On Wed, Oct 28, 2009 at 3:16 PM, Sherry Abercrombie <[email protected]> wrote: > ... at least my understanding of HIPAA would make me question it ...
HIPAA don't even get close to that level of detail. HIPAA, Sarb-Ox, etc., are used as a boogey-man by auditors and security guys the world over. If you take the time to read the letter of the law they're almost always just using it as an excuse to get their way. Sometimes for better, sometimes for worse. Example: I've seen someone claim Sarb-Ox meant they had to mandate password changes every 30 days. I checked. The actual Sarb-Ox regulations don't even *mention* passwords. I wonder when they'll start saying TRACERT.EXE is a "hacker tool". It's already not uncommon to find ICMP blocked by people as a "security risk" -- and then they wonder why they have random packet loss problems. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
