Files that are zipped with WinZip etc with a password are very easily cracked.  For example, go to download.com and get a program named "Ultimate Zip Cracker".  I used this to demonstrate to users at our company that it wasn't safe.  If you encrypt and zip to a self extracting exe it is better but still not the greatest.  We are looking at moving these types of file transfers to PGP or secure FTP but until then we are using the files encrypted and zipped to an exe.  

Rob Blucker
IT Architecture
Mennonite Mutual Aid Inc.





Fify Taslim <[EMAIL PROTECTED]>

09/30/2002 01:39 PM

       
        To:        "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
        cc:        
        Subject:        Winzip & password and e-mail




Hello all,

Thank you in advance for all your valuable the responds.
I have Privacy issue question today. Is this scenario still HIPAA compliant or not allowed at all?  Scenario: sending daily file containing member PHI through e-mail. The file are zipped [Winzip]and password protected, and no encryption were done.

Any suggestion/recommendation to HIPAA compliance are welcome.

Regards,

Fify Taslim, MD, MBA

Care1st Health Plan
Compliance Specialist/HIPAA Coordinator

Ph. (626) 299-4299 ex.376

Fx. (626) 628-3263

E-mail: [EMAIL PROTECTED]


To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=Security
and enter your email address.

The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
Posting of advertisements or other commercial use of this listserv is
specifically prohibited.

To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=Security and enter your email address.

The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.

Reply via email to