[fwlug] Federal regulations for storing and transmitting personal information
Travis Paul
actionowl at gmail.com
Thu Mar 11 09:49:16 CST 2010
Thanks for the info and HIPPA article.
I've been looking into SSL, GnuPg, and TSL.
I'm trying to avoid having to purchase something from a domain registrar by
combining enough open source software.
Shouldn't the ability to securely transmit data be free to all?
On Thu, Mar 11, 2010 at 7:15 AM, Jonathan Bartels <
jonathan.bartels at gmail.com> wrote:
> HIPAA is a good guideline, but as you read it you'll see its more
> procedural or legal than technical.
>
> The rules of thumb that I've been taught for making my software HIPPA
> compliant are:
> 1. Audit trail, be able to show who did what and when. It does nothing
> to prevent a breach, but ensures that if there is they can punish
> someone
> 2. Secure channels (VPN, SSL, etc. Nothing goes over the wire in the clear)
> 3. Reasonably secure logins, good passwords, logins timeout
> 4. Audit trail. Its important.
>
> HIPAA doesn't go to the length that something like PCI (credit card
> processing) does but its a good place to start.
>
> Since you specifically asked about SSNs, check with the Social
> Security Administration. They have rules, guidelines, and suggestions
> for those as well. Theres even one that says "don't use the SSN as an
> ID" and "don't ask for it if you don't need it" which may be a good
> idea in your case, rather than decide how to secure it, decide if you
> even need to transmit it.
>
> On Thu, Mar 11, 2010 at 6:29 AM, Andrew Latham <lathama at gmail.com> wrote:
> > This covers most of what you are looking for...
> >
> >
> http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
> >
> > internal company storage falls down to Civil Procedure Law. (What
> > ever a Judge can ask in a lawsuit and what discovery he feels is safe
> > for the public domain.)
> >
> >
> > ~
> > Andrew "lathama" Latham
> > lathama at gmail.com
> >
> > * Learn more about OSS http://en.wikipedia.org/wiki/Open-source_software
> > * Learn more about Linux http://en.wikipedia.org/wiki/Linux
> > * Learn more about Tux http://en.wikipedia.org/wiki/Tux
> >
> >
> >
> > On Wed, Mar 10, 2010 at 10:07 PM, Travis Paul <actionowl at gmail.com>
> wrote:
> >> Thanks Raphael
> >>
> >> On Wed, Mar 10, 2010 at 5:04 PM, RAPHAEL WOLFF <raphaelwolff at gmail.com>
> >> wrote:
> >>>
> >>> You might go to the Electronic Frontier Foundation web site and submit
> >>> your question.
> >>>
> >>>
> >>>
> >>> On 3/10/2010 8:02 PM, Travis Paul wrote:
> >>>
> >>> Does anyone know where I can find the federal regulations (USA) for
> >>> storing and transmitting personal information such as Social Security
> >>> Numbers (if any exists)?
> >>>
> >>> I've only been able to find state-specific documentation, is that my
> only
> >>> option?
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Fwlug mailing list
> >>> Fwlug at fortwaynelug.org
> >>> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org
> >>>
> >>>
> >>> _______________________________________________
> >>> Fwlug mailing list
> >>> Fwlug at fortwaynelug.org
> >>> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org
> >>>
> >>
> >>
> >> _______________________________________________
> >> Fwlug mailing list
> >> Fwlug at fortwaynelug.org
> >> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org
> >>
> >>
> >
> > _______________________________________________
> > Fwlug mailing list
> > Fwlug at fortwaynelug.org
> > http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org
> >
>
>
>
> --
> -----
> Jonathan Bartels
>
> _______________________________________________
> Fwlug mailing list
> Fwlug at fortwaynelug.org
> http://fortwaynelug.org/mailman/listinfo/fwlug_fortwaynelug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://fortwaynelug.org/pipermail/fwlug_fortwaynelug.org/attachments/20100311/60486b4f/attachment-0001.html>
More information about the Fwlug
mailing list