For our computers on wheels and other centrally located PC's, we only allow the use of OWA but do not allow the user to save any data (OWA or other applications) on the local machine.
-Scott -----Original Message----- From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Monday, November 22, 2010 3:29 PM To: MS-Exchange Admin Issues Subject: Anyone working for a Healthcare provider experienced this? So my boss was reviewing the CMS Readiness Checklist for 2010 (yeah, I know it is nearly 2011) and came across this: "Ensure effective security of all beneficiary information, whether in paper or electronic format. Measures to protect the security and privacy of personally identifiable information (PII) that should be taken by organizations include, but are not limited to, ensuring that: * Data files are not saved on public or private computers when accessing corporate e$B!>(Jmail through the internet." He is wondering if this means we need to come up with some clever way to prevent OWA from downloading/viewing attachments, or if he is misinterpreting it. To me, this does indeed mean that we should not be allowing our employees access to OWA, however I could take it one step further and say that this says I should not be able to access email attachments remotely at all. No VPN access, no Blackberry, no nothing - after all, this data travels over the Internet in one form or another. Just curious if anyone else on the list works for a healthcare company and has seen this. Here is a link to the official document: http://www.cms.gov/PrescriptionDrugCovContra/Downloads/MemoCY2010ReadinessChecklist_09.15.09.pdf Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facs匇ile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener informaci confidencial y/o informaci protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligaci de mantener esta informaci segura y confidencial. Cualquier divulgaci a terceros sin la autorizaci de los miembros de lo permitido por la ley est・prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, pgase en contacto con el remitente por tel馭ono y destruir todas las copias del mensaje original --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist