HIPA and Network Configs

Sat, 4 Jan 2003 15:13:34 -0700 (MST)

Am 04. Jan, 2003 schw=E4tzte Gary Nichols so:

> Only the HIPAA Privacy rule has been finalized, and you have until
> April 14th to comply (unless you've filed for an extension).
> The HIPAA Security rule has not been finalized yet.  We were supposed
> to see something around December 27th, but that was delayed... again.
> I'd recommend you grab a copy of the proposed rule and do some reading.

How does the m$ "we can access your computers anytime we want" license stac=
k
up against the HIPAA regs? I certainly hope they strictly forbid such 3rd
party access!

> If you are pushing patient records or anything that is considered
> Protected Health Information (check the rule for the definition of
> PHI), wireless is NOT appropriate even with WEP.    You may consider
> doing a VPN across wireless devices, but I guarantee you that any
> auditor worth his salt will still nail you to the wall on it because
> 802.11x is not a government-approved transmission medium for secure
> data.   If you want more details, I can provide them.

Does it approve transmission accross 3rd party networks?

> The proposed rule requires that any PHI traveling across a public
> network or spectrum be encrypted with the current recommended
> encryption standard.  See the rule for details, too much to mention
> here.

And if the wireless is tunneled using the approved encryption standard?

Is it a decent encryption standard?

ciao,

der.hans
--=20
#  https://www.LuftHans.com/    http://www.TOLISGroup.com/
#  kill telnet, long live ssh - der.hans