Educause Security Discussion mailing list archives

HITECH Breach Notifications - NIST Required or Safe Harbor?

From: Chris Kidd <chris.kidd () UTAH EDU>
Date: Tue, 15 Sep 2009 10:13:10 -0600

A question about the HITECH encryption standard for the breach notification requirements: Do you view NIST/FIPS 
standards/certifications as a requirement to meet the HITECH encryption requirements or is NIST just a safe harbor, and 
other similar technological standards would also meet with the HITECH standards?  Another way of asking the same 
question is whether compliance with the encryption standards in the HIPAA security rule equates with compliance under 
HITECH.  We have looked at the guidance on this and it's hard to tell if NIST is the only relevant standard or just a 
safe harbor.

Thanks,
Chris Kidd



Chris Kidd
650 Komas Drive, Suite 102
Salt Lake City, UT 84108
Office: 801.587.9241
Cell: 801.747.9028
chris.kidd () utah edu

http://www.secureit.utah.edu

Current thread:

HITECH Breach Notifications - NIST Required or Safe Harbor? Chris Kidd (Sep 15)
- <Possible follow-ups>
- Re: HITECH Breach Notifications - NIST Required or Safe Harbor? Jones, Dan (Sep 15)
- Re: HITECH Breach Notifications - NIST Required or Safe Harbor? St Clair, Jim (Sep 15)
- Re: HITECH Breach Notifications - NIST Required or Safe Harbor? Plesco, Todd (Sep 15)
- Re: HITECH Breach Notifications - NIST Required or Safe Harbor? Doug Markiewicz (Sep 15)
- Re: HITECH Breach Notifications - NIST Required or Safe Harbor? Jones, Dan (Sep 15)
- Re: HITECH Breach Notifications - NIST Required or Safe Harbor? Faith Mcgrath (Sep 15)
- Re: HITECH Breach Notifications - NIST Required or Safe Harbor? Plesco, Todd (Sep 15)