Priscilla, Thank you for the reply. I had actually already checked most of these sites here. There is a great focus on getting the providers into compliance, but very little information about certifiying the networks, servers, storage devices, and other infrastructure used to support in creation, transport, and sharing of medical information...very very very very little. The most I have found is a brief paragraph about ensuring that software complies (and no checklist for that either.)
In thinking about this, I would not only need a checklist, but applicable clauses, sub clauses, etc. of the actual HIPAA to comply with. In other words, I need to go back and major in law, or do as you suggest and locate a HIPAA tech specialist, and hope I get one that knows what they are doing. Given all the confusion right now, I wonder if those companies touting their data centers as "HIPAA compliant" are doing the equivalent of individuals putting "CCIE Written" on their resumes? Charles ""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Charles Riley wrote: > > > > Sorry for the OT post, but have searched high and low, and no > > No problem. I don't think it's really OT. HIPAA is going to have a big > affect on many data networks. > > I'm surprised that you say there isn't information available on how to > become HIPAA compliant. There's a lot, isn't there? If companies are saying > that they are HIPAA certified, that's a bit of a misnomor. I don't think > there's any certification, but there is compliance info available. > > Did you check these links: > > http://www.hipaadvisory.com/ > > http://aspe.hhs.gov/admnsimp/ > > http://www.cms.hhs.gov/hipaa/ > > http://www.hipaa.org/ > > I wonder if you could hire a consultant to help you wade through all the > regulations and confusing info from the goverment. Hopefuly some consultants > will specialize in this. > > Priscilla > > > definite > > answer in site. Really, really apoliogize for the nontechnical > > nature of > > this post, but I have reached a wall after searching all over > > for an answer. > > I guess you could say that I am "ill" with searching... > > > > HIPAA is an medical information protection and privacy act > > passed by > > Congress in 1996. The deadline for complying or gettting an > > extension is > > this year. You'll probably see more and more requests like > > mine as the year > > goes by, so I figured I'd start things off. > > > > HIPAA is currently in a state of flux as far as implementation > > and > > enforcement is concerned, as many medical professional and > > organizations > > rush to comply. Which brings me to my question... > > > > In my searches, I see several organizations trumpeting the fact > > their data > > centers are "HIPAA certified", meaning that they are cleared to > > process, > > store, or otherwise handle medical and private info. How is > > it possible to > > achive this certification when there does not seem to be any > > standards or > > processes from the U.S. government detailing what will earn the > > certification? > > > > Does having a couple of tape drives on a server behind a > > firewall with > > restricted access qualify a data center to be "HIPAA > > Compliant"? Is there a > > checklist, policy, standard, or procedure for certification > > required by the > > U.S. government that I missed in my searches? If so, I would > > appreciate > > gettting the links to such information. > > > > TIA, > > > > Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61395&t=61395 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
