Charles,
HIPAA compliance can be better expressed in this manner. It will take
more than just having tape drives behind a firewall. You have to have a
strong policy and procedure that I would suggest you build with your human
resource managers and corporate attorneys. Here are a couple of links to
get you started;
http://www.sans.org/rr/legal/HIPAA_primer.php
to quote from the above site "To HIPAA, technology is only necessary as part
of supporting your company's privacy and security policies. There is no such
thing as a HIPAA compliant technology. "
http://www.hipaa-u.com/
Also in the Book "The CISSP Prep Guide" (ISBN 047126802X) in its appendix "A
Process Approach to HIPAA Compliance through a HIPAA-CMM"
Hope this helps,
Eric B
""Charles Riley"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Sorry for the OT post, but have searched high and low, and no definite
> answer in site. Really, really apoliogize for the nontechnical nature of
> this post, but I have reached a wall after searching all over for an
answer.
> I guess you could say that I am "ill" with searching...
>
> HIPAA is an medical information protection and privacy act passed by
> Congress in 1996. The deadline for complying or gettting an extension is
> this year. You'll probably see more and more requests like mine as the
year
> goes by, so I figured I'd start things off.
>
> HIPAA is currently in a state of flux as far as implementation and
> enforcement is concerned, as many medical professional and organizations
> rush to comply. Which brings me to my question...
>
> In my searches, I see several organizations trumpeting the fact their data
> centers are "HIPAA certified", meaning that they are cleared to process,
> store, or otherwise handle medical and private info. How is it possible
to
> achive this certification when there does not seem to be any standards or
> processes from the U.S. government detailing what will earn the
> certification?
>
> Does having a couple of tape drives on a server behind a firewall with
> restricted access qualify a data center to be "HIPAA Compliant"? Is there
a
> checklist, policy, standard, or procedure for certification required by
the
> U.S. government that I missed in my searches? If so, I would appreciate
> gettting the links to such information.
>
> TIA,
>
> Charles
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61676&t=61676
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
