> > I've been asked to place a sniffer on a network that handles HIPPA > > data, and watch for e-mail containing certain strings. I figured that > > mailsnarf would be the best way to do this. > > > Aside from any of hte technical details of this, I'm kind of wondering > how this fits into HIPPA and it's policies. > > I'd be sure that if I were you, I'd have written evidence of someone (a > boss/supervisor/etc) ordering this kind of behaviour and also my > objection to sniffing data that might be confidential under HIPPA.
sounds like he's being asked to sniff to make SURE that no one is stupid enough to email hipaa-covered data out. C.Y.A. is definitely appropriate. elijah
