So my boss was reviewing the CMS Readiness Checklist for 2010 (yeah, I know it is nearly 2011) and came across this:
"Ensure effective security of all beneficiary information, whether in paper or electronic format. Measures to protect the security and privacy of personally identifiable information (PII) that should be taken by organizations include, but are not limited to, ensuring that: * Data files are not saved on public or private computers when accessing corporate e‐mail through the internet." He is wondering if this means we need to come up with some clever way to prevent OWA from downloading/viewing attachments, or if he is misinterpreting it. To me, this does indeed mean that we should not be allowing our employees access to OWA, however I could take it one step further and say that this says I should not be able to access email attachments remotely at all. No VPN access, no Blackberry, no nothing - after all, this data travels over the Internet in one form or another. Just curious if anyone else on the list works for a healthcare company and has seen this. Here is a link to the official document: http://www.cms.gov/PrescriptionDrugCovContra/Downloads/MemoCY2010ReadinessChecklist_09.15.09.pdf Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facs\xEDmile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener informaci\xF3n confidencial y/o informaci\xF3n protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligaci\xF3n de mantener esta informaci\xF3n segura y confidencial. Cualquier divulgaci\xF3n a terceros sin la autorizaci\xF3n de los miembros de lo permitido por la ley est\xE1 prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, p\xF3ngase en contacto con el remitente por tel\xE9fono y destruir todas las copias del mensaje original --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
