Educause Security Discussion mailing list archives
Re: HIPAA question
From: David Grisham <Dgrisham () SALUD UNM EDU>
Date: Fri, 15 Apr 2011 09:22:19 -0600
If I may answer this question and the previous question about e-mail simultaneously in regard to PII e-mail use and reminders under HIPAA. #1. We use an encrypted mail client within our trusted network. Any confidential information including ePHI that is to be sent outside of the trusted network must be secured either by IronPort Department Rule or manually with Cisco IronPort's E-Mail Security Appliance. Further, we require individuals to send only the minimal amount of information necessary, ensure that it is addressed to an authorized recipient and not forwarded out of our trusted network. #2. We require hospital and health science center staff to take an annual CBT on HIPAA privacy and Cyber security. The CBT is accompanied by not only electronic reminders in our weekly and/or monthly publications from public affairs but the privacy officer and IT security management & staff give lectures/talks to classes, go to department staff meetings and enterprise management meetings on acceptable use issues of HIPAA that have recently ranged from encryption to new policies. Cheers.-grish David Grisham, Ph.D, CISM Manager, IT Security, UNM Hospitals
Jon Hanny <jehanny () GWU EDU> 4/15/2011 6:00 AM >>>
Do you send out any memos or periodic reminders on acceptable use of email as it relates to HIPAA? Respectfully, --------------------------------- Jon Hanny CISM, CISSP, CRISC, GSLC Risk and Compliance Services Division of IT The George Washington University 703-726-4469 jehanny () gwu edu --------------------------------- On 4/14/2011 5:10 PM, Taylor, James R wrote:
We use the Voltage encryption gateway as well as their Outlook plug-in for end-to-end encryption. _______________________ Jim Taylor Information Security Officer (ISO) Missouri State University 417-836-5226 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jon Hanny Sent: Thursday, April 14, 2011 10:08 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] HIPAA question I was wondering if/how any of you have addressed HIPAA with relation to email usage. Please advise.
Current thread:
- HIPAA question Jon Hanny (Apr 14)
- Re: HIPAA question Terence Ma (Apr 14)
- Re: HIPAA question Taylor, James R (Apr 14)
- Re: HIPAA question Jon Hanny (Apr 15)
- Re: HIPAA question David Grisham (Apr 15)
- Re: HIPAA question Bill Terry (Apr 15)
- Re: HIPAA question Jon Hanny (Apr 15)
- Re: HIPAA question Maria Peluso (Apr 15)