RE: SS# and e-mail
Title: Message Those interested in this subject might want to review this GAO report. http://www.gao.gov/highlights/d03941thigh.pdf With identity theft, I would not want my SSN sent via email. I have already had credit card information stolen which had been sent via an email. Anita HaltermanNMEH HIPAA Integration and Transition (HIT) co-chairHealth Policy Analyst & HIPAA Privacy and Security CoordinatorState of Alaska,Department of Health and Social Services,Division of Health Care Services,4501 Business Park Blvd., Suite 24Anchorage, AK 99503-7167Phone: (907)334-2431Fax: (907)561-1684 -Original Message-From: Dan Hoskins [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2003 12:41 PMTo: WEDI SNIP Privacy Workgroup ListSubject: RE: SS# and e-mail Dana, "not tied to any other personal identifiers" is a can of worms. Email resides on, potentially, a variety of servers on its way from sender to recipient. Some are administered with sound security practice, many are not. It is reasonable to expect some of them to be hacked, and the traffic sniffed. If a hacker with bad intentions copied all emails from your organization passing through a given, hacked server, and matched up the ones with common recipients, matching the SSN with other info wouldn't be that hard. I suppose you could institute a policy that SSNs, and no other info, could go by email in cleartext. Wouldn't want to administer that. Safer to establish gateway encription for your enterprise, and encript anything with PHI. My .02$ FWIW. Daniel S. Hoskins, VP HIPAA Compliance Services Square One Computer Security Services, Inc. 36 Chickering Dr., Brattleboro, VT 05301 877-583-8158 -Original Message-From: Dana Frank [mailto:[EMAIL PROTECTED]Sent: Thursday, November 06, 2003 10:58 AMTo: WEDI SNIP Privacy Workgroup ListSubject: SS# and e-mail If a social security number is not tied to any other personal identifiers, is it okay to send via e-mail? Any thoughts? Dana M Frank Sales Administration Manager Dental Select (800) 999-9789 CONFIDENTIALITY This email and any attachments are confidential and also may be privileged. If you are not the named recipient, or have otherwise received this communication in error, please delete it from your inbox, notify the sender immediately, and do not disclose its contents to any other person, use them for any purpose, or store or copy them in any medium. Thank you for your cooperation. ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: SS# and e-mail
Dana, "not tied to any other personal identifiers" is a can of worms. Email resides on, potentially, a variety of servers on its way from sender to recipient. Some are administered with sound security practice, many are not. It is reasonable to expect some of them to be hacked, and the traffic sniffed. If a hacker with bad intentions copied all emails from your organization passing through a given, hacked server, and matched up the ones with common recipients, matching the SSN with other info wouldn't be that hard. I suppose you could institute a policy that SSNs, and no other info, could go by email in cleartext. Wouldn't want to administer that. Safer to establish gateway encription for your enterprise, and encript anything with PHI. My .02$ FWIW. Daniel S. Hoskins, VP HIPAA Compliance Services Square One Computer Security Services, Inc. 36 Chickering Dr., Brattleboro, VT 05301 877-583-8158 -Original Message-From: Dana Frank [mailto:[EMAIL PROTECTED]Sent: Thursday, November 06, 2003 10:58 AMTo: WEDI SNIP Privacy Workgroup ListSubject: SS# and e-mail If a social security number is not tied to any other personal identifiers, is it okay to send via e-mail? Any thoughts? Dana M Frank Sales Administration Manager Dental Select (800) 999-9789 CONFIDENTIALITY This email and any attachments are confidential and also may be privileged. If you are not the named recipient, or have otherwise received this communication in error, please delete it from your inbox, notify the sender immediately, and do not disclose its contents to any other person, use them for any purpose, or store or copy them in any medium. Thank you for your cooperation. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
Re: SS# and e-mail
I would say no, because there are places on the Internet, etc. where you may be able to connect the SSN to a person's identity. Vicki Hohner FOX Systems, Inc. 360-970-6856 360-352-4584 Information transmitted is confidential and may be proprietary to FOX Systems, Inc. It is intended only for the person or entity to which it is addressed. Anyone else is prohibited from disclosing, copying, or disseminating the contents or attachments. If you receive this in error, please notify sender immediately, or us at www.foxsys.com and delete from your system. >>> "Dana Frank" <[EMAIL PROTECTED]> 11/06/03 09:33 AM >>> If a social security number is not tied to any other personal identifiers, is it okay to send via e-mail? Any thoughts? Dana M Frank Sales Administration Manager Dental Select (800) 999-9789 CONFIDENTIALITY This email and any attachments are confidential and also may be privileged. If you are not the named recipient, or have otherwise received this communication in error, please delete it from your inbox, notify the sender immediately, and do not disclose its contents to any other person, use them for any purpose, or store or copy them in any medium. Thank you for your cooperation. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
RE: SS# and e-mail
A SS is an identifier. So if the SS is tied to past, present or future health or payment info its PHI. As for whether its safe to email, that's an internal decision. But our company has determined its not safe for us. Hope that helps. Deborah Campbell -Original Message-From: Dana Frank [mailto:[EMAIL PROTECTED]Sent: Thursday, November 06, 2003 10:58 AMTo: WEDI SNIP Privacy Workgroup ListSubject: SS# and e-mail If a social security number is not tied to any other personal identifiers, is it okay to send via e-mail? Any thoughts? Dana M Frank Sales Administration Manager Dental Select (800) 999-9789 CONFIDENTIALITY This email and any attachments are confidential and also may be privileged. If you are not the named recipient, or have otherwise received this communication in error, please delete it from your inbox, notify the sender immediately, and do not disclose its contents to any other person, use them for any purpose, or store or copy them in any medium. Thank you for your cooperation. ---The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org