al4629740
asked on
Meeting HIPAA compliance
When an organization needs to be HIPAA compliant what does that entail from a network and data standpoint? Does anyone have any experience in this area and what types of metrics do you have in place to meet such standards when data is at rest and in transit? I imagine if a person is accessing a secure portal to sensitive data, then the only security really needs to be if anything sensitive is kept on a computer and transmitted anywhere outside that secure portal. Does a regular threat analysis constitute meeting HIPAA compliance also? Who sets the standards for what needs to be met? Do products like Office 365 help facilitate such compliance?
Thanks for any feedback on this subject
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"different from one place to another,"? I don't think so. HIPAA is US Federal law which I linked to above.
And "local advisor" is not what is recommended. A professional HIPAA expert is desired to audit your systems.
And "local advisor" is not what is recommended. A professional HIPAA expert is desired to audit your systems.
It it a set of security standards (do's and dont's), similar to PCI DSS. How you interpret or achieve compliance against some of the more technical ones, is perhaps vulnerable for error, hence you would engage a HIPAA compliance auditor as an independent tester, to flag your weaknesses and non-compliance and make recommendations for you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The local compliance officer is in charge of maintaining compliance, which includes hiring outside auditors to satisfy checkbox security.
ASKER