Jonathan is right about the Auditing. The government and all regulatory people care more about the audit than the security...
~ Andrew "lathama" Latham [email protected] * Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software * Learn more about Linux http://en.wikipedia.org/wiki/Linux * Learn more about Tux http://en.wikipedia.org/wiki/Tux On Thu, Mar 11, 2010 at 12:49 PM, Travis Paul <[email protected]> wrote: > Thanks for the info and HIPPA article. > > I've been looking into SSL, GnuPg, and TSL. > > I'm trying to avoid having to purchase something from a domain registrar by > combining enough open source software. > > Shouldn't the ability to securely transmit data be free to all? > > > > On Thu, Mar 11, 2010 at 7:15 AM, Jonathan Bartels > <[email protected]> wrote: >> >> HIPAA is a good guideline, but as you read it you'll see its more >> procedural or legal than technical. >> >> The rules of thumb that I've been taught for making my software HIPPA >> compliant are: >> 1. Audit trail, be able to show who did what and when. It does nothing >> to prevent a breach, but ensures that if there is they can punish >> someone >> 2. Secure channels (VPN, SSL, etc. Nothing goes over the wire in the >> clear) >> 3. Reasonably secure logins, good passwords, logins timeout >> 4. Audit trail. Its important. >> >> HIPAA doesn't go to the length that something like PCI (credit card >> processing) does but its a good place to start. >> >> Since you specifically asked about SSNs, check with the Social >> Security Administration. They have rules, guidelines, and suggestions >> for those as well. Theres even one that says "don't use the SSN as an >> ID" and "don't ask for it if you don't need it" which may be a good >> idea in your case, rather than decide how to secure it, decide if you >> even need to transmit it. >> >> On Thu, Mar 11, 2010 at 6:29 AM, Andrew Latham <[email protected]> wrote: >> > This covers most of what you are looking for... >> > >> > >> > http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act >> > >> > internal company storage falls down to Civil Procedure Law. (What >> > ever a Judge can ask in a lawsuit and what discovery he feels is safe >> > for the public domain.) >> > >> > >> > ~ >> > Andrew "lathama" Latham >> > [email protected] >> > >> > * Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software >> > * Learn more about Linux http://en.wikipedia.org/wiki/Linux >> > * Learn more about Tux http://en.wikipedia.org/wiki/Tux >> > >> > >> > >> > On Wed, Mar 10, 2010 at 10:07 PM, Travis Paul <[email protected]> >> > wrote: >> >> Thanks Raphael >> >> >> >> On Wed, Mar 10, 2010 at 5:04 PM, RAPHAEL WOLFF <[email protected]> >> >> wrote: >> >>> >> >>> You might go to the Electronic Frontier Foundation web site and submit >> >>> your question. >> >>> >> >>> >> >>> >> >>> On 3/10/2010 8:02 PM, Travis Paul wrote: >> >>> >> >>> Does anyone know where I can find the federal regulations (USA) for >> >>> storing and transmitting personal information such as Social Security >> >>> Numbers (if any exists)? >> >>> >> >>> I've only been able to find state-specific documentation, is that my >> >>> only >> >>> option? >> >>> >> >>> >> >>> >> >>> >> >>> _______________________________________________ >> >>> Fwlug mailing list >> >>> [email protected] >> >>> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org >> >>> >> >>> >> >>> _______________________________________________ >> >>> Fwlug mailing list >> >>> [email protected] >> >>> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org >> >>> >> >> >> >> >> >> _______________________________________________ >> >> Fwlug mailing list >> >> [email protected] >> >> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org >> >> >> >> >> > >> > _______________________________________________ >> > Fwlug mailing list >> > [email protected] >> > http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org >> > >> >> >> >> -- >> ----- >> Jonathan Bartels >> >> _______________________________________________ >> Fwlug mailing list >> [email protected] >> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org > > > _______________________________________________ > Fwlug mailing list > [email protected] > http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org > > _______________________________________________ Fwlug mailing list [email protected] http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org
