The standards are constantly being revised. Reality is, however, that for those involved in any facit of the medical/healthcare industry there is no escaping it. Bad practices or negligence will only result in the additional issues (both financial and otherwise), for failure to comply.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chuck Sent: Wednesday, February 27, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: Re: Security Design - PIX or Whatever [7:36677] don't even get me started on this. I work for an organization that uses employee SSN numbers for validation purposes in a lot of instances. So when I call the Help Desk to complain about e-mail ( an ongoing problem ) I am asked to provide my SSN to the folks there. In these days of rampant and easy identity theft, how smart is it to allow access to a large database of valid SSN's to practically everyone who asks? HIPAA??? isn't that on hold for review? You know, I was reading through one of the drafts and I thought I saw something that floored me - the regulators were stating that multiplexed links such as frame relay and ATM were considered unsecure because different organizations were "sharing" circuits. The implication was that healthcare organizations would have to move to point to point technologies - most of which end up passing through ATM backbones anyway. Sheesh. Longer term I believe that security solutions will involve end to end encryption - server to host, on the LAN as well as the WAN, in addition to what is already done on VPN's. I always liked the HIPAA provision about management responsibility and management fines and jail time for failure to comply. Wish that were so in a lot of other industries where I have worked. ;-> Chuck ""William Gragido"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The only difference is that those organizations (physicians as well), will > held accountable for violation of HIPPA and face fines and potentially jail > time :-( > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 27, 2002 12:30 PM > To: [EMAIL PROTECTED] > Subject: RE: Security Design - PIX or Whatever [7:36677] > > > Lets not forget politcal concerns when trying do a reasonable level of > security. I worked a healthcare provider and boy, you should have heard the > Docs squawk about passwords and pin codes for access to the primary > LAN/WAN... to the point that admin overruled the IS dept and special > *permission* not to use the security procedures... happens every day.. > > MikeS > ' Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36695&t=36677 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
