Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SBS, Exchange & HIPPA 1

Status
Not open for further replies.
mofusjtf

mofusjtf

IS-IT--Management
Apr 20, 2004
471
US
Has anyone had to make an SBS installation HIPPA compliant. Specifically Exchange and the emails passing through it. Such as sending encrypted email?
 
Sort by date Sort by votes
take a look at this:
I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
So, by securing Exchange I will be able to meet HIPAA requirements for sending email? How will the client or recipient be able to read the encrypted mail?

Can I use the built-in Windows create CA or should I purchase one from Verisign or another thrid party?
 
Upvote 0 Downvote
You should go with a purchased certificate. Thawte is less expensive than Verisign but either will work.

HIPAA is a pain to deal with. However some parts of it are simple. Make sure your people are not transmitting confidential information about patients such as SSNs and names and you should be OK.

For example:

Bad email:

Hi Sally, regarding that patient we were discussing in the hallway, John Smith. His MRI came back and was good. His file was missing his social security number, can you put it on the folder? It is 111-22-3333. Thanks.
Click to expand...

Good email:

Hi Sally, regarding that patient we were discussing in the hallway, patient number 824316. His MRI came back and was good. His file was missing his social security number, can you put it on the folder? I will route that over to you via courrier. Thanks.
Click to expand...


I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
I agree that HIPAA is a pain to deal with. Unfortunately, we must deal with it. I suppose I could use a hosted server for secure, HIPAA compliant email. I just figure there has to be a way to send encrypted email through my Exchange server that will meet the HIPAA guidelines.

The security configuration in the link you posted is definitely a starting point. And it is the easy part. Getting users to change there ways is much more difficult.

Thanks.
 
Upvote 0 Downvote
TLS should be configured. This will encrypt the connection that the mail is going over, assuming both sides support TLS. You can force it for some domains, if needed.

Pat Richard
Microsoft Exchange MVP
 
Upvote 0 Downvote
I agree with Pat on using TLS but as he states the problem is it needs to be configured on both ends and very few companies I have encountered work with it.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Thanks for the info. I'll do some more information regarding my client's email situation. E.G. does all email need to be HIPAA compliant? What specific recipients need HIPAA compliant email? etc.
 
Upvote 0 Downvote
Generally, if a company is HIPPA or SOX compliant, they have TLS enabled (at least those I've seen). If that's the case, you can configure an SMTP connector for those domains, and force TLS. Considering that enabling TLS is only a couple of mouse clicks once a cert is installed, I'm surprised it's not enabled more.

Pat Richard
Microsoft Exchange MVP
 
Upvote 0 Downvote
SBS 2008 will be released soon, and because it has Exchange 2007 integrated, the options/features for compliance are substantially easier to use than what Exchange 2003 has. For instance, TLS is automatically enabled by default in an "opportunistic" fashion, so two servers both configured this way will automatically encrypt traffic to each other.

Dave Shackelford
Shackelford Consulting
 
Upvote 0 Downvote
Yes looks like SBS 2008 will be out around September of 2008. I'm looking forward to it, the recovery storage groups are so much better under 2007 then they are with 2003.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
445
DTGMI
DTGMI
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony & QS
Replies
0
Views
365
DeepuM
DeepuM
DTGMI
  • Locked
  • Question
Win 2003 & IBM X3350 M2 Server (7946AC1)
Replies
1
Views
143
technome
technome
RdFromK
  • Locked
  • Question
GroupPolicy error 1065 with Windows SBS CSE Policy
Replies
2
Views
292
RdFromK
RdFromK
srobinson1212
  • Locked
  • Question
Migrate from sbs 2008 to 2012 R2 Datacenter
Replies
0
Views
107
srobinson1212
srobinson1212

Part and Inventory Search

Sponsor

Back
Top