Regarding NHIN Direct

We are already utilizing this to send encrypted messages for sensitive information to federal government facilities. It works, and complies with federal FISMA regulations, which works with us and our clients in Washington, D.C.

However...

As we also perform work for a client within the Healthcare sector, I checked with their information security department, and the verbiage states "reasonable security measures be taken" under the provisioning of HIPAA. Essentially, you *could* utilize this program for ePHI file/data transfers, but I would *not* recommend it, due to the legal implications of ePHI being leaked or intercepted during transmission.

Just my thoughts...

Bob Radvanovsky, CIFI, CISM, REM, CIPS
Infracritical, Inc. - "Your Infrastructure, Their Future"
rsradvan(a)unixworks.net | rsradvan(a)infracritical.com | bob(a)infracritical.com
(630) 673-7740 | (412) 774-0373 (facsimile)

···

----- Original Message -----
From: "Masonis, Travis M" [mailto:tmasonis(a)noyes-hospital.org]
To: users(a)lists.djigzo.com
Subject: Re: Regarding NHIN Direct

This subject is relevant to my interests and uses for the product also.
I think there is enormous potential for this product in the healthcare
arena.

Travis Masonis
CCNA, CCDA, MCSE, CEH, Security+
Director, IT Infrastructure
Noyes Memorial Hospital

As we also perform work for a client within the Healthcare sector, I
checked with their information security department, and the verbiage
states "reasonable security measures be taken" under the provisioning
of HIPAA. Essentially, you *could* utilize this program for ePHI
file/data transfers, but I would *not* recommend it, due to the legal
implications of ePHI being leaked or intercepted during transmission.

Just out of curiosity, why is the risk of leakage higher for ePHI than
for federal government data? Is it that when ePHI is leaked, the
punishment is greater or is it something else?

Kind regards,

Martijn

Bob Radvanovsky wrote:

···

We are already utilizing this to send encrypted messages for sensitive information to federal government facilities. It works, and complies with federal FISMA regulations, which works with us and our clients in Washington, D.C.

However...

As we also perform work for a client within the Healthcare sector, I checked with their information security department, and the verbiage states "reasonable security measures be taken" under the provisioning of HIPAA. Essentially, you *could* utilize this program for ePHI file/data transfers, but I would *not* recommend it, due to the legal implications of ePHI being leaked or intercepted during transmission.

Just my thoughts...

Bob Radvanovsky, CIFI, CISM, REM, CIPS
Infracritical, Inc. - "Your Infrastructure, Their Future"
rsradvan(a)unixworks.net | rsradvan(a)infracritical.com | bob(a)infracritical.com
(630) 673-7740 | (412) 774-0373 (facsimile)

----- Original Message -----
From: "Masonis, Travis M" [mailto:tmasonis(a)noyes-hospital.org]
To: users(a)lists.djigzo.com
Subject: Re: Regarding NHIN Direct

This subject is relevant to my interests and uses for the product also.
I think there is enormous potential for this product in the healthcare
arena.

Travis Masonis
CCNA, CCDA, MCSE, CEH, Security+
Director, IT Infrastructure
Noyes Memorial Hospital

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
Djigzo open source email encryption

To Bob and Travis,

Ummm.. You guys do not get it.

The United States Government started the Internet by bringing up a core
network and then giving access to that core to academia and industry.
Eventually this morphed into the Internet. This was the transition from the
Arpanet -> Internet.

Based on that model, the Us Govt is starting a core health information
exchange network called the NHIN, or National Health Information Network. As
before they will allow private citizens to connect to this core network. The
data of every veteran treated in the VA, (which is the largest single health
data system in the United States) will be available from the NHIN. This will
incent others to hook up and begin exchanging health information.

Obviously, this new network will simply be a secured network running over
the regular Internet.

What makes this a "new" network is that it will run on two different
protocols, one is IHE is an is too complex to even get into here, the other
is a secure SMTP standard developed with the NHIN Direct project. The -only-
parts of the NHIN Exchange (the running network) Will either be the NHIN
CONNECT (an open source implementation of IHE) compatible IHE -or- a secure
SMTP configuration compatible with two open source prototypes that the NHIN
Direct project (where I am a contributor).

