GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Security in a Healt Care Environment.
Operating System - HP-UX
1847488
Members
4142
Online
110265
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2002 06:04 AM
02-14-2002 06:04 AM
All
I have been asked to start researching a security plan for all of our servers that takes into account the new health care regulations guidelines called H.I.P.P.A. If anyone has ever heard of this and has some insight into it's specific requirements, please let me know.
JRF: I saw on your profile that you work for a hospital, if correct still. I hope you will have some insight into this.
Thanks again all.
I have been asked to start researching a security plan for all of our servers that takes into account the new health care regulations guidelines called H.I.P.P.A. If anyone has ever heard of this and has some insight into it's specific requirements, please let me know.
JRF: I saw on your profile that you work for a hospital, if correct still. I hope you will have some insight into this.
Thanks again all.
Solved! Go to Solution.
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2002 06:17 AM
02-14-2002 06:17 AM
Solution
There is a lot to consider, and the most important item to keep in mind is that the legislation specifically states that health care companies cannot delegate the responsibility for securing their environments and their data to their hardware or software vendors. Responsibility for security rests with the health care companies. Consequenetially, you cannot rely on your hardware or software vendors to secure your environment, you have to ensure that for yourself.
You can get alot of security information here:
http://www.sans.org/newlook/home.php
The other thing you will need to do is to review your policies regarding access (both physical and virtual) to your servers, your applications, and your data. You will need to look at all of your data transfer (media based and virtual) and implement encryption, access, use, and disposal policies.
Initial stuff like password aging, login purging for people who are no longer employed with the company, review of all methods of entry into your network (direct dial, vpn, web) and what level of access each method really provides, physical security of your building, computer room, servers, and data, and more.
One of my co-workers has some HIPAA specific URL's I see about getting them and will post those.
HTH
mark
You can get alot of security information here:
http://www.sans.org/newlook/home.php
The other thing you will need to do is to review your policies regarding access (both physical and virtual) to your servers, your applications, and your data. You will need to look at all of your data transfer (media based and virtual) and implement encryption, access, use, and disposal policies.
Initial stuff like password aging, login purging for people who are no longer employed with the company, review of all methods of entry into your network (direct dial, vpn, web) and what level of access each method really provides, physical security of your building, computer room, servers, and data, and more.
One of my co-workers has some HIPAA specific URL's I see about getting them and will post those.
HTH
mark
the future will be a lot like now, only later
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2002 06:20 AM
02-14-2002 06:20 AM
Re: Security in a Healt Care Environment.
Hi,
This may be completely of subject, but I tried a simple search of what you asked. It got me results that have absolutely nothing to do with computers ... but I also got an alternative. Followed it and got here http://aspe.hhs.gov/admnsimp/
This does seem to be computerrelated ... and there's lots of guides.
Is this what you are looking for ?
Regards,
Tom Geudens
This may be completely of subject, but I tried a simple search of what you asked. It got me results that have absolutely nothing to do with computers ... but I also got an alternative. Followed it and got here http://aspe.hhs.gov/admnsimp/
This does seem to be computerrelated ... and there's lots of guides.
Is this what you are looking for ?
Regards,
Tom Geudens
A life ? Cool ! Where can I download one of those from ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2002 09:55 AM
02-14-2002 09:55 AM
Re: Security in a Healt Care Environment.
Hi Frank:
My sympathies go out to you. The previous responses in this thread have given a good overview of the tip-of-the-iceberg. If I had to pick one thing, it would be make sure that your software is prepared to log "who/what/where/when/how". Patient privacy is paramount, as well it should be in today's world. Don't plan to say your clerk misdialed a fax number and someone's lab results got sent to the wrong place.
I'll quote from one of the links below:
HIPAA is the Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act.
Title II includes a section, Administrative Simplification, requiring:
1. Improved efficiency in healthcare delivery by standardizing electronic data interchange, and
2. Protection of confidentiality and security of health data through setting and enforcing standards.
More specifically, HIPAA calls for:
1. Standardization of electronic patient health, administrative and financial data
2. Unique health identifiers for individuals, employers, health plans and health care providers
3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.
