I think GP was saying roughly "IM provides a means for encrypted communication, including the transfer of files. By HIPAA, we have to prevent the transfer of files containing patient medical information. The firewall can't distinguish among that encrypted traffic in order to PERMIT text chat but PREVENT all file transfers, thus the ability to transfer files securely via IM is an exploit as far as HIPAA is concerned."
Yeah, this tangent is snowballing a little bit. I think the original post literally just had a typo.
Having said that, again, in several places I've worked where HIPAA is a constant presence, it hasn't killed IM. It's a dealbreaker for a lot of financials though.
they allow for encrypted transfer of files and hence represent a risk to medical records
This could go either way, actually. Unencrypted transfer of files is obviously risky and if it's through a 3rd party provider (AOL, GTalk, etc.) then there is a risk of confidential medical information being intercepted.
Alternatively, maybe there needs to be internal records of who has sent or received which files. Encrypting files makes it harder for the administration to know who has what.
I'm leaning towards the first explanation of the danger of unencrypted file exchange, but I could be wrong.
