You might try http://irm.cit.nih.gov/security/sec_policy.html.  This site contains very specific security policies and other items of interest such as DHHS IT policies, guide for developing security plans, related federal regulations, etc. 
 
Leslie Bunny Street
Privacy Specialist
Mountain States Health Alliance
Johnson City, TN 37604
-----Original Message-----
From: Ben Rothke [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 20, 2002 11:10 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Security Policies & Procedures



Hi Valerie,

 

>>>I would greatly appreciate if someone would be kind enough to share their Security Policies and Procedures with us.

 

In most originations, such polices are not to be shared with outsiders. 

 

 

>>>We are one of the country's largest public health systems and are currently implimenting an integrated clinical system to support 5000+ online users/1000+ wireless users, over the next six months.

 

As a start, check out Information Security Roles & Responsibilities Made Easy, Version 1
by Charles Cresson Wood

http://www.amazon.com/exec/obidos/ASIN/1881585085/qid=1024585581/sr=1-2/ref=sr_1_2/103-0708860-4447003

 

Hope this helps,

 

Ben

 

 

 

 

 

Ben Rothke, CISSP
Senior Security Architect
QinetiQ Trusted Information Management, Inc.
973/489-0838
[EMAIL PROTECTED]

 

 

 

 


 

-----Original Message-----
From: Valerie Holden [mailto:[EMAIL PROTECTED]]
Sent:
Wednesday, June 19, 2002 2:32 PM
To: [EMAIL PROTECTED]
Subject: Re: Security Policies & Procedures

 

 

Dear Collagues,

I would greatly appreciate if someone would be kind enough to share their Security Policies and Procedures with us. We are one of the country's largest public health systems and are currently implimenting an integrated clinical system to support 5000+ online users/1000+ wireless users, over the next six months. At the same time I am attemping to launch an information security program from the ground up. The rollout plan was not my idea - however, I have been charged with the ominous task of creating a HIPAA compliant security framework that allows us to protect valued information assets!!!!!

I am especially interested in the following policies: (1)Informtion Stewardship Policy, (2)Information Access Policy, (3)Password Policy, (4)Data Classification Policy, (5)Electronic Mail Policy, (5)Chain Letter Policy, (6)Remote Access Policy, (7)Sanitzation Policy, (8)Electronic Signature Policy, (8)WLAN Policy, (9)Security Training Policy.......

Your ideas and suggestions are also welcomed. Thanks for your consideration of this matter.

Kindly,

 

 

 
Valerie Steele Holden
Information Security Officer/HIPAA Security Officer
Cook County Bureau of Health Services
312/633-7905 or 312/333-4461 (pager)
[EMAIL PROTECTED]
 

 


Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup ********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request.


**********************************************************************
To be removed from this list, send a message to: [EMAIL PROTECTED]
Please note that it may take up to 72 hours to process your request.

Please note that it may take up to 72 hours to process your request.

The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
Posting of advertisements or other commercial use of this listserv is
specifically prohibited.

Reply via email to