this was exactly what I have suggested in my previous message. I agree, the solution that I would recommend should be able to non-invasively monitor multiple systems and hard drives, and even lab equipment if applicable and should log all the information in the central location with reports available for audit purposes. The are to companies on the market that provide such capabilities and both came from the pharma arena, where FDA was long time ago focusing on security and privacy of electronic records. If you would like I could readily provide more information.
On one of the recent Barnett sponsored conferences on HIPPA and 21 CFR Part 11 Security regulations, I was actually presenting the topic of the commonalities and differences between the two regulations and way to comply with both at the same time. The idea is simple: Focus on data security and traceability and then find the right solution on the market. The mane criteria for the solution should be : that what ever solution you chose you should not need to change your existing systems a bit and it should not interfere with your regular operations. Jacob Vishnevsky Stelex-TVG Two Greenwood Square, Suite 310 3331 Street Road Bensalem, PA 19020 phone: (215) 352-1133 cell:(215) 421-8539 fax: (215) 638-9333 email: [EMAIL PROTECTED] <mailto:jvishnevsky@;stelex.com> -----Original Message----- From: Marshall E. Fryman [mailto:mfryman@;futuraintl.com] Sent: Thursday, October 24, 2002 5:56 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Privacy issues Thin client is a very expensive solution to this problem. By the time you deploy all the various licenses that Microsoft requires and purchase a server capable of running the clients, you would be talking about several thousand dollars as a minimum. You would also be relying on the inherent logging system of MS to make this work. Their logging system appears to be very poor when dealing with a significant amount of logged traffic. I was hoping for a background service application that would monitor file access activity and record it in a DB that would then have various report capabilities. If there isn't one readily available, we can certainly develop one, I was just hoping that someone had already discovered an easy means of logging access to files that are outside the normal data set of the record keeping systems but still needed to maintain HIPAA compliance. m At 05:11 PM 10/24/2002 -0400, you wrote: >Marshall, > >Did you consider deployment of thin clients? Your logs would then id all >access. > >Jake Mazur >GovConnect >A Subsidiary of govONE Solutions >15 Piedmont Center, Suite 1200 >3575 Piedmont Road NE >Atlanta, GA 30305 >Home Office: 704.554.0026 >[EMAIL PROTECTED] ><http://www.govconnect.com/>http://www.govconnect.com/ > >-----Original Message----- >From: Marshall E. Fryman >[<mailto:mfryman@;futuraintl.com>mailto:mfryman@;futuraintl.com] >Sent: Thursday, October 24, 2002 3:24 PM >To: WEDI SNIP Privacy Workgroup List >Subject: RE: Privacy issues > >--- >Thanks to everyone who responded to my original question (quoted below.) My >reason for asking is that I represent a niche software manufacturer for >health care and am looking to develop a recommendation for our accounts in >regards to "best practices." We are already implementing tracking of >information that is stored in our database regarding who entered the >information, last modified it, etc. There will be full temporal access to >the history of the records so you can easily move backward and (if starting >from an earlier period) forward in time in relationship to a given record. > >The problem that I have found to be consistent across all of our accounts >is that they frequently have confidential information stored in letters, >spreadsheets, etc. that they have developed to do some specific task. >Unfortunately, the client rarely informs us of these alternative items and >they are not using our software which will be able to protect and audit >access to the data. One of the solutions that will correct unauthorized >access to the data is to recommend the deployment of Windows NT machines. >Is anyone aware of an audit system that will identify access to word >processor / spreadsheet / other documents with the same temporal >information and could hopefully be written into a database? Windows 2000 >domains support audit policies that would appear to do this; however, our >experience suggests that this system is very poor at tracking anything over >a long period of time. > >Thanks, >Marshall --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [email protected] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
