
|
www.hhs.gov/ocr/hipaa/guidelines/businessassociates.pdf
|
|
OCR Guidance on Bus Assoc
|
|
http://www.hhs.gov/ocr/hipaa/contractprov.html
|
|
OCR provides a template Business Associate Contract
|
|
http://www.cdc.gov/mmwr/pdf/other/m2e411.pdf
|
|
CDC/HHS guidance on the HIPAA Privacy Rule
|
|
http://www.himss.org/asp/medicalDeviceSecurity.asp
|
|
HIMSS Medical Device Security Work Group Site provides a security checklist for
vendor
|
|
www.hhs.gov/ocr/lep/
|
|
Use of other Languages.
|
|
www.aspe.hhs.gov/admnsimp/pl104191.htm#1176
|
|
Compliance penalties
|
|
http://privacyruleandresearch.nih.gov/authorization.asp
|
|
HHS recommended language for authorizations concerning research
|
|
http://privacyruleandresearch.nih.gov/pr_02.asp
|
|
HIPAA Privacy Rule and how it might affect research
|
|
http://www.healthprivacy.org/
|
|
Health Privacy Project
|
|
http://www.georgetown.edu/policy/hipaa/privacy.html
|
|
Georgetown University Medical Center's HIPAA privacy policies, forms and more
|
|
http://www.dmh.mo.gov/oqm/regs/dors/ch8/index.htm
|
|
Missouri Dept. of MH HIPAA Privacy and Security Policy
|
|
http://www.cms.hhs.gov/manuals/pm_trans/R7GI.pdf
|
|
DHHS/CMS Disclosure Desk Reference for Call Centers June 25, 2004
|
|
http://wedi.org/snip/public/articles/dis_publicDisplay.cfm?docType=6&wptype=2
|
|
Security and Privacy Workgroup of WEDI's Strategic National Implementation
Process (SNIP) White Papers and PowerPoints.
|
|
www.itl.nist.gov/fipspubs/fip112.htm
|
|
NIST Password Guidance
|
|
www.sans.org/newlook/resources/policies/policies.htm
|
|
Sans Security Project
|
|
www.nahdo.org/project/gapassistss.htm
|
|
TCS Gap Assistance
|
|
www.hospitalconnect.com/aha/key_issues/hipaa/resources/PreemptMap/PreemptionAnalysisMap.html
|
|
AHA State Preemption
|
|
http://www.bricker.com/hipaa/hipaaindex.asp
|
|
Ohio Hospital Assoc "Regulation by Topic" Privacy & Security Rule
|
|
www.himss.org/asp/cpritoolkit_homepage.asp
|
|
HIMSS/CPRI Security Toolkit free to all
|
|
http://www.sans.org/rr/papers/53/1193.pdf
|
|
HIPAA Security Standards Compared to ISO/IEC 17799
|
|
http://www.hipaasummit.com/past.html
|
|
HIPAA Presentation Downloads From Past HIPAA Summit Conferences
|
|
http://www.gao.gov/new.items/d04467.pdf
|
|
GAO Report How to Secure Federal Systems (Latest on Current Technologies)
|
|
http://www.hipaa.org/pmsdirectory/
|
|
AAFP, MGMA, ACP-American Society of Internal Medicine, and other societies
launched a Web site to educate and inform doctors about HIPAA. The site
includes an online directory of physician practice management software
companies.
