The first place to start is to look at NIST 800-66, which is dedicated to your specific questions and any organization...
that needs to be compliant with HIPAA.
Human Health Services have produced some guidelines on what HIPAA is actually asking of you.
National Institute of Health has some guidelines and tools to use for these purposes.
The SANS organization has some of the top security professionals in the industry talking about these items in webcasts.
Other sites with guidelines, templates and direction:
- HIPAA Advisory
- Siemens Health Services
- U.S. Department of Health & Human Services
Hope these help!
Related Q&A from Shon Harris
When it comes to firewalls, the networking group often handles the installation, while the information security department writes the rules. Should ...continue reading
In today's security world, it's hard to keep track of each and every management standard and auditing procedure. In this SearchSecurity.com Q&A, ...continue reading
Before you begin putting the pieces of your security program together, you may want to have a look at ISO 27001. In this expert Q&A, Shon Harris ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.