Connie, You raise a good point. As
far as I know, recent versions of SSL meet the encryption standards. I’m not sure how SSL would apply to old-fashioned, asynchronous
communications, however. Tom Drinkard EDIT (678) 795-1251 (voice) (678) 795-1575 (fax) [EMAIL PROTECTED] -----Original
Message----- Tom, What if your dial-up
connection routes through an SSL. Wouldn't this be considered a
"closed" (secure) connection and thus encryption would not be
required? Connie Emery, CISSP -----Original
Message-----
This has yet to be decided. The safest approach is to go ahead and encrypt now. The Security NPRM contradicts itself. On the one hand, it considers a dial-up
line to be an open network and, thus, requires encryption. On the other hand, it states that it may not be an
open network for small, rural providers. Hopefully, the Security Final Rule, when published,
will clarify these points. See the Security NPRM p43255 “When using open networks, some form of encryption should be
employed. The utilization of less open systems/networks such as those provided
by a value-added network (VAN) or privatewire arrangement provides sufficient
access controls to allow encryption to be an optional feature. These controls
would be important because of the potential for compromise of information over
open systems such as the Internet or dial-in lines.” See also the Security NPRM p43256 “If
this provider chooses to use the Internet to transmit or receive health
information, some form of encryption must be used. For example, the provider
could procure and use commercial software to provide protection against
unauthorized access to the data transmitted or received. (This decision must
take into account what encryption system the message recipient uses.) On the
other hand, health information when transmitted via other means such as VANs,
private wires, or even dial-up connections may not require such absolute
protection as is provided by encryption.” Tom Drinkard EDIT (678) 795-1251
(voice) (678) 795-1575
(fax) [EMAIL PROTECTED] -----Original
Message----- Does
anyone know if the use of dial up modems without encryption is going to be
acceptable for sending and receiving transactions on Oct 2002. The
security preamble implies it may not be acceptable. Point to point phone
conversations can communicate PHI why not point to point modem communication? Jim
Turner HIPAA
Provider Relations Blue
Cross/Blue Shield of Hawaii 808-948-6445 This electronic message is intended only for the individual
or entity to which it is addressed and may contain information that is
confidential and protected by law. If you are not the intended recipient of
this e-mail, you are cautioned that use of its contents in any way is
prohibited and may be unlawful. If you have received this communication in
error, please notify the sender immediately by e-mail or telephone and return
the original message by e-mail to the sender or to [EMAIL PROTECTED] We will
reimburse you for any cost you incur in notifying us of the errant e-mail.
Thank you.
********************************************************************** To be removed from this list, send a message to: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. |
- RE: Us of Dial up Modems without encryption Emery, Connie
- RE: Us of Dial up Modems without encryption Tom Drinkard
- RE: Us of Dial up Modems without encryption Pete Hinden