ARRA, the massive stimulus fund to encourage EHR adoption eventually
requires that doctors exhchange information and only via the SMTP in NHIN
Direct or the IHE in NHIN CONNECT.

In a few years, most doctors and thousands of other healthcare workers in
the United States will be using the secure emails. From the perspective of
ONC, this is the official replacement of the fax machine.

So it is not a question of "if you can use the SMTP system in a HIPPA
compliant way?" the only question will be "Is Djigzo a NHIN Direct
compatible Secure SMTP implementation?" if it is then I would expect that it
would be a very popular product. I am willing to help make it that way, but
I do not want to waste my time... which is why I am so pleased by what
Martjin is saying....

-FT

···

On Fri, Jul 30, 2010 at 12:41 PM, Bob Radvanovsky <rsradvan(a)unixworks.net>wrote:

We are already utilizing this to send encrypted messages for sensitive
information to federal government facilities. It works, and complies with
federal FISMA regulations, which works with us and our clients in
Washington, D.C.

However...

As we also perform work for a client within the Healthcare sector, I
checked with their information security department, and the verbiage states
"reasonable security measures be taken" under the provisioning of HIPAA.
Essentially, you *could* utilize this program for ePHI file/data transfers,
but I would *not* recommend it, due to the legal implications of ePHI being
leaked or intercepted during transmission.

Just my thoughts...

Bob Radvanovsky, CIFI, CISM, REM, CIPS
Infracritical, Inc. - "Your Infrastructure, Their Future"
rsradvan(a)unixworks.net | rsradvan(a)infracritical.com |
bob(a)infracritical.com
(630) 673-7740 | (412) 774-0373 (facsimile)

----- Original Message -----
From: "Masonis, Travis M" [mailto:tmasonis(a)noyes-hospital.org]
To: users(a)lists.djigzo.com
Subject: Re: Regarding NHIN Direct

> This subject is relevant to my interests and uses for the product also.
> I think there is enormous potential for this product in the healthcare
> arena.
>
> Travis Masonis
> CCNA, CCDA, MCSE, CEH, Security+
> Director, IT Infrastructure
> Noyes Memorial Hospital
>
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
Fred Trotter
http://www.fredtrotter.com

All I said was that Djigzo's development in the healthcare arena is relevant to my interests and somehow I "Do not get it", according to Mr. Trotter. Sheesh. I'm quite familiar with HIPAA (not HIPPA, btw) and the ARRA Meaningful Use criteria, thanks. I too am on your side, Fred, but it's hard not to take offense to your below message.

···

-----Original Message-----
From: fred trotter [mailto:fred.trotter(a)gmail.com]
Sent: Fri 7/30/2010 8:00 PM
To: Bob Radvanovsky
Cc: Masonis, Travis M; users(a)lists.djigzo.com
Subject: Re: Regarding NHIN Direct

To Bob and Travis,

Ummm.. You guys do not get it.

The United States Government started the Internet by bringing up a core
network and then giving access to that core to academia and industry.
Eventually this morphed into the Internet. This was the transition from the
Arpanet -> Internet.

Based on that model, the Us Govt is starting a core health information
exchange network called the NHIN, or National Health Information Network. As
before they will allow private citizens to connect to this core network. The
data of every veteran treated in the VA, (which is the largest single health
data system in the United States) will be available from the NHIN. This will
incent others to hook up and begin exchanging health information.

Obviously, this new network will simply be a secured network running over
the regular Internet.

What makes this a "new" network is that it will run on two different
protocols, one is IHE is an is too complex to even get into here, the other
is a secure SMTP standard developed with the NHIN Direct project. The -only-
parts of the NHIN Exchange (the running network) Will either be the NHIN
CONNECT (an open source implementation of IHE) compatible IHE -or- a secure
SMTP configuration compatible with two open source prototypes that the NHIN
Direct project (where I am a contributor).

