On 01/16/2013 12:29 PM, Ken Dibble wrote:
This is about IT policy rather than implementation, so if folks think
it's OT here than I won't continue with this.
I'm still on about matching security responses to actual threats.
<snip>
But data encryption, forced password changes, and account lockouts after
multiple login failures are responses that are not aimed at the actual
threats facing medical records, and should not be required when handling
them.
Let the flaming begin.
Hi Ken,
From the time HIPAA started to the time I left practice, several years,
there had been NO prosecutions under HIPAA. For what it's worth, I agree
with you. Not only that, I have never seen it put quite so well.
Thank you for this.
--
Regards,
Pete
http://pete-theisen.com/
http://elect-pete-theisen.com/
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
