You are currently subscribed to wedi-privacy as: [email protected]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
Nicole,
While very few things are mandatory, one would be well advised that not only are computer monitors shielded from prying eyes who do not have a need to know, but that the computer does automatically protect itself if left inactive. A policy and procedure that requires the individual to manually do this is likely the best, but given human nature, it is best to ensure that the computer is set up to log off and require a password.
Paul D. Jernigan, Esq.
HealthHelp, Inc.
-----Original Message-----
From: Ritter, Nicole [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 24, 2002 9:56 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Privacy issues
---
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
I understand what you are saying in regards to updating information, but I
think what Marshall's question was, what about someone who is currently
working on private information and then walks away from his/her PC? Is it
necessary to have some sort of screen saver password in order to prevent
others from walking up to the PC and viewing the information?
Nicole Ritter
Account Executive
MercyCare Insurance Company
800/752-3431 x3012
608/741-5653 - Direct
608/752-3751 - Fax
NOTICE: This e-mail may contain confidential and privileged material for
the sole use of the intended recipient. Any review or distribution by
others is strictly prohibited. If you are not the intended recipient,
please contact the sender and delete all copies.
-----Original Message-----
From: Brent Kitchens [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 24, 2002 9:47 AM
To: WEDI SNIP Privacy Workgroup List
Subject: RE: Privacy issues
---
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
Marshall,
I think it certainly does fall within the security and the privacy rules. A
documented process that institutes desktop password protection as a
safeguard against unauthorized access I believe would constitute reasonable
efforts under the rules.
In reality, it really isn't enough to accomplish actual security on the
system. I think a much better approach is to have a practice management
system that can provide an audit trail by system user in addition to the
standard login security controls. Any record changes could then be tracked
back to the responsible party. I know there aren't many out there that can
do this, but it seems to be the best solution.
Brent Kitchens
CIO
Phoenix Medical Technologies
Atlanta, GA
www.phoenixmedtech.com
-----Original Message-----
From: Marshall E. Fryman [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 24, 2002 10:23 AM
To: WEDI SNIP Privacy Workgroup List
Subject: Privacy issues
---
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as
the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The privacy regulation draws attention to a reasonable effort to maintain
the privacy of patient's information except on a "need to know" basis. If
we take the premise of a doctor's office where Person A types a letter to a
patient containing confidential information. If Person A then walks away
from their terminal, I would reasonably conclude that there should be some
sort of password-protected screen saver that automatically pops up to blank
the screen so that anyone passing by can not read said letter. If this
workstation is setup using Windows 9x, is it also reasonable to claim that
this machine is not securable? If I reboot the Win 9x machine, I can bypass
any password that was originally setup on this machine and still read the
letter. If I upgrade this machine to Windows NT / 2000 / XP, it is no
longer possible to bypass the security system. This is clearly a more
secure environment, but has anyone attempted to define if this falls within
the "reasonable" precautions that a practice should take?
Anyone have any ideas? I have talked to CMS and they said that they were
not really qualified to answer the question. Their initial reaction was
that this was an issue of security not privacy, but they later changed
their mind and said it might fall within the "reasonable" clause.
Thanks,
Marshall
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
