Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

isn logo Information Security News mailing list archives

Guidelines for HIPAA Compliance in the Works
From: InfoSec News <isn () c4i org>
Date: Tue, 25 Nov 2003 02:06:12 -0600 (CST)
http://www.computerworld.com/securitytopics/security/story/0,10801,87492,00.html

Story by Jaikumar Vijayan 
NOVEMBER 24, 2003 
COMPUTERWORLD

Health care organizations looking for more information on how to 
comply with HIPAA security mandates may soon get more help. 
URAC, a nonprofit accreditation agency for the health care industry, 
along with the Workgroup for Electronic Data Interchange and the 
National Institute of Standards and Technology, is developing 
guidelines for implementing HIPAA security policies. 

The Healthcare Security Workgroup, which the three organizations 
created earlier this year, met in Washington last week to discuss how 
to consolidate industry best practices and security standards into a 
set of easily implemented instructions. The goal is to give 
organizations subject to the Health Insurance Portability and 
Accountability Act something they can use to ensure compliance with 
the law's security requirements by the April 15, 2005, deadline, said 
Adam Stone, a member of the workgroup. The group aims to deliver the 
guidelines by the middle of next year. 

"No standard measures exist in the health care industry" to implement 
HIPAA's security requirements, Stone said. "One of the major problems 
with the rule is that it is so broad. There are a million different 
ways to approach it in terms of compliance." 

The workgroup will study how it can adopt and adapt NIST's more 
general security specifications for federal information systems in the 
health care sector, said Lisa Gallagher, senior vice president of 
Washington-based URAC. Similarly, the workgroup will gather 
information on best practices, case studies and other standards 
efforts by organizations such as the Healthcare Information and 
Management Systems Society. 

"We are going to gather all this information and make it available on 
a national basis," Gallagher said, by means of white papers and a 
portal site. 

The community feedback that's being collected by the workgroup is also 
useful in adapting NIST standards for the health care industry, said 
Arnold Johnson, a NIST program manager in Washington. 

"Real standards are very, very [much] needed," said Roger Brown, a 
senior IT auditor at Jefferson Health System, a $2 billion health care 
organization in Radnor, Pa. "Only the economically strong [companies] 
will comply with the intent of the law. Most will spend the absolute 
minimum they think they can get away with." Standards will provide a 
formal yardstick for measuring compliance, he said. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

  By Date           By Thread  

Current thread:
  • Guidelines for HIPAA Compliance in the Works InfoSec News (Nov 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]