chapter  22
Building a HIPAA-Compliant Technology Infrastructure
Pages 28

Both rules touch on this, but the Security Rule in particular presents a good combination of the information technology and security standards tailored for the health care industry. ese best practices to protect PHI are all well known and proven. Some of them have been around since the days of the rst mainframe computer! e drawback to the HIPAA rules is that they tell you what must be done but do not tell you how to do it. is chapter picks up where the HIPAA rules leave o. In this chapter, we focus on the technical safeguard requirements of HIPAA. We will not go into detail on how specic technologies work; instead we will give you ideas on certain technical controls that you can use to become HIPAA compliant and, more importantly, eectively manage your information risks. We also list some real-world experiences that we (and others) have had with

these technologies, along with some practical tips that can save you some time, money, and eort. If you want to learn more about the specic technologies-how they work, how to best implement them, how to congure them, and so forth-there are many great books and resources to which you can refer.