| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Paul Schmehl) Subject: More Unusual request On Fri, 2003-02-14 at 04:39, Etaoin Shrdlu wrote: > First, I must say I'm surprised that the only two posts I've seen in answer > to this have come from folk whom I suspect have absolutely NO experience > with HIPAA. The answer here needs to be more specific to the problem. > Perhaps that's because those of us who are dealing with HIPAA are too busy to respond. :-) I agree with everything you've said, Eric, but I think it should be pointed out that the executives of his medical facility are *personally* liable for HIPAA violations and could be subject to both fines *and* imprisonment for non-compliance. Make sure you point that out to the powers that be. It may shake them up enough to wake them up. They *should* have been thinking about what to do about HIPAA two years ago! Now, only a mad rush and large expenditures of cash will help. And BTW - YOU (original poster) - can also be held personally liable since you're in a security position at an institution that has to comply with HIPAA. The fact that you just got the job may mitigate your risk some, but you've got some heavy, hard work ahead of you just to protect yourself, much less the corporation. Hire some HIPAA consultants IMMEDIATELY. -- Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member
Powered by blists - more mailing lists