yes, we have all patients data in file cabinets that are locked and locked back up after use. The server's sits right next to me in one rack with a lock, plus its in a room with a door lock. But Streaker, I fully understand where you are coming from. Downstairs where the phone grid is, I have seen this unlocked numerous of times! Anyone could patch these lines and hear a conversation that could lead to passwords, usernames, etc.
But on another side of IT, my plan is to become familiar with Linux, so that way we can convert to a Linux network down the road...way down the road. The only problem is trying to find away, for our finiacial applications and Homecare applications to be compatiable with Linux.
If you don't mind me asking, Thorn and Streaker- what do you guys do in the IT world?
I'm an independent consultant and writer of security books (for Syngress), as well as a lecturer at security conferences. Here is an abridged (and somewhat outdated) bio. The reason I happen to be acquainted with HIPAA is that my wife works in health care and deals a lot with HIPAA, and I have some clients in heath care, too.Originally Posted by kiloraw
Thorn
Stop the TSA now! Boycott the airlines.
I'm a NetAdmin. I would suggest that you abandon your ideas for converting to a 100% linux environment unless you're ready for nightmare after nightmare. If you do choose that path, you better be more than 'familiar' with Linux, you had better know it inside and out and be able to recite man pages in your sleep.
You have mentioned your biggest stumbling block for that plan, finding something that's compatible with your current financial systems. Well, good luck with that, chances are, you won't find anything, and financial systems are something you don't want to have working "part way", they have to work 100% or else it will be hell for you.
A few years ago when I was still doing consulting work, I had installed a new Netware server at a local slumlords office. I spent about a week there getting everything up and running and configured just right. They had a guy that was the son of one of the employees that they determined was going to be their local Admin of the system. So I showed him what he needed to know and went on my way. I got occasional phone calls from them, regarding simple issues, but nothing of any real substance.
About 9 months later I get a call from them, the woman is about in a state of panic, the server was sitting at a Blue screen with white text and no one can log in. I think to myself, that I don't recall Netware ever having a BSOD screen but say I'd be right out.
I get there to find that the dude had replaced the Netware machine an NT4 box over a weekend when no one was there, no one realized he had done it. Then a few weeks later, he decided he was going to install Citrix overtop the NT4 installation, it pretty much trashed the system. I tried to boot up the drives in another machine with NTFS installed, but the drives were blank other than the failed OS.
Since the backup solution that was sold to them was for Netware, they had not been backing anything up, but he had the women that worked there fooled into thinking it was because he had them swapping tapes every day.
They lost 3 months worth of work in that debacle, the kid of course lost his job, as did his mother.
Why I am I telling you this? Never do anything unless you're completely sure of yourself and you know exactly what the outcome is. He cost them thousands, not only in the purchase of software that they didn't need, but in my time to resolve the issue, and the overtime to pay their people to re-enter the data back into the system.
Linux is a great OS, no doubt, but be damned sure that before you even consider moving, you've done several months of testing on whatever you're planning on replacing your windows systems with, and that you have someone that you can get on the phone and scream at when things don't work. Companies want someone that can be held responsible when things don't work, make sure that person isn't you.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Hey, there's no picture with that BioYou should put one up there with you in your Beret.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Posting Permissions
