Re:Attorney's Take (Score 2, Interesting)

Forgive me, I'm not a HIPAA guy, I'm more of a FDA Part 11 guy. If I'm correct, the original post was with regards go being found 'out of compliance'. To be found 'out of compliance' you must first be audited. Either your procedures are not HIPAA compliant, or you are not following your procedures. The Part 11 solution is to make sure your procedures are 'close enough' (I'm taking a little liberty here) then follow them exactly. Does that work with HIPAA and the issue we are discussing? Cant you just proceduralize the 'locking down' of your servers? I hope it is that simple. PS: Even if you have Linux (which I prefer) you still need to create the proper procedures.