Re: Security Policy - HIPAA Guidelines Template Format (1)

From: Whoha (whoha@umich.edu)
Date: 02/20/03

  • Next message: Freddy Söderlund: "Real-life problem: Installing applications onto workstations in a domain without giving users admin access"
    From: whoha@umich.edu (Whoha)
    Date: 20 Feb 2003 09:16:15 -0800
    
    

    John Thompson <john@starfleet.thompson.us> wrote in message news:<slrnb3tib6.hqp.john@starfleet.thompson.us>...
    > In article <Bfx%9.688$1r4.53278@news.uswest.net>, snow@ntcity.com wrote:
    >
    > > An easy to use document that comes in word format as well as a
    > > publishable pdf format.
    >
    > On the topic of HIPAA... has anyone else had concerns regarding HIPAA
    > compliance when using Microsoft software? The new Microsoft EULAs, which
    > you *MUST* accept to use the software, make you agree to allowing
    > Microsoft access to your machines for updates, license verification, etc.
    > This strikes me as being in violation of HIPAA requiements to restrict
    > access to only authorized personnel.
    >
    > It will be interesting to see how this shakes out...

     The vendor portion of the HIPAA has provisions for vendors to sign
    privacy agreements. This will cover this type of requirement, BUT is
    the transfer of data done in a secure fashion, can they gain access to
    PNI info, and do we want them to do this in the first place?