Security Basics mailing list archives
Re: HIPAA certs
From: Gene Yoo <gyoo () attbi com>
Date: Mon, 24 Feb 2003 08:59:37 -0800
Chris Berry wrote:
From: "Jason Hastain" <hastain () sbcglobal net> I have a few clients who are doctors running small practices. They havesmall LAN's and DSL connectinos behind a simple NAT router/firewall in one case and persoanl FW's in the other (unfortunatly not my decision in eithercase).Each has approached me about the HIPAA certs in the last week. I have readthrough what seams reams of pages on it b ut have been unable to deduce anything other than general good security practices. Strong passwords, offsite encrypted backups, real firewalls, etc and so on.Can anyone shed some light onto this subject or point me to a document withonly the IT requirements prefereably boiled down to something simple?And also has anyone had any experience yet with the HIPAA investigators or quality control people checking on a site? any ideas what they are lookingfor?I understand it is a 20k dollar fine for each infraction so I would hate forit to be on my watch.As far as I've been able to determine so far, from IT's point of view, it just means following good security practices, and a ton of documentation. I'm working on this myself so contact me off list if you'd like to discuss it in more detail.Chris Berry compjma () hotmail com Systems Administrator JM Associates"Linux and I have a love/hate relationship. I hate its complexity until I figure out how something works, then I love its power."_________________________________________________________________Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
jason, hipaa deals with more than practices and so forth, actually more with transmission and access of patient information. you should ask the vendor to provide you with a documentation on hipaa compliance as i'm sure they'll be more than happy to provide during the rfq/ifb process. i believe there are number of books on IT's role on hipaa and you should research further on this since this is not a simple subject matter.
a good place to start would be the department of health services. gene -- <<gyoo [at] attbi [dot] com>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+ otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs 5CODZqUPyg== =AolA -----END PGP SIGNATURE-----
Current thread:
- HIPAA certs Jason Hastain (Feb 20)
- Re: HIPAA certs Brian Jones (Feb 22)
- RE: HIPAA certs John Tolmachoff (Feb 22)
- <Possible follow-ups>
- Re: HIPAA certs Chris Berry (Feb 22)
- Re: HIPAA certs Gene Yoo (Feb 24)
- RE: HIPAA certs Garbrecht, Frederick (Feb 22)
- RE: HIPAA certs Taylor, Bud (Feb 22)
- RE: HIPAA certs Robinson, Sonja (Feb 22)
- RE: HIPAA certs Tucker, Jason (Feb 24)
- RE: HIPAA certs Chris Berry (Feb 25)
- RE: HIPAA certs John Tolmachoff (Feb 25)
- RE: HIPAA certs Drew Hunt (Feb 28)