W2K SP3 issue w.r.t. HIPAA
From: Laurence Brevard (laurence@brevardandbrevard.com)
Fri, 06 Sep 2002 18:33:40 -0500
BRUCE: Just saw this in my W2Knews newsletter.
> * W2K SP3 in Healthcare: Damned If You Do, Damned If You Don't?
>
>An interesting discussion has been building in the healthcare arena
>since Microsoft changed its EULA for W2K SP3. Since, under HIPAA
>regulations, a healthcare organization is required to safeguard
>patient data to the best of current technological capabilities, the
>application of SP3 appears to present a no-win situation. If you
>-don't- apply the service pack, you're leaving the OS open to known
>security vulnerabilities.
>
>If you -do- apply it, you're agreeing to allow Microsoft access to
>the server for, ostensibly, "updating the server." Even though I'm
>sure Microsoft claims to only access the necessary system files,
>we are all aware of their less-than-stellar record. The fear is
>that if MS were to inadvertently access patient data on one of the
>patched servers, the healthcare organization could be held liable.
>I wonder what the MS lawyers are able to reply on -this- issue...
--
LAURENCE C. BREVARD http://www.BrevardAndBrevard.com
CELL: (503)708-0268 or email w/o spaces: 503 708 0268@mobile.ATT.net
WORK: (503)547-6088 at SYNOPSYS 2025 NW Cornelius Pass Hillsboro, OR 97124
HOME: (503)629-0501 485 NW 170th Drive, Beaverton, OR 97006-4845
_FAX: (503)629-0601, (503)430-1166 OTHER: (503)629-8856, (503)430-1122
