Security Basics mailing list archives
Re: hipaa guidance
From: Josh Tolley <eggyknap () gmail com>
Date: Thu, 13 Oct 2005 06:48:25 -0600
On 10 Oct 2005 15:46:35 -0000, absolutezero273c () myrealbox com <absolutezero273c () myrealbox com> wrote:
G'Day, all. I do consulting and had a client ask me to review their HIPAA documentation. I have been reviewing hipaa rules and it appears to me that there are guidelines to follow but find it very difficult to apply this to my client. Background: 1. It is a small non-profit organization that has less than 50 employees. 2. I am not an expert on hipaa. Hence my post. Question(s): 1. Are there recommendations for certain types and sizes of organizations available for guidance? 2. How does one find a reputable hipaa consultant in their locale? Are there certifications or any other indicators to let me know whether or not this person/company is knowledgeable? As you can tell, I am on the fence as to whether or not I should even attempt this, or if I should simply hand it off to someone else who knows what they are doing, for the good of my client. Has anyone else been in this position and what would you recommend? Thanks in advance. Dana
I apologize for replying to my own post, but keep in mind also that there is more to HIPAA than security. The HIPAA security rule is in my estimation by far the simplest of the HIPAA regulations, however many of the provisions of the HIPAA privacy rule cover subjects that traditionally fall under the control of typical IT Security personnel. In your shoes, if I agreed to go over their HIPAA-related behaviors at all (which I'd probably do, depending on the liability they expected to assign me as a result, but I've spent some time with HIPAA in the past), I'd make sure the client understood there was more to HIPAA than just that which fell under my expertise, and that my stamp of approval wasn't enough to suggest that they are compliant with all the HIPAA regulations. Again, the regulation texts aren't all that long, in particular the security reg, especially if you skip the comments (which contain some valuable information, but aren't necessary for a basic intro) and reading them will get you far. -Josh
Current thread:
- hipaa guidance absolutezero273c (Oct 11)
- Re: hipaa guidance Josh Tolley (Oct 12)
- Re: hipaa guidance Josh Tolley (Oct 13)
- <Possible follow-ups>
- Re: hipaa guidance jblackley (Oct 12)
- RE: hipaa guidance Cronican, John (Oct 13)
- Re: hipaa guidance Dana (Oct 13)
- Re: hipaa guidance Impulse (Oct 14)
- RE: hipaa guidance Chinnery, Paul (Oct 14)