[unisog] HIPAA Question

Leinweber, James jiml at mail.slh.wisc.edu
Thu Jan 13 23:32:49 GMT 2005


>From Jeff Hiris:

> ... make sure you are a HIPAA covered 
> gentility before worrying too much. ...

Very true.  Since the HIPAA privacy regulation went
into effect over a year ago, if you are a covered
entity, you Really Should Know this already.  If you
don't, you almost certainly aren't. 

The official answers are at (may wrap):

http://www.cms.hhs.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp


However, there is one more category of folks who care,
and these will be found at nearly every educational
institution.  Anyone providing *services* to HIPAA
covered entities has to be careful about how those
are done, even though they aren't covered by HIPAA
themselves.  If you host web sites, databases, e-mail,
do legal services etc. for the HIPAA entities on your
campus, then you too do get sucked into at least some
of the regulatory morass.

Allen Mundt asks:

> If anyone knows one or more products that do what Chris 
> described [intercepting sensitive e-mail], 
> I would like to know about them.

Many of the vendors of the "Secure Messaging Gateway" products have
this functionality, assuming that their appliance is the thing
at the top of your MX DNS food chain.  The hot market for this
stuff is probably legal firms and financial (Sarbanes-Oxley)
folks, not HIPAA, though.

Examples I've heard of, but don't know a lot about, at some of
whom have this kind of functionality, in random order:

Tumbleweed
Sigaba
Ironport
PostX
Syntegra
MailCube
PGP

-- James E. Leinweber, BadgIRT volunteer
State Laboratory of Hygiene, University of Wisconsin - Madison
<jiml at slh.wisc.edu> 465 Henry Mall; phone +1 608 262 0736
PGP fp: 2E36 47BC DB03 57CE 86AD  19CC 41A1 9179   5C6B C8B9

PS: sorry about the duplicate posting earlier.  Delete the first;
if interested read the second.



More information about the unisog mailing list