mailing list archives
From: "Jason Hastain" <hastain () sbcglobal net>
Date: Thu, 20 Feb 2003 10:28:30 -0800
I have a few clients who are doctors running small practices. They have
small LAN's and DSL connectinos behind a simple NAT router/firewall in one
case and persoanl FW's in the other (unfortunatly not my decision in either
Each has approached me about the HIPAA certs in the last week. I have read
through what seams reams of pages on it b ut have been unable to deduce
anything other than general good security practices. Strong passwords,
offsite encrypted backups, real firewalls, etc and so on.
Can anyone shed some light onto this subject or point me to a document with
only the IT requirements prefereably boiled down to something simple?
And also has anyone had any experience yet with the HIPAA investigators or
quality control people checking on a site? any ideas what they are looking
I understand it is a 20k dollar fine for each infraction so I would hate for
it to be on my watch.
- HIPAA certs Jason Hastain (Feb 21)