[unisog] HIPAA PHI and encrypted Transmission of data

Ken Connelly Ken.Connelly at uni.edu
Thu Jul 8 16:30:06 GMT 2004

i suspect it has gotten caught in the summer doldrums.  this is the 
first message i've seen since june 25...

- ken

Wells, Cary wrote:

> Did the list dry up or am i not subscribed?
> ------------------------------------------------------------------------
> *From:* unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org] *On Behalf Of *Fred Portnoy
> *Sent:* Friday, June 25, 2004 9:42 AM
> *To:* 'UNIversity Security Operations Group'
> *Subject:* RE: [unisog] HIPAA PHI and encrypted Transmission of data
> Jay -
> We're not a hospital but we're using encrypted IMAP for downloading 
> mail to user's PC's. Faculty and Staff on-campus can use SMTP for 
> outgoing mail but students or anyone connecting in from off campus 
> must use webmail which is SSL. Unless of course they use our IPSec VPN 
> in which case they can use SMTP from anywhere.
> Many of our web enabled applications, and all sensitive ones, are 
> using SSL. (https).  For some high power users we require them to use 
> the VPN because of the level of access they require to databases. If 
> we were  building anew from scratch, everything would be as highly 
> encrypted and secure as possible, but we're moving slowly from the old 
> model of wide-open to the new model of highly secure.
> thanks
> -fp
>     -----Original Message-----
>     *From:* unisog-bounces at lists.sans.org
>     [mailto:unisog-bounces at lists.sans.org] *On Behalf Of *Jay D. Flanagan
>     *Sent:* Friday, June 25, 2004 7:08 AM
>     *To:* UNIversity Security Operations Group
>     *Subject:* [unisog] HIPAA PHI and encrypted Transmission of data
>     We are working through policy as part of our HIPAA implementation.
>     A big piece of our policy is how to handle the transmission of PHI
>     data. How are other universities with Hospitals handling the
>     transmission of this type of data or maybe I should say how will
>     you be handling it? Are you using some form of encryption for
>     email? If so what tool? How are you securing other forms of
>     transmission? Any help in this area would be greatly appreciated.
>     You can contact me directly at jflanag at emory.edu
>     <mailto:jflanag at emory.edu>.
>     Thanks, Jay
>     ______________________
>     Jay D. Flanagan
>     Security Team Lead
>     ITD Technical Services
>     Emory University
>     Email: jflanag at emory.edu <mailto:jflanag at emory.edu>
>     Phone: 404-727-4962
>     Fax: 404-727-3246
>unisog mailing list
>unisog at lists.sans.org

- Ken
Ken Connelly Systems and Operations Manager, ITS Network Services
University of Northern Iowa           Cedar Falls, IA  50614-0121
email: Ken.Connelly at uni.edu
phone: (319) 273-5850   fax: (319) 273-7373

It's much more important to know what you don't know than what you do know!

More information about the unisog mailing list