On Wednesday 05 March 2003 00:13, you wrote: > The correct question is what are open source's advantages with > reference to HIPAA compliance? Certainly, that is a good and useful question and thank you for posing it and starting an answer. But lets move from theory to practice where we can. Faire rather than etre (apolgies for no accent)
> Having read a great deal of the security reg, I am coming > increasingly to the conclusion that the much if not all of the > reg can be satisfied automatically. Report generation, audit, > key management, etc. etc., these are all things that cry out > for automation. Not very fun tasks to write I suspect, and therefore is it possible that the role of the Open Source community is to contribute a how-to for those elements that we can, such that someone looking at doing it because they are using a system, or wish to consider doing so, can estimate the cost of doing the work. > Read the reg and in every case think of how the task imposed > by HIPAA can be accomplished automatically. > > Yes, there are things that cannot be done automatically, but > they have nothing to do with software and everything to do > with the organization using the software. These things are > best rendered unto Caesar, as they will be anyway. Concur. Some specific instances (which only an American can contrbute for HIPAA, but which might be generalised to potential future or other regulatory regimes elsewhere) might be worth including in a how-to or as examples of where either the use of OSS is either not different from the use of closed source or the locus of effort is as John Gage says managerial and cultural rather than technical. Martin Fink's book is a start, but this might become an extension to it. > On Tuesday, March 4, 2003, at 06:30 PM, Adrian Midgley wrote: > > Generically, what would an open source medical system > > require in order to maintain HIPAA compliance? -- From one of the Linux desktops of Dr Adrian Midgley http://www.defoam.net/
