[unisog] HIPAA PHI and encrypted Transmission of data
fportnoy at mail.plymouth.edu
Fri Jun 25 15:41:37 GMT 2004
We're not a hospital but we're using encrypted IMAP for downloading mail to
user's PC's. Faculty and Staff on-campus can use SMTP for outgoing mail but
students or anyone connecting in from off campus must use webmail which is
SSL. Unless of course they use our IPSec VPN in which case they can use SMTP
Many of our web enabled applications, and all sensitive ones, are using SSL.
(https). For some high power users we require them to use the VPN because
of the level of access they require to databases. If we were building anew
from scratch, everything would be as highly encrypted and secure as
possible, but we're moving slowly from the old model of wide-open to the new
model of highly secure.
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Jay D. Flanagan
Sent: Friday, June 25, 2004 7:08 AM
To: UNIversity Security Operations Group
Subject: [unisog] HIPAA PHI and encrypted Transmission of data
We are working through policy as part of our HIPAA implementation. A big
piece of our policy is how to handle the transmission of PHI data. How are
other universities with Hospitals handling the transmission of this type of
data or maybe I should say how will you be handling it? Are you using some
form of encryption for email? If so what tool? How are you securing other
forms of transmission? Any help in this area would be greatly appreciated.
You can contact me directly at jflanag at emory.edu.
Jay D. Flanagan
Security Team Lead
ITD Technical Services
Email: jflanag at emory.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the unisog