Die, unknown executable! Keeping up with malware signatures is becoming unsustainable, so blocking all but known good programs may be our only hope. A review of five whitelisting security packages yields a clear winner in the battle for 21st century security more
In a study of midmarket organizations that have implemented HP ProCurve in a production environment, IDC found that HP ProCurve provides more than sufficient functionality for their current needs and the scalability to grow into the future. more
Doing more with less. Enhanced business agility. Reduced costs. The demands on IT have never been greater, particularly in light of lower revenue and uncertain demand for the goods and services offered by many companies. There are many ways that IT can help organizations adjust to this new economic environment. Learn about five key technology trends that can immediately impact your organization's bottom line, and how to build a strategy to implement these technologies within your current budget. more
In my last post, "Dealing with a smelly co-worker," (9/15/2008) I made reference to HIPAA (Health Information Portability and Accountability Act). The context: Some medical conditions can cause severe body odor. I advised that should the odiferous employee inform his manager that this was the cause of the situation, HIPAA mandated keeping this information private.
Among the responses was what follows, from Lane R. Hatcher, who deals with HIPAA professionally, was kind enough to set me straight. His comments follow, edited for length and to stitch together the information he provided in a conversational thread. - Bob
* * *
Perhaps the person who raised the question regarding the co-worker with an odor problem in fact works for a healthcare provider's office, in which case HIPAA might apply if the individual was also a patient there.
If this is not the case, then HIPAA would not apply to the situation. HIPAA Privacy Rules apply only to healthcare providers, health plans, and clearinghouses.
Employer-sponsored health plans are just that -- employer sponsored. That sponsorship does not make the employer itself (i.e., the entire organization) a HIPAA-covered entity, and the same goes for government and other organizations that sponsor health plans.
In the scenario you presented, let's say that this is just your run-of-the-mill small business, and health insurance is provided; employer and employees pay a monthly premium to, say, Aetna. Does HIPAA apply at the workplace?
No. The workplace is not a provider of healthcare, isn't a group plan or a clearinghouse. Employees can yak all they want about the individual's body odor -- this is a case for management to put the kibosh on gossip, not for regulation.
Even ADA (Americans with Disabilities Act) info in the employee's file does not cause HIPAA rules to kick in, and ADA is the area of regulation most likely to apply to a situation in which an employee asserts medical reasons for a deficiency in workplace performance.
How about a small company that has the money to self-fund a health plan?
The entire company is not a HIPAA covered entity. Only those individuals responsible for the daily administration of the health plan are covered under HIPAA (which could be, but is not necessarily, HR staff). So, only those who are administering the health plan would be responsible under HIPAA to not disclose information they gained about the individual as a result of any demand for payment that was received from the employee's healthcare provider.
I think it's better not to mention HIPAA except in the context of a de facto covered entity. Otherwise, people get all stirred up. Those organizations that are covered entities and need to worry about HIPAA, pretty much know who they are.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
An Alternative to Virtualization for Datacenter Cost Savings
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect businesscritical data while cutting costs and improving efficiency and reliability.