-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > > Where can I find information on the current HIPAA Security > > > Standards? > > > > http://aspe.hhs.gov/admnsimp/Index.htm --- U.S. Health and > > Human Svcs. Two > > pages off this page that discuss security and privacy rules > > (proposed and otherwise). There is also a link to > > implementation guides, that are more broad based. The > > background page is very informative, if a little dry. > > As far as I know there is not a site dedicated to securing a > site that is affected by HIPAA. We are working with our clients > (mostly doctors) trying to implement a sound structure to meet > the rules. So far is has not been easy.
Yeah, this is probably true, because the HIPAA security rules have not been finalized yet. (Privacy has been finalized, though). Any site that was dedicated to securing a covered entity (a site that is affected by HIPAA), would be speculative at best. The actual proposed security regulations aren't very long (like several pages), and they're relatively easy to read through and understand. Most of it seems pretty straight forward. The whole "Authorization Controls" part seems like it could be kinda tough to me. Also, they talk about digital signatures, however also state that digital signatures are not required. *shrug* The big deal right now are the pieces of HIPAA that ARE finalized. Namely the Transaction and Code Set rules and the Privacy Rules. Compliance is expected in 2002 and 2003 for those rules, respectively. And since there are still no final security rules, and compliance deadlines are coming up for those other two.. It seems more people are concerned with X12 transactions, de-identification of data, and disclosure tracking than they are with security. - -- Jon Erickson Cryptologist and Security Designer Caspian 415.974.7081 D49B 4561 1078 0A72 DDF3 7250 8EF4 4681 587E 41DD 1728748 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO/lVzY70RoFYfkHdEQIXRACglPj0+u3Kz6tCejS5f4CTZLLCa5YAoMD8 npHe2qyWhzvSpzuxxNGi+/sh =0zqD -----END PGP SIGNATURE-----
