Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Microsoft

Is Win2k + SP3 HIPAA Compliant? 489

Posted by Cliff from the EULAs-vs-government-regulations dept.
Chris asks: "Our company deals with medical records in a peripheral sort of way (as they pertain to student loans), and due to new laws we are required to be HIPAA compliant by April. After reading the discussion on here about the new EULA for Win2k SP3, I had a disturbing thought. As far as I can tell, if you use Windows 2000 then you're going to be out of compliance whatever you do. If you install the patch, then theoretically Microsoft could access those medical records (possibly by accident) without 'due cause or need' in the process of updating your machine. If you don't patch your system then you'll fail the security requirements of the law." If Win2k with SP3 is not HIPAA compliant (and I stress the if because no one has made a statement either way, yet) what can non-compliant Medical IT departments do?
This discussion has been archived. No new comments can be posted.

Is Win2k + SP3 HIPAA Compliant? More

Is Win2k + SP3 HIPAA Compliant?

Comments Filter:

  • Re:Don't worry (Score:1, Funny)

    by Anonymous Coward on Wednesday August 28, 2002 @08:32AM (#4155425)
    Yes, they are truly benevolent overlords.

  • Re:Problem is EULA not SP (Score:2, Funny)

    by Anonymous Coward on Wednesday August 28, 2002 @09:24AM (#4155693)
    good than all your box will belong to me and read them all of your word doc's and put them up on slashdot.

  • Re:HPIAA logo? (Score:2, Funny)

    by vile7707 ( 470358 ) on Wednesday August 28, 2002 @10:12AM (#4155917)
    That's some weird, and kinky stuff going on there. Looks to me as if they are spanking that hippo with a feather.

  • Re:Disable remote root? (Score:3, Funny)

    by zenyu ( 248067 ) on Wednesday August 28, 2002 @11:48AM (#4156681)

    There is a less than perfect solution: Filter off all machines from vendor-X using products from vendor-Y. Make all machines from vendor-X resistant to attacks from the vendor-Y machines. Oh, and be damn sure that the two vendors are not affiliated, and are not controlled by the same government.

    This won't work, MS is slap happy about RPC over HTTP. They can even do it through a caching proxy. That means any firewall that allows web traffic won't prevent access to their Windows software on your machine. But even if you took the medical records completely off the internet this is a legal problem not a technical one. You gave them access, they might demand physical access if you don't give them electronic access. I don't see it happending, but legally, in any state where EULAs apply, they can.

    The only solution here is to get MS to sign a supplementary agreement either that is satisfactory for HIPAA, or for the congress critters to pass a law forbiding overbroad hacking clauses in contracts, forcing Microsoft to rewrite their EULA for everyone.

    I still think the best thing to do is deny copyright protection to any work distributed with license. Sort of a patent vs. trade secret distinction, instead you get a choice between copyright or contract.

  • Are you sick? (Score:3, Funny)

    by itwerx ( 165526 ) on Wednesday August 28, 2002 @01:33PM (#4157586) Homepage
    Or drunk?
    How many hurls do you need?

    We assessed the "hurl vs hurdle" question a long time ago and decided overwhelmingly in favor of hurdles...

Slashdot Top Deals

They are relatively good but absolutely terrible. -- Alan Kay, commenting on Apollos

Close