While there aren't official HIPAA compliance guidelines for data centers, there are several resources you can look to. Most notably, the Office of the Inspector General of the Department of Health and Human Services published a series of pointers toward security specifications for Medicaid. These specifications are what auditors use to validate covered entities for HIPAA.
Similarly, The Centers for Medicare and Medicaid Services (CMS) published a series of white papers that provide additional insight into the HIPAA Security Final Rule which cover the gamut from physical security controls to risk management to technical controls.
More information about HIPAA in general, as well as other Federal Health and IT related information, can be found at the Department of Health and Human Services website.
Finally, CMS has published the Sample - Interview and Document Request for HIPAA Security Onsite Investigations and Compliance Reviews, which, as the title implies, presents an idea of what to expect in an audit at the highest level.
For more information:
- What are the differences between an SAS 70 data center and a Tier III data center? Read more.
- Read more about who has rights to patient information under HIPAA.
Dig deeper on HIPAA
Related Q&A from David Mortman, Contributor
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ...continue reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security...continue reading
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.