Re: HIPAA certs

["Chris Berry" <compjma () hotmail com>]

> From: "Jason Hastain" <hastain () sbcglobal net>
> I have a few clients who are doctors running small practices.  They have
> small LAN's and DSL connectinos behind a simple NAT router/firewall in one
> case and persoanl FW's in the other (unfortunatly not my decision in either
> case).
>
> Each has approached me about the HIPAA certs in the last week.  I have read
> through what seams reams of pages on it b ut have been unable to deduce
> anything other than general good security practices.  Strong passwords,
> offsite encrypted backups, real firewalls, etc and so on.
>
> Can anyone shed some light onto this subject or point me to a document with
> only the IT requirements prefereably boiled down to something simple?
>
> And also has anyone had any experience yet with the HIPAA investigators or
> quality control people checking on a site?  any ideas what they are looking
> for?
>
> I understand it is a 20k dollar fine for each infraction so I would hate 
> for
> it to be on my watch.

As far as I've been able to determine so far, from IT's point of view, it 
just means following good security practices, and a ton of documentation.  
I'm working on this myself so contact me off list if you'd like to discuss 
it in more detail.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Linux and I have a love/hate relationship.  I hate its complexity until I 
figure out how something works, then I love its power."

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail