[unisog] HIPAA PHI and encrypted Transmission of data

Keith Schoenefeld schoenk at utulsa.edu
Thu Jul 8 16:18:44 GMT 2004

Appears to have dried up.  I asked about this last week on IRC... one of 
the moderators tested and said that email was coming to moderators fine, 
just that no one was sending anything to the moderators...

-- KS

Wells, Cary wrote:

> Did the list dry up or am i not subscribed?
> ------------------------------------------------------------------------
> *From:* unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org] *On Behalf Of *Fred Portnoy
> *Sent:* Friday, June 25, 2004 9:42 AM
> *To:* 'UNIversity Security Operations Group'
> *Subject:* RE: [unisog] HIPAA PHI and encrypted Transmission of data
> Jay -
> We're not a hospital but we're using encrypted IMAP for downloading 
> mail to user's PC's. Faculty and Staff on-campus can use SMTP for 
> outgoing mail but students or anyone connecting in from off campus 
> must use webmail which is SSL. Unless of course they use our IPSec VPN 
> in which case they can use SMTP from anywhere.
> Many of our web enabled applications, and all sensitive ones, are 
> using SSL. (https).  For some high power users we require them to use 
> the VPN because of the level of access they require to databases. If 
> we were  building anew from scratch, everything would be as highly 
> encrypted and secure as possible, but we're moving slowly from the old 
> model of wide-open to the new model of highly secure.
> thanks
> -fp
>     -----Original Message-----
>     *From:* unisog-bounces at lists.sans.org
>     [mailto:unisog-bounces at lists.sans.org] *On Behalf Of *Jay D. Flanagan
>     *Sent:* Friday, June 25, 2004 7:08 AM
>     *To:* UNIversity Security Operations Group
>     *Subject:* [unisog] HIPAA PHI and encrypted Transmission of data
>     We are working through policy as part of our HIPAA implementation.
>     A big piece of our policy is how to handle the transmission of PHI
>     data. How are other universities with Hospitals handling the
>     transmission of this type of data or maybe I should say how will
>     you be handling it? Are you using some form of encryption for
>     email? If so what tool? How are you securing other forms of
>     transmission? Any help in this area would be greatly appreciated.
>     You can contact me directly at jflanag at emory.edu
>     <mailto:jflanag at emory.edu>.
>     Thanks, Jay
>     ______________________
>     Jay D. Flanagan
>     Security Team Lead
>     ITD Technical Services
>     Emory University
>     Email: jflanag at emory.edu <mailto:jflanag at emory.edu>
>     Phone: 404-727-4962
>     Fax: 404-727-3246
>unisog mailing list
>unisog at lists.sans.org

Keith Schoenefeld
Manager of College Computer Services
College of Engineering and Natural Sciences
The University of Tulsa

More information about the unisog mailing list