RE: HIPPA help

[Carol Fee]

But you are a genius guru :-)
 
CFee
 

________________________________

From: Sherry Abercrombie [mailto:saber...@gmail.com] 
Sent: Wednesday, June 17, 2009 12:07 PM
To: NT System Admin Issues
Subject: Re: HIPPA help


Thanks for the discussion guys.  This has been recently brought up here
where I work, and like Bob, we're not a medical entity, however, HR does
use email to correspond with our health insurance provider.  I've taken
all the companies mentioned in this discussion and am passing it on to
those in the decision making area so that they can see that we don't
have to do an all or nothing approach.  When it was mentioned to my
boss, he was under the assumption that it was all or nothing and didn't
pursue researching it.  

I love this list, once again thanks to you all, I look like a genius
guru......  


On Wed, Jun 17, 2009 at 10:44 AM, paul chinnery <pdw1...@hotmail.com>
wrote:


        Jeff, my sentiments exactly.  We doing almost the exact same
thing as you. We do, however, sometimes send PHI as an attachment
encrypted by PKzip  or Winzip (the p/w is given over the phone and not
emailed).
        The feds may get a lot more restrictive with the new HITECH
initiative. And just last year, they did their first HIPAA audit at a
hospital that was not generated by a complaint.
        
        
________________________________

        Date: Tue, 16 Jun 2009 16:18:50 -0500
        Subject: Re: HIPPA help
        From: 2jbr...@gmail.com
        To: ntsysadmin@lyris.sunbelt-software.com 


        You need to be able to demonstrate(in writing) that you have
thought about how sensitive data is protected.  Biggest part of work(and
it is ongoing for us) was/is to teach/convince our employees that
patient data NOT be sent using email to anyone outside our organization.
We have yet to decide email was the only or even preferred method of
getting sensitive data to people outside our buildings/network.  Up to
this point  I believe that has saved us a lot of money.  I don't know
how long we will be able to do things the way we are, which is to say we
use the fax machine a lot.  Please don't suggest that we are spending
more money than we know on faxes, we do almost ALL our business in this
local market, so we aren't paying long distance fees on those faxes.  I
do hate the faxing technology in general though.
        
        
        On Tue, Jun 16, 2009 at 4:03 PM, Bill Lambert
<blamb...@concuity.com> wrote:
        

                +2
                
                Bill Lambert
                Concuity
                847-941-9206
                


                -----Original Message-----
                From: Erik Goldoff [mailto:egold...@gmail.com]
                Sent: Tuesday, June 16, 2009 4:02 PM
                To: NT System Admin Issues
                
                Subject: RE: HIPPA help
                
                 + 1
                HIPAA is a set of *recommendations* for the standard of
security, but there
                are few, if any granular, detail level requirements ...
                
                
                
                Erik Goldoff
                IT  Consultant
                Systems, Networks, & Security
                
                
                -----Original Message-----
                
                From: Ben Scott [mailto:mailvor...@gmail.com]
                Sent: Tuesday, June 16, 2009 4:40 PM
                To: NT System Admin Issues
                
                Subject: Re: HIPPA help
                
                On Tue, Jun 16, 2009 at 3:40 PM, Bob Fronk
<b...@btrfronk.com> wrote:
                
                > I am in the middle of a HIPPA compliance review.  One
of the
                > consultants is suggesting that all our email be
encrypted because it
                > may contain HIPPA related information.
                
                
                 HIPAA is a mess, and it's been a while for me, but as I
recall, the
                regulations generally don't require specific mechanisms
like encryption for
                particular tasks.  You have to take steps to protect it.
You don't have to
                be crazy.
                
                 Chances are they're just talking out of their rectum.
Consultants do that
                a lot.  It's especially common when it comes to
compliance; the consults go
                for overkill "to be safe".
                
                 Ask them to quote chapter and verse from an actual law
or regulation.
                When they can't, thank them for the suggestion and move
on to the next item.
                
                -- Ben
                
                ~ Finally, powerful endpoint security that ISN'T a
resource hog! ~ ~
        
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
                
                
                ~ Finally, powerful endpoint security that ISN'T a
resource hog! ~
                ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
                
                
                ~ Finally, powerful endpoint security that ISN'T a
resource hog! ~
                ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
                
                


         
        
        
         


________________________________

        Insert movie times and more without leaving Hotmail(r). See how.
<http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_T
utorial_QuickAdd_062009>  

         

        

         




-- 
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic." 
Arthur C. Clarke


 

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~