locked
Can WHS be used in a HIPAA compliant environment? RRS feed

  • Question

  • I've got a few clients who are doctors, for whom WHS would be a perfect solution.

    They have 2-8 PC's without interest or need for a 2003/2008 small business server. WHS would give them automated backups, remote access and rudimentary monitoring of problems.

    The question is if WHS can be considered HIPAA compliant, either as an out-of-the box installation or with minor tweaks.
    Tuesday, August 4, 2009 6:14 PM

All replies

  • I would be surprised if it were HIPAA compliant out of the box. However, it's my understanding that HIPAA doesn't really specify how compliance is to be determined or established, only what the items of information which must be protected are, when they can be disclosed, etc. Probably you're going to have to evaluate for yourself...
    I'm not on the WHS team, I just post a lot. :)
    Tuesday, August 4, 2009 8:57 PM
    Moderator
  • HIPAA rules can be difficult to navigate.  I'm sure you've already read this:

    http://www.aafp.org/fpm/20050400/43tens.html

    If not, it's a good place to start.  I would seek out and ask questions to an IT organization that specialized in HIPAA computer security.  This isn't something you want to screw up - it could mean some serious problems for the doctors in question if/when they get audited.
    Wednesday, August 5, 2009 3:40 AM