|
|
http://csrc.nist.gov/publications/nistpubs/
|
|
NIST Special Publications
|
|
http://csrc.nist.gov/publications/drafts.html
|
|
NIST DRAFT Special Publications
|
|
http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf
|
|
NIST SP 800-12 An Introduction to Computer Security: The NIST Handbook
|
|
http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf
|
|
NIST SP 800-14 Generally Accepted Principles and Practices for Securing Information
Technology Systems
|
|
http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf
|
|
NIST SP 800-16 IT Security training Role-and Performance-Based Model Pt. 1 Document
|
|
http://csrc.nist.gov/publications/nistpubs/800-16/AppendixA-D.pdf
|
|
NIST SP 800-16 Pt. 2 Appendix A-D
|
|
http://csrc.nist.gov/publications/nistpubs/800-16/Appendix_E.pdf
|
|
NIST SP 800-16 Pt. 3 Appendix E
|
|
http://csrc.nist.gov/publications/nistpubs/800-18/Planguide.PDF
|
|
NIST SP 800-18 Guide for Developing Security Plans for Information Technology Systems
|
|
http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf
|
|
NIST SP 800-26 Security Self-Assessment Guide for Information Technology Systems
|
|
http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf
|
|
NIST SP 800-27 Rev A Engineering Principles for Information Technology Security
(Baseline for Achieving Security)
|
|
http://csrc.nist.gov/publications/drafts/SP800-30-RevA-draft.pdf
|
|
DRAFT NIST SP 800-30 Rev A Risk Management Guide for Information Technology Systems
|
|
http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf
|
|
NIST SP 800-34 Contingency Planning Guide for Information Technology Systems
|
|
http://csrc.nist.gov/publications/nistpubs/800-35/NIST-SP800-35.pdf
|
|
NIST SP 800-35 Guide to Information Technology Security Services
|
|
http://csrc.nist.gov/publications/nistpubs/800-36/NIST-SP800-36.pdf
|
|
NIST SP 800-36 Guide to Selecting Information Security Products
|
|
http://csrc.nist.gov/publications/nistpubs/800-37/SP800-37-final.pdf
|
|
NIST SP 800-37 Guide for the Security Certification and Accreditation of Federal
Information Systems
|
|
http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf
|
|
NIST SP 800-42 Guide on Network Security Testing
|
|
http://csrc.nist.gov/publications/nistpubs/800-47/sp800-47.pdf
|
|
NIST SP 800-47Security Guide for Interconnecting Information Technology Systems
|
|
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
|
|
NIST SP 800-50 Building an Information Technology Security Awareness and training
Program
|
|
http://csrc.nist.gov/publications/drafts/draft-SP800-52.pdf
|
|
DRAFT NIST SP 800-52 Guidelines on the Selection and Use of transport Layer Security
|
|
http://csrc.nist.gov/publications/drafts/SP800-53-Draft2nd.pdf
|
|
DRAFT NIST SP 800-53 Recommended Security Controls for Federal Information Systems
|
|
http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf
|
|
NIST SP 800-55 Security Metrics for Information Technology Systems
|
|
http://csrc.nist.gov/CryptoToolkit/tkkeymgmt.html
|
|
DRAFT NIST SP 800-56 Recommendation on Key Establishment Schemes
|
|
http://csrc.nist.gov/CryptoToolkit/tkkeymgmt.html
|
|
DRAFT NIST SP 800-57 Recommendation on Key Management
|
|
http://csrc.nist.gov/publications/drafts/NIST_SP800-58-040502.pdf
|
|
DRAFT NIST SP 800-58 Security Considerations for Voice Over IP Systems
|
|
http://csrc.nist.gov/publications/drafts/draft-sp800-60V1.pdf
|
|
DRAFT NIST SP 800-60 Guide for Mapping Types of information and Information Systems
to Security Categories Volume 1
|
|
http://csrc.nist.gov/publications/drafts/draft-sp800-60V2.pdf
|
|
DRAFT NIST SP 800-60 Guide for Mapping Types of information and Information Systems
to Security Categories Volume 2
|
|
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf
|
|
NIST SP 800-61 Computer Security Incident Handling Guide
|
|
http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63v6_3_3.pdf
|
|
NIST SP 800-63 Electronic Authentication Guideline
|
|
http://csrc.nist.gov/publications/nistpubs/800-64/NIST-SP800-64.pdf
|
|
NIST SP 800-64 Security Considerations in the Information System Development Life
Cycle
|
|
http://csrc.nist.gov/publications/drafts/draft-SP800-65.pdf
|
|
DRAFT NIST SP 800-65 Integrating IT Security into Capital Planning and Investment
Control Process
|
|
http://csrc.nist.gov/publications/drafts/DRAFT-sp800-66.pdf
|
|
DRAFT NIST SP 800-66 NIST Resource Guide for Implementing HIPAA
|
|
http://csrc.nist.gov/itsec/guidance_WinXP.html
|
|
DRAFT NIST SP 800-68 Guidance for Securing Microsoft Windows XP Systems for IT Professionals:
A NIST Security Configuration Checklist
|
|
http://csrc.nist.gov/publications/drafts/draft-SP800-72.pdf`
|
|
DRAFT NIST SP 800-72 Guidelines for PDA Forensics
|
|
http://csrc.nist.gov/checklists/index.html
|
|
DRAFT NIST SP 800-70 Security Configuration Checklists Program for IT Products
|
|
http://csrc.nist.gov/cryptval/140-2.htm
|
|
FIPS 140-2 Security Requirements for Cryptographic Moduls
|
|
http://csrc.nist.gov/CryptoToolkit/tkkeymgmt.html
|
|
FIPS 171 Key Management Using ANSI X9.17
|
|
http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
|
|
FIPS Publication 199 Standards for Security Categorization of Federal Information
and Information Systems
|
|
http://csrc.nist.gov/publications/drafts/draft-FIPS_201-110804-public1.pdf
|
|
DRAFT FIPS 201 Personal Indentity Verification (PIV) for Federal Employees and Contractors
|
|
http://health.groups.yahoo.com/group/ShareHIPAA
|
|
no-discussion forum is to raise awareness and knowledge of HIPAA
through white papers, PowerPoint presentations, and other attachments (Select "Join
This Group!)
