HIPAA & ISO27001
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Basically, HIPPA is not so strong on information security management requirements as ISO 27001, and ISO 27001 is not so strong on privacy controls required by HIPAA.
By implementing ISO 27001 alone, you will achieve only partial compliance with HIPAA; however, you might consider the combination of ISO 27001 and ISO 27799, as described in this article:
- How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/
- Comparison of HIPAA compliance and ISO 27001 certification https://advisera.com/27001academy/blog/2021/01/27/hipaa-compliance-vs-iso-27001/
Thanks Rhand. There is plenty of overlap but appears that if planned well it shouldn't lead to too much duplication of effort to potentially be both ISO accredited and HIPAA compliant.
However, could you also provide some insight as to how SOC2 compliance verlaps with the audit processes of 27001/27799 and HIPAA?
Unfortunately, we do not have such a comprehensive document, but you can have information about SOC 2 and ISO 27001 overlap in this article:
- Comparison of SOC 2 and ISO 27001 certification https://advisera.com/27001academy/blog/2021/02/02/iso-27001-vs-soc-2/
With the information in the articles included in the previous answer, you will be able to have this general overview.
Comment as guest or Sign in
May 12, 2022