RE: HIPAA_Compliance

["Chinnery, Paul" <PaulC () mmcwm com>]

I would second that, Chris.  In fact, we currently use it on a limited basis.  And, for anyone who's involved with 
HIPAA compliance, it meets the technical standards put forth under the security rule.

Paul Chinnery
Network Administrator
Mem Med Ctr


-----Original Message-----
From: Chris Orzal [mailto:chris.orzal () pkware com]
Sent: Wednesday, April 07, 2004 12:13 PM
To: Billy Dodson; Robinson, Sonja; paralleluniverse;
security-basics () lists securityfocus com
Subject: RE: HIPAA_Compliance


Folks,

I don't mean to toot my own horn, but is anybody aware of PKZIP's
encryption and authentication features? 

These were Ron's requirements: inexpensive, easy to deploy,
convenient to use, and easy to train staff, encryption solution.

As opposed to using this forum for giving a sales pitch I would simply
ask you to visit www.pkware.com and explore the possibilities.  There
are HIPAA case studies and other materials for you to look at. 

Also, I would invite anybody with any familiarity with the PKZIP Secure
product to let me know what you think: good, bad, or indifferent.  Good
topic by the way!

Christopher Orzal
PKWARE, Inc.
414-362-8599

-----Original Message-----
From: Billy Dodson [mailto:billy () pmm-i com] 
Sent: Tuesday, April 06, 2004 8:39 AM
To: Robinson, Sonja; paralleluniverse;
security-basics () lists securityfocus com
Subject: RE: HIPAA_Compliance

If you are in a windows enviroment, you can use IPSEC policies within
the domain security policy to encrypt traffic on the LAN.  This is of
course with a very high overhead.  I am not deeply versed in HIPPA
policies.  You can reduce some of the overhead by just encrypting
traffic between domain controllers.  I know that also if you uses Cisco
routers for your WAN, they can be configured to encrypt that traffic as
well. 


Billy Dodson
Network Systems Engineer
Permian Micro Mart
3815 E. 52nd Street
Odessa, TX 79762
432.367.3239 - Direct Line
432.367.6179 x139

-----Original Message-----
From: Robinson, Sonja [mailto:SRobinson () HIPUSA com] 
Sent: Monday, April 05, 2004 3:00 PM
To: 'paralleluniverse'; security-basics () lists securityfocus com
Subject: RE: HIPAA_Compliance

What are you trying to encrypt and from what points?

i.e. PHI in e-mail - suggest Kryptiq, Sigaba, PGP enterprise solutions
depending on your needs you could also use desktop - ssl file
transfer/gateway decryption  VPN -works for communications over telecomm
lines for business partners, subsidiaries, etc.

secure ftp - for file transfer

web file repository - ssl file transfer

Your soultion wil ldepend on what you are looking to encrypt, why and
the to/from points.

-----Original Message-----
From: paralleluniverse [mailto:paralleluniverse () ev1 net]
Sent: Saturday, April 03, 2004 9:48 PM
To: security-basics () lists securityfocus com
Subject: HIPAA_Compliance


Hello to All,

In order to provide security solutions for HIPAA compliance, encryption,
though not required, seems to solve several of the problems. Would
anyone have some suggestions for an inexpensive, easy to deploy,
convenient to use, and easy to train staff, encryption solution? Other
thoughts?

Ron Cohen
FUNEN



------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
CONFIDENTIALITY NOTICE: This e-mail transmission, including any
attachments to it, may contain confidential information or protected
health information subject to privacy regulations such as the Health
Insurance Portability and Accountability Act of 1996 (HIPAA). This
transmission is intended only for the use of the recipient(s) named
above. If you are not the intended recipient, or a person responsible
for delivering it to the intended recipient, you are hereby notified
that any disclosure, copying, distribution or use of any of the
information contained in this transmission is STRICTLY PROHIBITED. If
you have received this transmission in error, please immediately notify
me by reply e-mail and destroy the original transmission in its entirety
without saving it in any manner. 

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----




------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------