TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
You wrote:
-----Original Message-----
From: Jeffery Stutzman [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 25, 2000 8:05 PM
To: [EMAIL PROTECTED]
Subject: Hospital INFOSEC?
I'm an MBA student looking for some information regarding the implementation
of security services in hospitals and medical facilities. I'm interested in
feedback concerning regulatory issues surrounding infosec in hospitals.
Anyone on the forum have any insight in this area?
Thanks,
Jeff
Jeff
At the current time, INFOSEC requirements for medical systems essentially
rely on interpretation of Privacy Act of 1974 standards. These standards are
met by ensuring that the information is protected through accountability and
audit tracing for modifications. However the Health Information Portability
and Accountability Act (HIPAA) is applying new security standards across
these organizations, concerning the right of the individual to determine how
much information is released and who obtains such information. As of now,
the final HIPAA requirements have not been determined, especially in the
areas of telecommunications (use of the Internet to transport data) and
patients right to determine how much is released. There are some issues in
that last item that are particularly ticklish, where the patients rights can
be overridden dependent on the issue. You can look at the HHS web page for
directions to the HIPAA documentation.
Vernon A. Campbell
Director, Information Systems Security Assurance
RGII Technologies, Inc.
703-414-3084
cell-703-967-1615
fax-703-414-3088
[EMAIL PROTECTED]
