On Tue, Feb 24, 2004 at 06:19:48PM -0500, John Keimel wrote: > On Tue, Feb 24, 2004 at 06:11:20PM -0500, [EMAIL PROTECTED] wrote: > > I've been asked to place a sniffer on a network that handles HIPPA data, > > and watch for e-mail containing certain strings. I figured that mailsnarf > > would be the best way to do this. > > > Aside from any of hte technical details of this, I'm kind of wondering > how this fits into HIPPA and it's policies.
Certain info has to be protected. > I'd be sure that if I were you, I'd have written evidence of someone (a > boss/supervisor/etc) ordering this kind of behaviour and also my > objection to sniffing data that might be confidential under HIPPA. I have a very nice contract, complete with a very detailed scope of work, which my lawyer has OKed. > This just sounds wrong all around. I'd suggest significant amount of > C.Y.A. activity on your part. There's no CYA. I'm being asked to verify that there is no HIPPA information that is leaving the site, accidentally or otherwise. There is a nice defined set of keywords that would be used in any of the documentation (it's a testing Lab). If the capture file size *ever* goes above 0 bytes, they have a problem. That's all I'm involved with. I want *nothing* to do with the actual data. I'm just setting up a system that will notify certain people if there is a 'leak', and they can go in and figure out what happened. Tim -- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 726 << >> http://www.buoy.com >< Moriches, NY 11955 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631)399-2910 (888) 924-3728 >> << >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