ARRA, the massive stimulus fund to encourage EHR adoption eventually
requires that doctors exhchange information and only via the SMTP in NHIN
Direct or the IHE in NHIN CONNECT.

In a few years, most doctors and thousands of other healthcare workers in
the United States will be using the secure emails. From the perspective of
ONC, this is the official replacement of the fax machine.

So it is not a question of "if you can use the SMTP system in a HIPPA
compliant way?" the only question will be "Is Djigzo a NHIN Direct
compatible Secure SMTP implementation?" if it is then I would expect that it
would be a very popular product. I am willing to help make it that way, but
I do not want to waste my time... which is why I am so pleased by what
Martjin is saying....

-FT

On Fri, Jul 30, 2010 at 12:41 PM, Bob Radvanovsky <rsradvan(a)unixworks.net>wrote:

We are already utilizing this to send encrypted messages for sensitive
information to federal government facilities. It works, and complies with
federal FISMA regulations, which works with us and our clients in
Washington, D.C.

However...

As we also perform work for a client within the Healthcare sector, I
checked with their information security department, and the verbiage states
"reasonable security measures be taken" under the provisioning of HIPAA.
Essentially, you *could* utilize this program for ePHI file/data transfers,
but I would *not* recommend it, due to the legal implications of ePHI being
leaked or intercepted during transmission.

Just my thoughts...

Bob Radvanovsky, CIFI, CISM, REM, CIPS
Infracritical, Inc. - "Your Infrastructure, Their Future"
rsradvan(a)unixworks.net | rsradvan(a)infracritical.com |
bob(a)infracritical.com
(630) 673-7740 | (412) 774-0373 (facsimile)

----- Original Message -----
From: "Masonis, Travis M" [mailto:tmasonis(a)noyes-hospital.org]
To: users(a)lists.djigzo.com
Subject: Re: Regarding NHIN Direct

> This subject is relevant to my interests and uses for the product also.
> I think there is enormous potential for this product in the healthcare
> arena.
>
> Travis Masonis
> CCNA, CCDA, MCSE, CEH, Security+
> Director, IT Infrastructure
> Noyes Memorial Hospital
>
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
Fred Trotter
http://www.fredtrotter.com

I see... well then I stand corrected (has happened before will happen again)

Apparently, I did not "get" that you both "got" it. I did not mean to be
rude and I was certainly presumptive.

My apologies.

-FT

···

On Fri, Jul 30, 2010 at 8:36 PM, Masonis, Travis M < tmasonis(a)noyes-hospital.org> wrote:

All I said was that Djigzo's development in the healthcare arena is
relevant to my interests and somehow I "Do not get it", according to Mr.
Trotter. Sheesh. I'm quite familiar with HIPAA (not HIPPA, btw) and the
ARRA Meaningful Use criteria, thanks. I too am on your side, Fred, but it's
hard not to take offense to your below message.

-----Original Message-----
From: fred trotter [mailto:fred.trotter(a)gmail.com <fred.trotter(a)gmail.com>
]
Sent: Fri 7/30/2010 8:00 PM
To: Bob Radvanovsky
Cc: Masonis, Travis M; users(a)lists.djigzo.com
Subject: Re: Regarding NHIN Direct

To Bob and Travis,

Ummm.. You guys do not get it.

The United States Government started the Internet by bringing up a core
network and then giving access to that core to academia and industry.
Eventually this morphed into the Internet. This was the transition from the
Arpanet -> Internet.

Based on that model, the Us Govt is starting a core health information
exchange network called the NHIN, or National Health Information Network.
As
before they will allow private citizens to connect to this core network.
The
data of every veteran treated in the VA, (which is the largest single
health
data system in the United States) will be available from the NHIN. This
will
incent others to hook up and begin exchanging health information.

Obviously, this new network will simply be a secured network running over
the regular Internet.

