Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Healthcare Standards and Regulations

From: John Morrison <john.morrison101 () googlemail com>
Date: Thu, 15 Apr 2010 19:04:12 +0100
Jason,

As you are in California I assume the main regulation is HIPAA. Have
you tried the HIPAA Resource Center
(http://www.aishealth.com/Compliance/HIPAAResource.html) as a starting
point?

Also, do the suppliers of the products have any literature?

On 14 April 2010 23:22, Jason Kolpin <jasonk () ncat org> wrote:

Hello!

I have been approached by a small medical practice to build an
infrastructure from the ground up. After some research I decided I knew
nothing about best practices and such in this environment, these folks are
in a rural area and have no clue who to contact, I am at a loss as well
other than a big company like Seimans or something. It would be greatly
appreciated if anyone on this list knew of a place where I could get some
solid information on this subject, refer these folks to a company that does
this sort of thing, or offer some advice for a situation such as this. It's
not like I am completely clueless concerning server setup and stuff like
that, I work IT, I am more interested in security related information such
as typical physical layout for the network, IE firewalling and data/service
separation issues.

Excuse my ignorance here as this is completely new to me.
I have been asked about LIS, RIS, PM, patient records server,
scheduling/calendar, billing, email server, domain controller, VPN from two
locations and some more. I'm just looking for some simple "stick man"
drawings of a typical physical layout using this type of stuff, as well as a
place I might go to find out about required/mandated policies and such, and
even a few hints on policies you may know that you find important in a
situation such as this.

FYI I have already informed these people I am not the man for the job as the
risk is too great for me should something bad happen but they are probably
going to use me as a consultant, they have no IT staff and are completely
clueless about how the simplest of things work.

I know this is a lot to ask of a mailing list so no surprise if I get no
response.

--
Jason Kolpin
Web Specialist
National Center for Appropriate Technology
www.ncat.org



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: