Richard,
The first question is: Is what is being transmitted Protected Healthcare Information?  If not all the rest is moot.  If what is being transmitted is strictly the financial data (This merchant charged this person this much), it probably isn't PHI, but just money.
 
If it is you must do a risk-of exposure analysis.
First, the receiving system must be capable of properly protecting any PHI it receives.
 
Terminal-to-Private Network is probably adequately secured.  In this case, you may decide that encryption is just wasting resources.
 
Going via the Internet will probably need some kind of end-to-end encryption to be adequately secure, since the Internet is inherently a broadcast to every computer connected to the net, received by anyone who wants to listen.
 
Make your decisions and document them.
 
The opinions expressed here are my own and not necessarily the opinion of LCMH.
 
Douglas M. Webb
Computer System Engineer
Little Company of Mary Hospital & Health Care Centers
[EMAIL PROTECTED]
 
"This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and entity(s)  named as recipients in the message. If you are not an intended recipient of the message, please notify the sender immediately,  delete the material from any computer, do not deliver, distribute, or copy this message, and do not disclose its contents or take action in reliance on the information it contains. Thank you."
 

 
----- Original Message -----
Sent: Thursday, February 27, 2003 11:52 AM
Subject: Questions in regard to Security/Privacy

I would like to know how the privacy & security act under HIPAA will impact our
current systems today? I support POS card/swipe machines that dialup (via an
async/sync modem) over the public telephone system into a server that is
connected to a private network. These machines (terminals) are located through
out the USA in Provider offices, clinics and hospitals. The dialup protocol
(VISA) is the same protocol that the financial processors use today doing
credit/debit transactions. Are there any issues that I need to be concerned
about from the terminal point of view?

The second part of my question, I would like to know how the privacy & security
act under HIPAA will impact POS card/swipe machines that dialup (via an
async/sync modem) over the public telephone system into a ISP that is connected
to the Internet.  These machines (terminals) are located through out the USA in
Provider offices, clinics and hospitals. The dialup protocol will be either VISA
or PPP (Point-to Point). Are there any issues that I need to be concerned about
from the terminal point of view?

---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.   These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services.  They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.

You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org

Reply via email to