SP800-53A(3) Mapped to HIPAA

I reviewed NIST SP 800-66(R1) An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. I've posted the enhanced version of that effort which includes additional links to VMware, Cisco, EMC, and RSA healthcare portals.  Download the spreadsheet under the Documents tab.

I reverse mapped HIPAA to SP800-53A(3) controls based on SP800-66 guidance. 800-53A withdrawn controls were remapped to the specified replacement controls. Ping me if you have any questions. You need additional guidance in order to appropriately implement the HIPAA security rule. This is not enough to stand on its own - BUT it is an interesting look at the similarities in controls across authorities.

Links to Additional Resources:

• Health Information Technology
• Privacy and Security Framework
• HIPAA Security Information Series 
• Security Standards: Technical Safeguards

What	Where
U.S. Department HHS	http://www.hhs.gov/ocr/privacy/index.html
45 C.F.R. Part 160	http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr160_07.html
45 C.F.R. Part 162	http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr162_07.html
45 C.F.R. Part 164	http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr164_07.html
NIST Special Pubs	http://csrc.nist.gov/publications/PubsSPs.html
Cisco	http://www.cisco.com/web/strategy/healthcare/index.html
Vmware	http://www.vmware.com/solutions/industry/healthcare
EMC	http://www.emc.com/platform/healthcare.htm
VCE	http://www.vce.com/solutions/healthcare.htm