On Fri, 8 Jun 2012 13:58:16 -0400, Andy White <awh...@metlife.com> wrote:
>Walt and others I wonder we are the provider of a product which we contain >what is the Tricare data. What I am wondering since we are not a military >installation etc would we need this type of separation. We called our big >vendors and so far they are looking within for answers/solutions. I >couldn't imagine us doing this with a SAD or large cics dump. > Assuming that "Tricare data" includes information that would fall under HIPAA or other similar medical regulations, it's unlikely that you need to follow such stringent separation as some of us have mentioned for handling classified data. However, if one of your customers sends you a dump that contains such data, you and your systems (and employees) may well be required to implement appropriate data safeguarding procedures as required by those regulations. And you might also be subject to whatever audit requirements the regulations impose. (I should note, though, that I am not an expert in that area, and do not know exactly what the regulations might require. I recommend that you find an expert and get a more informed answer.) -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