|
|
http://health.groups.yahoo.com/group/ShareHIPAA2
|
|
discussion companion to ShareHIPAA Yahoo! group (Select "Join This Group")
|
|
http://health.groups.yahoo.com/group/ShareHIPAAWork
|
|
listserv focused on human resources needed and available (Select "Join This
Group")
|
|
http://www.wedi.org/snip/caqhimptools/
|
|
Companion Guide Repository
|
|
http://professionals.pr.doe.gov/ma5/MA-5Web.nsf/0/8fce0e12b8810cd985256ae80042cb8b?OpenDocument
|
|
Department of Energy Certified VANS
|
|
http://www.sba.gov/gopher/Ecedi/Info/eced3.txt
|
|
Department of Defense Certified VANS
|
|
http://www.navicp.navy.mil/edi/value.htm
|
|
checklist which provides an example of items that can be used to determine whether
or not a specific Value-Added-Network (VAN) service provider meets your business
requirements
|
|
http://www.nitc.state.ne.us/standards/index.html
|
|
Nebraska Information Technology Commission IT Security Plan and Program:
Policies, Procedures, System Configurations
|
|
http://www.fda.gov/ora/compliance_ref/bimo/ffinalcct.pdf
|
|
FDA's "Guidance for Industry: Computerized Systems Used in Clinical trials."
It provides security and electronic records guidance
|
|
http://www.aamc.org/members/gir/gasp/start.htm
|
|
Guidelines for Academic Medical Centers: Practical Strategies for Addressing
HIPAA Privacy and Security
|
|
http://www.nsa.gov/snac/downloads_os.cfm?MenuID=scg10.3.1.1
|
|
NSA Guidance for Operating Systems Configuration Guides for security baseline
|
|
http://ohrp.osophs.dhhs.gov/humansubjects/guidance/reposit.htm
|
|
OHRP guidance on the consent to bank tissue
|
|
http://www.nesnip.org/pdf/NEmodelauth.pdf
|
|
Nebraska SNIP Privacy Work Group put together a model HIPAA authorization form for
attorneys to use.
|
|
http://www.aishealth.com/Compliance/Hipaa/RPPVictimsandMurderers.html
|
|
From Victims to Murderers, PHI Disclosures to Law Enforcement Get Very Fact-Specific
|
|
www.ahima.org
|
|
select "HIM RESOURCES" on top banner. Select 'FORE Library: HIM Body of
Knowledge' from next screen. On the next page enter "Medical Record Retention"
in the Quick Search box to access a state-by-state medical record retention requirements
matrix in pdf
|
|
http://www.dol.gov/dol/allcfr/ESA/Title_29/Part_825/29CFR825.306.htm
|
|
Department of Labor requirments for FMLA Certification
|
|
http://www.systranbox.com/systran/box
|
|
use this web page to translate from one language to another. They have many languages
to choose from. Type in the sentence or paragraph and it will translate.
It may not be perfect. But it is a start.
|
|
http://library.ahima.org/xpedio/groups/public/documents/ahima/pub_bok1_012545.html
|
|
AHIMA Practice Brief: Retention of Health Information
|
|
http://www.medicalprivacy.unc.edu/index.html
|
|
The Univ. of NC Institute of Government provides HIPAA Privacy implementation support
to NC local health departments, mental health authorities, emergency medical services
departments and local departments of social services agencies. Subscribe/unsubscribe
to listserv.
|
|
http://library.ahima.org/xpedio/groups/public/documents/ahima/pub_bok1_017122.html
|
|
AHIMA Practice Brief: Defining the Designated Record Set
|
|
http://www.hospitalconnect.com/aha/key_issues/hipaa/resources/PreemptMap/PreemptionAnalysisMap.html
|
|
AHA HIPAA State Preemption Analysis
|