Do you have a system in place to block websites? Block mail.yahoo.com etc if you do. Websense is one to look at if you do not have one in place yet.
If you seek official documentation- I don’t think you will have much luck. However- If you are required to adhere to HIPAA compliance- You could look to NIST 800-53 level controls. It requires that you have control over your System.
If individuals are using hotmail, gmail, etc.- Those email solutions are outside of your corporate boundary and since they are not under your control- You could potentially have a HIPAA control failure. Also- If you have an acceptable use policy in place- It kind of hard to maintain it if employees are utilizing a non-sanctioned company provided email solution.
Good luck.
Discuss This Question: 1  Reply