HIPAA Remote Site Connection Question

[j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)]

I second that.  That is the best guide to HIPAA I have come across.  Also to
second what was said earlier, HIPAA is not overly prescriptive (i.e. it does
not dictate what actual steps to take to be compliant).  

 

That being said, recent updates and additions to HIPAA under the American
Reinvestment and Recovery Act (ARRA), did direct Health and Human Services
(HHS) to be a bit more prescriptive (through issued Guidance's).  They did
recently issue their first guidance around securing data at rest, in motion,
in use, and at disposal.  You may want to also take a look at it since it
does address acceptable encryption (it basically points you to NIST 800-111
for data at rest and FIPS 140-2 for data in motion).  The guidance can be
found here:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hitechrfi
.pdf.  You may also want to take a look at the section of ARRA that relates
to HIPAA (Title XIII, subtitle D -
http://en.wikisource.org/wiki/American_Recovery_and_Reinvestment_Act_of_2009
/Division_A/Title_XIII/Subtitle_D) since it was released subsequent to the
NIST guidance.

 

Jody

 

 

 

  _____  

From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Jeremiah Wilson
Sent: Friday, August 14, 2009 5:13 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] HIPAA Remote Site Connection Question

 

Here's a link to the NIST's guidelines for hipaa compliance. -
http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.p
df 

- jeremy

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.392 / Virus Database: 270.13.56/2302 - Release Date: 08/14/09
06:10:00

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090814/567e637e/attachment.htm