[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200401252035.i0PKZ9S5019999@smtp.washington.edu>
From: cdevoney at u.washington.edu (Chris DeVoney)
Subject: Re: vulnerabilities of postscript printers
Although this is a slight subject drift, just to make everyone's life
slightly more interesting we at University of Washington Medicine (both
Medical Centers and Health Sciences) are forcing our digital copier vendor
to sign a HIPAA Business Associates agreement. If the unit required service
(and show me one of these that don't), the repair person (or remote
diagnostic) would have access to the internal hard disk which could contain
images of pages holding protected health information. That's a no-no.
It ain't just Postscript device that falls under this edict. It's any
digital copier/printer/scanner that has persistent internal storage or is
network connected.
And for that matter, we're also setting up bridging firewalls on some of the
units that contain an actual PC inside to manage the scanning functions,
such as the Canon ImageRunner series.
cdv
------------------------
Chris DeVoney
Clinical Research Center Informatics
University of Washington
------------------------
Powered by blists - more mailing lists