Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Next
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
Twitch
YouTube
Facebook (EN Publishing)
Facebook (EN World)
Twitter
Instagram
TikTok
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
The
VOIDRUNNER'S CODEX
is coming! Explore new worlds, fight oppressive empires, fend off fearsome aliens, and wield deadly psionics with this comprehensive boxed set expansion for 5E and A5E!
Community
General Tabletop Discussion
*Geek Talk & Media
Google admits to reading your emails, claims you should expect it.
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Janx" data-source="post: 6172903" data-attributes="member: 8835"><p>HIPPA is a loosey-goosey law. It basically says "you must protect" with very little definition of what standards to follow. the credit card industry follows DCI which is very specific and strict. it is a stronger standard.</p><p></p><p>On the third party present question, you do NOT conduct business with an unsecured party present. Cleaning staff don't have need to know, so you ask them to leave. Otherwise, you have a risk.</p><p></p><p>In my world, you don't just walk into a room and transform into a third party. Negotiations, contracts and audits happen before we start passing data. I would be in breach if I sent PHI to somebody we didn't have a BLA with.</p><p></p><p>What HIPPA says is "do whatever you want to protect" But if there's a breach, you are screwed. So it's more Stick, than book of tips on how to secure your business.</p><p></p><p>Some specifics are, if an unauthorized party gets PHI, I have to notify the affected people (patients) and probably pay for credit fraud protection (I've had a few of those from the financial industry loosing laptops). If they crack my server and steal my database, I am protected ONLY if the database was reasonably encrypted.</p><p></p><p>So if my PHI is unreadable in my Patient table, I'm safe. If not, then I will pay large fines and fees that could destroy my business. But it is all up to me on whether to do that, and up to my client to choose to do business with me. This is where a large business expects higher security, and a small business is exempted from being expected to have huge piles of documented security practices when doing the BLA.</p><p></p><p>It's all moot until a breach, when blame flies and money has to be paid.</p></blockquote><p></p>
[QUOTE="Janx, post: 6172903, member: 8835"] HIPPA is a loosey-goosey law. It basically says "you must protect" with very little definition of what standards to follow. the credit card industry follows DCI which is very specific and strict. it is a stronger standard. On the third party present question, you do NOT conduct business with an unsecured party present. Cleaning staff don't have need to know, so you ask them to leave. Otherwise, you have a risk. In my world, you don't just walk into a room and transform into a third party. Negotiations, contracts and audits happen before we start passing data. I would be in breach if I sent PHI to somebody we didn't have a BLA with. What HIPPA says is "do whatever you want to protect" But if there's a breach, you are screwed. So it's more Stick, than book of tips on how to secure your business. Some specifics are, if an unauthorized party gets PHI, I have to notify the affected people (patients) and probably pay for credit fraud protection (I've had a few of those from the financial industry loosing laptops). If they crack my server and steal my database, I am protected ONLY if the database was reasonably encrypted. So if my PHI is unreadable in my Patient table, I'm safe. If not, then I will pay large fines and fees that could destroy my business. But it is all up to me on whether to do that, and up to my client to choose to do business with me. This is where a large business expects higher security, and a small business is exempted from being expected to have huge piles of documented security practices when doing the BLA. It's all moot until a breach, when blame flies and money has to be paid. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*Geek Talk & Media
Google admits to reading your emails, claims you should expect it.
Top