User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » Network Security Legalities... Page [1]  
GraniteBalls
Aging fast
12262 Posts
user info
edit post

In terms of laws and regulations, is there a specific bar that has to be met in certain environments like a Law office, or Dentist office? I'm looking for something that says lawyers offices in the state of NC have to implement cryptography or hash checks on all data, have to ssh into remote sessions, yada yada yada. I'm sure there is, I'm just looking for the checklist. Anyone help?


Google is oh so powerful.

4/23/2008 10:32:35 AM

GraniteBalls
Aging fast
12262 Posts
user info
edit post

I'm not looking for a best practices list, I'm looking for a list that will shield a dentist office from prosecution, should information be leaked or exposed.


kind of like an osha standard of sorts.

4/23/2008 10:33:46 AM

synapse
play so hard
60939 Posts
user info
edit post

I bet you won't find the information you're looking for. When I did some research into what the HIPPA requirements were for a database which stored patient data, all I found were generalities and not specific requirements like you're asking for.

If this physicians office stores client data (medical info, SSN, DOB etc) then I'd bet you'll want to look at making sure their data systems are HIPPA compliant. Just a guess, but at least it gives u something else to google

4/23/2008 10:42:22 AM

GraniteBalls
Aging fast
12262 Posts
user info
edit post

http://netsecurity.about.com/od/hipaa/News_and_Information_About_HIPAA.htm



holy broken links, batman.



this shit is completely unorganized. I'm having a hard time picking out any useful information.

4/23/2008 10:50:32 AM

GraniteBalls
Aging fast
12262 Posts
user info
edit post

http://www.hipaadvisory.com/ezcart/myProducts.cfm?productID=177&display=detail&categoryID=3



wtf this shit costs money?









Okay, here's a decent site, but I'm still having a problem swimming through best practices shit.

http://www.hipaadvisory.com/tech/

It looks like a big fucking list of things you can, or should do.

I need the list of things that MUST be done.

[Edited on April 23, 2008 at 10:56 AM. Reason : grr.]

4/23/2008 10:53:10 AM

mellocj
All American
1872 Posts
user info
edit post

I have had to do some research on HIPPA. To sum it up, HIPPA includes a lot of legislation and is very confusing. There are no specific technical requirements such as a level of encryption or that video cameras must be monitoring your data hosting etc. I think the main idea of HIPPA is that your organization is supposed to have documented procedures for how you handle security, and create your own security plan.

That being said, I would pay someone who is a HIPPA specialist for a recommendation.

4/23/2008 10:54:54 AM

GraniteBalls
Aging fast
12262 Posts
user info
edit post

^ that helps



it seems pretty asinine that they dont do any kind of standardization of security across the board.

4/23/2008 10:57:22 AM

synapse
play so hard
60939 Posts
user info
edit post

Quote :
"I need the list of things that MUST be done."


like i said before, i doubt you're going to find this info. i searched for it before too, and was unable to find anything outside of generalities. lemme know if you do find something though, i'd like to see it

4/23/2008 11:05:48 AM

GraniteBalls
Aging fast
12262 Posts
user info
edit post

grrr.

4/23/2008 11:27:30 AM

smoothcrim
Universal Magnetic!
18966 Posts
user info
edit post

there are some specific hippa standards that must be enforced. I was working in IT when hippa came out so I'm aware of a lot of the standards and how to implement them. shoot me a pm if you'd like a real consult

4/23/2008 11:27:58 AM

drhavoc
All American
3759 Posts
user info
edit post

http://www.cms.hhs.gov/EducationMaterials/04_SecurityMaterials.asp#TopOfPage

Insofar as crypto or hash checking for attorneys, et. al., to the best of my knowledge there is no legislation on this (thankfully) but it is left up to individual firms to practice due care in handling data.

If you're looking for information about how to help a healtcare practicioner on best practices w.r.t. security, send me a PM with your questions. Not to give a flippant answer, "it depends" will kind of have to suffice for general questions.

4/23/2008 12:15:52 PM

ComputerGuy
(IN)Sensitive
5052 Posts
user info
edit post

I had to do a job in which the dr. office wanted to do backups to a webserver that wasn't htaccess protected...yeah...I was like...ummm yeah...that 9.95 a year isn't a good investment.

After I did research...if they .htaccess there isn't anything to say that was illegal..unless it was compromsied...which made me say WTF quite a bit.

4/23/2008 12:22:54 PM

evan
All American
27701 Posts
user info
edit post

lol @ htaccess and hippa


HIPPA is very generalized on purpose - that way it's basically up to the prosecutors and the justice system to interpret what is and is not a violation

4/23/2008 1:13:30 PM

GraniteBalls
Aging fast
12262 Posts
user info
edit post

Quote :
"If you're looking for information about how to help a healtcare practicioner on best practices w.r.t. security, send me a PM with your questions. Not to give a flippant answer, "it depends" will kind of have to suffice for general questions."



I'm already familiar with best practices and forming a logical scope for security in a given scenario. I was just trying to make sure there weren't any specific regulations for anything.


I know how to do the job guys, I swear.

4/23/2008 1:41:50 PM

smoothcrim
Universal Magnetic!
18966 Posts
user info
edit post

for the most part, just protect the stuff like it was your personal data. use best practices and make things as secure as possible. there are a few rules in specific scenarios, group policy is a big one, but for the most part it's kind of open. encryption everywhere, access control, network segregation, and several backups are the general rules of thumb.

4/25/2008 9:59:39 AM

 Message Boards » Tech Talk » Network Security Legalities... Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.