Believe it. Banking is concerned with regulatory requiprements,
Medical/HIPAA is concerned with privacy of data on every level,
appropriate access to data, the ability to access data in an emergency
in a secure, aduitable manner, and all other variations of
complexities. The basic HIPAA electronic security guidelines consist of
mandatory and "addressable" components. How each company addresses the
"addressable" components is open to interpretation. Banking is
stringent, to be sure - but HIPAA takes accountability and privacy to a
whole new level.
Kind Regards,
-dsp
Cameron, Thomas wrote:
>>-----Original Message-----
>>From: Anything But Microsoft [mailto:abm (at) anythingbutmicrosoft (dot) org [email concealed]]
>>Sent: Tuesday, June 29, 2004 9:43 PM
>>To: <@securityfocus.com BUGTRAQ
>>Cc: secure (at) microsoft (dot) com [email concealed]
>>Subject: Microsoft technologies. By default, non-HIPAA compliant?
>>
>>
>>The US health care system is the only industry where best network and
>>security practices are a federally mandated requirement.
>>
>>
>
>Um, no. I work in the banking industry and we are federally regulated and audited for security. I've never worked in the medical industry but I'd be surprised if their requirements are more stringent than ours.
>
>
[....]
Medical/HIPAA is concerned with privacy of data on every level,
appropriate access to data, the ability to access data in an emergency
in a secure, aduitable manner, and all other variations of
complexities. The basic HIPAA electronic security guidelines consist of
mandatory and "addressable" components. How each company addresses the
"addressable" components is open to interpretation. Banking is
stringent, to be sure - but HIPAA takes accountability and privacy to a
whole new level.
Kind Regards,
-dsp
Cameron, Thomas wrote:
>>-----Original Message-----
>>From: Anything But Microsoft [mailto:abm (at) anythingbutmicrosoft (dot) org [email concealed]]
>>Sent: Tuesday, June 29, 2004 9:43 PM
>>To: <@securityfocus.com BUGTRAQ
>>Cc: secure (at) microsoft (dot) com [email concealed]
>>Subject: Microsoft technologies. By default, non-HIPAA compliant?
>>
>>
>>The US health care system is the only industry where best network and
>>security practices are a federally mandated requirement.
>>
>>
>
>Um, no. I work in the banking industry and we are federally regulated and audited for security. I've never worked in the medical industry but I'd be surprised if their requirements are more stringent than ours.
>
>
[....]
[ reply ]