Educause Security Discussion mailing list archives
Re: HIPAA Assessments and Network Access
From: Bob Kalal <kalal.1 () OSU EDU>
Date: Wed, 28 Jul 2004 20:35:09 -0400
Doug, We've been working with PriceWaterhouse Coopers through privacy, transactions, and now security. We've been happy with their work. The key for us was that they had experience with Higher Ed and HIPAA both inside and outside the medical center. Most folks experience is limied to the medical center. I was first introduced to the breadth of their expertise at an EDUCAUSE session in Atlanta several years ago. I was also favorably impressed with Deloite & Touche. They did a pro-bono presentation for the CIC (Big Ten) Security Working Group I chair that indicated a lot of expertise and competence. Unfortunately they are OSU's external auditors so there would have been a conflict in having them as our HIPAA compliance remediation consultants. Cheers, Bob Kalal Director, Information Technology Policy and Services Office of the Chief Information Officer The Ohio State University Phone: (614) 292-6888 Fax: (614) 688-4226 Email: kalal.1 () osu edu, ITPolicy () osu edu Web: http://cio.osu.edu/kalal.html At 4:01 PM -0500 7/28/04, Doug Sandford wrote:
Apologies for the rather broad subject area(s). I know these items have been discussed in the past, but am looking for some more recent experiences/recommendations. Have any of you brought in consultants to perform the full range of compliance checks necessary for HIPAA compliance, ie, Risk Assessment, policy and function creation, etc? Your recommendations would be welcomed. Additionally, we are interested in a solution (such as Perfigo or one of the others) that would enable us to check computers as they are attached to our network for current Windows patches, virus software and updates, etc. SUS is certainly a partial answer but requires that we get our hands on each machine. Again, any recommendations, successes or horror stories will be welcome. Thanks in advance.... Doug Sandford Information Security Officer University of Alabama Seebeck Computer Center doug () ua edu This email is intended only for the person to whom it is addressed. Any review or other use of this information by persons or entities other than the intended recipient or any retransmission without the consent of the sender is prohibited. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- HIPAA Assessments and Network Access Doug Sandford (Jul 28)
- <Possible follow-ups>
- Re: HIPAA Assessments and Network Access Michael Cole (Jul 28)
- Re: HIPAA Assessments and Network Access Bob Kalal (Jul 28)
- Re: HIPAA Assessments and Network Access Schmidt, Eric W (Jul 28)
- Re: HIPAA Assessments and Network Access Ben Sookying (Jul 29)
- Re: HIPAA Assessments and Network Access Angel L Cruz (Jul 29)
- Re: HIPAA Assessments and Network Access Schmidt, Eric W (Jul 29)