[ale] [OT] SSN use, was: restricting web input

Bob Toxen transam at VerySecureLinux.com
Wed May 6 20:47:13 EDT 2009


On Wed, May 06, 2009 at 12:54:41PM -0400, Greg Freemyer wrote:
> On Wed, May 6, 2009 at 12:09 PM, Jerald Sheets <questy at gmail.com> wrote:
Snip.

> I've got a friend that is a security / hipaa expert.  He refuses to
> give medical providers his ssn.  Claims that per hipaa they can not
> mandate he do so.  I guess they work from his name and address?
> Drivers license number?
I also have a "standard" fake birthday and fake "Mother's Maiden name"
for these boneheads.  Note that most of them use key this very
sensitive information into an unpatched Windows system that is free
to browse the web and receive email (virus magnet).

My Optometrist, for example, does NOT need to know my birthday, just
my approximate age so he knows what age-related issues to look for.

I'm surprised (and disappointed) that there have been no
HIPAA-related lawsuits about this (negligence in computer
record-keeping of sensitive information causing identity theft).

DON'T lie to a gov't official, though.  It's usually a felony.

> Greg
> -- 
> Greg Freemyer
> Head of EDD Tape Extraction and Processing team, Litigation Triage Solutions Specialist
> http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf
> 
> The Norcross Group
> The Intersection of Evidence & Technology
> http://www.norcrossgroup.com


More information about the Ale mailing list