The U.S. Office for Civil Rights HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. The protocol covers Privacy Rule requirements for notice of privacy practices for PHI, rights to request privacy protection for PHI, access of individuals to PHI, administrative requirements, uses and disclosures of PHI, amendment of PHI, accounting of disclosures and requirements for the Breach Notification Rule.
This form provides a method of communicating the initial known details of a possible information security incident within an organization. The form is offered in word format for easy customizing.
This agenda was created by Clearwater Compliance in tandem with its HIPAA Compliance Privacy Program Charter. The agenda outlines topics for discussion in order to begin the process of building an organizational HIPAA privacy program. The agenda is offered in word format for easy customizing.
This charter by Clearwater Compliance offers a template to assist organizations in establishing a HIPAA privacy program, beginning with the creation of a HIPAA privacy council to guide the program’s development. For further guidance, see Clearwater Compliance’s HIPAA Privacy Council Initial Meeting Agenda. The template is offered in word format for easy customizing.
The Information and Privacy Commissioner of Ontario provides a practical guide for implementing the principles of Privacy by Design in the mobile communications industry.
The U.S. Federal Trade Commission released this report setting forth best practices for businesses to protect the privacy of American consumers and give them greater control over the collection and use of their personal data.
This webpage includes the HIPAA privacy components of the Privacy and Security Toolkit developed by the U.S. Department of Health and Human Services in conjunction with the Office of the National Coordinator. The Privacy and Security Toolkit implements the principles in The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (Privacy and Security Framework). These guidance documents discuss how the Privacy Rule can facilitate the electronic exchange of health information.
In order to bridge differences in approaches to privacy and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed this "safe harbor" framework. This site provides the information organizations need to evaluate and join the U.S.-EU Safe Harbor program.
Created by Nicholas Cramer of AllClear ID, this whitepaper takes a close look at key considerations involved in responding to data breaches of all sizes to help privacy, risk, legal and compliance professionals understand some of the nuances involved in a data breach response.
This IT security guide created by the British Information Commissioner’s Office aims to give small businesses practical advice in the area of IT security.
This guidance published by the CIO Council and the Chief Acquisition Officers Council provides federal agencies guidance in effectively implementing the government’s “Cloud First” policy and moving forward with the Federal Cloud Computing Strategy by focusing on ways to more effectively procure cloud services within existing regulations and laws.
The Texas Health Services Authority developed the Texas Model BAA as an aid for use between healthcare providers and the state's grant-funded health information exchanges to satisfy federal HIPAA requirements related to electronic exchange of protected health information.
Prepared for the Texas Health and Human Services Commission and the Texas Health Services Authority by Patricia Gray, this paper addresses legal requirements for providing and maintaining the security of a patient’s personal health information by those who have access to it.
This document created by the Expertise Department of the CNIL is a catalogue of good practices intended to treat risks that the processing of personal data may pose to the civil liberties and privacy of data subjects. It supplements the risk management method of the CNIL, the French data protection authority, with regard to risks to civil liberties and privacy and helps to determine the measures proportionate to the risks identified using this method.
This document created by the Expertise Department of the CNIL describes a method for managing risks that the processing of personal data can generate to individuals. It includes a complete analytical approach for improving the processing personal data.
Page 7 of 11 pages ‹ First < 5 6 7 8 9 > Last ›