Home page logo
/

basics logo Security Basics mailing list archives

Re: Secure Intranet?
From: "Chris Berry" <compjma () hotmail com>
Date: Fri, 01 Nov 2002 17:41:03 -0800

From: "Jay D. Dyson" <jdyson () treachery net>
> I have client that would like to have its confidential data (medical
> records) available to traveling executives.
> What is the most secure way to set this up?  Secure web site using
> private certificates?  Go with VPN's?  Tell the client forget the
> idea because there is no good way to secure confidential data
> exposed to the Internet?

        Such data access would fall under the auspices of HIPAA security
requirements.  I suggest your client be made fully aware of this, since
these requirements can be exacting and may have serious consequences
(both for consumer confidentiality and legal liability) if not
followed.

Tell them to re-read their HIPAA docs, if you did that, and someone looked at the screen who wasn't authorized while one of your execs was viewing an account, you could be in MAJOR violation, and heavily sued/fined.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Ok, so the servers are down, the lights are out, and all I have to work with is a roll of duct tape, a ball point pen, a lighter, and a twenty year old copy of emacs. Where's the problem? "

_________________________________________________________________
Unlimited Internet access for only $21.95/month.  Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]