Security Basics mailing list archives

HIPAA_Compliance

From: "paralleluniverse" <paralleluniverse () ev1 net>
Date: Tue, 6 Apr 2004 18:52:27 -0700

Many thanks for all the good advice re: HIPAA encryption solutions.
Thanks for the tip suggesting I take a look at Kryptiq and Sigaba.
The firms that I am dealing with are small (30 machines, or so, or less) and
many are
non-profit. The conversion to a secure environment, for many of them, is
sorta new.
Often just "getting all the stuff to work" was sufficient. Costs are an
issue. This
march to security will take place in stages and the suggestion that a
modular
approach be taken, I think, is a good one. You need to meet, but not exceed,
the
requirements of the privacy and security rules. Spending money now that you
might
have to spend all over again as the stages proceed should be, if possible,
avoided.
Now that security has been placed in everyone's mind, it will be required in
each
new upgrade.
One of the steps that will allow Health care professional and their clients
to
communicate by e-mail will be the ability of the HCP to encrypt, when
necessary, that
e-mail. Expecting clients to install their end of the encryption scheme is
asking a lot.
I have been trying encryption programs that offer password protected
encryption.
The client needs only the password to un-encrypt the e-mail. This would seem
to
"meet, but not exceed" the requirements and be an easy, inexpensive
solution. Has
any one been using this type of program?

Ron Cohen
FUNEN
Parallel Universe



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

HIPAA_Compliance paralleluniverse (Apr 05)
- <Possible follow-ups>
- RE: HIPAA_Compliance Michael Dunn (Apr 05)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 05)
- RE: HIPAA_Compliance Henry, Christopher M. (Apr 06)
- RE: HIPAA_Compliance Billy Dodson (Apr 06)
  - Re: HIPAA_Compliance David Glosser (Apr 16)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- HIPAA_Compliance paralleluniverse (Apr 07)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- RE: HIPAA_Compliance Chris Orzal (Apr 07)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 07)
  - Re: HIPAA_Compliance Ned Fleming (Apr 08)
- Re: HIPAA_Compliance Ned Fleming (Apr 12)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 12)