Question about HIPAA Compliance in application development

[Rohit Sethi <rklists () gmail com>]

Hi all,

Has anyone had to deal with the following HIPAA compliance requirements
within a custom application before:



§164.312(c)(2)

Implement electronic mechanisms to corroborate that electronic protected
health information has not been altered or destroyed in an unauthorized
manner.



§164.312(e)(2)(i)

Implement security measures to ensure that electronically transmitted
electronic protected health information is not improperly modified without
detection until disposed of.


How have you actually implemented these controls in applications? Have you
used a third party tool to do this? Does §164.312(c)(2) simply boil down to
sufficient access control?

-- 
Rohit Sethi
SD Elements
http://www.sdelements.com
twitter: rksethi

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________