At 02:20 PM 2/27/02, Chuck wrote: >don't even get me started on this. I work for an organization that uses >employee SSN numbers for validation purposes in a lot of instances. So when >I call the Help Desk to complain about e-mail ( an ongoing problem ) I am >asked to provide my SSN to the folks there.
That's awful! You should protest this. >In these days of rampant and >easy identity theft, how smart is it to allow access to a large database of >valid SSN's to practically everyone who asks? > >HIPAA??? isn't that on hold for review? You know, I was reading through one >of the drafts and I thought I saw something that floored me - the regulators >were stating that multiplexed links such as frame relay and ATM were >considered unsecure because different organizations were "sharing" circuits. >The implication was that healthcare organizations would have to move to >point to point technologies - most of which end up passing through ATM >backbones anyway. Sheesh. > >Longer term I believe that security solutions will involve end to end >encryption - server to host, on the LAN as well as the WAN, in addition to >what is already done on VPN's. > >I always liked the HIPAA provision about management responsibility and >management fines and jail time for failure to comply. Wish that were so in a >lot of other industries where I have worked. ;-> > >Chuck > > > >""William Gragido"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > The only difference is that those organizations (physicians as well), will > > held accountable for violation of HIPPA and face fines and potentially >jail > > time :-( > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, February 27, 2002 12:30 PM > > To: [EMAIL PROTECTED] > > Subject: RE: Security Design - PIX or Whatever [7:36677] > > > > > > Lets not forget politcal concerns when trying do a reasonable level of > > security. I worked a healthcare provider and boy, you should have heard >the > > Docs squawk about passwords and pin codes for access to the primary > > LAN/WAN... to the point that admin overruled the IS dept and special > > *permission* not to use the security procedures... happens every day.. > > > > MikeS > > ' ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36721&t=36677 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
