Am i alone in thinking these regualtions have little to do at all with actually protecting pateint information, and a lot to do with more busy work? ----- Original Message ----- From: "Wayne Wilson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 13, 2003 11:49 AM Subject: HIPAA certification means HIPAA = Big money
> Crawford Rainwater wrote: > > >Found from a TechRepublic email, was wondering folks thoughts > >on it? > > > > > Well, if it will get you consulting gigs, it's going to be worth a fortune. > > The new HIPAA security regs came out today. They contain no > earthshaking technical requirements, but they do have one suprising > expansion, they cover all data whether in transmission or in storage no > matter where the physical location. The money comes in because everyone > is going to have to perform security audits and provide staff training > and documentation of all technical decisions and auditing activities...... > > So for example, encryption during transmission is called > 'addressable', which means you don't have to do it, but you have to > explain why you don't have to do it, and this means from one server to > one sitting right beside on a dedicated wire! I.e., it's easily > explainable why you don't have to encrypt it, you just have to keep a > official book around with that explanation in it referencing the > appropriate security risk analysis you did referenced to the regulation. >
