Expert Advice Community

Guest

HIPAA vs ISO

  Quote
Guest
Guest user Created:   Oct 28, 2022 Last commented:   Oct 28, 2022

HIPAA vs ISO

Hi! I have an app that is HIPAA compliant and hosted in the US. I would like to open it up to patients in Israel and am trying to figure out what it takes to become ISO certified and what part of that is already covered by HIPAA. It is a mental health app and we store personal data, although nothing about physical health. Thanks!

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 28, 2022

The general steps to be prepared for certification are:

1) getting management buy-in for the project

2) defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational and the requirements of interested parties

3) development of risk assessment and treatment methodology

4) perform a risk assessment and define a risk treatment plan

5) controls implementation (e.g., policies and procedures documentation, acquisitions, etc.)

6) people training and awareness

7) controls operation

8 performance monitoring and measurement

9) perform internal audit

10) perform management critical review

11) address nonconformities, corrective actions, and opportunities for improvement.

This article will provide you with a further explanation of ISMS implementation:

  • ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

Regarding the relation between HIPAA and ISO 27001, ISO 27001:2013 has at least 47 controls that can be used to comply with HIPAA requirements such as:

  • Assigned Security Responsibility (164.308(a)(2)) can be related to control A.6.1.1 – Information security roles and responsibilities
  • Security Awareness and Training (164.308(a)(5)) can be related to control A.7.2.2 – Information security awareness, education, and training

For further information, see:

  • Comparison of HIPAA compliance and ISO 27001 certification https://advisera.com/27001academy/blog/2021/01/27/hipaa-compliance-vs-iso-27001/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 28, 2022

Oct 28, 2022