The HIPAA Final Security Standards and ISO/IEC 17799

Compliance with the HIPAA Final Security Standards is a regulatory requirement for healthcare organizations. ISO/IEC 17799 is an international information security standard. This paper compares these two standards to see whether if in complying with one of the standards, the other is also satisfied. The paper concludes that the HIPAA Final Security Standards has a small number of requirements not covered by ISO/IEC 17799, and that ISO/IEC 17799 has a number of controls not covered by the HIPAA Security Standards. A detailed analysis and cross reference is provided along with an approach to compliance with both standards.