HIPAA Compliance

["Menne, Michael S" <michael.menne () MNSU EDU>]

What types of things are institutions doing for HIPAA compliance for covered functions at small-medium sized 
non-medical / research institutions?

We have two covered functions presently and are looking to add a third.  HIPAA compliance makes me personally very 
nervous as I don't understand it very well.  We have a designated HIPAA Privacy Officer who is equally as nervous about 
it.

Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
www.mnsu.edu/its/security<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mnsu.edu%2Fits%2Fsecurity&data=02%7C01%7Cmichael.menne%40mnsu.edu%7Cc3f4cd9ab99f4649715b08d711fdf18b%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636997654686922241&sdata=NzHU9kDya1V9tYgnABc4v7zjESJZYry6TOWstB%2FZSZs%3D&reserved=0>

[signature_2008603909]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community