Title -- Copyright -- Contents -- Preface -- Chapter 1: Introduction to HIPAA and the HIPAA Breach Notification Rule -- Introduction to HIPAA -- The 18 HIPAA Identifiers -- Breaches -- Summary of HIPAA Breach Notification Requirements -- State Breach Notification Laws -- Chapter 2: Protected Health Information -- PHI and the HIPAA Privacy Rule -- Securing Protected Health Information -- HHS Guidance for Securing Protected Health Information -- Ransomware -- Cyber Liability Insurance -- Experts -- Chapter 3: Sending a Breach Notification -- Exceptions to Sending a Breach Notification -- The Three Exclusions -- Secured PHI -- Low Probability of Compromise: The Four-Factor Test -- How to Send Breach Notification -- Notice to Affected Individuals -- When to Send a Notice to Individuals -- Notice to the Office for Civil Rights -- Notice to the News Media -- Payment Card Industry Data Security Standard -- Chapter 4: Implementing a HIPAA Compliance Program -- Written Policies and Procedures -- Training -- Sanctions -- Document Retention -- Chapter 5: HIPAA Penalties and Enforcement Examples -- Civil Penalties -- Criminal Penalties -- How Violations Are Counted -- HIPAA Breach Notification Rule Enforcement Examples -- Mailing PHI to the Wrong Addresses -- Failure to Terminate a Former Employee's Access to Protected Health Information -- Stealing Database of Patient Records and Demanding Money for Their Return -- Thief Steals Health System's Unencrypted Laptop -- FQHC Impermissibly Discloses PHI to an Unknown Email Account -- Appendix A: The HIPAA Breach Notification Rule Full Text -- 164.400 Applicability -- 164.402 Definitions -- 164.404 Notification to individuals -- 164.406 Notification to the media -- 164.408 Notification to the Secretary -- 164.410 Notification by a business associate -- 164.412 Law enforcement delay.

164.414 Administrative requirements and burden of proof -- Appendix B: Breach Portal Required Information -- Appendix C: Password Protecting Common Document Types -- Appendix D: Full Disk Encryption -- Where Can I Obtain Full Disk Encryption Software? -- Strong Passwords -- Appendix E: Sample HIPAA Breach Notification Rule Policies and Procedures -- HIPAA Breach Notification Policies and Procedures -- Breach Notification -- Notification to Individuals -- Notification to the Media -- Notification to the Secretary of the U.S. Department of Health and Human Services -- Law Enforcement Delay -- Copies of Policies and Procedures -- Training -- Sanctions -- Non-retaliation -- Document Retention -- State Law -- Appendix F: Sample Forms -- Sample Investigation Worksheet for Suspected Data Breaches of Protected Health Information -- Investigation Worksheet -- Next Steps -- Sample Documentation of the Four-Factor Test -- Sample Business Associate Agreement -- Sample HIPAA Training Sign-in Sheet -- Sample Breach Log for Reporting to OCR -- Sample Agreement to Receive Electronic Communication -- Sample Documentation of Law Enforcement Delay -- Sample Media Release -- Sample Breach Notification Letter: Misdirected Email -- Sample Breach Notification Letter: Misdirected Letter -- Sample Breach Notification Letter: Hacking Incident -- Sample Breach Notification Letter: Ransomware Incident -- Sample Breach Notification Letter: Insider Misconduct -- Appendix G: Ransomware and HIPAA Factsheet -- Appendix H: HIPAA Scenarios -- The Restaurant -- The Ex-Boyfriend -- The Ransomware Attack -- The Conspiracy -- The Encrypted Laptop -- Resources -- References -- Index.