RE: HIPAA Security Risk Assessment/Analysis Software

[Share HIPAA]

Thought I would share some information about some listservs that I have set up on Yahoo! groups.  There are no restrictions as to providing information about or promoting commercial products, although any message must be related to the HIPAA compliance initiative.  Anyone can join and anyone can post.  Messages are moderated and all out of office replies or posts containing socially unacceptable content, or messages that are not germane to HIPAA privacy, security or TCS are deleted.  I do on occasion reject and return a message and give the message originator an opportunity to reconsider a posting that appears, in my opinion, misleading or a little too political.  But if the originator vetoes my concern, I do allow it to be posted.  Here is some information specific to two of these listservs:

 

ShareHIPAA Yahoo! group was founded on March 11, 2003 (home page url: http://health.groups.yahoo.com/group/ShareHIPAA).  There are 1,300+ subscribers.  This is a no-discussion electronic forum for the sole purpose of allowing folks to share their non-copyright white papers, PowerPoint presentations, and other attachments with others involved with HIPAA compliance.  Any material posted may be used, modified, and shared in anyway the viewer so desires.  I also allow postings of information about FREE seminars, workshops, etc. without attachments.  Yahoo! groups does not archive attachments in the messages section.  So all attachments posted to ShareHIPAA Yahoo! group are uploaded to the Files section of ShareHIPAA, providing, in my opinion, a good HIPAA reference library.  There are about 100 documents in the Files section (PowerPoints, white papers, policies and procedures, worksheets, flow diagrams, decision trees, and such).  Because it is a no discussion listserv I was rejecting 3 to 4 "discussion" messages a day by late April and polled the ShareHIPAA members to see if they wanted to open it up to discussions.  "NO!" was the overwhelming response.  By early June I was rejecting about 10 "discussion" emails a day and polled the group again.  The members wanted to keep ShareHIPAA no-discussion, but voted to establish a companion discussion listserv.

 

ShareHIPAA2 Yahoo! group was founded on June 19, 2003 (home page url: http://health.groups.yahoo.com/group/ShareHIPAA2) 

There are about 350 members.  This is an electronic discussion forum where information about HIPAA and the issues that arise from HIPAA compliance initiatives may be discussed. ShareHIPAA2's sole purpose is to question, understand and inform. 

 

You are invited to join one or both.  You can join by going to the home page and selecting "Join This Group!"  If there are vendors in this group that are eager to jump at the opportunity to proclaim the benefits of their products or services through these listservs be forewarned; there are some members that will take you to task on any claims you make.  Be prepared to substantiate.

 

There are many, many other Yahoo! groups.  As far as I know ShareHIPAA Yahoo! group is the only no-discussion listserv.  If you go to http://groups.yahoo.com and query for "HIPAA" you can choose from over 500.  Each Yahoo! group has its own owner and its own rules.  Some require membership approval.  Others are open to all, but are moderated.  Most are open to all and unmoderated (I would recommend you avoid the latter if you are offended by the occasional postings promoting products and services unrelated to HIPAA).  This is where you can set up your own group, too!

 

Regards,

ShareHIPAA

http://health.groups.yahoo.com/group/ShareHIPAA

 

"Cowperthwaite, Eric" <[EMAIL PROTECTED]> wrote:

Hi David,

I think that what people are asking for is the ability to mention a product
or vendor they have used in the context of the discussion rather than the
ability to plug products. Or to ask question about a product they are
considering using and get feedback from other people who do use that
product. As a vendor myself I'm very conscientious about not pushing "my
services" on a list like this. I think it destroys the usability of the list
and honestly it destroys my reputation as an honest broker. I'm here because
I have responsibilities to my customer and this list is a source of
information. If I start trying to sell my services on this list I'm creating
a conflict of interest and people will continuously question my intent.

You probably could revamp your rules to allow general product discussions
but make "trolling", sales and plugging against the rules. Then it just
takes a community effort to shut down those people who abuse the list.

