[VOIPSEC] Privacy Regs/HIPAA- was SRTP thread
Paris E. Stone
pstone at alhurra.com
Thu Mar 31 08:59:50 CST 2005
HIPPA is very, very, vague. Assisting customers in a couple of audits,
anything from, a strict ACL on a router, to Layer 7 firewalls with IDS,
IPS, Honeypot solutions were used to address that specific clause.
Both approaches showed that the organization took "appropriate
administration, technical, and physical safeguards"
It depends upon what the customer is willing to do. Letting them know
that simple ACL based security, or something along those lines probably
isn't the best idea. Spend 100 bucks or 10,000 bucks, either way you
are in the clear. It becomes obvious what the customer chooses to
spend.
~~~~~
Paris E. Stone, "Linux Zealot"
CISSP, CCNP, CNE, MCSE
~~~~~
The only thing necessary for the triumph of evil,
is for good men to do nothing.
- Edmund Burke
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Mark Teicher
Sent: Thursday, March 31, 2005 8:03 AM
To: voipsec at voipsa.org
Subject: [VOIPSEC] Privacy Regs/HIPAA- was SRTP thread
After several hours of perusing the URL's provided by the previous
poster, there was interesting section that may apply to communications
infrastructure, but again it is not specific in how.
HIPPA Section 164.502 (c)
Section 164.502 (c) states, "entities will implement appropriate
administration, technical, and physical safeguards to reasonably
safeguard protected health information from any intentional or
unintentional use."
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list