Educause Security Discussion mailing list archives
Re: Pharmacy IVR
From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Thu, 17 Feb 2011 17:42:19 -0800
Hello Everyone, I have been closely following this issue with the Tiger Team that has been making recommendations for security of systems such as this. Unfortunately HIPAA took a much longer time to get "teeth" than many of the other security regulations out there. As a result, EHR and pharmacy solutions such as this are sometimes not security-centric. However, these solutions are currently fighting for "minimal use" certification that requires these companies to prove that they have at least some security and privacy built into the application. Even this rigor is not what educational institutions, where multi-regulatory compliance is stronger than most industries, is probably accustomed. It is a very interesting market out there for sure! Sarah Stevens President STI ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Semmens, Theresa [theresa.semmens () NDSU EDU] Sent: Wednesday, February 16, 2011 10:13 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Pharmacy IVR I’m working with our Wellness Center and they want to deploy SpeedScript. I’m running into the same problems and worse. Theresa Semmens, CISA Chief IT Security Officer North Dakota State University IACC 210D PO Box 6050 Fargo, ND 58108 Phone: 701-231-5870 Cell Phone: 701-212-2064 Fax: 701-231-8541 Theresa.Semmens () ndsu edu [cid:image001.gif@01CBCDB9.D1A13D00] Security is a process, privacy is a consequence Security is action, privacy is a result of successful action Security is the strategy, privacy is the outcome Security is the sealed envelope, privacy is the successful delivery of the message inside the envelope ~ Kevin Beaver & Rebecca Herold From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bradley, Stephen W. Mr. Sent: Tuesday, February 15, 2011 1:56 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Pharmacy IVR Let’s see, they don’t want to supply even the minimum by using SSL, how well do you think the rest of their services are protected? thx steve Stephen W. Bradley SSCP GCIH GCFA CISSP Network Security Specialist Miami University bradlesw () muohio edu<mailto:bradlesw () muohio edu> ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Consolvo, Corbett D Sent: Tuesday, February 15, 2011 2:49 PM To: SECURITY () listserv educause edu Subject: [SECURITY] Pharmacy IVR Folks, Does anyone have any recommendations for pharmacy IVR companies? I happened to get in on a phone conversation with a vendor our school was considering and the vendor was not even happy about providing SSL for web-based logins (along with a host of other issues.) While I do some research in to other vendors I was hoping there might be some better suggestions from security folks who have implemented this technology on their campus. Thanks! Corbett Consolvo Texas State University
Current thread:
- Pharmacy IVR Consolvo, Corbett D (Feb 15)
- Re: Pharmacy IVR Bradley, Stephen W. Mr. (Feb 15)
- Re: Pharmacy IVR Semmens, Theresa (Feb 16)
- Re: Pharmacy IVR Sarah Stevens (Feb 17)
- Re: Pharmacy IVR Semmens, Theresa (Feb 16)
- Re: Pharmacy IVR Bradley, Stephen W. Mr. (Feb 15)