Link to home
Start Free TrialLog in
Avatar of al4629740
al4629740Flag for United States of America

asked on

Meeting HIPAA compliance

When an organization needs to be HIPAA compliant what does that entail from a network and data standpoint?  Does anyone have any experience in this area and what types of metrics do you have in place to meet such standards when data is at rest and in transit?  I imagine if a person is accessing a secure portal to sensitive data, then the only security really needs to be if anything sensitive is kept on a computer and transmitted anywhere outside that secure portal.  Does a regular threat analysis constitute meeting HIPAA compliance also?  Who sets the standards for what needs to be met?  Do products like Office 365 help facilitate such compliance?


Thanks for any feedback on this subject

SOLUTION
Avatar of Dr. Klahn
Dr. Klahn
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of skullnobrains
skullnobrains
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of serialband
serialband
Flag of Ukraine image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of al4629740
al4629740
Flag of United States of America image

ASKER

So HIPAA compliance can be different from one place to another, hence the need for a local advisor from whatever organization is requiring it?
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image
"different from one place to another,"?  I don't think so.  HIPAA is US Federal law which I linked to above.
And "local advisor" is not what is recommended.  A professional HIPAA expert is desired to audit your systems.
Avatar of Pau Lo
Pau Lo
It it a set of security standards (do's and dont's), similar to PCI DSS. How you interpret or achieve compliance against some of the more technical ones, is perhaps vulnerable for error, hence you would engage a HIPAA compliance auditor as an independent tester, to flag your weaknesses and non-compliance and make recommendations for you.
ASKER CERTIFIED SOLUTION
Avatar of skullnobrains
skullnobrains
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of al4629740
al4629740
Flag of United States of America image

ASKER

Thank you all
SOLUTION
Avatar of Scott Fell
Scott Fell
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of serialband
serialband
Flag of Ukraine image
The local compliance officer is in charge of maintaining compliance, which includes hiring outside auditors to satisfy checkbox security.