|
|
|
|
|
|
by rdxm
4336 days ago
|
|
|
yes, i know what the acronym is, that was a typo. even if they only are going to function as what's referred to in HIPAA as the "Business Associate" standard, if you really dig into it they'll essentially need the same level(s) of control as a straight-up HIPAA compliant business would. that is if they want to be in a defensible position when they get breached... additionally, the reason that I mentioned ISO 27001, is that it's not just HIPAA, it's also all of the other controls both internal and external you must have in place. if your assertion is that they have sec dialed because their site is SSL enabled, well, that's frankly a little scary and somewhat naive. |
|
|