RE: Hippa Compliance Checklist

["Eggleston, Mark" <meggleston () healthpart com>]

Hi Dave,

If you'll entertain my cynical side for a moment, you'll want to do two
things first:
1) learn how to spell HIPAA so your prospective clients won't laugh at
you; and
2) learn how to audit by modifying your strategy to do more than telling
them what they are doing wrong.

Once you get past these hurdles, you can find many free resources for
HIPAA; listed below are a few of my favorites.  In addition there are
some free listserves which to this day, still provide a wealth of
experts at your fingertips.

Hope this helps.

Regards,

Mark Eggleston
Manager, Security and Business Continuity


www.hhs.gov/ocr/hipaa 

OCR (the DHHS division responsible for privacy compliance enforcement)
has released additional guidance explaining significant aspects of the
Privacy Rule on their website.  The site contains a well categorized
listing of guidance that includes information on how to report a
complaint and useful and well archived Questions and Answers. 

www.hipaadvisory.com    

Modern Healthcare states this site is "the HIPAA hub of the Web".  This
well organized site contains a plethora of all things HIPAA from Phoenix
Health Systems.  Includes HIPAA regulation search by three methods:
menus, keywords and PDF.  Also contains well written guidance, FAQs, and
is almost always up to date.   

http://library.ahima.org/xpedio/groups/public/documents/web_assets/bok_h
ome.hcsp 

Great site to locate short and well written articles about HIPAA.
Articles are easy to understand and often include example templates and
guidance. 

http://www.bricker.com/hipaa/

The OHIO hospital association, the OHIO state medical association and
Bricker & Eckler LLP present this joint project on HIPAA privacy and
related issues.  From this page you can find a very active and
informative Q&A forum, regulations and comments neatly organized, and an
outstanding training Q&A section.

http://answers.hhs.gov/cgi-bin/hhs.cfg/php/enduser/std_alp.php 

This page lists all of the FAQ (Frequently Asked Questions) and is
maintained by HHS (Health and Human Services) relating to the Privacy
rules.  These FAQ provide additional guidance from the regulatory body
responsible to enforce privacy regulations (OCR).

http://questions.cms.hhs.gov/ 

This page lists all of the FAQ (Frequently Asked Questions) and is
maintained by HHS (Health and Human Services) relating to Security and
the Transactions, Code Set and identifiers (TCSI) rules.  These FAQ
provide additional guidance from the regulatory body responsible to
enforce security and TCS regulations (CMS).

 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Groups () beachcomp com
Sent: Tuesday, August 12, 2008 11:00 AM
To: security-basics () securityfocus com
Subject: Hippa Compliance Checklist

Hi gang,

I'm looking into branching into Hippa compliance a bit as an IT
consultant.
The basic idea is to walk into a doctor's office, tell them what they
have
wrong, how to fix it, and implement.

Does anyone have any experience in this?
Can anyone point me in the right direction?

Thanks 
Dave




-----------------------------------------
All the information contained in this electronic communication and
any attachments is intended only for the use of the individual or
entity to which it is addressed. If you are not the intended
recipient, you are hereby notified that you should not disseminate,
distribute or copy any portion of this electronic communication. If
you have received this message in error, please notify the sender
by replying to this email and immediately deleting any and all
copies you may have inadvertently made.