Re: hipaa guidance

[Josh Tolley <eggyknap () gmail com>]

On 10 Oct 2005 15:46:35 -0000, absolutezero273c () myrealbox com
<absolutezero273c () myrealbox com> wrote:
> G'Day, all.
>
> I do consulting and had a client ask me to review their HIPAA documentation.  I have been reviewing hipaa rules and 
> it appears to me that there are guidelines to follow but find it very difficult to apply this to my client.
>
> Background:
> 1. It is a small non-profit organization that has less than 50 employees.
> 2. I am not an expert on hipaa. Hence my post.
>
> Question(s):
> 1. Are there recommendations for certain types and sizes of organizations available for guidance?
> 2. How does one find a reputable hipaa consultant in their locale?  Are there certifications or any other indicators 
> to let me know whether or not this person/company is knowledgeable?
>
> As you can tell, I am on the fence as to whether or not I should even attempt this, or if I should simply hand it off 
> to someone else who knows what they are doing, for the good of my client.
>
> Has anyone else been in this position and what would you recommend?
>
> Thanks in advance.
>
> Dana

NIST has issued some guidelines on implementation specifics, which may
be of use. In my discussions with some (ie. not too many) HIPAA
professionals, the organizations listed at www.hipaaacademy.net tend
to have good reputations for HIPAA-related certifications. Your best
bet for evaluating self-proclaimed HIPAA folks is probably to talk to
their clients, as HIPAA hasn't been around long enough to really
establish best practices for evaluating HIPAA evangelists.My
suggestion is if you have the time, study up on HIPAA and decide how
much liability you're willing to accept by going over the docs for
your client, and respond accordingly. If you don't have time to study
HIPAA (ie. read through the regs themselves, and at least some of the
associated commentary) don't even start -- turn it over to someone
else who knows what they're doing.

-Josh