The first place to start is to look at NIST 800-66, which is dedicated to your specific questions and any organization that needs to be compliant with HIPAA.
Human Health Services have produced some guidelines on what HIPAA is actually asking of you.
National Institute of Health has some guidelines and tools to use for these purposes.
The SANS organization has some of the top security professionals in the industry talking about these items in webcasts.
Other sites with guidelines, templates and direction:
- HIPAA Advisory
- Siemens Health Services
- U.S. Department of Health & Human Services
Hope these help!
Dig deeper on HIPAA
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.