--- You are currently subscribed to wedi-privacy as: [email protected] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- I would reiterate what others have already said. You need to determine what is necessary and appropriate for your circumstances.
I represent some solo practitioner offices where the only computer terminals are in the back office and there are only 3 employees who access that area. In an office that small, they have made the decision that everyone in the office needs access to all information since they do so much job sharing and covering for each other. I think that is reasonable for that setting. Since the only people who have access to the terminal are entitled to access PHI I don't think they nedd a password protected screen saver, as long as they can ensure no unauthorized persons have access to the back office. If you are talking about a larger office where many people who are not authorized to access PHI may have access to my terminal when I walk away from it to use the restroom, then I could see arguing that it is reasonable to require all employees lock their work stations when they are left unattended. What type of operating systems or password protection you need is again subject to what is reasonable for your circumstances. Noel Chang -- Open WebMail Project (http://openwebmail.org) ---------- Original Message ----------- From: "Ritter, Nicole" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Thu, 24 Oct 2002 09:55:34 -0500 Subject: RE: Privacy issues > --- > You are currently subscribed to wedi-privacy as: > [EMAIL PROTECTED] To unsubscribe from this list, go to the > Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a > blank email to [EMAIL PROTECTED] If you > need to unsubscribe but your current email address is not the same > as the address subscribed to the list, please use the > Subscribe/Unsubscribe form at http://subscribe.wedi.org > --- > I understand what you are saying in regards to updating information, > but I think what Marshall's question was, what about someone who is currently > working on private information and then walks away from his/her PC? > Is it necessary to have some sort of screen saver password in order > to prevent others from walking up to the PC and viewing the information? > > Nicole Ritter > Account Executive > MercyCare Insurance Company > 800/752-3431 x3012 > 608/741-5653 - Direct > 608/752-3751 - Fax > > NOTICE: This e-mail may contain confidential and privileged material > for the sole use of the intended recipient. Any review or > distribution by others is strictly prohibited. If you are not the > intended recipient, please contact the sender and delete all copies. > > -----Original Message----- > From: Brent Kitchens [mailto:bkitchens@;telocity.com] > Sent: Thursday, October 24, 2002 9:47 AM > To: WEDI SNIP Privacy Workgroup List > Subject: RE: Privacy issues > > --- > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form > at http://subscribe.wedi.org or send a blank email to leave-wedi- > [EMAIL PROTECTED] If you need to unsubscribe but your > current email address is not the same as the address subscribed to > the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org > --- > Marshall, > I think it certainly does fall within the security and the privacy > rules. A documented process that institutes desktop password > protection as a safeguard against unauthorized access I believe > would constitute reasonable efforts under the rules. In reality, it > really isn't enough to accomplish actual security on the system. I > think a much better approach is to have a practice management system > that can provide an audit trail by system user in addition to the > standard login security controls. Any record changes could then be tracked > back to the responsible party. I know there aren't many out there > that can do this, but it seems to be the best solution. > > Brent Kitchens > CIO > Phoenix Medical Technologies > Atlanta, GA > www.phoenixmedtech.com > > -----Original Message----- > From: Marshall E. Fryman [mailto:mfryman@;futuraintl.com] > Sent: Thursday, October 24, 2002 10:23 AM > To: WEDI SNIP Privacy Workgroup List > Subject: Privacy issues > > --- > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form > at http://subscribe.wedi.org or send a blank email to leave-wedi- > [EMAIL PROTECTED] If you need to unsubscribe but your > current email address is not the same as the address subscribed to > the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org > --- > > The privacy regulation draws attention to a reasonable effort to maintain > the privacy of patient's information except on a "need to know" > basis. If we take the premise of a doctor's office where Person A > types a letter to a patient containing confidential information. If > Person A then walks away from their terminal, I would reasonably > conclude that there should be some sort of password-protected screen > saver that automatically pops up to blank the screen so that anyone > passing by can not read said letter. If this workstation is setup > using Windows 9x, is it also reasonable to claim that this machine > is not securable? If I reboot the Win 9x machine, I can bypass any > password that was originally setup on this machine and still read > the letter. If I upgrade this machine to Windows NT / 2000 / XP, it > is no longer possible to bypass the security system. This is clearly > a more secure environment, but has anyone attempted to define if > this falls within the "reasonable" precautions that a practice > should take? > > Anyone have any ideas? I have talked to CMS and they said that they were > not really qualified to answer the question. Their initial reaction was > that this was an issue of security not privacy, but they later > changed their mind and said it might fall within the "reasonable" clause. > > Thanks, > Marshall > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. > The discussions on this listserv therefore represent the views of > the individual participants, and do not necessarily represent the > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to > receive an official opinion, post your question to the WEDI SNIP > Issues Database at http://snip.wedi.org/tracking/. These listservs > should not be used for commercial marketing purposes or discussion > of specific vendor products and services. They also are not > intended to be used as a forum for personal disagreements or > unprofessional communication at any time. > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. > The discussions on this listserv therefore represent the views of > the individual participants, and do not necessarily represent the > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to > receive an official opinion, post your question to the WEDI SNIP > Issues Database at http://snip.wedi.org/tracking/. These listservs > should not be used for commercial marketing purposes or discussion > of specific vendor products and services. They also are not > intended to be used as a forum for personal disagreements or > unprofessional communication at any time. > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. > The discussions on this listserv therefore represent the views of > the individual participants, and do not necessarily represent the > views of the WEDI Board of Directors nor WEDI SNIP. If you wish to > receive an official opinion, post your question to the WEDI SNIP > Issues Database at http://snip.wedi.org/tracking/. These listservs > should not be used for commercial marketing purposes or discussion > of specific vendor products and services. They also are not > intended to be used as a forum for personal disagreements or > unprofessional communication at any time. ------- End of Original Message ------- --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
