This is a two part question.
1. Do you have guidelines for your users on what types of information must be sent using email encryption? I know the basics but don't really want to start from scratch with coming up with a list if I could help it.
2. Do you have an Offsite Work Agreement that you would be willing to share? This would be for employees who are allowed to work from home and or those who travel (while at hotels, conferences, etc), and be security related guidelines that they agree to follow.
Thanks
Hi Robin,
For #1) We use keywords to trigger encryption, so it doesn't matter if the user *wants* to encrypt the email or not (and believe me, many times they think they do NOT want it encrypted). If the pattern of a SSN or credit card number is matched (via RegEx) the email is automatically encrypted. I also have a list of keywords that will driver it, like "drivers license number", "DOB", etc that will trigger it. Lastly, (and this is a dead giveaway as to what product we're using) if none of the above fit your email but you still want it encrypted, putting the text:
[encrypt]
anywhere in the email will trigger encryption.
So, we don't currently have a written guideline, but we are basically attempting to make the decision for the user instead of giving them the option. We do have documentation showing what we are encrypting, which may count as a guideline in a legal case... or may not. We are still working on that piece. :-)
#2) I got nothing. Sorry! :-)
Mark- don't call Robin a Ho!!!!
Quote from: Adri on November 17, 2010, 04:06:44 PM
Mark- don't call Robin a Ho!!!!
What? I know I can't type... but that NEVER happened!!
:D Thanks Adri. I have to admit I've been called worse.
Robin is my friend!! :-)
Quote from: Mark on November 17, 2010, 04:16:45 PM
Robin is my friend!! :-)
I was until you called me a Ho. "unfriend"
Just kidding. I still luv ya Mark.
Adri, I love your profile pic. Is that your daughter? She's adorable.
Quote from: Robin Deatherage on November 17, 2010, 04:21:06 PM
I was until you called me a Ho. "unfriend"
There still is no evidence of this.... ;)
Quote from: Robin Deatherage on November 17, 2010, 04:24:59 PM
Adri, I love your profile pic. Is that your daughter? She's adorable.
Yep, that is my youngest, Olivia. Thanks!
Quote from: Mark on November 17, 2010, 04:15:20 PM
Quote from: Adri on November 17, 2010, 04:06:44 PM
Mark- don't call Robin a Ho!!!!
What? I know I can't type... but that NEVER happened!!
LOL- Look at what you started!
Quote from: Adri on November 17, 2010, 04:54:26 PM
LOL- Look at what you started!
I started nothing! :P You are just a trouble-maker!
2. Do you have an Offsite Work Agreement that you would be willing to share? This would be for employees who are allowed to work from home and or those who travel (while at hotels, conferences, etc), and be security related guidelines that they agree to follow.
I've worked from home for the last 3 jobs and never had an agreement. I KNEW the data was sensitive and made sure my computer had the appropriate safety features.
Quote from: brinkerdana on November 17, 2010, 09:21:45 PM
2. Do you have an Offsite Work Agreement that you would be willing to share? This would be for employees who are allowed to work from home and or those who travel (while at hotels, conferences, etc), and be security related guidelines that they agree to follow.
I've worked from home for the last 3 jobs and never had an agreement. I KNEW the data was sensitive and made sure my computer had the appropriate safety features.
One of the classes I attended at TENCon was the HIPAA and HITECH Survival Guide by Laura Nelson. During the class she recommended that agencies have an Offsite Work Agreement in place spelling out to the employees exactly what is expected of them security wise. That's why I'm asking about this. Just a CYA in case you are audited.
Two of those work-from-home jobs were pre-HIPPA, etc.
Not to be picky, but it's HIPAA - Health Insurance Portability and Accountability Act - though it was gutted from the original intent of the bill (which would have allowed you to take your insurance with you if you changed employer), and now is mostly on the privacy aspects.
Anyway - it wouldn't matter if they started pre- or post- you'd need to update. Our "work at home" also specified space, separation from other people in the house (such as children), etc - and we provided the computer they were to use.
Quote from: brinkerdana on November 18, 2010, 02:53:16 PM
Two of those work-from-home jobs were pre-HIPPA, etc.
Lance do you have a document that you can share? If not that's ok.
With HITECH there are so many new issues. sigh....
I've been referring to HITECH as "HIPAA on steriods". ;D
Sorry, Robin, I don't have access to it now. And did you mean HITECH is HIPAA on steroids, or PMS? (LOL)
Quote from: Robin Deatherage on November 18, 2010, 03:08:06 PM
Lance do you have a document that you can share? If not that's ok.
With HITECH there are so many new issues. sigh....
I've been referring to HITECH as "HIPAA on steriods". ;D
Quote from: Lance Bateman on November 18, 2010, 03:25:38 PM
And did you mean HITECH is HIPAA on steroids, or PMS? (LOL)
Either one works. ;)
Quote from: Robin Deatherage on November 18, 2010, 03:08:06 PM
With HITECH there are so many new issues. sigh....
I've been referring to HITECH as "HIPAA on steriods". ;D
Hmmm I call it CRAP....... ("obscene word for unacceptable behavior" - among others) ;D
I finally found something for offsite workers. It's geared toward the healthcare industry but could work for us too I think. I would appreciate any thoughts or comments please.
Just a couple decisions we made:
1. We provided the computer and monitors - that way there was no concern of their own computer being used by others, or not meeting required standards (think of how many people want to limit their own computer to Windows Classic screen, or don't have the proper security set up).
2. They were only set up for printing to the computers in the office. Nothing from the system should be printed at their home.
3. Workplace in the home must be dedicated, not in a room they would be dealing with children, etc.
Good luck.