What makes this a "new" network is that it will run on two different
protocols, one is IHE is an is too complex to even get into here, the other
is a secure SMTP standard developed with the NHIN Direct project. The
-only-
parts of the NHIN Exchange (the running network) Will either be the NHIN
CONNECT (an open source implementation of IHE) compatible IHE -or- a secure
SMTP configuration compatible with two open source prototypes that the NHIN
Direct project (where I am a contributor).

ARRA, the massive stimulus fund to encourage EHR adoption eventually
requires that doctors exhchange information and only via the SMTP in NHIN
Direct or the IHE in NHIN CONNECT.

In a few years, most doctors and thousands of other healthcare workers in
the United States will be using the secure emails. From the perspective of
ONC, this is the official replacement of the fax machine.

So it is not a question of "if you can use the SMTP system in a HIPPA
compliant way?" the only question will be "Is Djigzo a NHIN Direct
compatible Secure SMTP implementation?" if it is then I would expect that
it
would be a very popular product. I am willing to help make it that way, but
I do not want to waste my time... which is why I am so pleased by what
Martjin is saying....

-FT

On Fri, Jul 30, 2010 at 12:41 PM, Bob Radvanovsky <rsradvan(a)unixworks.net > >wrote:

> We are already utilizing this to send encrypted messages for sensitive
> information to federal government facilities. It works, and complies
with
> federal FISMA regulations, which works with us and our clients in
> Washington, D.C.
>
> However...
>
> As we also perform work for a client within the Healthcare sector, I
> checked with their information security department, and the verbiage
states
> "reasonable security measures be taken" under the provisioning of HIPAA.
> Essentially, you *could* utilize this program for ePHI file/data
transfers,
> but I would *not* recommend it, due to the legal implications of ePHI
being
> leaked or intercepted during transmission.
>
> Just my thoughts...
>
> Bob Radvanovsky, CIFI, CISM, REM, CIPS
> Infracritical, Inc. - "Your Infrastructure, Their Future"
> rsradvan(a)unixworks.net | rsradvan(a)infracritical.com |
> bob(a)infracritical.com
> (630) 673-7740 | (412) 774-0373 (facsimile)
>
>
>
> ----- Original Message -----
> From: "Masonis, Travis M" [mailto:tmasonis(a)noyes-hospital.org<tmasonis(a)noyes-hospital.org>
]
> To: users(a)lists.djigzo.com
> Subject: Re: Regarding NHIN Direct
>
>
> > This subject is relevant to my interests and uses for the product also.
> > I think there is enormous potential for this product in the healthcare
> > arena.
> >
> > Travis Masonis
> > CCNA, CCDA, MCSE, CEH, Security+
> > Director, IT Infrastructure
> > Noyes Memorial Hospital
> >
> _______________________________________________
> Users mailing list
> Users(a)lists.djigzo.com
> http://lists.djigzo.com/lists/listinfo/users
>

--
Fred Trotter
http://www.fredtrotter.com

--
Fred Trotter
http://www.fredtrotter.com

Fred, no big deal. It can be hard to distinguish tone in an email so I probably overreacted a bit too. I admire the work you're doing in the open source healthcare IT field and appreciate your contributions.

···

-----Original Message-----
From: fred trotter [mailto:fred.trotter(a)gmail.com]
Sent: Sat 7/31/2010 12:50 AM
To: Masonis, Travis M
Cc: Bob Radvanovsky; users
Subject: Re: Regarding NHIN Direct

I see... well then I stand corrected (has happened before will happen again)

Apparently, I did not "get" that you both "got" it. I did not mean to be
rude and I was certainly presumptive.

My apologies.

-FT

On Fri, Jul 30, 2010 at 8:36 PM, Masonis, Travis M < tmasonis(a)noyes-hospital.org> wrote:

All I said was that Djigzo's development in the healthcare arena is
relevant to my interests and somehow I "Do not get it", according to Mr.
Trotter. Sheesh. I'm quite familiar with HIPAA (not HIPPA, btw) and the
ARRA Meaningful Use criteria, thanks. I too am on your side, Fred, but it's
hard not to take offense to your below message.

-----Original Message-----
From: fred trotter [mailto:fred.trotter(a)gmail.com <fred.trotter(a)gmail.com>
]
Sent: Fri 7/30/2010 8:00 PM
To: Bob Radvanovsky
Cc: Masonis, Travis M; users(a)lists.djigzo.com
Subject: Re: Regarding NHIN Direct

To Bob and Travis,

Ummm.. You guys do not get it.

The United States Government started the Internet by bringing up a core
network and then giving access to that core to academia and industry.
Eventually this morphed into the Internet. This was the transition from the
Arpanet -> Internet.

Based on that model, the Us Govt is starting a core health information
exchange network called the NHIN, or National Health Information Network.
As
before they will allow private citizens to connect to this core network.
The
data of every veteran treated in the VA, (which is the largest single
health
data system in the United States) will be available from the NHIN. This
will
incent others to hook up and begin exchanging health information.

Obviously, this new network will simply be a secured network running over
the regular Internet.

What makes this a "new" network is that it will run on two different
protocols, one is IHE is an is too complex to even get into here, the other
is a secure SMTP standard developed with the NHIN Direct project. The
-only-
parts of the NHIN Exchange (the running network) Will either be the NHIN
CONNECT (an open source implementation of IHE) compatible IHE -or- a secure
SMTP configuration compatible with two open source prototypes that the NHIN
Direct project (where I am a contributor).

ARRA, the massive stimulus fund to encourage EHR adoption eventually
requires that doctors exhchange information and only via the SMTP in NHIN
Direct or the IHE in NHIN CONNECT.

In a few years, most doctors and thousands of other healthcare workers in
the United States will be using the secure emails. From the perspective of
ONC, this is the official replacement of the fax machine.

So it is not a question of "if you can use the SMTP system in a HIPPA
compliant way?" the only question will be "Is Djigzo a NHIN Direct
compatible Secure SMTP implementation?" if it is then I would expect that
it
would be a very popular product. I am willing to help make it that way, but
I do not want to waste my time... which is why I am so pleased by what
Martjin is saying....

-FT

On Fri, Jul 30, 2010 at 12:41 PM, Bob Radvanovsky <rsradvan(a)unixworks.net > >wrote:

> We are already utilizing this to send encrypted messages for sensitive
> information to federal government facilities. It works, and complies
with
> federal FISMA regulations, which works with us and our clients in
> Washington, D.C.
>
> However...
>
> As we also perform work for a client within the Healthcare sector, I
> checked with their information security department, and the verbiage
states
> "reasonable security measures be taken" under the provisioning of HIPAA.
> Essentially, you *could* utilize this program for ePHI file/data
transfers,
> but I would *not* recommend it, due to the legal implications of ePHI
being
> leaked or intercepted during transmission.
>
> Just my thoughts...
>
> Bob Radvanovsky, CIFI, CISM, REM, CIPS
> Infracritical, Inc. - "Your Infrastructure, Their Future"
> rsradvan(a)unixworks.net | rsradvan(a)infracritical.com |
> bob(a)infracritical.com
> (630) 673-7740 | (412) 774-0373 (facsimile)
>
>
>
> ----- Original Message -----
> From: "Masonis, Travis M" [mailto:tmasonis(a)noyes-hospital.org<tmasonis(a)noyes-hospital.org>
]
> To: users(a)lists.djigzo.com
> Subject: Re: Regarding NHIN Direct
>
>
> > This subject is relevant to my interests and uses for the product also.
> > I think there is enormous potential for this product in the healthcare
> > arena.
> >
> > Travis Masonis
> > CCNA, CCDA, MCSE, CEH, Security+
> > Director, IT Infrastructure
> > Noyes Memorial Hospital
> >
> _______________________________________________
> Users mailing list
> Users(a)lists.djigzo.com
> http://lists.djigzo.com/lists/listinfo/users
>

--
Fred Trotter
http://www.fredtrotter.com

--
Fred Trotter
http://www.fredtrotter.com