[unisog] Email Policy

Jim Dillon Jim.Dillon at cusys.edu
Mon Sep 8 16:21:10 GMT 2003

You can try www.colorado.edu/its and drill down to policies.  I'll let you do that search.  We have campus policies at UCB that prohibit un-encrypted transmission of private/sensitive data, but nothing HIPAA specific.  I'd suggest this is the better way to go, I know of 10 active privacy policies that impact higher ed in Colorado, and two more proposed in congress.  Defining sensitive info and taking steps to protect it, no matter what the defining mandate, is a better approach than just being HIPAA hip.  No doubt HIPAA is a big concern, but so is GLB, FERPA, California's new privacy statute that seems to apply everywhere a Californian breathes air somehow, a state privacy regulation for Colorado, and a few other more specific regulations for ISPs, child-care, video, cable, and other forms of data.  With 1/8 adult Americans suffering some form of identity theft, it would appear prudent to be much more broad in your solutions to the transmission of sensitive or private data.  

You can also do a search at our www.uschsc.edu/hipaa site, HSC has lot's of HIPAA and privacy guidance, but I'm still compelled to recommend you think more broadly about the problem.

Best regards,


-----Original Message-----
From: Jay D. Flanagan [mailto:jflanag at emory.edu]
Sent: Monday, September 08, 2003 9:13 AM
To: unisog at sans.org
Subject: [unisog] Email Policy

Does anyone out there have an email policy regarding handling of HIPAA data? We are in the process of putting one together and wanted to check what others are doing before re-inventing the wheel.
Thanks, Jay
Jay D. Flanagan
Security, Team Lead 
ITD Technical Services
Emory University
Email: jflanag at emory.edu
Phone: 404-727-4962
Fax: 404-727-0817

More information about the unisog mailing list