HIPA and Network Configs
Gary Nichols
plug-discuss@lists.plug.phoenix.az.us
Tue, 7 Jan 2003 10:24:40 -0700 (MST)
On Tue, 7 Jan 2003, Lee Einer wrote:
> True! My last employer was one of the largest Home Health Agencies in
> the country, and when it came to matters of HIPAA, they didn't get it,
> they didn't get that they didn't get it, and they didn't want anyone
> pointing out that they didn't get it. I expect that down the road, HIPAA
> will be the windshield and they will be the bug. Que sera. Wanton
> ignorance /should/ be expensive.
Here's something to scare you. I attend every HIPAA-related meeting and
conference I can find that directly relates to my responsibilities. I
have met people at these events that (as of 12/02) haven't even started a
Risk Analysis or Gap Analysis! They have no idea what they have, who has
it, and where it should be (so to speak).
To these people I give... a boot to the head!
I always get their name and company name - and I make sure that I do zero
business with them. Unfortunately a lot of these companies are
clearinghouses or 'pass-throughs' used by larger companies to offload
workload. You never really know WHO gets your information.
*shudder*
People, what happened to George can happen to ANYONE. Now is the time to
start asking the companies you do business with for some information.
How much of my personal information do you have?
Where did you get it?
Where do you keep it?
Who has access to it?
What do you do with it?
Do you sell it?
To Whom?
What security and privacy precautions are in place?
Are you audited annually by a big-3 firm? The government?
Have you ever failed an information security audit? Privacy audit?
Can I 'opt out' of using my SSN as my ID?
Can I 'opt out' of any program you have the gives my info to other
people/companies?
The sooner you ask, the better.
Gary