I work with a few hospitals and my understanding, very basic, is that there are a couple of HIPAA components, privacy and security. Currently there are guidelines for compliance and they are working on audits but I think they are finding this not an easy task, judging compliance.
my $.0002 Dave Charles Riley wrote: > Priscilla, > > Thank you for the reply. I had actually already checked most of these sites > here. There is a great focus on getting the providers into compliance, but > very little information about certifiying the networks, servers, storage > devices, and other infrastructure used to support in creation, transport, > and sharing of medical information...very very very very little. The most > I have found is a brief paragraph about ensuring that software complies (and > no checklist for that either.) > > In thinking about this, I would not only need a checklist, but applicable > clauses, sub clauses, etc. of the actual HIPAA to comply with. In other > words, I need to go back and major in law, or do as you suggest and locate a > HIPAA tech specialist, and hope I get one that knows what they are doing. > > Given all the confusion right now, I wonder if those companies touting > their data centers as "HIPAA compliant" are doing the equivalent of > individuals putting "CCIE Written" on their resumes? > > Charles > > > ""Priscilla Oppenheimer"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >>Charles Riley wrote: >> >>>Sorry for the OT post, but have searched high and low, and no >> >>No problem. I don't think it's really OT. HIPAA is going to have a big >>affect on many data networks. >> >>I'm surprised that you say there isn't information available on how to >>become HIPAA compliant. There's a lot, isn't there? If companies are > > saying > >>that they are HIPAA certified, that's a bit of a misnomor. I don't think >>there's any certification, but there is compliance info available. >> >>Did you check these links: >> >>http://www.hipaadvisory.com/ >> >>http://aspe.hhs.gov/admnsimp/ >> >>http://www.cms.hhs.gov/hipaa/ >> >>http://www.hipaa.org/ >> >>I wonder if you could hire a consultant to help you wade through all the >>regulations and confusing info from the goverment. Hopefuly some > > consultants > >>will specialize in this. >> >>Priscilla >> >> >>>definite >>>answer in site. Really, really apoliogize for the nontechnical >>>nature of >>>this post, but I have reached a wall after searching all over >>>for an answer. >>>I guess you could say that I am "ill" with searching... >>> >>>HIPAA is an medical information protection and privacy act >>>passed by >>>Congress in 1996. The deadline for complying or gettting an >>>extension is >>>this year. You'll probably see more and more requests like >>>mine as the year >>>goes by, so I figured I'd start things off. >>> >>>HIPAA is currently in a state of flux as far as implementation >>>and >>>enforcement is concerned, as many medical professional and >>>organizations >>>rush to comply. Which brings me to my question... >>> >>>In my searches, I see several organizations trumpeting the fact >>>their data >>>centers are "HIPAA certified", meaning that they are cleared to >>>process, >>>store, or otherwise handle medical and private info. How is >>>it possible to >>>achive this certification when there does not seem to be any >>>standards or >>>processes from the U.S. government detailing what will earn the >>>certification? >>> >>>Does having a couple of tape drives on a server behind a >>>firewall with >>>restricted access qualify a data center to be "HIPAA >>>Compliant"? Is there a >>>checklist, policy, standard, or procedure for certification >>>required by the >>>U.S. government that I missed in my searches? If so, I would >>>appreciate >>>gettting the links to such information. >>> >>>TIA, >>> >>>Charles -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 "You don't make the poor richer by making the rich poorer." --Winston Churchill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61407&t=61407 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
