[VOIPSEC] Secure Real-time Transport Protocol (SRTP)
Sean Donelan
sean at donelan.com
Fri Mar 25 23:06:35 GMT 2005
On Fri, 25 Mar 2005, Zmolek, Andrew (Andy) wrote:
> Neither GLBA nor HIPAA specifically call out communications
> infrastructure. However, since there is no specific exclusion for it,
> the issue cannot simply be dismissed.
Actually there are exclusions for communications infrastructure like the
US Postal Service. Just because you mail a letter containing potentially
covered information doesn't mean the USPS must do anything different for
first class mail containing GLBA/HIPAA information versus any other
first class mail.
The process of preparing the letter, mailing the letter, receiving the
letter and opening the letter is probably included. Printing medical
information on post cards is probably a bad idea. But the communications
infrastructure that carries the letter from point A to point B in
its "secure" envelope probably isn't included. Of course the
consultants will probably want to include as many billible hours
as possible.
More information about the Voipsec
mailing list