Having problems with message search?
Attached is an excel spreadsheet of HIPAA links and phone numbers that are helpful in the HIPAA Compliance initiative. The items are current as of November 15, 2004. Other than links to recent DRAFT NIST Publications, the following have bee recently added:
http://www.himss.org/asp/medicalDeviceSecurity.asp HIMSS Medical Device Security Work Group site which provides a security checklist to send to medical device vendors.
http://www.x12n.org/portal ASC X12 Implementation Guide Request for Interpretation Web Interface - serves as a free public repository of questions and responses from the HIPAA Implementation Work Group Insurance Subcommittee (X12N). Gives visitors "access to the ASC X12N experts" for those Implementation Guides (IG's) that have been adopted for use under HIPAA.
The document appears like this in the ShareHIPAA group's Files section:
HIPAA Ref link.xls
Msg #212 HIPAA Bookmarks Rev 2004/11/18
I have also attached an updated version of DRAFT NIST SP 800-66 in excel. This is my attempt of taking DRAFT NIST SP 800-66 NIST Resource Guide for Implementing HIPAA and placing it in a simple spreadsheet. The actual HIPAA language is provided via links to the url for the "regulation by topic" tool from the Bricker and Eckler/Ohio Hospital Assn. website. For each main section (administrative, physical, and technical) in the spreadsheet, I have also provided the corresponding recommended NIST guidance of each sub-section as provided by DRAFT NIST SP 800-66. I have added the following NIST publications links:
DRAFT FIPS 201 Personal Identity Verification (PIV) for Federal Employees and Contractors (published November 8, 2004)
Added to:
Administrative Safeguards Information Access Management 164.308(a)(4)
Technical Safeguards Person or Entity Authentication 164.312(d)
DRAFT NIST SP 800-73 Integrated Circuit Card for Personal Identity Verification
Added to:
Technical Safeguards Transmission Security 164.312(e)
Draft NIST SP 800-70 Security Configuration Checklists Program for IT Products
Added to:
Administrative Safeguards, Security Management Process 164.308(a)(1)
Technical Safeguards Integrity 164.312(c)(1)
NIST SP 800-64 Security Considerations in the Information System Development Life Cycle
Added to:
Administrative Controls Security Management Process 164.308(a)(1)
You may want to review the additions as these NIST Publications came out after DRAFT NIST SP 800-66 was published. You may not agree with where I placed them or even if they should belong.
DRAFT NIST SP 800-66 in excel appears like this in the ShareHIPAA Files Section:
NIST SP 800.66.xls
Msg #187 NIST Guide to Implementing HIPAA Rev 2004/11/15
To access the Files Section of the ShareHIPAA group, go to the ShareHIPAA group's home page at http://health.groups.yahoo.com/group/ShareHIPAA , sign in with your Yahoo! ID and password and select "Files" from the left column.
Having information resources readily accessible helps a covered entity to save time and resources. HIPAA ComplyAssistant (HCA) makes access to this information seamless. HCA is a HIPAA compliance management workbench for privacy, security and TCS. HCA steps you through each phase of an enterprise-wide compliance program (assessment, mitigation work plan and budget development, and monitoring/audit). HIPAA is multi-dimensional and extremely complex. If you could benefit from automating your HIPAA compliance initiative, I encourage you to visit www.complyassistant.com . To schedule a free on-line session go to http://www.complyassistant.com/online_meeting_req.htm and Gerry Blass will contact you to schedule a session that is convenient for you. If you would like to have a HIPAA subject matter expert provide a presentation on HIPAA Compliance Management at your next HIPAA conference or work shop, contact me and I will arrange it.
Regards,
Barbara McGowin, CPC
Executive Recruiting
HIT Recruiting
(843) 824-8537
Connecting Healthcare Organizations with People,
Products and Services to Achieve HIPAA Compliance.
Executive Recruiting
HIT Recruiting
(843) 824-8537
Connecting Healthcare Organizations with People,
Products and Services to Achieve HIPAA Compliance.
Offline 
Send Email