[unisog] HIPAA PHI and encrypted Transmission of data

Fred Portnoy fportnoy at mail.plymouth.edu
Fri Jun 25 15:41:37 GMT 2004

Jay - 
We're not a hospital but we're using encrypted IMAP for downloading mail to
user's PC's. Faculty and Staff on-campus can use SMTP for outgoing mail but
students or anyone connecting in from off campus must use webmail which is
SSL. Unless of course they use our IPSec VPN in which case they can use SMTP
from anywhere.
Many of our web enabled applications, and all sensitive ones, are using SSL.
(https).  For some high power users we require them to use the VPN because
of the level of access they require to databases. If we were  building anew
from scratch, everything would be as highly encrypted and secure as
possible, but we're moving slowly from the old model of wide-open to the new
model of highly secure.

-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Jay D. Flanagan
Sent: Friday, June 25, 2004 7:08 AM
To: UNIversity Security Operations Group
Subject: [unisog] HIPAA PHI and encrypted Transmission of data

We are working through policy as part of our HIPAA implementation. A big
piece of our policy is how to handle the transmission of PHI data. How are
other universities with Hospitals handling the transmission of this type of
data or maybe I should say how will you be handling it? Are you using some
form of encryption for email? If so what tool? How are you securing other
forms of transmission? Any help in this area would be greatly appreciated.
You can contact me directly at jflanag at emory.edu.
Thanks, Jay
Jay D. Flanagan
Security Team Lead
ITD Technical Services
Emory University
Email: jflanag at emory.edu
Phone: 404-727-4962
Fax: 404-727-3246

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20040625/eeb51687/attachment-0001.htm

More information about the unisog mailing list