Security Basics mailing list archives
RE: HIPAA certs
From: "Taylor, Bud" <BTaylor () stginc com>
Date: Fri, 21 Feb 2003 10:09:52 -0500
The answer is that until it gets to court no one knows. HIPAA represents 1000's of pages of requirements that are ambiguous at best and contradictory at worst. HIPAA's useful function is the standardization of procedure codes saving the health care industry and in turn consumers untold sums. For implementing HIPAA security compliance, best bet is to secure the infrastructure to DoD standards and industry best practices. Include in your contract that you will not represent your clients in court as if you end up in front of a judge it's anyone's best guess as to what may happen. -----Original Message----- From: Jason Hastain [mailto:hastain () sbcglobal net] Sent: Thursday, February 20, 2003 1:29 PM To: security-basics () securityfocus com Subject: HIPAA certs hey all, I have a few clients who are doctors running small practices. They have small LAN's and DSL connectinos behind a simple NAT router/firewall in one case and persoanl FW's in the other (unfortunatly not my decision in either case). Each has approached me about the HIPAA certs in the last week. I have read through what seams reams of pages on it b ut have been unable to deduce anything other than general good security practices. Strong passwords, offsite encrypted backups, real firewalls, etc and so on. Can anyone shed some light onto this subject or point me to a document with only the IT requirements prefereably boiled down to something simple? And also has anyone had any experience yet with the HIPAA investigators or quality control people checking on a site? any ideas what they are looking for? I understand it is a 20k dollar fine for each infraction so I would hate for it to be on my watch. tia Jason Hastain Hastain Consulting
Current thread:
- HIPAA certs Jason Hastain (Feb 20)
- Re: HIPAA certs Brian Jones (Feb 22)
- RE: HIPAA certs John Tolmachoff (Feb 22)
- <Possible follow-ups>
- Re: HIPAA certs Chris Berry (Feb 22)
- Re: HIPAA certs Gene Yoo (Feb 24)
- RE: HIPAA certs Garbrecht, Frederick (Feb 22)
- RE: HIPAA certs Taylor, Bud (Feb 22)
- RE: HIPAA certs Robinson, Sonja (Feb 22)
- RE: HIPAA certs Tucker, Jason (Feb 24)
- RE: HIPAA certs Chris Berry (Feb 25)
- RE: HIPAA certs John Tolmachoff (Feb 25)
- RE: HIPAA certs Drew Hunt (Feb 28)