We are currently considerring the limited use of employee's Social Security
numbers to authenticate them when they request a password reset from the
Help Desk. We have chosen two items (in total) for authenticating them:
their employee # and the last 4 digits of their SS#. Only the last 4 digits
would be stored in the Help Desk app, and these would be viewable only by
Help Desk technicians. They would only be able to see them by selecting a
specific toolbar button (the SS# screen would not visible at all times).
We are concerned with the privacy issue potential if we use any part of a
SS# but are unaware of any legal precedent, standard or guideline either
supporting or against this use. Does anyone have knowledge they can share,
or know of web resources that might be useful to research this issue?
We are a corporation of roughly 1200 specializig in healthcare, and HIPAA
privacy/security regs, NCQA and URAC acredidations must be taken into
consideration.
Thanks in advance for any suggestions or information.
JBL
_________________________________________________________________
Surf the Web without missing calls! Get MSN Broadband.
http://resourcecenter.msn.com/access/plans/freeactivation.asp
- Re: IIS running with least privs.. Jim Lawton
- Re: IIS running with least privs.. McKenzie Family
- Re: Risk of using SS#s (last 4 digits) for authenti... Andy Cowan
- Re: Risk of using SS#s (last 4 digits) for authenti... noconflic
- Re: Risk of using SS#s (last 4 digits) for auth... Gordon Ewasiuk
- RE: Risk of using SS#s (last 4 digits) for authenti... David Greenstein
- RE: Risk of using SS#s (last 4 digits) for auth... Jason Coombs
- Re: Risk of using SS#s (last 4 digits) for auth... Jim Clark
- Re: Risk of using SS#s (last 4 digits) for auth... Griff Palmer
- RE: Risk of using SS#s (last 4 digits) for ... Jason Coombs
- Re: Risk of using SS#s (last 4 digits) for ... Donnie Tognazzini