Working as an IT manager for a Medicare healthcare company that has passed many HIPPA requirements I have learned a few things.
Sure HIPPA is hard to decipher but by sticking to strong IT best practices for security in your infrastructure you will not have to learn all of the complexities.
Here is a short list:
I strongly recommend looking into Citrix to lockdown your medical applications and data. Keep your servers in a secure offsite datacenter and use a backup site for DR/BCP. Consolidate as much as possible with virtualization. Build interfaces to all applications and avoid things like file shares. If you must use word/excel docs use a DMS systems to keep permissions tight. Remote access should always require two-factor authentication and endpoints should be screened. Encrypt all your backups including images and tape.
If you work for a decent size company in another industry wouldn?t you architect things this way anyways? HIPPA just says you have to.
Keep Up with TechRepublic