Eric Cowperthwaite
Medi-Cal Information Security Officer
EDS - Operations Solutions
3215 Prospect Park Drive
Rancho Cordova, CA 95630

phone: +01-916-636-1929
email: [EMAIL PROTECTED]


-----Original Message-----
From: David Frenkel [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 6:32 PM
To: WEDI SNIP Security Workgroup List
Subject: RE: HIPAA Security Risk Assessment/Analysis Software


Daniel,
If you do a Google search on 'HIPAA solutions' you get 329,000
possibilities. Vendors could overwhelm this listserv with plugs about very
useable products. I think there is already too big a problem with the 'I
agree' and 'I'm out of office on official business' emails. Yahoogroups is
more than happy to sponsor a vendor listserv for products.

Regards,

David Frenkel
612-237-1966

-----Original Message-----
From: Daniel Shepherd [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 9:51 AM
To: WEDI SNIP Security Workgroup List
Subject: RE: HIPAA Security Risk Assessment/Analysis Software

I have to agree with Rachel. As a newly appointed "System Security
Officer" I would appreciate some assistance in identifying IT solutions.
It would be my responsibility to determine if I need the product. A
happy medium where solutions are discussed, yet direct sales via this
listserv would continue to be discouraged. Thanks!

Daniel Shepherd
System Privacy Officer
2809 Denny Ave, Suite 4009
Pascagoula, MS 39581
(228)809-1238

>>> "Rachel Foerster" <[EMAIL PROTECTED]>11/04/03 09:39AM >>>
Personally, I think this prohibition about discussing tools and
solutions of
specific vendors can be carried to an extreme whereby any discussion
of
these issues becomes so generic as to be not useful at all. There
should be
a happy medium somewhere on this so that people who have decades of
experience can share their knowledge.

Rachel



Rachel Foerster
Rachel Foerster & Associates, Ltd.
Voice: 847-872-8070
email: [EMAIL PROTECTED]


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]

Sent: Tuesday, November 04, 2003 7:43 AM
To: WEDI SNIP Security Workgroup List
Subject: RE: HIPAA Security Risk Assessment/Analysis Software



Having been involved with risk assessment since the mid 80's, I've got
lots
of suggestions and thoughts on the topic. Anyone that is interested
should
contact me directly, outside the listsrv.



Bill



William H. Dobson, CISSP, IAM
TrustWave Professional Services
201 Defense Highway, Ste 205
Annapolis, Maryland 21401

Cell: 410-279-7921
Off: 410-573-6910 X 2622
Fax: 410-571-8493

-----Original Message-----
From: Boyle, Joan [mailto:[EMAIL PROTECTED]
Sent: Friday, October 31, 2003 5:49 PM
To: WEDI SNIP Security Workgroup List
Subject: RE: HIPAA Security Risk Assessment/Analysis Software



Please remember that this listserv is NOT for use to endorse specific
products or vendors. As we are reminded on each email: "These
listservs
should not be used for commercial marketing purposes or discussion of
specific vendor products and services."



If you wish to discuss specific products, the discussion must be taken
off
the listserv.



Joan

Joan Boyle

Privacy Officer and HIPAA Compliance Manager



-----Original Message-----
From: Bill Warren [mailto:[EMAIL PROTECTED]
Sent: Friday, October 31, 2003 12:46 PM
To: WEDI SNIP Security Workgroup List
Subject: Re: HIPAA Security Risk Assessment/Analysis Software



Georgia/Mellisa,

There is a new product out there that sounds like what you are looking
for.
I have suggested this software to other members on this list directly.
A
company called "Relational Security" makes "RSAM", which is geared
towards
customizing and conducting your own assessment. I have worked with it
in a
couple of clients, and have really liked the interface, analysis, and
reporting. It seems like a pretty comprehensive product with lots of
nice
features and reports. Mostly we have enjoyed the simplicity of the
implementation and assessment, and it seems geared towards ongoing
self-assessment....



