Ask the Expert

Are there guidelines to create a HIPAA-compliant data center?

Is there a HIPAA compliance guideline for data centers? What is that minimum standard?

    Requires Free Membership to View

While there aren't official HIPAA compliance guidelines for data centers, there are several resources you can look to. Most notably, the Office of the Inspector General of the Department of Health and Human Services published a series of pointers toward security specifications for Medicaid. These specifications are what auditors use to validate covered entities for HIPAA.

Similarly, The Centers for Medicare and Medicaid Services (CMS) published a series of white papers that provide additional insight into the HIPAA Security Final Rule which cover the gamut from physical security controls to risk management to technical controls.

More information about HIPAA in general, as well as other Federal Health and IT related information, can be found at the Department of Health and Human Services website.

Finally, CMS has published the Sample - Interview and Document Request for HIPAA Security Onsite Investigations and Compliance Reviews, which, as the title implies, presents an idea of what to expect in an audit at the highest level.

For more information:

This was first published in July 2009

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: