business associate agreement
David Woolley
forums at david-woolley.me.uk
Mon Jun 1 17:10:20 EDT 2015
On 01/06/15 21:35, Catherine Galle wrote:
>
> Yes we are required to have a 'BAA' with our appointment scheduling
> software. We do not have to have an agreement with Windows as nothing
> that is considered electronic protected health information is submitted
> to or through them.
If you use Windows at all, all your sensitive data is going through Windows!
Pidgin is a client. Even the OTR add on is a client add on.
I guess you are really talking about the encryption support, but most
non-open source software that runs on Windows will rely on the
encryption provide by Windows, and you are certainly relying on Windows
not leaking any data around the encryption, even if you are using
OpenSSL, etc., for the encryption.
Note that Pidgin provides no servers. Even the OTR stuff uses third
party servers.
More information about the Support
mailing list