Having consulted at several companies under HIPAA rules, let me chime in. It's not as though there is someone standing behind you with a baseball bat just waiting for the opportunity to swat your head.
Most of the practical rules are common sense. Don't go peeking into personal data just because you have DBA authority. Don't copy production data to a test environment without de-identifying it. Don't save private data on your workstation once you have investigated a production ABEND. Don't send any corporate information to anyone who is not authorized to receive it, and always encrypt the message and mark it as CONFIDENTIAL or whatever designation the owner of the data has designated. Always encrypt your hard drive and any USBs or DVDs...if you are allowed to use them. Make certain your voice mail greeting states not to leave personal information. Don't leave confidential documents on your desk when you are away, and always secure your area when you leave for the day. Shred any confidential documents when you are done with them. Don't discuss confidential information in a public place. If you can't work under these rules, you probably should not be working in any industry, because all companies have confidential information. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
