Ian Cheong wrote:
And that is exactly my point - lots of conditions and very little
control and even after writing and implementing an appropriate security
policy, how could you make sure it stayed implemented for the life of
the system.
This equally applies to the practice network, which I'd suggest is a
much bigger problem in the real world.
Realsitically, you not only have to manage the home network, you also
need to control every piece of hardware connected to it as a separate
concern.
The 'home network' in most cases will vary between one and four PC's,
and, yes, if you have one and have a computer on it that is used in your
business, then the same constraints apply anyway.
Has anyone has bothered with separately firewalled home networks?? (IE
practice remote location at GPs home separate from home network)
No, because it's more trouble than managing your home network normally.
I agree, if you have an insecure, poorly managed home network you
shouldn't run a VPN to your practice from it. Nor should you be writing
medico-legal reports on a PC connected to it, nor doing Internet
banking, or anything else worthwhile.
I had a practice proposing to run two networks. One for Internet access
and one with their clinical and PM applications. The reason: fear of
Internet security problems.
Then I asked how they proposed to get any data from the 'insecure' to
the 'secure' network. When they thought about that for a bit they gave
the idea away.
Greg
--
Greg Twyford
Information Management & Technology Program Officer
Canterbury Division of General Practice
E-mail: [EMAIL PROTECTED]
Ph.: 02 9787 9033
Fax: 02 9787 9200
PRIVATE & CONFIDENTIAL
***********************************************************************
The information contained in this e-mail and their attached files,
including replies and forwarded copies, are confidential and intended
solely for the addressee(s) and may be legally privileged or prohibited
from disclosure and unauthorised use. If you are not the intended
recipient, any form of reproduction, dissemination, copying, disclosure,
modification, distribution and/or publication or any action taken or
omitted to be taken in reliance upon this message or its attachments is
prohibited.
All liability for viruses is excluded to the fullest extent permitted by
law.
***********************************************************************
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
