• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About SisterChristian

  • Rank
    Will I break 10 posts?
  • Birthday 05/05/1975

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Location
    Walnut Creek, CA
  1. Ditto on that.. been using VMWare for a while now. works like a charm. especially for trying out new livecd's os etc. also check out their library of pre-made images.
  2. Ditto on the going thing... I'll also be at blackhat as well. Gotta love work sponsored trips. And the new spellcheck in firefox
  3. :%s/HIPPA/HIPAA/g
  4. HIPAA doesn't actually require that but your school, in order to implement HIPAA, may have taken those steps. HIPAA really came into effect in two stages, Privacy and Security. The Privacy portion was mostly non-techie. It covered access to patient records, both for only authorized personnel and providing the ability for the patient to request a "Full" copy of their medical record. Mostly policy and procedure stuff. Now Security did have techie portions, however it never specified a specific technology. So it would say transactions that occur over the internet that contain PHI (Protected Health Information) must be encrypted, but it wouldn't specific a minimum requirement. For example a password protected zip file would qualify as "encryption". It also required, organizations to audit each other for compliance(which is annoying) and had disaster recovery plans (duh), pointed heavily toward using NIST guidelines for policy and procedure(there was a lot of copy/paste going on). Also obvious things like applications have unique usernames and passwords for each user, or where possible enable auditing. Most of HIPAA requires that health care providers look at the regulations and either comply or document why they are not in compliance. Oddly enough the regs allow for "costs too much" to be an excuse.