RE: Microsoft technologies. By default, non-HIPAA compliant?

From: Cameron, Thomas (Thomas.Cameron_at_bankofamerica.com)
Date: 06/30/04

  • Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco Collaboration Server Vulnerability" 
    Date: Wed, 30 Jun 2004 13:44:32 -0500
To: BUGTRAQ@securityfocus.com

    > -----Original Message-----
    > From: Anything But Microsoft [mailto:abm@anythingbutmicrosoft.org]
    > Sent: Tuesday, June 29, 2004 9:43 PM
    > To: <@securityfocus.com BUGTRAQ
    > Cc: secure@microsoft.com
    > Subject: Microsoft technologies. By default, non-HIPAA compliant?
    >
    >
    > The US health care system is the only industry where best network and
    > security practices are a federally mandated requirement.

    Um, no. I work in the banking industry and we are federally regulated and audited for security. I've never worked in the medical industry but I'd be surprised if their requirements are more stringent than ours.
     
    > My view is that any health care provider using replaceable Microsoft
    > technologies is not HIPAA compliant, in regards to privacy or security
    > of patient data.

    I've heard this type of comment about using MS products in banking. It is my understanding (and I am *not* an expert) that if an entity (banking, medical, whatever) reasonably attempts to keep up with security patches, AV updates and the like, that they are compliant with federal requirements.

    IANAL, and I don't work with the compliance team, this is just my understanding through casual conversation.

    Thomas Cameron, RHCE, CNE, MCSE, MCT
    Assistant Vice President
    Linux Design and Engineering
    Bank of America
    (972) 997-9641

    The opinions expressed in this message to not necessarily reflect those of my employer, Bank of America.

  • Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Cisco Collaboration Server Vulnerability"

    Relevant Pages

    • Microsoft technologies. By default, non-HIPAA compliant?
      ... security practices are a federally mandated requirement. ... Are Microsoft technologies by default non-HIPAA compliant in regards to ... If you are a health care ... industry do not provide these Microsoft alternatives, ...
      (Bugtraq)
    • sshd exploit & $1,000 whine
      ... between the security community and the underground community* ... You say it affects the "whole industry." ... vulnerability research and exploit coding. ... > * CUA find a problem in vendor ABC's product ...
      (Vuln-Dev)
    • 0-day exploit..do i hear $1000?
      ... industry. ... L33t Hacker writes to ABC ... Security firm 123 implement patches for brain dead clients. ... CUA codes the exploit ...
      (Pen-Test)
    • BigInsurance Whistleblower Writes Extensive Article in CounterPunch ("THIS IS A TEST OF THE EMERGENC
      ... The Health Insurance Industry v. Health Care Reform ... of which were essentially front groups for insurers. ...
      (sci.med.diseases.lyme)
    • Re: Overriding the S-Chip Veto
      ... We have a history of benefits including health care insurance provided ... That companies are now suffering under the increasing costs of medical ... especially the drug industry) call research is really marketing. ... Basic research is generally done in the university milieu, whereas applied research more often is accomplished within the private sector, where attempts to use the results of the basic research are undertaken in an effort to provide profit for the innovative entrepreneur. ...
      (soc.retirement)