Educause Security Discussion mailing list archives

Re: Pharmacy IVR

From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Thu, 17 Feb 2011 17:42:19 -0800

Hello Everyone,

I have been closely following this issue with the Tiger Team that has been making recommendations for security of 
systems such as this.  Unfortunately HIPAA took a much longer time to get "teeth" than many of the other security 
regulations out there.  As a result, EHR and pharmacy solutions such as this are sometimes not security-centric.  
However, these solutions are currently fighting for "minimal use" certification that requires these companies to prove 
that they have at least some security and privacy built into the application.  Even this rigor is not what educational 
institutions, where multi-regulatory compliance is stronger than most industries, is probably accustomed.  It is a very 
interesting market out there for sure!

Sarah Stevens
President
STI

________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Semmens, 
Theresa [theresa.semmens () NDSU EDU]
Sent: Wednesday, February 16, 2011 10:13 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Pharmacy IVR

I’m working with our Wellness Center and they want to deploy SpeedScript.  I’m running into the same problems and worse.

Theresa Semmens, CISA
Chief IT Security Officer
North Dakota State University
IACC 210D
PO Box 6050
Fargo, ND 58108
Phone: 701-231-5870
Cell Phone: 701-212-2064
Fax: 701-231-8541
Theresa.Semmens () ndsu edu

[cid:image001.gif@01CBCDB9.D1A13D00]

Security is a process, privacy is a consequence
Security is action, privacy is a result of successful action
Security is the strategy, privacy is the outcome
Security is the sealed envelope, privacy is the successful delivery of the message inside the envelope
                                                                                                                ~ Kevin 
Beaver & Rebecca Herold


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bradley, 
Stephen W. Mr.
Sent: Tuesday, February 15, 2011 1:56 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Pharmacy IVR

Let’s see, they don’t want to supply even the minimum by using SSL, how well do you think the rest of their services 
are protected?



thx

steve



Stephen W. Bradley SSCP GCIH GCFA CISSP

Network Security Specialist

Miami University

bradlesw () muohio edu<mailto:bradlesw () muohio edu>



________________________________
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of 
Consolvo, Corbett D
Sent: Tuesday, February 15, 2011 2:49 PM
To: SECURITY () listserv educause edu
Subject: [SECURITY] Pharmacy IVR

Folks,
  Does anyone have any recommendations for pharmacy IVR companies?  I happened to get in on a phone conversation with a 
vendor our school was considering and the vendor was not even happy about providing SSL for web-based logins (along 
with a host of other issues.)  While I do some research in to other vendors  I was hoping there might be some better 
suggestions from security folks who have implemented this technology on their campus.
Thanks!
Corbett Consolvo
Texas State University

Current thread:

Pharmacy IVR Consolvo, Corbett D (Feb 15)
- Re: Pharmacy IVR Bradley, Stephen W. Mr. (Feb 15)
  - Re: Pharmacy IVR Semmens, Theresa (Feb 16)
    - Re: Pharmacy IVR Sarah Stevens (Feb 17)