More good news from Australia. The Australian Tax Office has announced that it is adopting an open source software policy. The policy now will be that GNU/Linux should be considered and used where appropriate, and what's so remarkable is they did it after talking it over with the Gartner Group:
"ATO second commissioner Greg Farr said an internal review of open-source software - done in conjunction with the Gartner Group - concluded that the agency should evaluate and use open-source software where appropriate. . . .
"Among the Gartner Group's key findings were that the ATO should develop an open-source policy and review procurement processes to better enable the evaluation, selection and sharing of open-source software."
SCO had a small announcement today too, about some new business. Seems someone wants them involved in health care in rural areas. No doubt they will bone up on HIPAA security requirements now. That can only be good. They also announced a conference call.
Here is what the press release says about the conference call:
WHAT: The SCO Group, Inc. First Quarter 2004 Financial Results Conference Call
WHEN: Wednesday, March 3, 2004, 9:00 a.m. Mountain Standard Time
HOW: If you would like to participate in the live call you may dial 1.800.818.5264 or 1.913.981.4910; confirmation code: 141144. You may also join the call in listen-only mode via Web cast. The URL is listed at http://ir.sco.com/medialist.cfm .
The news about their new business is this:
"LINDON, Utah, Feb 23, 2004 /PRNewswire-FirstCall via COMTEX/ -- The SCO Group, Inc. ("SCO") (Nasdaq: SCOX), the owner of the UNIX(R) operating system and a leading provider of UNIX-based solutions, and Mardon Healthcare Information Systems, a leading provider of turnkey software solutions for the management of rural healthcare facilities, today announced the formation of a strategic alliance between 12 companies. The alliance focuses on providing Mardon clients' a complete selection of options and enhanced world-class solutions; such as nationwide placement of medical staff, medical forms acquisition, document imaging, financial management and leasing, targeted marketing and e-communications, and total system engineering and integration.
"The strategic partners in the alliance are: The SCO(R) Group, DTR Business Systems, Blue Crown Funding, JNC Consultants, ICM, Poiema Systems, Communiform, Anderson & Bates Medical Search, MDE, Thornberry Ltd, and Pharmtrak. Representatives from each organization recently met in Phoenix to discuss the needs of the Rural Healthcare market, and how the Mardon led alliance would address problems and deliver comprehensive solutions.
"'The goal of this alliance is to organize world class companies, like the SCO Group and others with whom we've been doing business for nearly 20 years, and focus our collective energies squarely on the unique issues facing rural American health care,' said President & CEO of Mardon, Don McKeny. 'I am elated by the commitment and quality of solutions our partners have brought to this alliance.'
"'The rural healthcare market is optimal for many of our products and services,' said Alan Raymond, SCO VP of UNIX Sales, Americas. 'The dependability of SCO UNIX, which is the OS foundation for the Mardon system, cannot be stressed enough. For instance, Mardon has a system installed in a hospital in Barrow, Alaska, which is 400 miles north of the Arctic Circle, and the last section of land before reaching the North Pole. The Barrow hospital serves around 4,500 people spread out over an 88,000 square mile radius, and the only way to travel in or out is by plane or dogsled. The remote nature of this location requires the highest degree of dependability, and SCO is proud that SCO UNIX can provide that level of dependability for these types of healthcare facilities.'"
HIPAA rules require that private medical information be kept secure and confidential. There are specific recommendations on how to achieve that goal. Here's an article on the Final Security Rule, which at several places suggests taking a look at various National Institute of Standards and Technology (NIST) white papers for general guidance as to what constitutes acceptable technological, physical, and administrative solutions:
"1. With respects to NIST's recommendation regarding 'using more trustworthy components', this is an important issue to consider. Some operating systems and applications are more easily secured than others, and as SP 800-33 points out: 'System security can be no stronger than the underlying operating system.' Anything that discourages a break-in is a plus. While it's true that on a good day both a Volvo and a Pinto can get you from point A to point B, when there is an accident, you surely will be glad if you chose the Volvo. Choosing software is analogous; you have choices, but there are also consequences to those choices. One solution is custom code. NASA, for example, does not rely on boxed products. What they are doing has to work, so they develop their own custom code, so as to enhance reliability. Hackers have an easier time exploiting known vulnerabilities in boxed products, which are publicized on the internet in detail, because with custom code, they must first spend time figuring out what you are using and then try to identify and exploit vulnerabilities.
"2. NIST suggests what it calls a layered, 'compartmented' security approach, which it compares to 'water-tight doors on a ship' for every level of security -- physical, technological, and administrative -- and it's the ideal approach. Your goal is to ensure that if one obstacle is breached, another remains in place, protecting the data; that if you have a vulnerability, you have applied layered protections and architectural designs to prevent exploitability; and, if a vulnerability is exploited, you limit the extent of the security breach, thereby reducing loss."
All of NIST's white papers are available here.