I’ve thought about the HIPAA issues I mentioned in my last post for quite a while now. Rather than making any hasty decision and blasting my boss for it, I thought it would probably be best if I were to think on it at least 24 hours, and then only comment if I still felt as strongly about it as I did at first.
Well, in all honesty, I still feel as insulted as I did at the very beginning, but I’ve also come to the decision that I’m fine with it. Even if the entire intent was to get it off my plate because I’m incapable of handling it, it’s for the best. Not only is it not my butt in the legal sights should anything happen anymore, but after getting another email from my boss today, I’ve decided it’s not worth it for me to do it.
You see, Monday before I left to go to the doctor’s office, I made a small change to our domain’s Group Policies. According to HIPAA, and company policy, all computers must have screen savers configured to lock the machine when the user is away for more than 5 minutes. Well, even though I set the default on all new machines to the company-standard of 5 minutes, as I go around to various machines and check to fix various problems, I notice that they’re set to 15 minutes, 60 minutes, or even 99 minutes.
As a result, I decided that one of the first and easiest things we needed to change was the screen saver policy. To that end, I configured a Group Policy on our domain to enforce the 5 minute timeout, with the default “Logon” screen saver (you know, the one that bounces the Windows logo around the screen). Simple enough, right?
Well, I didn’t think at the time about the machine that projects statistics for our phone system on the wall in our Customer Service department. Logically, there’s no point in having a screen saver on this machine, because it would kick in at 8:05 and be useless the rest of the day. Fair enough, I forgot one exception to the rule out of the entire company, so sue me. My boss emailed me with a subject something to the effect of “This looks like you’ve been messing around again…”. Now, knowing his sense of humor, it’s hard to tell if he’s really genuinely trying to be funny, or if this is just his way of taking a jab at me without trying to be too obvious about it.
In either case, I calmly explained to him that we’d talked about me changing some security settings previously, and that this was simply the latest in that long string of changes. I explained my reasons for doing it, that it was the simplest of the changes we needed to make, and why it was necessary (no one in the company observes the company policy). Well, today I check my email, and there’s a reply, asking why I thought people shouldn’t be able to use screen savers and saying that one person had said she had to restart “some program” every time it came on.
Now this is my problem. Needless to say the fact that he was specific enough to tell me “some program” (literally, word for word) had to be restarted every time the screen saver came on was incredibly helpful. Add to that the fact that it’s a bloody screen saver, and shouldn’t (and doesn’t in 99% of cases) any effect on anything what-so-ever, and I’m already perturbed.
But the real meat of my problem is the first part. At no point in my very simple explanation did I say people weren’t allowed to use screen savers. I said quite the opposite, in fact. People HAVE to use screen savers, and they’re not, hence my enforcing them to do so. Not only did he say the exact opposite of what I’d said, but he did it in what seemed to me a very insulting and derogatory manner (yeah, read that subject line again…). For some reason, it seems that every incredibly simple thing I do (such as setting screen savers on and to 5 minutes) is not only met with an extraordinary amount of resistance, but is also looked at as if I’m being insanely over-reactive, or that I’ve got some kind of nefarious motive.
Now, I know that some of this is probably just inter-office politics and personality conflicts, but COME THE FUCK ON!! My explanation couldn’t get any simpler, and this isn’t rocket science here people. I’m simply enforcing a policy that MY BOSS set, and this is the flack I get for it? You can take this HIPAA security stuff and shove it up your ass, because I’m not going to deal with this shit every little fucking step of the way!
I’ve decided that my conversation with my boss will go something like this:
“OK, about screen savers. I never said people couldn’t use them, in fact I said the exact opposite. People WEREN’T using them, so I set a policy to give them no choice but to, and this kinda works into my second point.
At first, I was a bit insulted that
OK, maybe I’ll cut out the “it’s not worth my time” part. I just figured that it would be easy to segway from that into “give me more money or else”. When I read over it again now, it occurs to me that it’s probably not the best combination of complaints…
Who knows. Maybe it would just be easier to send him an anonymous email with a link to my two most recent blog entries. Either one probably stands the same chance of getting me fired, and the email idea takes a lot less effort on my part…