I have a few clients that need to be HIPAA compliant. I know what HIPAA is, but everytime I try to find a set of guidelines online, I come up more confused than when I started.
What are some of the basic guidelines for HIPAA compliant email and storing data on workstations, servers, backups, and offsite?
They currently have an Exchange server handling their email. But the owner wants to do away with it and use an external host because the Exchange server is a lot of maintenance, when the company only has a few employees and no full-time IT staff. I also need to help him figure out the best route for backups and some offsite solution. I can do offsite backups for him, and it is encrypted. I just don't know what will/won't meet HIPAA requirements. It scares me away from serving health-related clients. I take security as seriously as I am allowed to by the business owners.
What are some of the basic guidelines for HIPAA compliant email and storing data on workstations, servers, backups, and offsite?
They currently have an Exchange server handling their email. But the owner wants to do away with it and use an external host because the Exchange server is a lot of maintenance, when the company only has a few employees and no full-time IT staff. I also need to help him figure out the best route for backups and some offsite solution. I can do offsite backups for him, and it is encrypted. I just don't know what will/won't meet HIPAA requirements. It scares me away from serving health-related clients. I take security as seriously as I am allowed to by the business owners.