Am i alone in thinking these regualtions have little to do at all with
actually protecting pateint information, and a lot to do with more busy
work?
----- Original Message -----
From: "Wayne Wilson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 13, 2003 11:49 AM
Subject: HIPAA certification means HIPAA = Big money


> Crawford Rainwater wrote:
>
> >Found from a TechRepublic email, was wondering folks thoughts
> >on it?
> >
> >
> Well, if it will get you consulting gigs, it's going to be worth a
fortune.
>
> The new HIPAA security regs came out today.  They contain no
> earthshaking technical requirements, but they do have one suprising
> expansion, they cover all data whether in transmission or  in storage no
> matter where the physical location.  The money comes in because everyone
> is going to have to perform security audits and provide staff training
> and documentation of all technical decisions and auditing activities......
>
>   So for example, encryption during transmission is called
> 'addressable', which means you don't have to do it, but you have to
> explain why you don't have to do it, and this means from one server to
> one sitting right beside on a dedicated wire!  I.e., it's easily
> explainable why you don't have to encrypt it, you just have to keep a
> official book around with that explanation in it referencing the
> appropriate security risk analysis you did referenced to the regulation.
>

Reply via email to