Re: HIPAA certs

[Gene Yoo <gyoo () attbi com>]

Chris Berry wrote:
> > From: "Jason Hastain" <hastain () sbcglobal net>
> > I have a few clients who are doctors running small practices.  They have
> > small LAN's and DSL connectinos behind a simple NAT router/firewall in 
> > one
> > case and persoanl FW's in the other (unfortunatly not my decision in 
> > either
> > case).
> >
> > Each has approached me about the HIPAA certs in the last week.  I have 
> > read
> > through what seams reams of pages on it b ut have been unable to deduce
> > anything other than general good security practices.  Strong passwords,
> > offsite encrypted backups, real firewalls, etc and so on.
> >
> > Can anyone shed some light onto this subject or point me to a document 
> > with
> > only the IT requirements prefereably boiled down to something simple?
> >
> > And also has anyone had any experience yet with the HIPAA 
> > investigators or
> > quality control people checking on a site?  any ideas what they are 
> > looking
> > for?
> >
> > I understand it is a 20k dollar fine for each infraction so I would 
> > hate for
> > it to be on my watch.
>
>
> As far as I've been able to determine so far, from IT's point of view, 
> it just means following good security practices, and a ton of 
> documentation.  I'm working on this myself so contact me off list if 
> you'd like to discuss it in more detail.
>
> Chris Berry
> compjma () hotmail com
> Systems Administrator
> JM Associates
>
> "Linux and I have a love/hate relationship.  I hate its complexity until 
> I figure out how something works, then I love its power."
>
> _________________________________________________________________
> Tired of spam? Get advanced junk mail protection with MSN 8. 
> http://join.msn.com/?page=features/junkmail

jason, hipaa deals with more than practices and so forth, actually more 
with transmission and access of patient information.  you should ask the 
vendor to provide you with a documentation on hipaa compliance as i'm 
sure they'll be more than happy to provide during the rfq/ifb process. 
i believe there are number of books on IT's role on hipaa and you should 
research further on this since this is not a simple subject matter.

a good place to start would be the department of health services. gene
--
<<gyoo [at] attbi [dot] com>>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R
xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+
otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs
5CODZqUPyg==
=AolA
-----END PGP SIGNATURE-----