I'm being driven crazy by our HIPAA thug over our email security. He's got our Executive Board all worked up and I need to get them an answer.
Is there a general answer I can give them?
Something along the lines of:
'We have an SSL. We force users to change passwords regularly. We have an account lockout policy for bad logins. We therefore meet or exceed minimum standards.'
I can't really find a firm, definitive answer on these boards or anywhere else.
Thanks In Advance