Educause Security Discussion mailing list archives

Re: HIPAA Privacy - I am afraid I am behind

From: "Schmidt, Eric W" <erschmid () IUPUI EDU>
Date: Fri, 21 Mar 2003 13:32:34 -0500

We're taking a slightly different tact here at the IU School of
Medicine.  HIPAA privacy resides with our Compliance office however the
School's Information Security office will work closely with the School's
Compliance office since there cannot be adequate privacy without proper
security of the networks.


Eric W. Schmidt, CISSP, CISM, DABFE
Information Security Officer
Indiana University School of Medicine
office:  317-278-8751
email:  erschmid () iupui edu


-----Original Message-----
From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] 
Sent: Friday, March 21, 2003 1:29 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HIPAA Privacy - I am afraid I am behind

Here at Brown, we do not want HIPAA Compliance to be a part of InfoSec.
It is in Legal. The problem is that our Legal department is stretched
pretty thin, and more help is needed in the areas where compliance is
necessary. At any rate, we are not getting directly involved, and this
"may" have something to do with your observation.

Connie J. Sadler, CM, CISSP
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
Office: 401-863-7266; Mobile: 401-338-6851
 

-----Original Message-----
From: Jim Moore [mailto:jhmfa () CIS RIT EDU] 
Sent: Friday, March 21, 2003 10:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] HIPAA Privacy - I am afraid I am behind

Well, it looks like I will be the appointed privacy official as well,
especially since the security regulations were published 2/20, and they
support the privacy regulations.

Our groups have addressed things on their own (we are a hybrid entity).
  I just need to make sure that everything is relatively seamless.  I
would like to do a web site for FAQs.  And a place to publish
procedures.

Does anyone have anything that they would be willing to share?  I
haven't seen many HIPAA websites at other universities, is there a
reason for that?

Jim
--
--
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
Telephone: (585)475-5406
Fax:       (585)475-7950

PGP (jimmoore () mail rit edu): 9C33 0328 CD59 B602 82B8 8521 0DC9 963C
D0C0

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

HIPAA Privacy - I am afraid I am behind Jim Moore (Mar 21)
- <Possible follow-ups>
- Re: HIPAA Privacy - I am afraid I am behind Colleen Keller (Mar 21)
- Re: HIPAA Privacy - I am afraid I am behind Brian Reilly (Mar 21)
- Re: HIPAA Privacy - I am afraid I am behind H. Morrow Long (Mar 21)
- Re: HIPAA Privacy - I am afraid I am behind Sadler, Connie (Mar 21)
- Re: HIPAA Privacy - I am afraid I am behind Schmidt, Eric W (Mar 21)
- Re: HIPAA Privacy - I am afraid I am behind Scott Bradner (Mar 23)