Jacob, Could you send me additional information on Compliance Builder ?
Thanks, Chuck >>> [EMAIL PROTECTED] 10/24/02 05:53PM >>> absolutely, there is a system on the Market called Compliance Builder that is widely used in the pharmaceutical arena, by largest Pharma companies. This system allows to monitor and audit trail all access types to any file types and keeps information in centralized and secure location. Special audit reports are also available out of the box. I could provide you more information if you are interested regards, Jacob Vishnevsky Stelex-TVG Two Greenwood Square, Suite 310 3331 Street Road Bensalem, PA 19020 phone: (215) 352-1133 cell:(215) 421-8539 fax: (215) 638-9333 email: [EMAIL PROTECTED] < mailto:jvishnevsky@;stelex.com <mailto:jvishnevsky@;stelex.com> > -----Original Message----- From: Mazur, Jake [mailto:JMazur@;Govconnect.com] Sent: Thursday, October 24, 2002 5:12 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Privacy issues Marshall, Did you consider deployment of thin clients? Your logs would then id all access. Jake Mazur GovConnect A Subsidiary of govONE Solutions 15 Piedmont Center, Suite 1200 3575 Piedmont Road NE Atlanta, GA 30305 Home Office: 704.554.0026 [EMAIL PROTECTED] http://www.govconnect.com/ <http://www.govconnect.com/> -----Original Message----- From: Marshall E. Fryman [ mailto:mfryman@;futuraintl.com <mailto:mfryman@;futuraintl.com> ] Sent: Thursday, October 24, 2002 3:24 PM To: WEDI SNIP Privacy Workgroup List Subject: RE: Privacy issues --- You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org <http://subscribe.wedi.org> or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org <http://subscribe.wedi.org> --- Thanks to everyone who responded to my original question (quoted below.) My reason for asking is that I represent a niche software manufacturer for health care and am looking to develop a recommendation for our accounts in regards to "best practices." We are already implementing tracking of information that is stored in our database regarding who entered the information, last modified it, etc. There will be full temporal access to the history of the records so you can easily move backward and (if starting from an earlier period) forward in time in relationship to a given record. The problem that I have found to be consistent across all of our accounts is that they frequently have confidential information stored in letters, spreadsheets, etc. that they have developed to do some specific task. Unfortunately, the client rarely informs us of these alternative items and they are not using our software which will be able to protect and audit access to the data. One of the solutions that will correct unauthorized access to the data is to recommend the deployment of Windows NT machines. Is anyone aware of an audit system that will identify access to word processor / spreadsheet / other documents with the same temporal information and could hopefully be written into a database? Windows 2000 domains support audit policies that would appear to do this; however, our experience suggests that this system is very poor at tracking anything over a long period of time. Thanks, Marshall >From: Marshall E. Fryman [ mailto:mfryman@;futuraintl.com <mailto:mfryman@;futuraintl.com> ] >Sent: Thursday, October 24, 2002 10:23 AM >To: WEDI SNIP Privacy Workgroup List >Subject: Privacy issues > > >The privacy regulation draws attention to a reasonable effort to maintain >the privacy of patient's information except on a "need to know" basis. If >we take the premise of a doctor's office where Person A types a letter to a >patient containing confidential information. If Person A then walks away >from their terminal, I would reasonably conclude that there should be some >sort of password-protected screen saver that automatically pops up to blank >the screen so that anyone passing by can not read said letter. If this >workstation is setup using Windows 9x, is it also reasonable to claim that >this machine is not securable? If I reboot the Win 9x machine, I can bypass >any password that was originally setup on this machine and still read the >letter. If I upgrade this machine to Windows NT / 2000 / XP, it is no >longer possible to bypass the security system. This is clearly a more >secure environment, but has anyone attempted to define if this falls within >the "reasonable" precautions that a practice should take? > >Anyone have any ideas? I have talked to CMS and they said that they were >not really qualified to answer the question. Their initial reaction was >that this was an issue of security not privacy, but they later changed >their mind and said it might fall within the "reasonable" clause. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/ <http://snip.wedi.org/tracking/> . These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [email protected] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
