Full Disclosure mailing list archives
Re: More Unusual request
From: Paul Schmehl <pauls () utdallas edu>
Date: 14 Feb 2003 09:41:13 -0600
On Fri, 2003-02-14 at 04:39, Etaoin Shrdlu wrote:
First, I must say I'm surprised that the only two posts I've seen in answer to this have come from folk whom I suspect have absolutely NO experience with HIPAA. The answer here needs to be more specific to the problem.
Perhaps that's because those of us who are dealing with HIPAA are too busy to respond. :-) I agree with everything you've said, Eric, but I think it should be pointed out that the executives of his medical facility are *personally* liable for HIPAA violations and could be subject to both fines *and* imprisonment for non-compliance. Make sure you point that out to the powers that be. It may shake them up enough to wake them up. They *should* have been thinking about what to do about HIPAA two years ago! Now, only a mad rush and large expenditures of cash will help. And BTW - YOU (original poster) - can also be held personally liable since you're in a security position at an institution that has to comply with HIPAA. The fact that you just got the job may mitigate your risk some, but you've got some heavy, hard work ahead of you just to protect yourself, much less the corporation. Hire some HIPAA consultants IMMEDIATELY. -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- More Unusual request Eric Wright (Feb 13)
- Re: More Unusual request Etaoin Shrdlu (Feb 14)
- Re: More Unusual request Paul Schmehl (Feb 14)
- <Possible follow-ups>
- RE: More Unusual request Sung J. Choe (Feb 13)
- RE: More Unusual request Rapaille Max (Feb 14)
- Re: More Unusual request Etaoin Shrdlu (Feb 14)