undefined | Better HN

0 pointsLoSboccacc10y ago0 comments

Well, there are plenty provisions under the security chapter, funnily enough now that I look at it again (been long time) it seems both 'accountability' (tracking every media in and out) and 'protection from malicious software' are not listed as required. duh.

The emergency mode operation plan is however listed as required, and this place was basically shut for a week.

I remembered it being more stringent that what it really is.

0 comments

viraptor10y ago

Yes, I'd love for HIPAA to say: if we're talking about a medical centre, you've got to be able to snapshot and reimage within X hours with data loss of less than Y hours. One can dream...

1515510y ago

Part of the problem is that HIPAA must be easy for small private practices as well as massive hospitals to follow.

Another standard may be needed for the larger businesses.

technofiend10y ago

Totally agree, but in 2016 that doesn't take much: spin up two instances in different AWS datacenters and fail between them and you have Disaster Recovery. Regularly operate in each datacenter and you have Sustained Resiliency. A small business probably won't have staff to maintain such a solution but surely this is a space for a nice niche startup?

2 more replies

stcredzero10y ago

Part of the problem is that HIPAA must be easy for small private practices as well as massive hospitals to follow.

We're at the point where some company could sell a comprehensive software package for small practices that includes disaster recovery.

j / k navigate · click thread line to collapse