|
Registered
Join Date: Mar 2003
Location: SW Cheese Country
Posts: 13,611
|
HIPAA Issue/Question
I know encryption is an "addressable" issue and not required when it comes to HIPAA compliance, but can someone justify to me why we should continue this partnership?
Here is the situation. We have a partnership with someone who provides certain PHI and the product is written in Java. That Java application then phones home through their website via HTTP port 80. Disregarding the Java crap part for now, how can they provide documentation that addresses the security concerns of transmitting all this in the clear?
Aside from the info being encrypted inside the app before transmitting either direction I cant see how this is compliant.
Thanks.
__________________
Brent
The X15 was the only aircraft I flew where I was glad the engine quit. - Milt Thompson.
"Don't get so caught up in your right to dissent that you forget your obligation to contribute." Mrs. James to her son Chappie.
|