[[EMAIL PROTECTED]] Sat, Nov 02, 2002 at 10:59:55AM -0500 wrote: > We are currently considerring the limited use of employee's Social Security > numbers to authenticate them when they request a password reset from the > Help Desk. We have chosen two items (in total) for authenticating them: > their employee # and the last 4 digits of their SS#. Only the last 4 > digits would be stored in the Help Desk app, and these would be viewable > only by Help Desk technicians. They would only be able to see them by > selecting a specific toolbar button (the SS# screen would not visible at > all times). > > We are concerned with the privacy issue potential if we use any part of a > SS# but are unaware of any legal precedent, standard or guideline either > supporting or against this use. Does anyone have knowledge they can share, > or know of web resources that might be useful to research this issue? > > We are a corporation of roughly 1200 specializig in healthcare, and HIPAA > privacy/security regs, NCQA and URAC acredidations must be taken into > consideration. > > Thanks in advance for any suggestions or information. > > JBL
Hrmf, not really sure myself but here is some info to maybe help you in making that decsion. ;-) I know a lot of company's use last four digits to somewhat aid in verifing a person's identity. That said, i guess one issue would be some sort of "Social Engineering" between those who view the last 4 digits and the person who the last 4 digits belong to. I guess it would be a matter of employee /customer trust. http://www.privacy.ca.gov/ssn/ssn.htm http://www.howstuffworks.com/social-security-number.htm http://www.cpsr.org/cpsr/privacy/ssn/ssn.structure.html http://www.usdoj.gov/04foia/1974ssnu.htm Hope these help. - nocon
