Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Next
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
Twitch
YouTube
Facebook (EN Publishing)
Facebook (EN World)
Twitter
Instagram
TikTok
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
Community
General Tabletop Discussion
*Geek Talk & Media
Your relationship with social media
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Janx" data-source="post: 6632672" data-attributes="member: 8835"><p>This issue hits me from the opposite side in my line of work. I deal with a lot of clients who tend to form networks of providers. Many of those providers are small practices using yahoo or some other free email service and have no IT staff to speak of.</p><p></p><p>HIPAA requires online communication to be encrypted in transit. SSL for web sites is trivial. Email is the ugly duckling. If you don't set up TLS on your email server and confirm TLS is setup on the destination, then HIPAA say you can't email those medical records because the data is not encrypted in transit. Yahoo and Google are adding TLS, but prior to last year for sure, none of these populat free email sites had TLS and thus everybody using them for medical work was violating HIPAA.</p><p></p><p>Furthermore, HIPAA requires Business Associate Agreements with the entities you transfer data with. To get a BAA means reviewing the other guy's security and signing paper that you accept their good or crappy level of security. In the instances where a BAA is not literally required, the same level of dilligence is expected, even without a formal BAA. Thus, when you put your medical records onto gmail, you put Google at risk of violating HIPAA because they didn't specifically know you were using them for that (and thus setup controls to better protect that data).</p><p></p><p>So from my vantage point, court cases aside, these users had no business using Gmail or Yahoo because they were invoking an unwitting 3rd party into handling Protected Health Information (PHI). Thus, it was never an issue about the snooping by google's bots, because it was inappropriate to run your medical business through an email system you didn't control or have contracts with.</p></blockquote><p></p>
[QUOTE="Janx, post: 6632672, member: 8835"] This issue hits me from the opposite side in my line of work. I deal with a lot of clients who tend to form networks of providers. Many of those providers are small practices using yahoo or some other free email service and have no IT staff to speak of. HIPAA requires online communication to be encrypted in transit. SSL for web sites is trivial. Email is the ugly duckling. If you don't set up TLS on your email server and confirm TLS is setup on the destination, then HIPAA say you can't email those medical records because the data is not encrypted in transit. Yahoo and Google are adding TLS, but prior to last year for sure, none of these populat free email sites had TLS and thus everybody using them for medical work was violating HIPAA. Furthermore, HIPAA requires Business Associate Agreements with the entities you transfer data with. To get a BAA means reviewing the other guy's security and signing paper that you accept their good or crappy level of security. In the instances where a BAA is not literally required, the same level of dilligence is expected, even without a formal BAA. Thus, when you put your medical records onto gmail, you put Google at risk of violating HIPAA because they didn't specifically know you were using them for that (and thus setup controls to better protect that data). So from my vantage point, court cases aside, these users had no business using Gmail or Yahoo because they were invoking an unwitting 3rd party into handling Protected Health Information (PHI). Thus, it was never an issue about the snooping by google's bots, because it was inappropriate to run your medical business through an email system you didn't control or have contracts with. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*Geek Talk & Media
Your relationship with social media
Top