Guest user Created: May 08, 2022 Last commented: May 12, 2022

HIPAA & ISO27001

We've spoken previously regarding ISO27001. I'm working with a software developer supplying into the aged care market. While in Australia, some providers ask if the developer is HIPAA compliant, a US standard/set of rules. If you are aware of HIPAA, how do you think about it in in line with or against ISO27001?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal May 08, 2022

Basically, HIPPA is not so strong on information security management requirements as ISO 27001, and ISO 27001 is not so strong on privacy controls required by HIPAA.

By implementing ISO 27001 alone, you will achieve only partial compliance with HIPAA; however, you might consider the combination of ISO 27001 and ISO 27799, as described in this article:
- How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/
- Comparison of HIPAA compliance and ISO 27001 certification https://advisera.com/27001academy/blog/2021/01/27/hipaa-compliance-vs-iso-27001/

Quote

0 1

Expert

Rhand Leal May 12, 2022

Unfortunately, we do not have such a comprehensive document, but you can have information about SOC 2 and ISO 27001 overlap in this article:

Comparison of SOC 2 and ISO 27001 certification https://advisera.com/27001academy/blog/2021/02/02/iso-27001-vs-soc-2/

With the information in the articles included in the previous answer, you will be able to have this general overview.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

May 08, 2022

May 12, 2022

Expert Advice Community

HIPAA & ISO27001

HIPAA & ISO27001

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Missing ISO27001 References in List of Documents

ISO27001-cryptographic control

Risk Register & BYOD