I keep being asked by doctors (MDs and dentists) what they need to know about HIPAA and their PCs, network and data.
I know HIPAA doesn't have hard and fast rules, but was hoping to be able to point them to something on the web that would help on things like:
Windows logon passwords - how often do they need to expire (30, 60 90 days?), how many characters, etc.
Server - needs to be in a locked room?
Screen saver - kicks in after x minutes of idle time?
Backups - if they backup with Windows backup to an external hard drive, what do they need to be sure to do with that? Can they take it offsite (it's unencrypted data)? Keep under lock and key, etc.