On Sep 8, 2009, B wrote:
> I'm wondering if anyone has anything they can share about implementing
> compliance for ISO 27001 and/or HIPPA?
Spalling nit: HIPAA.
Meanwhile, NIST published guidance on implementing the HIPAA security
rule because there wasn't much at the time.
http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf
Keep an eye out for stuff about HITECH, the beefed-up HIPAA
enforcement powers that were passed as part of the ARRA. Most of its
impact is on breach reporting, but business associate agreements
almost certainly need updating. Logging infrastructure and
entitlement review will become important to be able to detect breaches
and their scope.
_______________________________________________
Discuss mailing list
[email protected]
http://lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
