Publications
Documents by Susan A. Miller J.D. Susan Miller is a nationally recognized expert in HIPAA and the HITECH ACT working for federal agencies, states, and national and state trade associations. She has been WEDI's security + privacy co-chair since she helped found the workgroup in 2000.
Subscriptions
| Health Care Information Report Subscription The Health Care Information Report is a weekly email-delivered review and commentary on the major news in the healthcare industry trade press covering: · Privacy and Security · Transactions and Code Sets · HIT/EHR News · Other Healthcare News |
About Subscriptions For Distribution Within your Enterprise, Contact Us |
|
|
Monthly |
||
|
Annual |
||
 |
 |
Nationwide Health Information Network: Conditions for Trusted Exchange Briefing and Analysis This document outlines the nationwide health information network conditions for trusted exchange. While the Office of the National Coordinator (ONC) calls it the governance structure it is really the outline of a new validation process if you are going to participate in the electronic exhange of medical information. In other words it is an imposition from the top so that eventually even the smallest entity will be able to exchange electronic information with a larger organization.
Use the practical information within this document now to plan what may need to be in your business associate agreements, to plan the data you will be able to exchange, to determine who meets the conditions of exchange, and to map out which entities to trust for data exchange. |
FREE | Download |
Documents by MalvernGroup  Sample Content |
HIPAA Security Audit PrepBook
The PrepBook is based on the OCR HIPAA Audit Protocols that contain the instructions OCR auditors are to follow when assessing a covered entity’s compliance with the HIPAA Security rules. The PrepBook includes explanations of terms used in the OCR HIPAA Breach and Privacy Audit Protocols, comments on the Rules and clear statements of evidence the auditors will ask for as well as additional evidence that may be helpful in responding to an audit. The 77 rows of the MS Word table are annotated with more than 50 footnotes and the PrepBook includes a table of contents for easy access to the Key Activities, as defined by the OCR HIPAA Audit Protocol. Use this PrepBook to perform a documentation gap analysis, to document your readiness and to establish a plan to prepare for an audit. . Buy this publication if you want a comprehensive planning template and access to expert clarification and interpretation about the documentation that may be requested in an OCR HIPAA Security Audit.
|
$149 |
Sample Content |
HIPAA Breach & Privacy Audit PrepBook This PrepBook is essential for all Covered Entities and Business Associates who want to prepare for an OCR HIPAA audit. The PrepBook is based on the OCR HIPAA Audit Protocols that contain the instructions OCR auditors are to follow when assessing a covered entity’s compliance with the HIPAA Breach and Privacy rules. The PrepBook includes explanations of terms used in the OCR HIPAA Breach and Privacy Audit Protocols, comments on the Rules and clear statements of evidence the auditors will ask for as well as additional evidence that may be helpful in responding to an audit. The 88 rows of the MS Word table are annotated with more than 80 footnotes and the PrepBook includes a table of contents for easy access to the Key Activities, as defined by the OCR HIPAA Audit Protocol. Use this PrepBook to perform a documentation gap analysis, to document your readiness and to establish a plan to prepare for an audit. . Buy this publication if you want a comprehensive planning template and access to expert clarification and interpretation about the documentation that may be requested in an OCR HIPAA Breach and Privacy Audit Purchasers of a license to this document are granted a license in accordance with our license policy. |
$149 |
Sample Security Content Sample Breach & Privacy Content |
Get BOTH the Security and Breach & Privacy Audit PrepBooks |
$199 |
 |
HIPAA & HITECH Master Policy Template This Master Policy Template is an indispensable tool for policy writers who: 1. Customize Policies 2. Write their own Policies 3. Are consolidating Policies 4. Are concerned about the quality and structure of their Policies Use this Master Template to standardize the structure of all your Policies. Take advantage of the many years of experience the author and reviewers have in reading, writing and improving their clients' policies. This Master Template includes the minimum recommended administrative content and topic headings necessary for writing good policies. Explanations of more than 20 topic headings are provided to assist you in understanding the meanings of each of the headings. In addition, there is a complete sample HIPAA Policy that demonstrates the use of the Master Template. Purchasers of a license to this document are granted a license in accordance with our license policy. This document, authored by Carl N. Abramson, has been reviewed by Susan A. Miller, J.D. and Kathleen A. Lucey, FBCI. |
$49 |
|
Breach Response Toolkit Now that plans for compliance with the Breach Notification Rule have been requested under the OCR Audit Program pilot your organization may be audited on its Breach Response plan and evidence of compliance. MalvernGroup's Breach Response Toolkit is invaluable for development and documentation of your Breach Response Plan, Policies and Procedures and compliance evidence following a breach. The Toolkit provides a foundation so that “in the heat of battle”, better decisions are made more quickly and fewer mistakes are likely to be made. It provides a foundation for compliance, ongoing training and process improvement so that response is less dependent on the people involved at the time. The Toolkit includes the policy, detailed procedures, forms and companion flow templates to reduce organizational risk and improve HIPAA compliance. It provides a framework for planning, designing, implementing and testing an organization's response to small and large breaches.
