Expert Advice Community

Guest

HIPAA & ISO27001

  Quote
Guest
Guest user Created:   May 08, 2022 Last commented:   May 12, 2022

HIPAA & ISO27001

We've spoken previously regarding ISO27001. I'm working with a software developer supplying into the aged care market. While in Australia, some providers ask if the developer is HIPAA compliant, a US standard/set of rules. If you are aware of HIPAA, how do you think about it in in line with or against ISO27001?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 08, 2022

Basically, HIPPA is not so strong on information security management requirements as ISO 27001, and ISO 27001 is not so strong on privacy controls required by HIPAA.

By implementing ISO 27001 alone, you will achieve only partial compliance with HIPAA; however, you might consider the combination of ISO 27001 and ISO 27799, as described in this article:
- How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/
- Comparison of HIPAA compliance and ISO 27001 certification https://advisera.com/27001academy/blog/2021/01/27/hipaa-compliance-vs-iso-27001/

Quote
0 1
Expert
Rhand Leal May 12, 2022

Unfortunately, we do not have such a comprehensive document, but you can have information about SOC 2 and ISO 27001 overlap in this article:

With the information in the articles included in the previous answer, you will be able to have this general overview.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 08, 2022

May 12, 2022