Re: More Unusual request

[Paul Schmehl <pauls () utdallas edu>]

On Fri, 2003-02-14 at 04:39, Etaoin Shrdlu wrote:
> First, I must say I'm surprised that the only two posts I've seen in answer
> to this have come from folk whom I suspect have absolutely NO experience
> with HIPAA. The answer here needs to be more specific to the problem.
Perhaps that's because those of us who are dealing with HIPAA are too
busy to respond. :-)

I agree with everything you've said, Eric, but I think it should be
pointed out that the executives of his medical facility are *personally*
liable for HIPAA violations and could be subject to both fines *and*
imprisonment for non-compliance.

Make sure you point that out to the powers that be.  It may shake them
up enough to wake them up.  They *should* have been thinking about what
to do about HIPAA two years ago!  Now, only a mad rush and large
expenditures of cash will help.

And BTW - YOU (original poster) - can also be held personally liable
since you're in a security position at an institution that has to comply
with HIPAA.  The fact that you just got the job may mitigate your risk
some, but you've got some heavy, hard work ahead of you just to protect
yourself, much less the corporation.

Hire some HIPAA consultants IMMEDIATELY.

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html