Am 04. Jan, 2003 schw=E4tzte Gary Nichols so:
> Only the HIPAA Privacy rule has been finalized, and you have until
> April 14th to comply (unless you've filed for an extension).
> The HIPAA Security rule has not been finalized yet. We were supposed
> to see something around December 27th, but that was delayed... again.
> I'd recommend you grab a copy of the proposed rule and do some reading.
How does the m$ "we can access your computers anytime we want" license stac=
k
up against the HIPAA regs? I certainly hope they strictly forbid such 3rd
party access!
> If you are pushing patient records or anything that is considered
> Protected Health Information (check the rule for the definition of
> PHI), wireless is NOT appropriate even with WEP. You may consider
> doing a VPN across wireless devices, but I guarantee you that any
> auditor worth his salt will still nail you to the wall on it because
> 802.11x is not a government-approved transmission medium for secure
> data. If you want more details, I can provide them.
Does it approve transmission accross 3rd party networks?
> The proposed rule requires that any PHI traveling across a public
> network or spectrum be encrypted with the current recommended
> encryption standard. See the rule for details, too much to mention
> here.
And if the wireless is tunneled using the approved encryption standard?
Is it a decent encryption standard?
ciao,
der.hans
--=20
# https://www.LuftHans.com/ http://www.TOLISGroup.com/
# kill telnet, long live ssh - der.hans
(text/plain)