Sorry for the OT post, but have searched high and low, and no definite answer in site. Really, really apoliogize for the nontechnical nature of this post, but I have reached a wall after searching all over for an answer. I guess you could say that I am "ill" with searching...
HIPAA is an medical information protection and privacy act passed by Congress in 1996. The deadline for complying or gettting an extension is this year. You'll probably see more and more requests like mine as the year goes by, so I figured I'd start things off. HIPAA is currently in a state of flux as far as implementation and enforcement is concerned, as many medical professional and organizations rush to comply. Which brings me to my question... In my searches, I see several organizations trumpeting the fact their data centers are "HIPAA certified", meaning that they are cleared to process, store, or otherwise handle medical and private info. How is it possible to achive this certification when there does not seem to be any standards or processes from the U.S. government detailing what will earn the certification? Does having a couple of tape drives on a server behind a firewall with restricted access qualify a data center to be "HIPAA Compliant"? Is there a checklist, policy, standard, or procedure for certification required by the U.S. government that I missed in my searches? If so, I would appreciate gettting the links to such information. TIA, Charles Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61383&t=61383 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]