Re: HIPAA Assessments and Network Access

[Bob Kalal <kalal.1 () OSU EDU>]

Doug,

We've been working with PriceWaterhouse Coopers through privacy,
transactions, and now security. We've been happy with their work. The
key for us was that they had experience with Higher Ed and HIPAA both
inside and outside the medical center. Most folks experience is
limied to the medical center. I was first introduced to the breadth
of their expertise at an EDUCAUSE session in Atlanta several years
ago.

I was also favorably impressed with Deloite & Touche. They did a
pro-bono presentation for the CIC (Big Ten) Security Working Group I
chair that indicated a lot of expertise and competence. Unfortunately
they are OSU's external auditors so there would have been a conflict
in having them as our HIPAA compliance remediation consultants.

Cheers,

Bob Kalal
Director, Information Technology Policy and Services
Office of the Chief Information Officer
The Ohio State University
Phone: (614) 292-6888
Fax:   (614) 688-4226
Email: kalal.1 () osu edu, ITPolicy () osu edu
Web:   http://cio.osu.edu/kalal.html


At 4:01 PM -0500 7/28/04, Doug Sandford wrote:
> Apologies for the rather broad subject area(s). I know these items
> have been discussed in the past, but am looking for some more recent
> experiences/recommendations.
>
> Have any of you brought in consultants to perform the full range of
> compliance checks necessary for HIPAA compliance, ie, Risk
> Assessment, policy and function creation, etc? Your recommendations
> would be welcomed.
>
> Additionally, we are interested in a solution (such as Perfigo or one
> of the others) that would enable us to check computers as they are
> attached to our network for current Windows patches, virus software
> and updates, etc. SUS is certainly a partial answer but requires that
> we get our hands on each machine. Again, any recommendations,
> successes or horror stories will be welcome.
>
> Thanks in advance....
>
>
>
>
> Doug Sandford
> Information Security Officer
> University of Alabama
> Seebeck Computer Center
> doug () ua edu
>
> This email is intended only for the person to whom it is
> addressed.  Any review or other use of this information by
> persons or entities other than the intended recipient or any
> retransmission without the consent of the sender is prohibited.
>
> **********
> Participation and subscription information for this EDUCAUSE
> Discussion Group discussion list can be found at
> http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.