Start here:
http://www.hipaadvisory.com/
http://www.hcfa.gov/medicaid/hipaa/
http://www.claredi.com/
This is a no-nonsense mandate which will require major effort.
Regards!
...JRF...
My sympathies go out to you. The previous responses in this thread have given a good overview of the tip-of-the-iceberg. If I had to pick one thing, it would be make sure that your software is prepared to log "who/what/where/when/how". Patient privacy is paramount, as well it should be in today's world. Don't plan to say your clerk misdialed a fax number and someone's lab results got sent to the wrong place.
I'll quote from one of the links below:
HIPAA is the Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act.
Title II includes a section, Administrative Simplification, requiring:
1. Improved efficiency in healthcare delivery by standardizing electronic data interchange, and
2. Protection of confidentiality and security of health data through setting and enforcing standards.
More specifically, HIPAA calls for:
1. Standardization of electronic patient health, administrative and financial data
2. Unique health identifiers for individuals, employers, health plans and health care providers
3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.
Start here:
http://www.hipaadvisory.com/
http://www.hcfa.gov/medicaid/hipaa/
http://www.claredi.com/
This is a no-nonsense mandate which will require major effort.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2002 12:17 PM
02-14-2002 12:17 PM
Re: Security in a Healt Care Environment.
Frank, If you're the only one looking into this at your organization -- I hope you're outfit is reasonably small. I work for a TPA outfit, and we're a small company, but we have a fairly senior Project Manager whose only job in life for the next couple of years is to ensure that we get all of our HIPAA ducks in a row.
James' info et al are great starting points.
The good news is that from finalization and adoption of the rules governing any aspect of HIPAA to mandatory conformance you get 26 months. But that isn't really a lot of time if you've many business partners, clients, pharmacies, etc that you have to deal with.
Everything has to be documented (my job in life for now) and controls need to be developed to mitigate possible problems.
Even though YOU as the healthcare information user need to ensure your own conformance, help is available from the vendors whose products you are using.
Best of the best as you embark on this adventure. (Kind of like the Army not being a job.....)
Mark
James' info et al are great starting points.
The good news is that from finalization and adoption of the rules governing any aspect of HIPAA to mandatory conformance you get 26 months. But that isn't really a lot of time if you've many business partners, clients, pharmacies, etc that you have to deal with.
Everything has to be documented (my job in life for now) and controls need to be developed to mitigate possible problems.
Even though YOU as the healthcare information user need to ensure your own conformance, help is available from the vendors whose products you are using.
Best of the best as you embark on this adventure. (Kind of like the Army not being a job.....)
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2002 01:44 PM
02-14-2002 01:44 PM
Re: Security in a Healt Care Environment.
All
Well you know what they say, as you guys posted: "It's not just a job, it's an adventure"
I was a navy man, so we use" It's not just a job, but a ....job" Fill in the blanks for the not-so-clean version.
Anyway, I have been fortunate to have not been the one who is sitting on the mountain top putting this all together, but I am going to be the one who probably will have to put the unix piece in place. We have a mixed bag environment here with NT, UNIX (HP & SUN), WIN2K, Novell, Oracle, Sybase, SQL ... etc....
As you all stated though and are correct I will be facing a monumental effort here. I will keep all of you posted as to any new information that gets uncovered with this deal as there are probably more forum members working healthcare than JRF and ME.
Thanks for the inputs. Great job as always.
Well you know what they say, as you guys posted: "It's not just a job, it's an adventure"
I was a navy man, so we use" It's not just a job, but a ....job" Fill in the blanks for the not-so-clean version.
Anyway, I have been fortunate to have not been the one who is sitting on the mountain top putting this all together, but I am going to be the one who probably will have to put the unix piece in place. We have a mixed bag environment here with NT, UNIX (HP & SUN), WIN2K, Novell, Oracle, Sybase, SQL ... etc....
As you all stated though and are correct I will be facing a monumental effort here. I will keep all of you posted as to any new information that gets uncovered with this deal as there are probably more forum members working healthcare than JRF and ME.
Thanks for the inputs. Great job as always.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP