That is un friggingbelievable, I give my social to my bank and other
parties I have a financial arrangement with, thats it. There must be a
better way using keys, a challenge response or something like that.
Bri
On Wed, 27 Feb 2002, Chuck wrote:
> don't even get me started on this. I work for an organization that uses
> employee SSN numbers for validation purposes in a lot of instances. So when
> I call the Help Desk to complain about e-mail ( an ongoing problem ) I am
> asked to provide my SSN to the folks there. In these days of rampant and
> easy identity theft, how smart is it to allow access to a large database of
> valid SSN's to practically everyone who asks?
>
> HIPAA??? isn't that on hold for review? You know, I was reading through
one
> of the drafts and I thought I saw something that floored me - the
regulators
> were stating that multiplexed links such as frame relay and ATM were
> considered unsecure because different organizations were "sharing"
circuits.
> The implication was that healthcare organizations would have to move to
> point to point technologies - most of which end up passing through ATM
> backbones anyway. Sheesh.
>
> Longer term I believe that security solutions will involve end to end
> encryption - server to host, on the LAN as well as the WAN, in addition to
> what is already done on VPN's.
>
> I always liked the HIPAA provision about management responsibility and
> management fines and jail time for failure to comply. Wish that were so in
a
> lot of other industries where I have worked. ;->
>
> Chuck
>
>
>
> ""William Gragido"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > The only difference is that those organizations (physicians as well),
will
> > held accountable for violation of HIPPA and face fines and potentially
> jail
> > time :-(
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 27, 2002 12:30 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Security Design - PIX or Whatever [7:36677]
> >
> >
> > Lets not forget politcal concerns when trying do a reasonable level of
> > security. I worked a healthcare provider and boy, you should have heard
> the
> > Docs squawk about passwords and pin codes for access to the primary
> > LAN/WAN... to the point that admin overruled the IS dept and special
> > *permission* not to use the security procedures... happens every day..
> >
> > MikeS
> > '
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36690&t=36677
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
