|
Those
interested in this subject might want to review this GAO report.
With
identity theft, I would not want my SSN sent via email. I have already had
credit card information stolen which had been sent via an email.
Anita Halterman
NMEH
HIPAA Integration and Transition (HIT) co-chair
Health Policy Analyst
& HIPAA Privacy and Security Coordinator
State of Alaska,
Department
of Health and Social Services,
Division of Health Care Services,
4501
Business Park Blvd., Suite 24
Anchorage, AK 99503-7167
Phone:
(907)334-2431
Fax: (907)561-1684
Dana,
"not
tied to any other personal identifiers" is a can of worms.
Email resides on, potentially, a variety of servers
on its way from sender to recipient. Some are administered with sound
security practice, many are not. It is reasonable to expect some of them
to be hacked, and the traffic sniffed.
If a
hacker with bad intentions copied all emails from your organization passing
through a given, hacked server, and matched up the ones with common
recipients, matching the SSN with other info wouldn't be that hard.
I
suppose you could institute a policy that SSNs, and no other info, could go by
email in cleartext. Wouldn't want to administer that. Safer to
establish gateway encription for your enterprise, and encript anything with
PHI. My .02$ FWIW.
Daniel S. Hoskins, VP HIPAA Compliance
Services
Square One Computer Security
Services, Inc.
36 Chickering Dr.,
Brattleboro, VT 05301
877-583-8158
If a social security number is
not tied to any other personal identifiers, is it okay to send via
e-mail? Any thoughts?
Dana M
Frank
Sales
Administration Manager
Dental
Select
(800)
999-9789
CONFIDENTIALITY
This email and
any attachments are confidential and also may be privileged. If you
are not the named recipient, or have otherwise received this communication
in error, please delete it from your inbox, notify the sender immediately,
and do not disclose its contents to any other person, use them for any
purpose, or store or copy them in any medium. Thank you for your
cooperation.
---
The
WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP. If you wish to receive an official opinion, post your
question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/.
These listservs should not be used for commercial marketing purposes or
discussion of specific vendor products and services. They also are not
intended to be used as a forum for personal disagreements or unprofessional
communication at any time.
You are currently subscribed to wedi-privacy
as: [EMAIL PROTECTED]
To unsubscribe from this list, go to
the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank
email to [EMAIL PROTECTED]
If you need to
unsubscribe but your current email address is not the same as the address
subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
|