RSAM is new, and their methodology was quite adaptable to the
situations I
have seen it in. Mostly I have been happy with the positive reactions
from
my clients. I hesitated to post something on the board with my
experience in
this... but seems like a lot of people are looking for this type of
product.
Anyway, they have a web site with some info about RSAM -
www.relsec.com.



Hope this helps, :)

Bill Warren



Sean Steele <[EMAIL PROTECTED]>wrote:

Might I suggest that any suggestions for software be posted to the list

in general, so we don't go through hundreds of "me too" messages?

Thanks,

--
Sean Steele
Director, Business Development
[EMAIL PROTECTED]
V: 434.245.5300 x116
M: 202.270.8672
F: 202.318.0718
AIM: TovarisSean

Waterhouse, Melissa wrote:
> I would be interested in having the same information. My email
address
> is [EMAIL PROTECTED]
>
> Thank you,
> Melissa Waterhouse
> HIPAA Compliance Coordinator
> SummaCare Health Plan
>
> -----Original Message-----
> *From:* Dollhopf, Georgia [mailto:[EMAIL PROTECTED]
> *Sent:* Friday, October 31, 2003 9:28 AM
> *To:* WEDI SNIP Security Workgroup List
> *Cc:* Troy Lepien (E-mail); Wickeham, Dan
> *Subject:* HIPAA Security Risk Assessment/Analysis Software
>
> Hello,
>
> I know that there are rules indicating that specific products or
> vendors cannot be discussed on the listserv, however, is there a
> rule regarding suggestions of specific products sent directly to me
> and not the entire listserv?
>
> If there isn't a rule indicating that this practice cannot be done,
> I have a question that I would like to pose to the group and
> hopefully receive some responses directly to my email address and
> not the entire listserv.
>
> My organization is interested in purchasing a software product that
> will help us do a HIPAA Security Risk Assessment. We are looking
> for a product that we can install on our computer system that will
> guide us and help us create our own Risk Assessment. We are trying
> to avoid consultant interaction. I have found one product on the
> internet and am interested in finding additional products to compare
> to this one. If anyone can give me a suggestion or recommendation
> directly to my email address it will be greatly appreciated.
> [EMAIL PROTECTED]
>
> Thank you for your time,
>
> Georgia Dollhopf
> Medical College of Wisconsin
> Milwaukee, WI


---
The WEDI SNIP listserv to which you are subscribed is not moderated.
The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI
Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and
services. They also are not intended to be used as a forum for
personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-security as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the
same as
the address subscribed to the list, please use the
Subscribe/Unsubscribe
form at http://subscribe.wedi.org


_____


Do you Yahoo!?
Exclusive Video Premiere - Britney

.com/promos/britneyspears/> Spears --- The WEDI SNIP listserv to which
you
are subscribed is not moderated. The discussions on this listserv
therefore
represent the views of the individual participants, and do not
necessarily
represent the views of the WEDI Board of Directors nor WEDI SNIP. If
you
wish to receive an official opinion, post your question to the WEDI
SNIP
Issues Database at http://snip.wedi.org/tracking/. These listservs
should
not be used for commercial marketing purposes or discussion of
specific
vendor products and services. They also are not intended to be used as
a
forum for personal disagreements or unprofessional communication at
any
time. You are currently subscribed to wedi-security as:
[EMAIL PROTECTED] To unsubscribe from this list, go to the
Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a
blank
email to [EMAIL PROTECTED] If you need to
unsubscribe but your current email address is not the same as the
address
subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated.
The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI
Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion,
post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and
services. They also are not intended to be used as a forum for
personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the
same as
the address subscribed to the list, please use the
Subscribe/Unsubscribe
form at http://subscribe.wedi.org



---
The WEDI SNIP listserv to which you are subscribed is not moderated.
The discussions on this listserv therefore represent the views of the
individual participants, and do not necessarily represent the views of
the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an
official opinion, post your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products
and services. They also are not intended to be used as a forum for
personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-security as:
[EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the
same as the address subscribed to the list, please use the
Subscribe/Unsubscribe form at http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org


---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

---

Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org