Re: Healthcare Standards and Regulations

[Jason Kolpin <jasonk () ncat org>]

I've looked here and now have looked again. Is it just me or is there 
absolutely no cut and dry guidance for the physical and logical network 
design regulations for healthcare IT infrastructures? I can sit and read 
and read to get my one or two sentences per document that covers what I 
am positive is a tiny chunk of the entire whole, but is this really 
necessary? Somewhere there must be some cut and dry list of HIPAA 
requirements for IT infrastructure, segmentation, firewalling, and data 
security. I'm not so concerned about the software or services, I am 
positive I can manage that what I am concerned about is not having the 
email server sharing a zone that their medical records zone is or 
whatever the requirements may be. I'm also concerned about network user 
policy and the regulations that apply there as well including vlan 
implementation, what doctors should be able to see and do as well as 
what others should and should not be able to do. Nice guess at 
California as we have offices there, I am in MT though.

I also must note that at a glance the suggestion from another post to 
read NIST P-800-66 looks promising to a degree.

Jason Kolpin
Web Specialist
National Center for Appropriate Technology
www.ncat.org



John Morrison wrote:
> Jason,
>
> As you are in California I assume the main regulation is HIPAA. Have
> you tried the HIPAA Resource Center
> (http://www.aishealth.com/Compliance/HIPAAResource.html) as a starting
> point?
>
> Also, do the suppliers of the products have any literature?
>
> On 14 April 2010 23:22, Jason Kolpin <jasonk () ncat org> wrote:
>   
> > Hello!
> >
> > I have been approached by a small medical practice to build an
> > infrastructure from the ground up. After some research I decided I knew
> > nothing about best practices and such in this environment, these folks are
> > in a rural area and have no clue who to contact, I am at a loss as well
> > other than a big company like Seimans or something. It would be greatly
> > appreciated if anyone on this list knew of a place where I could get some
> > solid information on this subject, refer these folks to a company that does
> > this sort of thing, or offer some advice for a situation such as this. It's
> > not like I am completely clueless concerning server setup and stuff like
> > that, I work IT, I am more interested in security related information such
> > as typical physical layout for the network, IE firewalling and data/service
> > separation issues.
> >
> > Excuse my ignorance here as this is completely new to me.
> > I have been asked about LIS, RIS, PM, patient records server,
> > scheduling/calendar, billing, email server, domain controller, VPN from two
> > locations and some more. I'm just looking for some simple "stick man"
> > drawings of a typical physical layout using this type of stuff, as well as a
> > place I might go to find out about required/mandated policies and such, and
> > even a few hints on policies you may know that you find important in a
> > situation such as this.
> >
> > FYI I have already informed these people I am not the man for the job as the
> > risk is too great for me should something bad happen but they are probably
> > going to use me as a consultant, they have no IT staff and are completely
> > clueless about how the simplest of things work.
> >
> > I know this is a lot to ask of a mailing list so no surprise if I get no
> > response.
> >
> > --
> > Jason Kolpin
> > Web Specialist
> > National Center for Appropriate Technology
> > www.ncat.org
> >
> >
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL
> > certificate.  We look at how SSL works, how it benefits your company and how
> > your customers can tell if a site is secure. You will find out how to test,
> > purchase, install and use a thawte Digital Certificate on your Apache web
> > server. Throughout, best practices for set-up are highlighted to help you
> > ensure efficient ongoing management of your encryption keys and digital
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
> >
> >
> >     
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
> it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
> install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
> highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>
>   


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------