On Tue, Jun 16, 2009 at 3:40 PM, Bob Fronk <[email protected]> wrote: > I am in the middle of a HIPPA compliance review. One of the > consultants is suggesting that all our email be encrypted > because it may contain HIPPA related information.
HIPAA is a mess, and it's been a while for me, but as I recall, the regulations generally don't require specific mechanisms like encryption for particular tasks. You have to take steps to protect it. You don't have to be crazy. Chances are they're just talking out of their rectum. Consultants do that a lot. It's especially common when it comes to compliance; the consults go for overkill "to be safe". Ask them to quote chapter and verse from an actual law or regulation. When they can't, thank them for the suggestion and move on to the next item. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
