At 5:08 AM +0000 1/23/03, The Long and Winding Road wrote: >Howard, do you have an opinion you would care to share publicly regarding >organizations such as TruSecure and their HIPAA initiatives? Worth >considering? Studying?
All I know about them is their website, where there's an article describing their teaming with Corporate Compliance Services to identify "gaps." Let me simply say this. I know of no security technique that's unique to HIPAA. Encryption is encryption, identification is identification, etc. The challenges in HIPAA compliance include: 1) When do you need to comply with OTHER healthcare privacy and security requirements NOT in HIPAA, such as DEA, Medicare, CLIA, 21CFR11, FDA postmarketing surveillance, etc.? 2) How do you integrate these into a medical culture? It's far easier to herd cats than to tell surgeons what to do. 3) Can you create the necessary design and implementation paper trail to show due diligence to soft requirements, should legal problems arise? Can you demonstrate risk-benefit? In other words, a lot of the study involved is not particularly security -- you probably know enough -- but of the medical environment, both its culture and regulations. How do you resolve conflicts between different sets of regulations, such as HIPAA specifying "emergency access" as a requirement but DEA requiring biometrics? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61653&t=61653 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]