Security Basics mailing list archives

RE: HIPAA_Compliance

From: "Henry, Christopher M." <chenry () radiologycorp com>
Date: Tue, 6 Apr 2004 09:03:14 -0400

PGP only works if you are a small company, other wise it is a pain in
the ass trying to keep track of everything.  But it does depend on what
you are trying to encrypt. Email should not be an issue, technically
patient information is not supposed be sent by email. I have never ran
into a situation where someone need to send any patient information by
email.

Other than that...I have a completely "secure" network, all our sites
are connected by VPNs or Point to Point T1 lines. Every bit of
information that leaves our remote sites are encrypted (even DNS
traffic). I have very strict standards for anyone to connect to our
network. For employees I use a VPN client, for hospitals and doctors
offices I normally deploy a Cisco 1751 and create an IPSEC tunnels back
to our network, or work with their IT department to use there existing
equipment. Patient information is sent across the VPNs or tunnels by
whatever system that are using(PACS, IDX, GPMS) or by our RIS.

It is not wise to implement a system that is not modular. Although you
might save 50-100 thousand dollars during the initial setup, how much
time and money are you going to waste maintaining it? Or how fast will
the company out grow it, then how money will it cost to put a new system
in place? The best piece of advice that I gave you is to do research, if
you put the wrong system in place it is going to cost you in the long
run (I know this from person experience) if you have any question feel
free to email me.
 

-----Original Message-----
From: Michael Dunn [mailto:MDunn () sscincorporated com] 
Sent: Monday, April 05, 2004 2:05 PM
To: security-basics () lists securityfocus com
Cc: paralleluniverse
Subject: RE: HIPAA_Compliance

We've had good luck with PGP!

Regards,

-Mike

-----Original Message-----
From: paralleluniverse [mailto:paralleluniverse () ev1 net]
Sent: Saturday, April 03, 2004 9:48 PM
To: security-basics () lists securityfocus com
Subject: HIPAA_Compliance


Hello to All,

In order to provide security solutions for HIPAA compliance, encryption,
though not required, seems to solve several of the problems. Would
anyone have some suggestions for an inexpensive, easy to deploy,
convenient to use, and easy to train staff, encryption solution? Other
thoughts?

Ron Cohen
FUNEN



------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

HIPAA_Compliance paralleluniverse (Apr 05)
- <Possible follow-ups>
- RE: HIPAA_Compliance Michael Dunn (Apr 05)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 05)
- RE: HIPAA_Compliance Henry, Christopher M. (Apr 06)
- RE: HIPAA_Compliance Billy Dodson (Apr 06)
  - Re: HIPAA_Compliance David Glosser (Apr 16)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- HIPAA_Compliance paralleluniverse (Apr 07)
- RE: HIPAA_Compliance Robinson, Sonja (Apr 07)
- RE: HIPAA_Compliance Chris Orzal (Apr 07)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 07)
  - Re: HIPAA_Compliance Ned Fleming (Apr 08)
- Re: HIPAA_Compliance Ned Fleming (Apr 12)
- RE: HIPAA_Compliance Chinnery, Paul (Apr 12)