HIPAA and ISO 27001
Assign topic to the user
Answer: Basically, HIPPA is not so strong on information security management requirements as ISO 27001, and ISO 27001 is not so strong on privacy controls required by HIPAA. So, you can speed up your ISO 27001 compliance in the implementation phase where you perform the risk assessment and implement risk treatments, since besides privacy and incident management controls, other controls implemented to fulfil HIPAA's requirements can be mapped to ISO 27001 Annex A and help build ISO 27001 Statement of Applicability. Besides that, you can make use of ISO 27799 (ISO standard related to personal health information) to cover privacy controls. Unfortunately at this moment we do not have a mapping between ISO 27001 and HIPAA)
This article will provide you further explanation about ISO 27799:
- How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/
Comment as guest or Sign in
Mar 31, 2017