When dealing with organizations that fall under the HIPAA umbrella, I recommend the following:
o All site-to-site or site-to-vendor (many health organizations purchase Accounting & Billing services from a vendor) transactions must be via a IPSec 3DES or AES encrypted VPN tunnel.
- We use SonicWALL firewalls which support DES, 3DES and AES.
- We don't use DES for HIPAA. Only 3DES or AES.
- Many brands of firewalls exist that will do 3DES and/or AES.
o We recommend that no sensitive information is ever sent via e-mail. However, if sensitive information must be sent via e-mail we recommend that they utilize signature & encryption software (such as PGP, which is good) so that only the intended audience can de-crypt and read the message.
o They are all very aware of the HIPAA laws but most don't really understand them. They generally have a HIPAA compliance officer employed (or contracted). I remind them of HIPAA and that they are ultimately responsible for compliance to HIPAA laws. I tell them if we can help in any other way to let me know, specifically, what they need from our organization. But, I clearly put the burden of HIPAA compliance back on their shoulders which is where it legally belongs.
Hope this helps. Good luck.
Jack
At 11:06 PM 6/12/2003 -0500, you wrote:
So what would you recommend?
----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 12, 2003 10:25 PM Subject: Re: [smartBridges] medical security
> ---------- Original Message ---------------------------------- > From: "Patti Jones" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Thu, 12 Jun 2003 22:23:12 -0500 > > >Yes, but what I want to know is if I turn on WEP from the handheld to my > >tower does that cover that leg. Then it comes into my POP and then is > sent > >back to the main office over our existing T1 to their server how would > you > >encrypt that portion or could you? Also, everyone keeps telling me WEP > is > >nothing anyway since it can be hacked easily. > > > > I would think not. For real security, you'll need a more than WEP. WEP is > quite flimsy. Google "WEP crack" and you'll ind all sorts of hits. > > > Tim Foster > www.AledoBroadBand.com > Aledo's only high-speed ISP > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) > Archives: http://198.63.203.6 > >
The PART-15.ORG smartBridges Discussion List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname>
To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
Archives: http://198.63.203.6
The PART-15.ORG smartBridges Discussion List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname>
To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
Archives: http://198.63.203.6
