RE: [ISN] Navigating the HIPAA Hype

From: InfoSec News (isnat_private)
Date: Wed Jun 13 2001 - 20:32:32 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, June 13, 2001"

    Forwarded by: joel garmon <jgarmonat_private>
    
    I have a pretty good background in computer security and have been
    dealing with HIPAA for almost 2 years now.  I agree that the security
    portion is not rocket science and are things that we should be doing
    now anyway.  The good thing about HIPAA is that I can say "Look, it is
    not just me stating this, it is now the law." when I want to get
    things done.
    
    The real impact to organizations dealing with HIPAA is the privacy and
    transactions rules -- and they ARE final.
    
    joel garmon
    
    
    From 
    http://networkcomputing.com/1212/1212colshipley.html
    
    June 11, 2001
    By Greg Shipley 
    ..
    When I started investigating the Health Insurance Portability and
    Accountability Act (HIPAA), I was intrigued; HIPAA seemed to be one of
    the first real steps in the right direction. But anyone who's worked
    with the regulations will tell you: HIPAA has ruffled feathers. Its
    scope will touch organizations both large and small, and a number of
    deep-rooted problems will need fixing. Of course, if pain proves
    profitable, you'll find businesses there to capitalize on it. Over the
    past 12 months I've been bombarded by news releases rambling on about
    HIPAA offerings: compliancy checks, audits, industry-expert
    availability and a variety of other HIPAA-related services. Accounting
    firms, consulting houses and other vendors are all looking to get a
    piece of the chaos, uh, I mean, action ... and the foul stench of FUD
    is in the air.
    
    Although I welcome much of what HIPAA is attempting, there's one major
    point the sales and marketing pimp squads continue to ignore: Many of
    the proposed "standards" haven't been ratified yet. Of the seven
    sections that comprise the "Administrative Simplification" portion
    (which affects IT heavily), only two standards have achieved "final
    rule" status. More comical is the lack of people who have read the
    drafts -- many "experts" haven't even read word one.
    
    [...]
    
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 23:34:26 PDT