RE: Anyone working for a Healthcare provider experienced this?

Mon, 22 Nov 2010 12:39:06 -0800 

For our computers on wheels and other centrally located PC's, we only allow the 
use of OWA but do not allow the user to save any data (OWA or other 
applications) on the local machine.

-Scott

-----Original Message-----
From: Jim Holmgren [mailto:jholmg...@xlhealth.com] 
Sent: Monday, November 22, 2010 3:29 PM
To: MS-Exchange Admin Issues
Subject: Anyone working for a Healthcare provider experienced this?

So my boss was reviewing the CMS Readiness Checklist for 2010 (yeah, I know it 
is nearly 2011) and came across this:

"Ensure effective security of all beneficiary information, whether in paper or 
electronic format. Measures to protect the security and privacy of personally 
identifiable information (PII) that should be taken by organizations include, 
but are not limited to, ensuring that:
* Data files are not saved on public or private computers when accessing 
corporate e$B!>(Jmail through the internet."

He is wondering if this means we need to come up with some clever way to 
prevent OWA from downloading/viewing attachments, or if he is misinterpreting 
it.   

To me, this does indeed mean that we should not be allowing our employees 
access to OWA, however I could take it one step further and say that this says 
I should not be able to access email attachments remotely at all.  No VPN 
access, no Blackberry, no nothing - after all, this data travels over the 
Internet in one form or another.

Just curious if anyone else on the list works for a healthcare company and has 
seen this.  Here is a link to the official document:

http://www.cms.gov/PrescriptionDrugCovContra/Downloads/MemoCY2010ReadinessChecklist_09.15.09.pdf

Jim


Jim Holmgren
Manager of Server Engineering
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201 
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com





CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este facs匇ile, incluyendo lo adjunto, es para el uso 
exclusivo del destinatario(s) y puede contener informaci confidencial y/o 
informaci protegida de salud. En virtud de la Ley Federal (HIPAA), el 
destinatario tiene la obligaci de mantener esta informaci segura y 
confidencial. Cualquier divulgaci a terceros sin la autorizaci de los 
miembros de lo permitido por la ley est・prohibido y penado en virtud de la Ley 
Federal. Si usted no es el destinatario, por favor, pgase en contacto con el 
remitente por tel馭ono y destruir todas las copias del mensaje original

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

Reply via email to