Re: [Networker] Encryption options other use with Networker
2010-04-03 08:45:12
On Apr 3, 2010, at 8:20 AM, Conrad Macina wrote:
> As I understand it, HIPAA/HITECH does not explicitly require encryption of
> media sent off-site. It requires that measures be taken to prevent loss and
> states disclosure requirements should a breach occur. It does not specify
> what measures are considered sufficient.
>
> Your company's attorneys should be able to interpret the law, and someone
> should determine what other companies in your industry are doing. It may be
> that you don't have to encrypt at all; "Chain of Control" -- meaning bonded
> couriers, secure transit and bonded storage facilities -- may be sufficient.
>
> DISCLAIMER: I am not an attorney. My entire legal training consists of a
> single (unsuccessful) attempt to fight a traffic ticket. Do not try this at
> home; consult a professional.
I share Conrad's disclaimer, but just out of curiosity, I downloaded the entire
American Restoration and Recovery Act, which is where the HITECH act appears.
The link to a PDF of that act is
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=111_cong_bills&docid=f:h1enr.pdf
If you download that PDF and bring into your favorite PDF viewer, then search
for the word "encrypt" you will get zero hits.
As Conrad said, this is really a question for legal counsel. I also didn't
bother doing the same search on the HIPAA regulations, but anyone else who is
curious is welcome to do so.
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|