<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Does it expose you to anything? If not
shrug and shut it off. If so, offer it with something that passes
the exposure on instead, explaining your costs change. No need to
lecture them on their own laws or protect them from themselves.
They need a service provider, not a parent. :)<br>
<br>
On 06/02/2016 03:33 PM, Carlos Alvarez wrote:<br>
</div>
<blockquote
cite="mid:CAEu0Vi2GdP1sjiyhYxb-XGzCf0L-GGy3UjCAvhWUiWU35_frAw@mail.gmail.com"
type="cite">
<div dir="ltr">Believe me, I've covered that and several other
regulatory matters, they maintain they don't care. The
directive I got was from the second from the top, and he claims
the CEO is behind him. Right now the stale-mate is at "we can
have a conference call to discuss it with the CEO, but I won't
do it without that." If they call me on it, well then...I'm
just not sure.
<div><br>
</div>
<div>As to what type of "medical" company, I would like to keep
the customer info very anonymous, but I'll say that it's way
more than uniforms but not quite discussing a specific
patient's ED prescription. There's probably not any specific
patient data on a call, or maybe just very rarely.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jun 2, 2016 at 12:27 PM,
Anthony Orlando <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:avorlando@yahoo.com" target="_blank">avorlando@yahoo.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Carlos<br>
Just mention HIPAA. You might also have some HIPAA
compliance issues as well.<br>
<span class="im HOEnZb"><br>
<br>
<br>
> On Jun 2, 2016, at 1:54 PM, Carlos Alvarez <<a
moz-do-not-send="true" href="mailto:caalvarez@gmail.com"><a class="moz-txt-link-abbreviated" href="mailto:caalvarez@gmail.com">caalvarez@gmail.com</a></a>>
wrote:<br>
><br>
> We have a customer who has been nagging us to remove
the PIN from their conference lines. They are getting
more insistent. We've said no, for the obvious security
reasons, and explained them all clearly. On top of it,
this is a medical-related company having sensitive
conversations on conferences. They keep pushing us. What
would you do? On the one hand I think we have no
liability in the matter, but on the other, we're more of a
consulting ITSP than just a generic service provider. We
specialize in helping people not do stupid things with
their phone system. There's also the matter of just
eating up a bunch of channels by people using it as their
own conference.<br>
><br>
</span>
<div class="HOEnZb">
<div class="h5">>
_______________________________________________<br>
> VoiceOps mailing list<br>
> <a moz-do-not-send="true"
href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><br>
> <a moz-do-not-send="true"
href="https://puck.nether.net/mailman/listinfo/voiceops"
rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
VoiceOps mailing list
<a class="moz-txt-link-abbreviated" href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/voiceops">https://puck.nether.net/mailman/listinfo/voiceops</a>
</pre>
</blockquote>
<br>
</body>
</html>