MalvernGroup Breach Response Toolkit documents come with free updates to keep up with regulatory changes within 6 months from purchase. |
||||
 Table of Contents |
Incident Response Policy and Procedures for Covered Entities This 30 page document is suitable for use by a individuals who are responsible for a Covered Entity's privacy and security policies and procedures. Addresses HIPAA Security policy requirements and procedures for responding to a privacy or security incident and integrates initial procedures necessary to document and notify internal and external parties about a potential breach. Includes comprehensive policy, written processes, flowcharts and forms templates. Purchasers of a license to this document are granted a license in accordance with our license policy. This document, reviewed by Susan A. Miller J.D. and Chester M. Winters CISA, is part of the MalvernGroup Breach Response Toolkit. |
$345 | ||
|
Breach Response Plan Template for Covered Entities and Business Associates who have responsibilities for Notification. This 16 page comprehensive Breach Response Plan template identifies the many decisions that should be documented before a breach occurs. Roles and responsibilities are suggested, as are important considerations for responding to a breach and subsequent notification to many parties. This document is an indespensible aid for planning responses to large or small breaches, whether or not the response is managed by your covered entity or outsourced. Build your plan around this template. Purchasers of a license to this document are granted a license in accordance with our license policy. This document, reviewed by Susan A. Miller J.D., is part of the MalvernGroup Breach Response Toolkit. |
$60 |
|
||
 Sample Table of Contents Sample Procedure Sample Companion Flow Chart |
NEW The document includes a comprehensive policy covering ALL HIPAA breach requirements, as well as eight procedure templates documented in an easy to follow text format and a companion easy to follow flow chart format. In addition, there are step-by-step instructions and explanatory information to help customize the templates to your organizational needs. MalvernGroup’s HIPAA Breach Policy and Risk Assessment Procedures addresses both the required and suggested organizational procedures, from the receipt of a presumed breach report through the determination of whether affected individuals must be notified. Buy HIPAA Breach Policy and Risk Assessment Procedures if you need to update your existing breach policy and procedures or you want to review the completeness and thoroughness of your work.
Also see the MalvernGroup HIPAA Breach Response Plan Template for Covered Entities for a comprehensive outline of the topics and decisions you need for evidence of compliance, and to help you plan for responding to the receipt of a presumed breach report. |
$495 |
||
 Table of Contents |
Incident Response Policy and Procedures for Business Associates This 40 page document is suitable for use by individuals who are responsible for a Business Associate's privacy and security policies and procedures. Covered Entities can use this document to help ensure their Business Associates adopt and implement acceptable privacy and security incident response policy and procedures. Addresses HIPAA Security policy requirements and procedures for responding to a privacy or security incident and integrates procedures for notification of covered entities and others about a potential breach. Includes comprehensive policy, written processes, flowcharts and forms templates. Purchasers of a license to this document are granted a license in accordance with our license policy. This document, reviewed by Susan A. Miller J.D. and Chester M. Winters CISA, is part of the MalvernGroup Breach Response Toolkit. |
$495 | ||
|
|
||||
| Purchase Orders | ||||
