SDL and HIPAA - Aligning Microsoft SDL Security Practices with the HIPAA Security Rule

SDL and HIPAA - Aligning Microsoft SDL Security Practices with the HIPAA Security Rule
  • Version:


    File Name:

    SDL and HIPAA.docx

    Date Published:


    File Size:

    335 KB

      The purpose of this paper is to describe how the Microsoft Security Development Lifecycle (SDL) can help organizations comply with some requirements of the administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA), including the Security Standards for Protecting Electronic Protected Health Information (HIPAA Security Rule) and the Standards for Privacy of Individually Identifiable Health Information (Privacy Rule), as well as the American Recovery and Reinvestment Act of 2009 (ARRA), particularly Title XIII of ARRA, called the Health Information Technology (HIT) for Economic and Clinical Health (HITECH) Act. This paper attempts to present how SDL practices and HIPAA requirements intersect in very practical ways by using two common scenarios in the healthcare software ecosystem: • Developing new software. • Integrating new software modules or interfaces for a medical environment. The expected audiences for this paper are business decision-makers, compliance managers, software developers, IT consultants, and systems integrators who are working within or on behalf of organizations that must meet HIPAA compliance requirements.
  • Supported Operating System

    Windows 7, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP

    • n/a
Site feedback

What category would you like to give web site feedback on?

Rate your level of satisfaction with this web page today: