Security Basics mailing list archives
Re: hipaa guidance
From: Josh Tolley <eggyknap () gmail com>
Date: Tue, 11 Oct 2005 13:37:39 -0600
On 10 Oct 2005 15:46:35 -0000, absolutezero273c () myrealbox com <absolutezero273c () myrealbox com> wrote:
G'Day, all. I do consulting and had a client ask me to review their HIPAA documentation. I have been reviewing hipaa rules and it appears to me that there are guidelines to follow but find it very difficult to apply this to my client. Background: 1. It is a small non-profit organization that has less than 50 employees. 2. I am not an expert on hipaa. Hence my post. Question(s): 1. Are there recommendations for certain types and sizes of organizations available for guidance? 2. How does one find a reputable hipaa consultant in their locale? Are there certifications or any other indicators to let me know whether or not this person/company is knowledgeable? As you can tell, I am on the fence as to whether or not I should even attempt this, or if I should simply hand it off to someone else who knows what they are doing, for the good of my client. Has anyone else been in this position and what would you recommend? Thanks in advance. Dana
NIST has issued some guidelines on implementation specifics, which may be of use. In my discussions with some (ie. not too many) HIPAA professionals, the organizations listed at www.hipaaacademy.net tend to have good reputations for HIPAA-related certifications. Your best bet for evaluating self-proclaimed HIPAA folks is probably to talk to their clients, as HIPAA hasn't been around long enough to really establish best practices for evaluating HIPAA evangelists.My suggestion is if you have the time, study up on HIPAA and decide how much liability you're willing to accept by going over the docs for your client, and respond accordingly. If you don't have time to study HIPAA (ie. read through the regs themselves, and at least some of the associated commentary) don't even start -- turn it over to someone else who knows what they're doing. -Josh
Current thread:
- hipaa guidance absolutezero273c (Oct 11)
- Re: hipaa guidance Josh Tolley (Oct 12)
- Re: hipaa guidance Josh Tolley (Oct 13)
- <Possible follow-ups>
- Re: hipaa guidance jblackley (Oct 12)
- RE: hipaa guidance Cronican, John (Oct 13)
- Re: hipaa guidance Dana (Oct 13)
- Re: hipaa guidance Impulse (Oct 14)
- RE: hipaa guidance Chinnery, Paul (Oct 14)