The Practical Guide to HIPAA Privacy and Security Compliance

GREAT resource. Very detailed. I cannot recommend this book highly enough. It is useful as both reading cover to cover and as a reference. It also links you to external sources of information, such as NIST publications on risk assessment, privacy blogs, ect.I think it is interesting how the two authors cowrote this book. Herold handles the privacy half and Beaver handles the security. They have very distinct writing styles. The privacy section is more perspective (compliance based -- do this, do that, have a business associate agreement, have a notice of privacy practices with this and that in it, document PHI disclosures, , ect....) whereas the security section is vaguer (reflecting HIPAA's risk based approach).It is worth noting that just because you read this book doesn't mean that you are qualified to do this in the real world -- this book won't make you an information security expert, capable of doing detailed risk analyses. Rather think of this book as one that will take an Infosec/Laywer/provider/ect and make them competent with HIPAA.My only qualm is that the binding seems to be coming loose. That might be in part due to the fact that I open it so much, however most books don't physically deteriorate that rapidly. Not the fault of the authors, rather the publisher.

A tough subject to unravel, this HIPAA law, but Herold did it, and with clarity. I've been in the medical field for over 30 years, and this book gave concise, direct insights I have not found in other manuals/training guides. Honestly, I don't know why anyone would drop $200-300 on books/manuals/guides that are cumbersome, wordy and unnecessarily bloated when they can have THIS guide. The most important thing I learned from this guide is: GONE are the days that a medical business can just use some type of pre-formed template to simply fill in blanks. HIPAA notices now have to be tailored-worded, exquisite specific to each individual medical practice, and in regards to its business, its services, etc. With explicit examples and directions from which to model, I was able to draft one specific for our practice. It was a 2-day work in progress, but once it was finished, I felt proud we could show our own personalized HIPAA guide to our patients.

This is a very good book, however it is now dated - written in 2003. Since then, in 2009, HITECH has come into force and the law is more stringent and broader than at the time this book was written. I can not tell whether the upcoming second edition will account for that. Until you are sure it does, pass on the book.

Even for someone who has been dealing with HIPAA for a number of years, there were a number of useful hints and tidbits here. Given the risks of noncompliance, the book was a good value.

While informative, the book is very poorly edited. Pages include the same paragraph twice and lists include the same point multiple times. The information is confusing enough without realizing the list of exceptions you just read has been cut and pasted from the page before and it's just ONE set of exceptions. I would have given it 3 stars but for such an expensive book it should be better edited.

Bullet points, check boxes, and random punctuation on their own line. Cannot use for class because the page numbers are so far off. Spent an extra $10 on the physical textbook I had to buy

Great price on a book needed for college! Bough

Good info for its time, but not updated.