Thanks for the info and HIPPA article. I've been looking into SSL, GnuPg, and TSL.
I'm trying to avoid having to purchase something from a domain registrar by combining enough open source software. Shouldn't the ability to securely transmit data be free to all? On Thu, Mar 11, 2010 at 7:15 AM, Jonathan Bartels < [email protected]> wrote: > HIPAA is a good guideline, but as you read it you'll see its more > procedural or legal than technical. > > The rules of thumb that I've been taught for making my software HIPPA > compliant are: > 1. Audit trail, be able to show who did what and when. It does nothing > to prevent a breach, but ensures that if there is they can punish > someone > 2. Secure channels (VPN, SSL, etc. Nothing goes over the wire in the clear) > 3. Reasonably secure logins, good passwords, logins timeout > 4. Audit trail. Its important. > > HIPAA doesn't go to the length that something like PCI (credit card > processing) does but its a good place to start. > > Since you specifically asked about SSNs, check with the Social > Security Administration. They have rules, guidelines, and suggestions > for those as well. Theres even one that says "don't use the SSN as an > ID" and "don't ask for it if you don't need it" which may be a good > idea in your case, rather than decide how to secure it, decide if you > even need to transmit it. > > On Thu, Mar 11, 2010 at 6:29 AM, Andrew Latham <[email protected]> wrote: > > This covers most of what you are looking for... > > > > > http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act > > > > internal company storage falls down to Civil Procedure Law. (What > > ever a Judge can ask in a lawsuit and what discovery he feels is safe > > for the public domain.) > > > > > > ~ > > Andrew "lathama" Latham > > [email protected] > > > > * Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software > > * Learn more about Linux http://en.wikipedia.org/wiki/Linux > > * Learn more about Tux http://en.wikipedia.org/wiki/Tux > > > > > > > > On Wed, Mar 10, 2010 at 10:07 PM, Travis Paul <[email protected]> > wrote: > >> Thanks Raphael > >> > >> On Wed, Mar 10, 2010 at 5:04 PM, RAPHAEL WOLFF <[email protected]> > >> wrote: > >>> > >>> You might go to the Electronic Frontier Foundation web site and submit > >>> your question. > >>> > >>> > >>> > >>> On 3/10/2010 8:02 PM, Travis Paul wrote: > >>> > >>> Does anyone know where I can find the federal regulations (USA) for > >>> storing and transmitting personal information such as Social Security > >>> Numbers (if any exists)? > >>> > >>> I've only been able to find state-specific documentation, is that my > only > >>> option? > >>> > >>> > >>> > >>> > >>> _______________________________________________ > >>> Fwlug mailing list > >>> [email protected] > >>> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org > >>> > >>> > >>> _______________________________________________ > >>> Fwlug mailing list > >>> [email protected] > >>> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org > >>> > >> > >> > >> _______________________________________________ > >> Fwlug mailing list > >> [email protected] > >> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org > >> > >> > > > > _______________________________________________ > > Fwlug mailing list > > [email protected] > > http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org > > > > > > -- > ----- > Jonathan Bartels > > _______________________________________________ > Fwlug mailing list > [email protected] > http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org >
_______________________________________________ Fwlug mailing list [email protected] http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org
