+2 Bill Lambert Concuity 847-941-9206
-----Original Message----- From: Erik Goldoff [mailto:[email protected]] Sent: Tuesday, June 16, 2009 4:02 PM To: NT System Admin Issues Subject: RE: HIPPA help + 1 HIPAA is a set of *recommendations* for the standard of security, but there are few, if any granular, detail level requirements ... Erik Goldoff IT Consultant Systems, Networks, & Security -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Tuesday, June 16, 2009 4:40 PM To: NT System Admin Issues Subject: Re: HIPPA help On Tue, Jun 16, 2009 at 3:40 PM, Bob Fronk <[email protected]> wrote: > I am in the middle of a HIPPA compliance review. One of the > consultants is suggesting that all our email be encrypted because it > may contain HIPPA related information. HIPAA is a mess, and it's been a while for me, but as I recall, the regulations generally don't require specific mechanisms like encryption for particular tasks. You have to take steps to protect it. You don't have to be crazy. Chances are they're just talking out of their rectum. Consultants do that a lot. It's especially common when it comes to compliance; the consults go for overkill "to be safe". Ask them to quote chapter and verse from an actual law or regulation. When they can't, thank them for the suggestion and move on to the next item. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
