At 5:08 AM +0000 1/23/03, The Long and Winding Road wrote:
>Howard, do you have an opinion you would care to share publicly regarding
>organizations such as TruSecure and their HIPAA initiatives? Worth
>considering? Studying?
All I know about them is their website, where there's an article
describing their teaming with Corporate Compliance Services to
identify "gaps."
Let me simply say this. I know of no security technique that's unique
to HIPAA. Encryption is encryption, identification is identification,
etc. The challenges in HIPAA compliance include:
1) When do you need to comply with OTHER healthcare privacy and security
requirements NOT in HIPAA, such as DEA, Medicare, CLIA, 21CFR11,
FDA postmarketing surveillance, etc.?
2) How do you integrate these into a medical culture? It's far easier
to herd cats than to tell surgeons what to do.
3) Can you create the necessary design and implementation paper trail
to show due diligence to soft requirements, should legal problems
arise? Can you demonstrate risk-benefit?
In other words, a lot of the study involved is not particularly
security -- you probably know enough -- but of the medical
environment, both its culture and regulations. How do you resolve
conflicts between different sets of regulations, such as HIPAA
specifying "emergency access" as a requirement but DEA requiring
biometrics?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61653&t=61653
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
